0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x405, 0x5}, 0x8, 0x10, &(0x7f00000005c0)={0x3, 0xc, 0xedd, 0x3f}, 0x10, 0xca6c, r7}, 0x78)

15:42:57 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000080)=0x1, 0x4)

15:42:57 executing program 2:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x0, 0x0, 0x40007, 0x1}, 0x10}, 0x78)

15:42:57 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:57 executing program 4:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4)

15:42:57 executing program 1:
syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0x0, 0x0)

15:42:57 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
sendto$phonet(r6, &(0x7f00000000c0)="db5563579d3e4951a71f0c567937c1cb8a34967126761a93e2bb6a1768370be3eb2556783b892899abcf559b3c53599933134457160f6afa80aeee4e7046f585e15df97060efd551cdabc6b7fdfab63d70e877bee646966bef29bb85ec6575633d8af1f6db30ce854a05a9a3ddfbcd3e156eeffdf7dd66b549e0fbaa1692f9b956b22919f1dc8031429d2f07ca76a9a00acb6a353c1125ea5bc275816127ac343649d34d4fcafa1efacc9ff6d03ad9bf2bf2f22e3181e9874bb92da3072ce28729ac4cedec082e39608cd642b02f90fb", 0xd0, 0x4c000, &(0x7f00000002c0)={0x23, 0x3, 0x40, 0x1f}, 0x10)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000640)={&(0x7f0000000600)=[0x1, 0x6, 0x3f, 0x7, 0x8, 0x6, 0x5, 0xffffffff, 0x40, 0x7], 0xa, 0x800})

15:42:57 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000080)=0x1, 0x4)

15:42:57 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

15:42:57 executing program 2:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1}, 0x10}, 0x78)

15:42:57 executing program 4:
getsockopt$rose(0xffffffffffffffff, 0x104, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4)

15:42:57 executing program 1:
syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0x0, 0x0)

15:42:57 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

15:42:57 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)

15:42:57 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
sendto$phonet(r6, &(0x7f00000000c0)="db5563579d3e4951a71f0c567937c1cb8a34967126761a93e2bb6a1768370be3eb2556783b892899abcf559b3c53599933134457160f6afa80aeee4e7046f585e15df97060efd551cdabc6b7fdfab63d70e877bee646966bef29bb85ec6575633d8af1f6db30ce854a05a9a3ddfbcd3e156eeffdf7dd66b549e0fbaa1692f9b956b22919f1dc8031429d2f07ca76a9a00acb6a353c1125ea5bc275816127ac343649d34d4fcafa1efacc9ff6d03ad9bf2bf2f22e3181e9874bb92da3072ce28729ac4cedec082e39608cd642b02f90fb", 0xd0, 0x4c000, &(0x7f00000002c0)={0x23, 0x3, 0x40, 0x1f}, 0x10)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:57 executing program 2:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0), 0x10}, 0x78)

15:42:57 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)

15:42:57 executing program 4:
getsockopt$rose(0xffffffffffffffff, 0x104, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4)

15:42:57 executing program 1:
syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0x0, 0x0)

15:42:57 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

15:42:57 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:57 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)

15:42:57 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
sendto$phonet(r6, &(0x7f00000000c0)="db5563579d3e4951a71f0c567937c1cb8a34967126761a93e2bb6a1768370be3eb2556783b892899abcf559b3c53599933134457160f6afa80aeee4e7046f585e15df97060efd551cdabc6b7fdfab63d70e877bee646966bef29bb85ec6575633d8af1f6db30ce854a05a9a3ddfbcd3e156eeffdf7dd66b549e0fbaa1692f9b956b22919f1dc8031429d2f07ca76a9a00acb6a353c1125ea5bc275816127ac343649d34d4fcafa1efacc9ff6d03ad9bf2bf2f22e3181e9874bb92da3072ce28729ac4cedec082e39608cd642b02f90fb", 0xd0, 0x4c000, &(0x7f00000002c0)={0x23, 0x3, 0x40, 0x1f}, 0x10)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000640)={&(0x7f0000000600)=[0x1, 0x6, 0x3f, 0x7, 0x8, 0x6, 0x5, 0xffffffff, 0x40, 0x7], 0xa, 0x800, 0x0, <r7=>0xffffffffffffffff})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_ext={0x1c, 0x3, &(0x7f0000000280)=@raw=[@call={0x85, 0x0, 0x0, 0x33}, @jmp={0x5, 0x1, 0x9, 0x0, 0xa, 0xfffffffffffffffe, 0xfffffffffffffffb}, @jmp={0x5, 0x0, 0x0, 0x9, 0x6, 0x2, 0x10}], &(0x7f00000003c0)='syzkaller\x00', 0x463, 0xc8, &(0x7f0000000400)=""/200, 0x41100, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x405, 0x5}, 0x8, 0x10, &(0x7f00000005c0)={0x3, 0xc, 0xedd, 0x3f}, 0x10, 0xca6c, r7}, 0x78)

15:42:57 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)

15:42:57 executing program 4:
getsockopt$rose(0xffffffffffffffff, 0x104, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4)

15:42:57 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

[  618.909511][ T9771] Bluetooth: hci0: command 0x0c20 tx timeout
15:42:57 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
sendto$phonet(r6, &(0x7f00000000c0)="db5563579d3e4951a71f0c567937c1cb8a34967126761a93e2bb6a1768370be3eb2556783b892899abcf559b3c53599933134457160f6afa80aeee4e7046f585e15df97060efd551cdabc6b7fdfab63d70e877bee646966bef29bb85ec6575633d8af1f6db30ce854a05a9a3ddfbcd3e156eeffdf7dd66b549e0fbaa1692f9b956b22919f1dc8031429d2f07ca76a9a00acb6a353c1125ea5bc275816127ac343649d34d4fcafa1efacc9ff6d03ad9bf2bf2f22e3181e9874bb92da3072ce28729ac4cedec082e39608cd642b02f90fb", 0xd0, 0x4c000, &(0x7f00000002c0)={0x23, 0x3, 0x40, 0x1f}, 0x10)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000640)={&(0x7f0000000600)=[0x1, 0x6, 0x3f, 0x7, 0x8, 0x6, 0x5, 0xffffffff, 0x40, 0x7], 0xa, 0x800, 0x0, <r7=>0xffffffffffffffff})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_ext={0x1c, 0x3, &(0x7f0000000280)=@raw=[@call={0x85, 0x0, 0x0, 0x33}, @jmp={0x5, 0x1, 0x9, 0x0, 0xa, 0xfffffffffffffffe, 0xfffffffffffffffb}, @jmp={0x5, 0x0, 0x0, 0x9, 0x6, 0x2, 0x10}], &(0x7f00000003c0)='syzkaller\x00', 0x463, 0xc8, &(0x7f0000000400)=""/200, 0x41100, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x405, 0x5}, 0x8, 0x10, &(0x7f00000005c0)={0x3, 0xc, 0xedd, 0x3f}, 0x10, 0xca6c, r7}, 0x78)

15:42:57 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
socket$phonet_pipe(0x23, 0x5, 0x2)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:57 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:57 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
sendto$phonet(r6, &(0x7f00000000c0)="db5563579d3e4951a71f0c567937c1cb8a34967126761a93e2bb6a1768370be3eb2556783b892899abcf559b3c53599933134457160f6afa80aeee4e7046f585e15df97060efd551cdabc6b7fdfab63d70e877bee646966bef29bb85ec6575633d8af1f6db30ce854a05a9a3ddfbcd3e156eeffdf7dd66b549e0fbaa1692f9b956b22919f1dc8031429d2f07ca76a9a00acb6a353c1125ea5bc275816127ac343649d34d4fcafa1efacc9ff6d03ad9bf2bf2f22e3181e9874bb92da3072ce28729ac4cedec082e39608cd642b02f90fb", 0xd0, 0x4c000, &(0x7f00000002c0)={0x23, 0x3, 0x40, 0x1f}, 0x10)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000640)={&(0x7f0000000600)=[0x1, 0x6, 0x3f, 0x7, 0x8, 0x6, 0x5, 0xffffffff, 0x40, 0x7], 0xa, 0x800, 0x0, <r7=>0xffffffffffffffff})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_ext={0x1c, 0x3, &(0x7f0000000280)=@raw=[@call={0x85, 0x0, 0x0, 0x33}, @jmp={0x5, 0x1, 0x9, 0x0, 0xa, 0xfffffffffffffffe, 0xfffffffffffffffb}, @jmp={0x5, 0x0, 0x0, 0x9, 0x6, 0x2, 0x10}], &(0x7f00000003c0)='syzkaller\x00', 0x463, 0xc8, &(0x7f0000000400)=""/200, 0x41100, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x405, 0x5}, 0x8, 0x10, &(0x7f00000005c0)={0x3, 0xc, 0xedd, 0x3f}, 0x10, 0xca6c, r7}, 0x78)

15:42:57 executing program 4:
syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(0xffffffffffffffff, 0x104, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4)

15:42:57 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:57 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:57 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:57 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:57 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
sendto$phonet(r6, &(0x7f00000000c0)="db5563579d3e4951a71f0c567937c1cb8a34967126761a93e2bb6a1768370be3eb2556783b892899abcf559b3c53599933134457160f6afa80aeee4e7046f585e15df97060efd551cdabc6b7fdfab63d70e877bee646966bef29bb85ec6575633d8af1f6db30ce854a05a9a3ddfbcd3e156eeffdf7dd66b549e0fbaa1692f9b956b22919f1dc8031429d2f07ca76a9a00acb6a353c1125ea5bc275816127ac343649d34d4fcafa1efacc9ff6d03ad9bf2bf2f22e3181e9874bb92da3072ce28729ac4cedec082e39608cd642b02f90fb", 0xd0, 0x4c000, &(0x7f00000002c0)={0x23, 0x3, 0x40, 0x1f}, 0x10)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000640)={&(0x7f0000000600)=[0x1, 0x6, 0x3f, 0x7, 0x8, 0x6, 0x5, 0xffffffff, 0x40, 0x7], 0xa, 0x800, 0x0, <r7=>0xffffffffffffffff})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_ext={0x1c, 0x3, &(0x7f0000000280)=@raw=[@call={0x85, 0x0, 0x0, 0x33}, @jmp={0x5, 0x1, 0x9, 0x0, 0xa, 0xfffffffffffffffe, 0xfffffffffffffffb}, @jmp={0x5, 0x0, 0x0, 0x9, 0x6, 0x2, 0x10}], &(0x7f00000003c0)='syzkaller\x00', 0x463, 0xc8, &(0x7f0000000400)=""/200, 0x41100, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x405, 0x5}, 0x8, 0x10, &(0x7f00000005c0)={0x3, 0xc, 0xedd, 0x3f}, 0x10, 0xca6c, r7}, 0x78)

15:42:57 executing program 4:
syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(0xffffffffffffffff, 0x104, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4)

15:42:57 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:58 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
sendto$phonet(r6, &(0x7f00000000c0)="db5563579d3e4951a71f0c567937c1cb8a34967126761a93e2bb6a1768370be3eb2556783b892899abcf559b3c53599933134457160f6afa80aeee4e7046f585e15df97060efd551cdabc6b7fdfab63d70e877bee646966bef29bb85ec6575633d8af1f6db30ce854a05a9a3ddfbcd3e156eeffdf7dd66b549e0fbaa1692f9b956b22919f1dc8031429d2f07ca76a9a00acb6a353c1125ea5bc275816127ac343649d34d4fcafa1efacc9ff6d03ad9bf2bf2f22e3181e9874bb92da3072ce28729ac4cedec082e39608cd642b02f90fb", 0xd0, 0x4c000, &(0x7f00000002c0)={0x23, 0x3, 0x40, 0x1f}, 0x10)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000640)={&(0x7f0000000600)=[0x1, 0x6, 0x3f, 0x7, 0x8, 0x6, 0x5, 0xffffffff, 0x40, 0x7], 0xa, 0x800})

15:42:58 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:58 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:58 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:58 executing program 4:
syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(0xffffffffffffffff, 0x104, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4)

15:42:58 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)

15:42:58 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:58 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:58 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:58 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:58 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
sendto$phonet(r6, &(0x7f00000000c0)="db5563579d3e4951a71f0c567937c1cb8a34967126761a93e2bb6a1768370be3eb2556783b892899abcf559b3c53599933134457160f6afa80aeee4e7046f585e15df97060efd551cdabc6b7fdfab63d70e877bee646966bef29bb85ec6575633d8af1f6db30ce854a05a9a3ddfbcd3e156eeffdf7dd66b549e0fbaa1692f9b956b22919f1dc8031429d2f07ca76a9a00acb6a353c1125ea5bc275816127ac343649d34d4fcafa1efacc9ff6d03ad9bf2bf2f22e3181e9874bb92da3072ce28729ac4cedec082e39608cd642b02f90fb", 0xd0, 0x4c000, &(0x7f00000002c0)={0x23, 0x3, 0x40, 0x1f}, 0x10)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:58 executing program 4:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x0, &(0x7f0000000000), &(0x7f0000000040)=0x4)

15:42:58 executing program 2:
setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:58 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:58 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r3, 0xc00464c9, &(0x7f0000000340)={r4})
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:58 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:58 executing program 4:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x0, &(0x7f0000000000), &(0x7f0000000040)=0x4)

15:42:58 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:58 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
sendto$phonet(r6, &(0x7f00000000c0)="db5563579d3e4951a71f0c567937c1cb8a34967126761a93e2bb6a1768370be3eb2556783b892899abcf559b3c53599933134457160f6afa80aeee4e7046f585e15df97060efd551cdabc6b7fdfab63d70e877bee646966bef29bb85ec6575633d8af1f6db30ce854a05a9a3ddfbcd3e156eeffdf7dd66b549e0fbaa1692f9b956b22919f1dc8031429d2f07ca76a9a00acb6a353c1125ea5bc275816127ac343649d34d4fcafa1efacc9ff6d03ad9bf2bf2f22e3181e9874bb92da3072ce28729ac4cedec082e39608cd642b02f90fb", 0xd0, 0x4c000, &(0x7f00000002c0)={0x23, 0x3, 0x40, 0x1f}, 0x10)

15:42:58 executing program 2:
setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:58 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:58 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)

15:42:58 executing program 4:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x0, &(0x7f0000000000), &(0x7f0000000040)=0x4)

15:42:58 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:58 executing program 2:
setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:58 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:58 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:58 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)

15:42:58 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:58 executing program 4:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x4, 0x0, &(0x7f0000000040))

15:42:58 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
socket$phonet_pipe(0x23, 0x5, 0x2)

15:42:58 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:58 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
socket$phonet_pipe(0x23, 0x5, 0x2)

15:42:58 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:58 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:58 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)

15:42:58 executing program 4:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x4, 0x0, 0x0)

15:42:58 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:58 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:58 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000080), 0x4)

15:42:58 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)

15:42:58 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:58 executing program 4:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x4, 0x0, 0x0)

15:42:59 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:59 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)

15:42:59 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 4:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x4, 0x0, 0x0)

15:42:59 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r3, 0xc00464c9, &(0x7f0000000340)={r4})
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:59 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:59 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r3, 0xc00464c9, &(0x7f0000000340)={r4})
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)

15:42:59 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:59 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 4:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r3, 0xc00464c9, &(0x7f0000000340)={r4})
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:59 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x0)

15:42:59 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:59 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 4:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:59 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:59 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc703"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:59 executing program 2:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:59 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 4:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:59 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc703"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:59 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

[  620.980023][ T9766] Bluetooth: hci0: command 0x0c20 tx timeout
15:42:59 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 4:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
prctl$PR_GET_TIMERSLACK(0x1e)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
sendto$phonet(r6, &(0x7f00000000c0)="db5563579d3e4951a71f0c567937c1cb8a34967126761a93e2bb6a1768370be3eb2556783b892899abcf559b3c53599933134457160f6afa80aeee4e7046f585e15df97060efd551cdabc6b7fdfab63d70e877bee646966bef29bb85ec6575633d8af1f6db30ce854a05a9a3ddfbcd3e156eeffdf7dd66b549e0fbaa1692f9b956b22919f1dc8031429d2f07ca76a9a00acb6a353c1125ea5bc275816127ac343649d34d4fcafa1efacc9ff6d03ad9bf2bf2f22e3181e9874bb92da3072ce28729ac4cedec082e39608cd642b02f90fb", 0xd0, 0x4c000, &(0x7f00000002c0)={0x23, 0x3, 0x40, 0x1f}, 0x10)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:59 executing program 5:
socket$phonet_pipe(0x23, 0x5, 0x2)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:59 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc703"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:42:59 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 5:
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:59 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:42:59 executing program 4:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @netrom, 0x0, [@null, @null, @remote, @bcast, @null, @netrom]}, &(0x7f0000000380)=0x40, 0x800)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000300)={0x8, 0x0, &(0x7f00000001c0)=[<r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r4, 0xc00464c9, &(0x7f0000000340)={r5})
ioctl$SIOCRSACCEPT(r3, 0x89e3)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)
setrlimit(0xb, &(0x7f0000000080)={0x101, 0xaa13})

15:42:59 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:00 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:00 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:00 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:00 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x0)
openat$fb1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x40000, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000000040)={0x0, 0x2710}, 0x10)

15:43:00 executing program 5:
setrlimit(0x0, &(0x7f0000000080)={0x101, 0xaa13})

15:43:00 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:00 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:00 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:00 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
prctl$PR_CAPBSET_DROP(0x8, 0x0)

15:43:00 executing program 5:
setrlimit(0x0, &(0x7f0000000080)={0x101, 0xaa13})

15:43:00 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x0)
openat$fb1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x40000, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000000040)={0x0, 0x2710}, 0x10)

15:43:00 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:00 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f0000"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:00 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:00 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:00 executing program 5:
setrlimit(0x0, &(0x7f0000000080)={0x101, 0xaa13})

15:43:00 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x0)
openat$fb1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x40000, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000000040)={0x0, 0x2710}, 0x10)

15:43:00 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f0000"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:00 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:00 executing program 5:
setrlimit(0xb, 0x0)

15:43:01 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
prctl$PR_CAPBSET_DROP(0x8, 0x0)

15:43:01 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:01 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x0)
openat$fb1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x40000, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000040)={0x0, 0x2710}, 0x10)

15:43:01 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:01 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f0000"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:01 executing program 5:
setrlimit(0xb, 0x0)

15:43:01 executing program 5:
setrlimit(0xb, 0x0)

15:43:01 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x0)
openat$fb1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x40000, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000040)={0x0, 0x2710}, 0x10)

15:43:01 executing program 1:
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:01 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], 0x0, 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:01 executing program 3:
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:01 executing program 1:
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

[  623.059178][ T9766] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:02 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
prctl$PR_CAPBSET_DROP(0x8, 0x0)

15:43:02 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], 0x0, 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:02 executing program 5:
setrlimit(0xb, &(0x7f0000000080)={0x0, 0xaa13})

15:43:02 executing program 3:
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:02 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x0)
openat$fb1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x40000, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000040)={0x0, 0x2710}, 0x10)

15:43:02 executing program 1:
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:02 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000000040)={0x0, 0x2710}, 0x10)

15:43:02 executing program 5:
setrlimit(0xb, &(0x7f0000000080))

15:43:02 executing program 3:
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:02 executing program 1:
socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:02 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], 0x0, 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:02 executing program 4:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000000040)={0x0, 0x2710}, 0x10)

[  623.619166][ T9766] Bluetooth: hci3: command 0x0401 tx timeout
15:43:03 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:03 executing program 5:
setrlimit(0xb, &(0x7f0000000080))

15:43:03 executing program 1:
socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:03 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:03 executing program 3:
socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:03 executing program 4:
socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000040)={0x0, 0x2710}, 0x10)

15:43:03 executing program 1:
socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:03 executing program 4:
socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000040)={0x0, 0x2710}, 0x10)

15:43:03 executing program 3:
socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:03 executing program 5:
setrlimit(0xb, &(0x7f0000000080))

15:43:03 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:03 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, 0x0, 0x0, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

[  625.149100][ T9766] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:03 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:03 executing program 4:
socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000040)={0x0, 0x2710}, 0x10)

15:43:03 executing program 3:
socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:03 executing program 5:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], 0x0, 0x1, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:03 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:03 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:04 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:04 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, 0x0, 0x0, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:04 executing program 4:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, 0x0, 0x0)

15:43:04 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:04 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:04 executing program 5:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

[  625.709151][ T9766] Bluetooth: hci3: command 0x0401 tx timeout
15:43:04 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:04 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:04 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:04 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:04 executing program 4:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, 0x0, 0x0)

15:43:04 executing program 5:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, 0x0, 0x0)

15:43:04 executing program 5:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, 0x0, 0x0)

15:43:04 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, 0x0, 0x0, 0x40002162, 0x0, 0x0)

15:43:04 executing program 4:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, 0x0, 0x0)

15:43:05 executing program 0:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:05 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:05 executing program 5:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, 0x0, 0x0)

15:43:05 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:05 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:05 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:05 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:05 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x1d, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000e0000002000000fcc70300ff0f000095"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:05 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:05 executing program 5:
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, 0x0, 0x0)

15:43:05 executing program 1:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
recvfrom$phonet(r0, &(0x7f0000000000)=""/52, 0x34, 0x40002162, &(0x7f0000000040)={0x23, 0x4, 0x20, 0x6}, 0x10)

15:43:05 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
prctl$PR_CAPBSET_DROP(0x8, 0x0)

15:43:05 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)
io_uring_setup(0x4809, &(0x7f0000000280)={0x0, 0xa3cb, 0x0, 0x3, 0x1aa, 0x0, r0})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000200)=0x80000000, 0x4)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000300)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
prctl$PR_CAPBSET_DROP(0x17, 0x0)

15:43:05 executing program 3:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r0, 0x0, 0x0, 0x40002162, 0x0, 0x0)

15:43:05 executing program 5:
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, 0x0, 0x0)

15:43:05 executing program 5:
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, 0x0, 0x0)

15:43:05 executing program 2:
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:05 executing program 3:
prctl$PR_CAPBSET_DROP(0x8, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
sched_rr_get_interval(0x0, &(0x7f0000000040))

15:43:05 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000000c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x2, {0xa, 0x4e22, 0xfffffffe, @mcast1, 0x2}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000100)={0x11, 0x10, 0xfa00, {&(0x7f0000000040), r1}}, 0x18)
write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000140)={0x68, 0xffffffffffffffda, 0x0, [{0x5, 0x4, 0x18, 0xb7c2, '/dev/infiniband/rdma_cm\x00'}, {0x1, 0x0, 0xb, 0x4, '!{h[\x8d.%.)+:'}]}, 0x68)

15:43:05 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)
io_uring_setup(0x4809, &(0x7f0000000280)={0x0, 0xa3cb, 0x0, 0x3, 0x1aa, 0x0, r0})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000200)=0x80000000, 0x4)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000300)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
prctl$PR_CAPBSET_DROP(0x17, 0x0)

15:43:05 executing program 5:
socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, 0x0, 0x0)

15:43:05 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00')
bind$bt_hci(0xffffffffffffffff, &(0x7f00000001c0)={0x1f, 0x4, 0x1}, 0x6)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000ffdbdf25170000000e0001006e65746465767369103642386d0000000f007b02006e657464657673696d300000080003000200000008000b000900000006001600d10000000500120000000000"], 0x54}, 0x1, 0x0, 0x0, 0x84}, 0x95)
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000200)={0x60, 0x0, 0x0, {{0x6, 0x100000000, 0x80, 0x7, 0x4, 0x401, 0x4}}}, 0x60)

15:43:05 executing program 3:
prctl$PR_CAPBSET_DROP(0x8, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
sched_rr_get_interval(0x0, &(0x7f0000000040))

[  627.229165][ T9766] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:06 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
prctl$PR_CAPBSET_DROP(0x8, 0x0)

15:43:06 executing program 5:
socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, 0x0, 0x0)

15:43:06 executing program 2:
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:06 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)
io_uring_setup(0x4809, &(0x7f0000000280)={0x0, 0xa3cb, 0x0, 0x3, 0x1aa, 0x0, r0})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000200)=0x80000000, 0x4)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000300)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
prctl$PR_CAPBSET_DROP(0x17, 0x0)

15:43:06 executing program 3:
prctl$PR_CAPBSET_DROP(0x8, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
sched_rr_get_interval(0x0, &(0x7f0000000040))

15:43:06 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00')
bind$bt_hci(0xffffffffffffffff, &(0x7f00000001c0)={0x1f, 0x4, 0x1}, 0x6)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000ffdbdf25170000000e0001006e65746465767369103642386d0000000f007b02006e657464657673696d300000080003000200000008000b000900000006001600d10000000500120000000000"], 0x54}, 0x1, 0x0, 0x0, 0x84}, 0x95)
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000200)={0x60, 0x0, 0x0, {{0x6, 0x100000000, 0x80, 0x7, 0x4, 0x401, 0x4}}}, 0x60)

15:43:06 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00')
bind$bt_hci(0xffffffffffffffff, &(0x7f00000001c0)={0x1f, 0x4, 0x1}, 0x6)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000ffdbdf25170000000e0001006e65746465767369103642386d0000000f007b02006e657464657673696d300000080003000200000008000b000900000006001600d10000000500120000000000"], 0x54}, 0x1, 0x0, 0x0, 0x84}, 0x95)
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000200)={0x60, 0x0, 0x0, {{0x6, 0x100000000, 0x80, 0x7, 0x4, 0x401, 0x4}}}, 0x60)

15:43:06 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)
io_uring_setup(0x4809, &(0x7f0000000280)={0x0, 0xa3cb, 0x0, 0x3, 0x1aa, 0x0, r0})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000200)=0x80000000, 0x4)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000300)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})

15:43:06 executing program 5:
socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, 0x0, 0x0)

15:43:06 executing program 2:
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:06 executing program 3:
prctl$PR_CAPBSET_DROP(0x8, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

15:43:06 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)
io_uring_setup(0x4809, &(0x7f0000000280)={0x0, 0xa3cb, 0x0, 0x3, 0x1aa, 0x0, r0})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000200)=0x80000000, 0x4)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)

[  627.779348][ T9766] Bluetooth: hci3: command 0x0401 tx timeout
15:43:07 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
prctl$PR_CAPBSET_DROP(0x8, 0x0)

15:43:07 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
bind$phonet(0xffffffffffffffff, &(0x7f0000000000)={0x23, 0x1, 0x1f, 0xc0}, 0x10)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x6)
prctl$PR_CAPBSET_DROP(0x7, 0x0)

15:43:07 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f00000015c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001580)={&(0x7f0000001500)={0x64, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xcb6}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x71e, 0x10001, 0x2]}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x9]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000000)
r5 = accept4$rose(r1, &(0x7f0000000340)=@full={0xb, @remote, @netrom, 0x0, [@null, @bcast, @default, @bcast, @remote, @default]}, &(0x7f0000000380)=0x40, 0x80800)
sendto$rose(r5, &(0x7f00000003c0)="613add3173b53c4751d9bfdf192313314e14bc4ea96cc24baa7047683e929375fc85bcd8fc6dba42fdcd94e41ab726d2f285ffbe5c3856b304852151da6fbeb07908d7320b4bda19518315af907f567ac38c978b08fb88ffcfbcb20f0dc86af8fd37160e1a3e603ebedf935e151280b90c543142ccd0e5db925f1c2ec4babd8e9ed7c1373be6f0b78a1b18c940dbe04a507141d364120ef27ac66fefd617a77a8ca1e41e24d98922cee6e091f3a3bffcf96f86fca494c0b3412a31e85dccd9a16c5fa8cd2df273f3f06738cfe508825346c6e6516637555d9a7f6e25e4688fb43489176e7b852935b1a9c135066a8aaaa45568e1ff2754f9569b83ceb15f0e4b70ff84638be16d5c1d14b956a09a47ea804b3597fa65d84440b07a96733e7acaf0dc9d4f6b000f249b5192a21c09b6de322a5dd660443acf929b5a3a1d2ad0ec9c5d8a7d4b51f3fdf6de8d0f5c30af2d7f2f55f0c19341088f1f90bb65732286f413986d26686108b91d6cb492cdfd51ceae49450a484c83674c0c3a66f1062488da91357d535cd4813b4d050fdbe325719bc61985e27204529bbd5555c79c063ea1d4f8b21c143e61c2bcbe4f7e25ceebc3ca534b91cacbfae2c55c414635028d3ff598807b2c94e87cbb5bdbee358b56b6a8743d7fb0e7318fd17879d60fe9179b01e9067d5f7ad8fe14559553f9ca77a7ef3c5f49722d5fd701ff237e0630284fa712b7e81f0e39ff2fba0077e2708f298be774d098ccb3957c7491a7bc53b447d83d1e7d76eae588099d4f12ecd30bbe83504318bf3bbc9b79c2f33d96479429dc4073edd8499d03137fbf8a2ab78cfbb74f50800e19718a147b7052f210675c61c9a5feda93e14ffeaade79a4719bb16241dae9b40c790085aa462543fad68b8645b3c48b4951fc3026f28dc3f8aa8899ed6ed3076059a28d2875ce8c5d2d49cdd26460fcc387684a4dd4ac415f92d62ddcf43b1ce4fb14d1ca87ba77230601d2e592acd088ab8d40da6fc2ff4257bf82c2696556bef305ab8016997dd36318ede45b2e363b034a5912535a205f5b596f66fc156fda4148eeeb6d3cce866b5bc61316e86c41133f69f4a3e37a00a0ae4b4ba6779b60396ae78c86da184fd037f7b9dae8c48933eb64627c14fa021a9b983f7473db116a54aeed05dfc7215c222dfed66c4d71e47dd0802d7de73a9cfd0adc67c8e62ee521d1c4dfced59ab6115f4231bddc2b2d2be1b415b73d725c9cf35b2e7e421b435ce672e85943954e3801ce41e90d4f5e0ba3a1b4fd0475243462e78aed931ee5ab364e51c27a60553505e53f62d1fd3fe7b1ea5824fb0b8d833a8f65a6698be21823b0c0f73235732a4353455544d50167c86497850b46d14f47dc2dde2f37d4b8c7a7cc75e7881de8f5ff16c539d7fa410bba5cfabeee6e2a3173c6cd3388d7c09fafd9f0605f002f5122831054d19dfe063e69930bb94936af12a5e0b46623d89caa3ad9e6083f9546cbc6d30b84dcf4c6c37abb666f0578ac34388acff5180564de388bfe129e1c859fbcd4edb40f7eaa4341ffa93ec84b5e8c474999ad48e67df4fe33ae10894410c1c487d6202e14dbd23cc23e65c441f8d413ca8a90c1aa9f735bd20bf2b935da11d9a56828a44dfa3585d52c4f53d18944e60124caead7ce96df4a44999e0074d5d462373122f92af6d87b79065b0d8455654d7b43885363223c4b356367ee4cdf8d40394adbe1c202296568cde7d66c1d3df962bdd687120e8ada7fe2d25795faa0b928803305dfb935906d9110b6d663d31d26937a88698088e857ec383cfc96d4c290bbf1220e745b1a50f3362e0c455e9ff44fe56fc88ef8e1b611bb1b1b41be756960f464b30b6d3a1b3dc7c157af311d92ff8a8775dd5df88ec987f35d08636ec5d33f7217b83859eb596b0e8281b52cae2ffcfe6917800f85159a8f5f7475b38aadecb2da20d878334ebed58fb73960e7108a16a061ad55110e9dbbfbd3bcd753bd7b260c1c8756d4268d52744f84b4b6d37c523a00154cf6887180cf60b034720948bb57fb14c785e196a8dddc9ebb911c52f4be0ac4ae163017bb4fb6134279a96e690879da7abe92ff5a497a5dd05b7da7c153ab5b6dfab606e8a4ae064b48c0c97a28c70c8e50a316343e20e834d80d2c6a54307caff0c3c6159b15c5a51b657b2c72c2a483f3e56f72cc613c3d4e73d315d2ce6b8e50c31e7982529ba275f6b7aed35f130327876102f8491feeac3e18bc0c7f8054c23826bcc16e756bf58d419542d1d71ce7fdf3b96623d596f79c94df21f1a899b9ec89bd3006920afe4b2d033cd3aa8bc9cf4b49a10454291aae85885d15fabf8072e405a0568a45e5c40451d91b1c13c416874af0335d8ccd6cc2e00445a88568734213f231237269c65126957cffbe8abfd3cf0c17a94ae1bbefc5b0562fc2d70f25a76aa16375dbc0302dc6facc0314da72108f62819dd23a530edc644be56c78c7da6b2320c6f800caa2f7d88187bc4e88902c8baf2b153397981008115027efa48b0913822065fa0756602cabf6b54cd04b6b016241e8a3b9df4eaf0edae65bd3bb5259a2758829549617fc34d45c37998a97bf4bfe5f4c7dc9bc5d3a92e5f9dff6fd9802476fe043f7764110ede5d2eefc20958b9bff7015aa15cab92f081f3aef4f3be66651e8bea2537c0cf88cef1a96038ea68759e4bbf69134b4609c84eb678a5f79bd890f133993ca5015fc48343cb5d1731d456f4c792e3713abdc4c09e55253a1235f0ddeda983c9f93ded481c594a75dd2a265c5ba3e158c84d3244f324482cb34f7ce6dcae689ce621196e4b45ea4024b8566d6d18f744fdd12b2956de44b3ad55b4e60602a63bb200cfacb3c29f0d8d699755205a20c2477102dce58f0ddbf21355defef9324d09731be978167a8cf143cb7eec56024dbc126cd081f027f43dbeb570cc1582929cc6ce6b51d36b029fef22feba74273692f8b62203e399e0a94be29c6a691c9ec8b35fc2d1e16e6ccdb559b4a9727f2f001b1ace88a12e63aa6017a9c886dba4ead14789206518b7835d925fd9171bf0a5cbbab699ce89f301b7d11928e56a538dce8fd87e3b0aa4e26fca2cb1fb9141e124e2305f5aa2a3d69aa86048e4b0653fba8d005700828ea99c0f3ecffcb40d658806791b1cb26b25c1ecf69018de8a055531f6ef03698abe6e27d56cbe0e0484fd5f69b850be8e9e7108ab8b0edab8714f399fd85a042d707421e2e64a6d3e923934e0dbd6e4d63419deb9be881a1cbaf37e3fddb709a27a1dc25239f45c3e7a8a657650223cb1dabd46de5b5bf2d27f09c99de9782841d16163e66e926a40e964534c12140577722febdd2e27fc3fb267d13f24dc9e8c920c856c1d7aea319137ada873731990632d55cf2aac4d3e9a64e81f7538c74282349ba5aeb387b943508e733e55ff401005f2dbc158da59466945536005c339d9068fadb4fec90371ed6c7f4847cb3f1bd063f994260c90204e53c1f258b35c63cd9c031195905355c1be3bf54abef8e3c827f96407cd73863489afd954071ae0c40d9c5fb3642493dda3e86f850b05635f5f6b6ea9530f645980a3250577f052e565c03e7e701576460fc7f50d94265371520f8c6a14566c7f81414a165cc1f05a762a5d9fd0d269ed48615415e3bcf1f6f4af00a281425f93e8b0cc3a62517a212aa3e74290f0a39a33106c2e3bd597864769f904de1c51b901071ea12182e109751c274eea43b0b544c6ce32a890aff7eb74555fc7f3a4bd1115befdf01ad42e9c32153cfa094107456a1fad2cf50137b567cb2146248011bbe056a9589f2f4304ad4ff89f7d51fc9b5946f9e66c85bba2fa06c18d81b6d1a04e50a6a498e475851d7c13551cab3b1cec7310cc6dcc7b776489ed4a7b24ad4ade911e0232467627f1107008634f40eb136e634718d2b1dd2681ba06e1e313a612237a39ed652d7c1156fffb44344689dffdc7b94e8b0b55beb4fed3bfc0034666c8778c4dc262a0220c407789ee62f8ac6e0c817283ed5106333c29e637abe42774cda0922b29cc615d0eb7164fbefda1017ac900c272cca5b2b20b124fdd3a1b7a704bac49b9693db4563360558699dcedf387559cbfc33394416b95372ef5128dc7e522ae624a1578b18e327e1a337147ebbfdac82afce78e180f79130a953ee237eefe66652e140a25723f88d35dde045c10cabf0b1022c54c2841d5332bc025d58688790b27b064f0f31ec9548a23c17a3707b63a34bfb9c941ef71934a82253a634e926811161801a69dcbb3208934905e22483951f959ead94edc84a45b19219d101f625f82154acd88df5f92ee59eea945cdc927104763901b9298188c38b1242d0c270e6754454229717e3f4ba187707005ea6c1439c9c40dbe6812d1f0652762368189a0b9a750bdb3db9443bc7fc303f18a853b1ab01e1b6fc05212b6797b2bf638430b1422c771685fa52f190ea6af1dabc8f5a7c8bcafefd6d7e3f33ac587a002da10d37523c5828f9059386184d719a3015ac80a03edc666daffabba4d2a0bf2dee43a2f18a313562af15d1e0d7684bdcf1728e831c3e889ea7c7f35ef01d434274771bf8fe90719f9f9f2ce762670548f8d002cf4a7dbea7a3921c1951b36527c59ecb3d292e6c6fd6a3f423f647657cfdc475e2626af87a377228d2f7d655ce691e1e9582b3b67edfb450f9e22dbb25c664392dc846a8f9de3950e779dcb52e6a3339c704b46af748b9cf51ee098738b88549ec076c6cc5cc069b3c9b6f63ddb7c84323d035ea97b8135477dfa2413a80b6ac08943d169edb7bde66d28317dabdc2b05f45251e9905fea7fb7f6274be707f9f7e29774aeb67da6a55c6911cdcdc5361f529b12e87345e074bd4964f1191d4cfd6b5b6176b70516e903aff0d6046e597f20439cb417dc7a64bb1facc89881a6354158805d61a571a8ca572ffdeb837d6c58975a8256c870068b7bb19767bb88dd54c717fc3c87b1d7e11498ca7a083e9e6f72b20f5bc224d19c6d46333a0a71ec2cf5ad7bf5efa21e40a5d9947bda01b99dbefa0d55b7d34357ee88857fbbde1a3b3d5e672803d0cb88173e0372c16746b195e8e4a35f6ddc163dd7f002a06c757bf1de913199c60033b148b9899399fb2c9c29e7458160b7d601f0482735675d81199802f494b2d2679d6c8395cd4638596893645847a6673c2af1589de33fbb1196ea6a65d9011e9cc42d25b34b5d3c116405a3fa6805172552437dd1f79efa2d00f325ca73bb07e6f3caeea1d2c4adbb1f3705ba6384e9fd052a76012f1e678a8003fed6ce55e580b157ffd3bcb47da6a9b8357c7ab41857d802f8e3935c2a1c386e32665a03358e3b8e9bb83b20aca2e746a84574f936befac7aa153212427c25d98d0ef77c720b9850152764398a9f404bc87d42fdaf94d553a8bb94b2438d7638e489d4edb2453c12afccf17b6df3325758512ac246f2086bcd8082fe5bee8d70532dd510f2e75c804459ef544f0862b8dc0b60ec0574ba091895c0f1c011dc13dd6e781e80354b5ee6ea092ebf78cc7175fe39944105335fc8e9e95022bcb3e83157ed462df4f77de80bc17fbff668366ef602ce100f2537a8be07da1da2e8206274541bcede1b802efa6639dc0d7baa6ea70fbb39020b0772ea1c935de19c8914bd7859e2122e72c6523c2512c9ec69a45eb13e1deba80d4ef7dda497051b486ea32320008169a5c0be29a2aeb52f20e17856dec08ee33ca7b905388c08145e0dbd6c5dfcd6afd0cc087ea1328618e9f1697", 0x1000, 0xc004, &(0x7f00000013c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}}, 0x1c)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001400)='/dev/bsg\x00', 0x310400, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000001480)={&(0x7f0000001440)=[0xffff7fff, 0x80], 0x2, 0x80800})

15:43:07 executing program 3:
prctl$PR_CAPBSET_DROP(0x8, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

15:43:07 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:07 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)
io_uring_setup(0x4809, &(0x7f0000000280)={0x0, 0xa3cb, 0x0, 0x3, 0x1aa, 0x0, r0})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000200)=0x80000000, 0x4)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)

15:43:07 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:07 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f00000015c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001580)={&(0x7f0000001500)={0x64, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xcb6}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x71e, 0x10001, 0x2]}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x9]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000000)
r5 = accept4$rose(r1, &(0x7f0000000340)=@full={0xb, @remote, @netrom, 0x0, [@null, @bcast, @default, @bcast, @remote, @default]}, &(0x7f0000000380)=0x40, 0x80800)
sendto$rose(r5, &(0x7f00000003c0)="613add3173b53c4751d9bfdf192313314e14bc4ea96cc24baa7047683e929375fc85bcd8fc6dba42fdcd94e41ab726d2f285ffbe5c3856b304852151da6fbeb07908d7320b4bda19518315af907f567ac38c978b08fb88ffcfbcb20f0dc86af8fd37160e1a3e603ebedf935e151280b90c543142ccd0e5db925f1c2ec4babd8e9ed7c1373be6f0b78a1b18c940dbe04a507141d364120ef27ac66fefd617a77a8ca1e41e24d98922cee6e091f3a3bffcf96f86fca494c0b3412a31e85dccd9a16c5fa8cd2df273f3f06738cfe508825346c6e6516637555d9a7f6e25e4688fb43489176e7b852935b1a9c135066a8aaaa45568e1ff2754f9569b83ceb15f0e4b70ff84638be16d5c1d14b956a09a47ea804b3597fa65d84440b07a96733e7acaf0dc9d4f6b000f249b5192a21c09b6de322a5dd660443acf929b5a3a1d2ad0ec9c5d8a7d4b51f3fdf6de8d0f5c30af2d7f2f55f0c19341088f1f90bb65732286f413986d26686108b91d6cb492cdfd51ceae49450a484c83674c0c3a66f1062488da91357d535cd4813b4d050fdbe325719bc61985e27204529bbd5555c79c063ea1d4f8b21c143e61c2bcbe4f7e25ceebc3ca534b91cacbfae2c55c414635028d3ff598807b2c94e87cbb5bdbee358b56b6a8743d7fb0e7318fd17879d60fe9179b01e9067d5f7ad8fe14559553f9ca77a7ef3c5f49722d5fd701ff237e0630284fa712b7e81f0e39ff2fba0077e2708f298be774d098ccb3957c7491a7bc53b447d83d1e7d76eae588099d4f12ecd30bbe83504318bf3bbc9b79c2f33d96479429dc4073edd8499d03137fbf8a2ab78cfbb74f50800e19718a147b7052f210675c61c9a5feda93e14ffeaade79a4719bb16241dae9b40c790085aa462543fad68b8645b3c48b4951fc3026f28dc3f8aa8899ed6ed3076059a28d2875ce8c5d2d49cdd26460fcc387684a4dd4ac415f92d62ddcf43b1ce4fb14d1ca87ba77230601d2e592acd088ab8d40da6fc2ff4257bf82c2696556bef305ab8016997dd36318ede45b2e363b034a5912535a205f5b596f66fc156fda4148eeeb6d3cce866b5bc61316e86c41133f69f4a3e37a00a0ae4b4ba6779b60396ae78c86da184fd037f7b9dae8c48933eb64627c14fa021a9b983f7473db116a54aeed05dfc7215c222dfed66c4d71e47dd0802d7de73a9cfd0adc67c8e62ee521d1c4dfced59ab6115f4231bddc2b2d2be1b415b73d725c9cf35b2e7e421b435ce672e85943954e3801ce41e90d4f5e0ba3a1b4fd0475243462e78aed931ee5ab364e51c27a60553505e53f62d1fd3fe7b1ea5824fb0b8d833a8f65a6698be21823b0c0f73235732a4353455544d50167c86497850b46d14f47dc2dde2f37d4b8c7a7cc75e7881de8f5ff16c539d7fa410bba5cfabeee6e2a3173c6cd3388d7c09fafd9f0605f002f5122831054d19dfe063e69930bb94936af12a5e0b46623d89caa3ad9e6083f9546cbc6d30b84dcf4c6c37abb666f0578ac34388acff5180564de388bfe129e1c859fbcd4edb40f7eaa4341ffa93ec84b5e8c474999ad48e67df4fe33ae10894410c1c487d6202e14dbd23cc23e65c441f8d413ca8a90c1aa9f735bd20bf2b935da11d9a56828a44dfa3585d52c4f53d18944e60124caead7ce96df4a44999e0074d5d462373122f92af6d87b79065b0d8455654d7b43885363223c4b356367ee4cdf8d40394adbe1c202296568cde7d66c1d3df962bdd687120e8ada7fe2d25795faa0b928803305dfb935906d9110b6d663d31d26937a88698088e857ec383cfc96d4c290bbf1220e745b1a50f3362e0c455e9ff44fe56fc88ef8e1b611bb1b1b41be756960f464b30b6d3a1b3dc7c157af311d92ff8a8775dd5df88ec987f35d08636ec5d33f7217b83859eb596b0e8281b52cae2ffcfe6917800f85159a8f5f7475b38aadecb2da20d878334ebed58fb73960e7108a16a061ad55110e9dbbfbd3bcd753bd7b260c1c8756d4268d52744f84b4b6d37c523a00154cf6887180cf60b034720948bb57fb14c785e196a8dddc9ebb911c52f4be0ac4ae163017bb4fb6134279a96e690879da7abe92ff5a497a5dd05b7da7c153ab5b6dfab606e8a4ae064b48c0c97a28c70c8e50a316343e20e834d80d2c6a54307caff0c3c6159b15c5a51b657b2c72c2a483f3e56f72cc613c3d4e73d315d2ce6b8e50c31e7982529ba275f6b7aed35f130327876102f8491feeac3e18bc0c7f8054c23826bcc16e756bf58d419542d1d71ce7fdf3b96623d596f79c94df21f1a899b9ec89bd3006920afe4b2d033cd3aa8bc9cf4b49a10454291aae85885d15fabf8072e405a0568a45e5c40451d91b1c13c416874af0335d8ccd6cc2e00445a88568734213f231237269c65126957cffbe8abfd3cf0c17a94ae1bbefc5b0562fc2d70f25a76aa16375dbc0302dc6facc0314da72108f62819dd23a530edc644be56c78c7da6b2320c6f800caa2f7d88187bc4e88902c8baf2b153397981008115027efa48b0913822065fa0756602cabf6b54cd04b6b016241e8a3b9df4eaf0edae65bd3bb5259a2758829549617fc34d45c37998a97bf4bfe5f4c7dc9bc5d3a92e5f9dff6fd9802476fe043f7764110ede5d2eefc20958b9bff7015aa15cab92f081f3aef4f3be66651e8bea2537c0cf88cef1a96038ea68759e4bbf69134b4609c84eb678a5f79bd890f133993ca5015fc48343cb5d1731d456f4c792e3713abdc4c09e55253a1235f0ddeda983c9f93ded481c594a75dd2a265c5ba3e158c84d3244f324482cb34f7ce6dcae689ce621196e4b45ea4024b8566d6d18f744fdd12b2956de44b3ad55b4e60602a63bb200cfacb3c29f0d8d699755205a20c2477102dce58f0ddbf21355defef9324d09731be978167a8cf143cb7eec56024dbc126cd081f027f43dbeb570cc1582929cc6ce6b51d36b029fef22feba74273692f8b62203e399e0a94be29c6a691c9ec8b35fc2d1e16e6ccdb559b4a9727f2f001b1ace88a12e63aa6017a9c886dba4ead14789206518b7835d925fd9171bf0a5cbbab699ce89f301b7d11928e56a538dce8fd87e3b0aa4e26fca2cb1fb9141e124e2305f5aa2a3d69aa86048e4b0653fba8d005700828ea99c0f3ecffcb40d658806791b1cb26b25c1ecf69018de8a055531f6ef03698abe6e27d56cbe0e0484fd5f69b850be8e9e7108ab8b0edab8714f399fd85a042d707421e2e64a6d3e923934e0dbd6e4d63419deb9be881a1cbaf37e3fddb709a27a1dc25239f45c3e7a8a657650223cb1dabd46de5b5bf2d27f09c99de9782841d16163e66e926a40e964534c12140577722febdd2e27fc3fb267d13f24dc9e8c920c856c1d7aea319137ada873731990632d55cf2aac4d3e9a64e81f7538c74282349ba5aeb387b943508e733e55ff401005f2dbc158da59466945536005c339d9068fadb4fec90371ed6c7f4847cb3f1bd063f994260c90204e53c1f258b35c63cd9c031195905355c1be3bf54abef8e3c827f96407cd73863489afd954071ae0c40d9c5fb3642493dda3e86f850b05635f5f6b6ea9530f645980a3250577f052e565c03e7e701576460fc7f50d94265371520f8c6a14566c7f81414a165cc1f05a762a5d9fd0d269ed48615415e3bcf1f6f4af00a281425f93e8b0cc3a62517a212aa3e74290f0a39a33106c2e3bd597864769f904de1c51b901071ea12182e109751c274eea43b0b544c6ce32a890aff7eb74555fc7f3a4bd1115befdf01ad42e9c32153cfa094107456a1fad2cf50137b567cb2146248011bbe056a9589f2f4304ad4ff89f7d51fc9b5946f9e66c85bba2fa06c18d81b6d1a04e50a6a498e475851d7c13551cab3b1cec7310cc6dcc7b776489ed4a7b24ad4ade911e0232467627f1107008634f40eb136e634718d2b1dd2681ba06e1e313a612237a39ed652d7c1156fffb44344689dffdc7b94e8b0b55beb4fed3bfc0034666c8778c4dc262a0220c407789ee62f8ac6e0c817283ed5106333c29e637abe42774cda0922b29cc615d0eb7164fbefda1017ac900c272cca5b2b20b124fdd3a1b7a704bac49b9693db4563360558699dcedf387559cbfc33394416b95372ef5128dc7e522ae624a1578b18e327e1a337147ebbfdac82afce78e180f79130a953ee237eefe66652e140a25723f88d35dde045c10cabf0b1022c54c2841d5332bc025d58688790b27b064f0f31ec9548a23c17a3707b63a34bfb9c941ef71934a82253a634e926811161801a69dcbb3208934905e22483951f959ead94edc84a45b19219d101f625f82154acd88df5f92ee59eea945cdc927104763901b9298188c38b1242d0c270e6754454229717e3f4ba187707005ea6c1439c9c40dbe6812d1f0652762368189a0b9a750bdb3db9443bc7fc303f18a853b1ab01e1b6fc05212b6797b2bf638430b1422c771685fa52f190ea6af1dabc8f5a7c8bcafefd6d7e3f33ac587a002da10d37523c5828f9059386184d719a3015ac80a03edc666daffabba4d2a0bf2dee43a2f18a313562af15d1e0d7684bdcf1728e831c3e889ea7c7f35ef01d434274771bf8fe90719f9f9f2ce762670548f8d002cf4a7dbea7a3921c1951b36527c59ecb3d292e6c6fd6a3f423f647657cfdc475e2626af87a377228d2f7d655ce691e1e9582b3b67edfb450f9e22dbb25c664392dc846a8f9de3950e779dcb52e6a3339c704b46af748b9cf51ee098738b88549ec076c6cc5cc069b3c9b6f63ddb7c84323d035ea97b8135477dfa2413a80b6ac08943d169edb7bde66d28317dabdc2b05f45251e9905fea7fb7f6274be707f9f7e29774aeb67da6a55c6911cdcdc5361f529b12e87345e074bd4964f1191d4cfd6b5b6176b70516e903aff0d6046e597f20439cb417dc7a64bb1facc89881a6354158805d61a571a8ca572ffdeb837d6c58975a8256c870068b7bb19767bb88dd54c717fc3c87b1d7e11498ca7a083e9e6f72b20f5bc224d19c6d46333a0a71ec2cf5ad7bf5efa21e40a5d9947bda01b99dbefa0d55b7d34357ee88857fbbde1a3b3d5e672803d0cb88173e0372c16746b195e8e4a35f6ddc163dd7f002a06c757bf1de913199c60033b148b9899399fb2c9c29e7458160b7d601f0482735675d81199802f494b2d2679d6c8395cd4638596893645847a6673c2af1589de33fbb1196ea6a65d9011e9cc42d25b34b5d3c116405a3fa6805172552437dd1f79efa2d00f325ca73bb07e6f3caeea1d2c4adbb1f3705ba6384e9fd052a76012f1e678a8003fed6ce55e580b157ffd3bcb47da6a9b8357c7ab41857d802f8e3935c2a1c386e32665a03358e3b8e9bb83b20aca2e746a84574f936befac7aa153212427c25d98d0ef77c720b9850152764398a9f404bc87d42fdaf94d553a8bb94b2438d7638e489d4edb2453c12afccf17b6df3325758512ac246f2086bcd8082fe5bee8d70532dd510f2e75c804459ef544f0862b8dc0b60ec0574ba091895c0f1c011dc13dd6e781e80354b5ee6ea092ebf78cc7175fe39944105335fc8e9e95022bcb3e83157ed462df4f77de80bc17fbff668366ef602ce100f2537a8be07da1da2e8206274541bcede1b802efa6639dc0d7baa6ea70fbb39020b0772ea1c935de19c8914bd7859e2122e72c6523c2512c9ec69a45eb13e1deba80d4ef7dda497051b486ea32320008169a5c0be29a2aeb52f20e17856dec08ee33ca7b905388c08145e0dbd6c5dfcd6afd0cc087ea1328618e9f1697", 0x1000, 0xc004, &(0x7f00000013c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}}, 0x1c)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001400)='/dev/bsg\x00', 0x310400, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000001480)={&(0x7f0000001440)=[0xffff7fff, 0x80], 0x2, 0x80800})

15:43:07 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
bind$phonet(0xffffffffffffffff, &(0x7f0000000000)={0x23, 0x1, 0x1f, 0xc0}, 0x10)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x6)
prctl$PR_CAPBSET_DROP(0x7, 0x0)

15:43:07 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)
io_uring_setup(0x4809, &(0x7f0000000280)={0x0, 0xa3cb, 0x0, 0x3, 0x1aa, 0x0, r0})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000200)=0x80000000, 0x4)

15:43:07 executing program 3:
prctl$PR_CAPBSET_DROP(0x8, 0x0)
ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

15:43:07 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

[  629.309226][ T3001] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:08 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:08 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f00000015c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001580)={&(0x7f0000001500)={0x64, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xcb6}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x71e, 0x10001, 0x2]}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x9]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000000)
r5 = accept4$rose(r1, &(0x7f0000000340)=@full={0xb, @remote, @netrom, 0x0, [@null, @bcast, @default, @bcast, @remote, @default]}, &(0x7f0000000380)=0x40, 0x80800)
sendto$rose(r5, &(0x7f00000003c0)="613add3173b53c4751d9bfdf192313314e14bc4ea96cc24baa7047683e929375fc85bcd8fc6dba42fdcd94e41ab726d2f285ffbe5c3856b304852151da6fbeb07908d7320b4bda19518315af907f567ac38c978b08fb88ffcfbcb20f0dc86af8fd37160e1a3e603ebedf935e151280b90c543142ccd0e5db925f1c2ec4babd8e9ed7c1373be6f0b78a1b18c940dbe04a507141d364120ef27ac66fefd617a77a8ca1e41e24d98922cee6e091f3a3bffcf96f86fca494c0b3412a31e85dccd9a16c5fa8cd2df273f3f06738cfe508825346c6e6516637555d9a7f6e25e4688fb43489176e7b852935b1a9c135066a8aaaa45568e1ff2754f9569b83ceb15f0e4b70ff84638be16d5c1d14b956a09a47ea804b3597fa65d84440b07a96733e7acaf0dc9d4f6b000f249b5192a21c09b6de322a5dd660443acf929b5a3a1d2ad0ec9c5d8a7d4b51f3fdf6de8d0f5c30af2d7f2f55f0c19341088f1f90bb65732286f413986d26686108b91d6cb492cdfd51ceae49450a484c83674c0c3a66f1062488da91357d535cd4813b4d050fdbe325719bc61985e27204529bbd5555c79c063ea1d4f8b21c143e61c2bcbe4f7e25ceebc3ca534b91cacbfae2c55c414635028d3ff598807b2c94e87cbb5bdbee358b56b6a8743d7fb0e7318fd17879d60fe9179b01e9067d5f7ad8fe14559553f9ca77a7ef3c5f49722d5fd701ff237e0630284fa712b7e81f0e39ff2fba0077e2708f298be774d098ccb3957c7491a7bc53b447d83d1e7d76eae588099d4f12ecd30bbe83504318bf3bbc9b79c2f33d96479429dc4073edd8499d03137fbf8a2ab78cfbb74f50800e19718a147b7052f210675c61c9a5feda93e14ffeaade79a4719bb16241dae9b40c790085aa462543fad68b8645b3c48b4951fc3026f28dc3f8aa8899ed6ed3076059a28d2875ce8c5d2d49cdd26460fcc387684a4dd4ac415f92d62ddcf43b1ce4fb14d1ca87ba77230601d2e592acd088ab8d40da6fc2ff4257bf82c2696556bef305ab8016997dd36318ede45b2e363b034a5912535a205f5b596f66fc156fda4148eeeb6d3cce866b5bc61316e86c41133f69f4a3e37a00a0ae4b4ba6779b60396ae78c86da184fd037f7b9dae8c48933eb64627c14fa021a9b983f7473db116a54aeed05dfc7215c222dfed66c4d71e47dd0802d7de73a9cfd0adc67c8e62ee521d1c4dfced59ab6115f4231bddc2b2d2be1b415b73d725c9cf35b2e7e421b435ce672e85943954e3801ce41e90d4f5e0ba3a1b4fd0475243462e78aed931ee5ab364e51c27a60553505e53f62d1fd3fe7b1ea5824fb0b8d833a8f65a6698be21823b0c0f73235732a4353455544d50167c86497850b46d14f47dc2dde2f37d4b8c7a7cc75e7881de8f5ff16c539d7fa410bba5cfabeee6e2a3173c6cd3388d7c09fafd9f0605f002f5122831054d19dfe063e69930bb94936af12a5e0b46623d89caa3ad9e6083f9546cbc6d30b84dcf4c6c37abb666f0578ac34388acff5180564de388bfe129e1c859fbcd4edb40f7eaa4341ffa93ec84b5e8c474999ad48e67df4fe33ae10894410c1c487d6202e14dbd23cc23e65c441f8d413ca8a90c1aa9f735bd20bf2b935da11d9a56828a44dfa3585d52c4f53d18944e60124caead7ce96df4a44999e0074d5d462373122f92af6d87b79065b0d8455654d7b43885363223c4b356367ee4cdf8d40394adbe1c202296568cde7d66c1d3df962bdd687120e8ada7fe2d25795faa0b928803305dfb935906d9110b6d663d31d26937a88698088e857ec383cfc96d4c290bbf1220e745b1a50f3362e0c455e9ff44fe56fc88ef8e1b611bb1b1b41be756960f464b30b6d3a1b3dc7c157af311d92ff8a8775dd5df88ec987f35d08636ec5d33f7217b83859eb596b0e8281b52cae2ffcfe6917800f85159a8f5f7475b38aadecb2da20d878334ebed58fb73960e7108a16a061ad55110e9dbbfbd3bcd753bd7b260c1c8756d4268d52744f84b4b6d37c523a00154cf6887180cf60b034720948bb57fb14c785e196a8dddc9ebb911c52f4be0ac4ae163017bb4fb6134279a96e690879da7abe92ff5a497a5dd05b7da7c153ab5b6dfab606e8a4ae064b48c0c97a28c70c8e50a316343e20e834d80d2c6a54307caff0c3c6159b15c5a51b657b2c72c2a483f3e56f72cc613c3d4e73d315d2ce6b8e50c31e7982529ba275f6b7aed35f130327876102f8491feeac3e18bc0c7f8054c23826bcc16e756bf58d419542d1d71ce7fdf3b96623d596f79c94df21f1a899b9ec89bd3006920afe4b2d033cd3aa8bc9cf4b49a10454291aae85885d15fabf8072e405a0568a45e5c40451d91b1c13c416874af0335d8ccd6cc2e00445a88568734213f231237269c65126957cffbe8abfd3cf0c17a94ae1bbefc5b0562fc2d70f25a76aa16375dbc0302dc6facc0314da72108f62819dd23a530edc644be56c78c7da6b2320c6f800caa2f7d88187bc4e88902c8baf2b153397981008115027efa48b0913822065fa0756602cabf6b54cd04b6b016241e8a3b9df4eaf0edae65bd3bb5259a2758829549617fc34d45c37998a97bf4bfe5f4c7dc9bc5d3a92e5f9dff6fd9802476fe043f7764110ede5d2eefc20958b9bff7015aa15cab92f081f3aef4f3be66651e8bea2537c0cf88cef1a96038ea68759e4bbf69134b4609c84eb678a5f79bd890f133993ca5015fc48343cb5d1731d456f4c792e3713abdc4c09e55253a1235f0ddeda983c9f93ded481c594a75dd2a265c5ba3e158c84d3244f324482cb34f7ce6dcae689ce621196e4b45ea4024b8566d6d18f744fdd12b2956de44b3ad55b4e60602a63bb200cfacb3c29f0d8d699755205a20c2477102dce58f0ddbf21355defef9324d09731be978167a8cf143cb7eec56024dbc126cd081f027f43dbeb570cc1582929cc6ce6b51d36b029fef22feba74273692f8b62203e399e0a94be29c6a691c9ec8b35fc2d1e16e6ccdb559b4a9727f2f001b1ace88a12e63aa6017a9c886dba4ead14789206518b7835d925fd9171bf0a5cbbab699ce89f301b7d11928e56a538dce8fd87e3b0aa4e26fca2cb1fb9141e124e2305f5aa2a3d69aa86048e4b0653fba8d005700828ea99c0f3ecffcb40d658806791b1cb26b25c1ecf69018de8a055531f6ef03698abe6e27d56cbe0e0484fd5f69b850be8e9e7108ab8b0edab8714f399fd85a042d707421e2e64a6d3e923934e0dbd6e4d63419deb9be881a1cbaf37e3fddb709a27a1dc25239f45c3e7a8a657650223cb1dabd46de5b5bf2d27f09c99de9782841d16163e66e926a40e964534c12140577722febdd2e27fc3fb267d13f24dc9e8c920c856c1d7aea319137ada873731990632d55cf2aac4d3e9a64e81f7538c74282349ba5aeb387b943508e733e55ff401005f2dbc158da59466945536005c339d9068fadb4fec90371ed6c7f4847cb3f1bd063f994260c90204e53c1f258b35c63cd9c031195905355c1be3bf54abef8e3c827f96407cd73863489afd954071ae0c40d9c5fb3642493dda3e86f850b05635f5f6b6ea9530f645980a3250577f052e565c03e7e701576460fc7f50d94265371520f8c6a14566c7f81414a165cc1f05a762a5d9fd0d269ed48615415e3bcf1f6f4af00a281425f93e8b0cc3a62517a212aa3e74290f0a39a33106c2e3bd597864769f904de1c51b901071ea12182e109751c274eea43b0b544c6ce32a890aff7eb74555fc7f3a4bd1115befdf01ad42e9c32153cfa094107456a1fad2cf50137b567cb2146248011bbe056a9589f2f4304ad4ff89f7d51fc9b5946f9e66c85bba2fa06c18d81b6d1a04e50a6a498e475851d7c13551cab3b1cec7310cc6dcc7b776489ed4a7b24ad4ade911e0232467627f1107008634f40eb136e634718d2b1dd2681ba06e1e313a612237a39ed652d7c1156fffb44344689dffdc7b94e8b0b55beb4fed3bfc0034666c8778c4dc262a0220c407789ee62f8ac6e0c817283ed5106333c29e637abe42774cda0922b29cc615d0eb7164fbefda1017ac900c272cca5b2b20b124fdd3a1b7a704bac49b9693db4563360558699dcedf387559cbfc33394416b95372ef5128dc7e522ae624a1578b18e327e1a337147ebbfdac82afce78e180f79130a953ee237eefe66652e140a25723f88d35dde045c10cabf0b1022c54c2841d5332bc025d58688790b27b064f0f31ec9548a23c17a3707b63a34bfb9c941ef71934a82253a634e926811161801a69dcbb3208934905e22483951f959ead94edc84a45b19219d101f625f82154acd88df5f92ee59eea945cdc927104763901b9298188c38b1242d0c270e6754454229717e3f4ba187707005ea6c1439c9c40dbe6812d1f0652762368189a0b9a750bdb3db9443bc7fc303f18a853b1ab01e1b6fc05212b6797b2bf638430b1422c771685fa52f190ea6af1dabc8f5a7c8bcafefd6d7e3f33ac587a002da10d37523c5828f9059386184d719a3015ac80a03edc666daffabba4d2a0bf2dee43a2f18a313562af15d1e0d7684bdcf1728e831c3e889ea7c7f35ef01d434274771bf8fe90719f9f9f2ce762670548f8d002cf4a7dbea7a3921c1951b36527c59ecb3d292e6c6fd6a3f423f647657cfdc475e2626af87a377228d2f7d655ce691e1e9582b3b67edfb450f9e22dbb25c664392dc846a8f9de3950e779dcb52e6a3339c704b46af748b9cf51ee098738b88549ec076c6cc5cc069b3c9b6f63ddb7c84323d035ea97b8135477dfa2413a80b6ac08943d169edb7bde66d28317dabdc2b05f45251e9905fea7fb7f6274be707f9f7e29774aeb67da6a55c6911cdcdc5361f529b12e87345e074bd4964f1191d4cfd6b5b6176b70516e903aff0d6046e597f20439cb417dc7a64bb1facc89881a6354158805d61a571a8ca572ffdeb837d6c58975a8256c870068b7bb19767bb88dd54c717fc3c87b1d7e11498ca7a083e9e6f72b20f5bc224d19c6d46333a0a71ec2cf5ad7bf5efa21e40a5d9947bda01b99dbefa0d55b7d34357ee88857fbbde1a3b3d5e672803d0cb88173e0372c16746b195e8e4a35f6ddc163dd7f002a06c757bf1de913199c60033b148b9899399fb2c9c29e7458160b7d601f0482735675d81199802f494b2d2679d6c8395cd4638596893645847a6673c2af1589de33fbb1196ea6a65d9011e9cc42d25b34b5d3c116405a3fa6805172552437dd1f79efa2d00f325ca73bb07e6f3caeea1d2c4adbb1f3705ba6384e9fd052a76012f1e678a8003fed6ce55e580b157ffd3bcb47da6a9b8357c7ab41857d802f8e3935c2a1c386e32665a03358e3b8e9bb83b20aca2e746a84574f936befac7aa153212427c25d98d0ef77c720b9850152764398a9f404bc87d42fdaf94d553a8bb94b2438d7638e489d4edb2453c12afccf17b6df3325758512ac246f2086bcd8082fe5bee8d70532dd510f2e75c804459ef544f0862b8dc0b60ec0574ba091895c0f1c011dc13dd6e781e80354b5ee6ea092ebf78cc7175fe39944105335fc8e9e95022bcb3e83157ed462df4f77de80bc17fbff668366ef602ce100f2537a8be07da1da2e8206274541bcede1b802efa6639dc0d7baa6ea70fbb39020b0772ea1c935de19c8914bd7859e2122e72c6523c2512c9ec69a45eb13e1deba80d4ef7dda497051b486ea32320008169a5c0be29a2aeb52f20e17856dec08ee33ca7b905388c08145e0dbd6c5dfcd6afd0cc087ea1328618e9f1697", 0x1000, 0xc004, &(0x7f00000013c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}}, 0x1c)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001400)='/dev/bsg\x00', 0x310400, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000001480)={&(0x7f0000001440)=[0xffff7fff, 0x80], 0x2, 0x80800})

15:43:08 executing program 3:
prctl$PR_CAPBSET_DROP(0x8, 0x0)
ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

15:43:08 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)

15:43:08 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)
io_uring_setup(0x4809, &(0x7f0000000280)={0x0, 0xa3cb, 0x0, 0x3, 0x1aa, 0x0, r0})

15:43:08 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
bind$phonet(0xffffffffffffffff, &(0x7f0000000000)={0x23, 0x1, 0x1f, 0xc0}, 0x10)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x6)
prctl$PR_CAPBSET_DROP(0x7, 0x0)

15:43:08 executing program 3:
prctl$PR_CAPBSET_DROP(0x8, 0x0)
ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

15:43:08 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
bind$phonet(0xffffffffffffffff, &(0x7f0000000000)={0x23, 0x1, 0x1f, 0xc0}, 0x10)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x6)

15:43:08 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)

15:43:08 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:08 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f00000015c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001580)={&(0x7f0000001500)={0x64, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xcb6}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x71e, 0x10001, 0x2]}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x9]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000000)
r5 = accept4$rose(r1, &(0x7f0000000340)=@full={0xb, @remote, @netrom, 0x0, [@null, @bcast, @default, @bcast, @remote, @default]}, &(0x7f0000000380)=0x40, 0x80800)
sendto$rose(r5, &(0x7f00000003c0)="613add3173b53c4751d9bfdf192313314e14bc4ea96cc24baa7047683e929375fc85bcd8fc6dba42fdcd94e41ab726d2f285ffbe5c3856b304852151da6fbeb07908d7320b4bda19518315af907f567ac38c978b08fb88ffcfbcb20f0dc86af8fd37160e1a3e603ebedf935e151280b90c543142ccd0e5db925f1c2ec4babd8e9ed7c1373be6f0b78a1b18c940dbe04a507141d364120ef27ac66fefd617a77a8ca1e41e24d98922cee6e091f3a3bffcf96f86fca494c0b3412a31e85dccd9a16c5fa8cd2df273f3f06738cfe508825346c6e6516637555d9a7f6e25e4688fb43489176e7b852935b1a9c135066a8aaaa45568e1ff2754f9569b83ceb15f0e4b70ff84638be16d5c1d14b956a09a47ea804b3597fa65d84440b07a96733e7acaf0dc9d4f6b000f249b5192a21c09b6de322a5dd660443acf929b5a3a1d2ad0ec9c5d8a7d4b51f3fdf6de8d0f5c30af2d7f2f55f0c19341088f1f90bb65732286f413986d26686108b91d6cb492cdfd51ceae49450a484c83674c0c3a66f1062488da91357d535cd4813b4d050fdbe325719bc61985e27204529bbd5555c79c063ea1d4f8b21c143e61c2bcbe4f7e25ceebc3ca534b91cacbfae2c55c414635028d3ff598807b2c94e87cbb5bdbee358b56b6a8743d7fb0e7318fd17879d60fe9179b01e9067d5f7ad8fe14559553f9ca77a7ef3c5f49722d5fd701ff237e0630284fa712b7e81f0e39ff2fba0077e2708f298be774d098ccb3957c7491a7bc53b447d83d1e7d76eae588099d4f12ecd30bbe83504318bf3bbc9b79c2f33d96479429dc4073edd8499d03137fbf8a2ab78cfbb74f50800e19718a147b7052f210675c61c9a5feda93e14ffeaade79a4719bb16241dae9b40c790085aa462543fad68b8645b3c48b4951fc3026f28dc3f8aa8899ed6ed3076059a28d2875ce8c5d2d49cdd26460fcc387684a4dd4ac415f92d62ddcf43b1ce4fb14d1ca87ba77230601d2e592acd088ab8d40da6fc2ff4257bf82c2696556bef305ab8016997dd36318ede45b2e363b034a5912535a205f5b596f66fc156fda4148eeeb6d3cce866b5bc61316e86c41133f69f4a3e37a00a0ae4b4ba6779b60396ae78c86da184fd037f7b9dae8c48933eb64627c14fa021a9b983f7473db116a54aeed05dfc7215c222dfed66c4d71e47dd0802d7de73a9cfd0adc67c8e62ee521d1c4dfced59ab6115f4231bddc2b2d2be1b415b73d725c9cf35b2e7e421b435ce672e85943954e3801ce41e90d4f5e0ba3a1b4fd0475243462e78aed931ee5ab364e51c27a60553505e53f62d1fd3fe7b1ea5824fb0b8d833a8f65a6698be21823b0c0f73235732a4353455544d50167c86497850b46d14f47dc2dde2f37d4b8c7a7cc75e7881de8f5ff16c539d7fa410bba5cfabeee6e2a3173c6cd3388d7c09fafd9f0605f002f5122831054d19dfe063e69930bb94936af12a5e0b46623d89caa3ad9e6083f9546cbc6d30b84dcf4c6c37abb666f0578ac34388acff5180564de388bfe129e1c859fbcd4edb40f7eaa4341ffa93ec84b5e8c474999ad48e67df4fe33ae10894410c1c487d6202e14dbd23cc23e65c441f8d413ca8a90c1aa9f735bd20bf2b935da11d9a56828a44dfa3585d52c4f53d18944e60124caead7ce96df4a44999e0074d5d462373122f92af6d87b79065b0d8455654d7b43885363223c4b356367ee4cdf8d40394adbe1c202296568cde7d66c1d3df962bdd687120e8ada7fe2d25795faa0b928803305dfb935906d9110b6d663d31d26937a88698088e857ec383cfc96d4c290bbf1220e745b1a50f3362e0c455e9ff44fe56fc88ef8e1b611bb1b1b41be756960f464b30b6d3a1b3dc7c157af311d92ff8a8775dd5df88ec987f35d08636ec5d33f7217b83859eb596b0e8281b52cae2ffcfe6917800f85159a8f5f7475b38aadecb2da20d878334ebed58fb73960e7108a16a061ad55110e9dbbfbd3bcd753bd7b260c1c8756d4268d52744f84b4b6d37c523a00154cf6887180cf60b034720948bb57fb14c785e196a8dddc9ebb911c52f4be0ac4ae163017bb4fb6134279a96e690879da7abe92ff5a497a5dd05b7da7c153ab5b6dfab606e8a4ae064b48c0c97a28c70c8e50a316343e20e834d80d2c6a54307caff0c3c6159b15c5a51b657b2c72c2a483f3e56f72cc613c3d4e73d315d2ce6b8e50c31e7982529ba275f6b7aed35f130327876102f8491feeac3e18bc0c7f8054c23826bcc16e756bf58d419542d1d71ce7fdf3b96623d596f79c94df21f1a899b9ec89bd3006920afe4b2d033cd3aa8bc9cf4b49a10454291aae85885d15fabf8072e405a0568a45e5c40451d91b1c13c416874af0335d8ccd6cc2e00445a88568734213f231237269c65126957cffbe8abfd3cf0c17a94ae1bbefc5b0562fc2d70f25a76aa16375dbc0302dc6facc0314da72108f62819dd23a530edc644be56c78c7da6b2320c6f800caa2f7d88187bc4e88902c8baf2b153397981008115027efa48b0913822065fa0756602cabf6b54cd04b6b016241e8a3b9df4eaf0edae65bd3bb5259a2758829549617fc34d45c37998a97bf4bfe5f4c7dc9bc5d3a92e5f9dff6fd9802476fe043f7764110ede5d2eefc20958b9bff7015aa15cab92f081f3aef4f3be66651e8bea2537c0cf88cef1a96038ea68759e4bbf69134b4609c84eb678a5f79bd890f133993ca5015fc48343cb5d1731d456f4c792e3713abdc4c09e55253a1235f0ddeda983c9f93ded481c594a75dd2a265c5ba3e158c84d3244f324482cb34f7ce6dcae689ce621196e4b45ea4024b8566d6d18f744fdd12b2956de44b3ad55b4e60602a63bb200cfacb3c29f0d8d699755205a20c2477102dce58f0ddbf21355defef9324d09731be978167a8cf143cb7eec56024dbc126cd081f027f43dbeb570cc1582929cc6ce6b51d36b029fef22feba74273692f8b62203e399e0a94be29c6a691c9ec8b35fc2d1e16e6ccdb559b4a9727f2f001b1ace88a12e63aa6017a9c886dba4ead14789206518b7835d925fd9171bf0a5cbbab699ce89f301b7d11928e56a538dce8fd87e3b0aa4e26fca2cb1fb9141e124e2305f5aa2a3d69aa86048e4b0653fba8d005700828ea99c0f3ecffcb40d658806791b1cb26b25c1ecf69018de8a055531f6ef03698abe6e27d56cbe0e0484fd5f69b850be8e9e7108ab8b0edab8714f399fd85a042d707421e2e64a6d3e923934e0dbd6e4d63419deb9be881a1cbaf37e3fddb709a27a1dc25239f45c3e7a8a657650223cb1dabd46de5b5bf2d27f09c99de9782841d16163e66e926a40e964534c12140577722febdd2e27fc3fb267d13f24dc9e8c920c856c1d7aea319137ada873731990632d55cf2aac4d3e9a64e81f7538c74282349ba5aeb387b943508e733e55ff401005f2dbc158da59466945536005c339d9068fadb4fec90371ed6c7f4847cb3f1bd063f994260c90204e53c1f258b35c63cd9c031195905355c1be3bf54abef8e3c827f96407cd73863489afd954071ae0c40d9c5fb3642493dda3e86f850b05635f5f6b6ea9530f645980a3250577f052e565c03e7e701576460fc7f50d94265371520f8c6a14566c7f81414a165cc1f05a762a5d9fd0d269ed48615415e3bcf1f6f4af00a281425f93e8b0cc3a62517a212aa3e74290f0a39a33106c2e3bd597864769f904de1c51b901071ea12182e109751c274eea43b0b544c6ce32a890aff7eb74555fc7f3a4bd1115befdf01ad42e9c32153cfa094107456a1fad2cf50137b567cb2146248011bbe056a9589f2f4304ad4ff89f7d51fc9b5946f9e66c85bba2fa06c18d81b6d1a04e50a6a498e475851d7c13551cab3b1cec7310cc6dcc7b776489ed4a7b24ad4ade911e0232467627f1107008634f40eb136e634718d2b1dd2681ba06e1e313a612237a39ed652d7c1156fffb44344689dffdc7b94e8b0b55beb4fed3bfc0034666c8778c4dc262a0220c407789ee62f8ac6e0c817283ed5106333c29e637abe42774cda0922b29cc615d0eb7164fbefda1017ac900c272cca5b2b20b124fdd3a1b7a704bac49b9693db4563360558699dcedf387559cbfc33394416b95372ef5128dc7e522ae624a1578b18e327e1a337147ebbfdac82afce78e180f79130a953ee237eefe66652e140a25723f88d35dde045c10cabf0b1022c54c2841d5332bc025d58688790b27b064f0f31ec9548a23c17a3707b63a34bfb9c941ef71934a82253a634e926811161801a69dcbb3208934905e22483951f959ead94edc84a45b19219d101f625f82154acd88df5f92ee59eea945cdc927104763901b9298188c38b1242d0c270e6754454229717e3f4ba187707005ea6c1439c9c40dbe6812d1f0652762368189a0b9a750bdb3db9443bc7fc303f18a853b1ab01e1b6fc05212b6797b2bf638430b1422c771685fa52f190ea6af1dabc8f5a7c8bcafefd6d7e3f33ac587a002da10d37523c5828f9059386184d719a3015ac80a03edc666daffabba4d2a0bf2dee43a2f18a313562af15d1e0d7684bdcf1728e831c3e889ea7c7f35ef01d434274771bf8fe90719f9f9f2ce762670548f8d002cf4a7dbea7a3921c1951b36527c59ecb3d292e6c6fd6a3f423f647657cfdc475e2626af87a377228d2f7d655ce691e1e9582b3b67edfb450f9e22dbb25c664392dc846a8f9de3950e779dcb52e6a3339c704b46af748b9cf51ee098738b88549ec076c6cc5cc069b3c9b6f63ddb7c84323d035ea97b8135477dfa2413a80b6ac08943d169edb7bde66d28317dabdc2b05f45251e9905fea7fb7f6274be707f9f7e29774aeb67da6a55c6911cdcdc5361f529b12e87345e074bd4964f1191d4cfd6b5b6176b70516e903aff0d6046e597f20439cb417dc7a64bb1facc89881a6354158805d61a571a8ca572ffdeb837d6c58975a8256c870068b7bb19767bb88dd54c717fc3c87b1d7e11498ca7a083e9e6f72b20f5bc224d19c6d46333a0a71ec2cf5ad7bf5efa21e40a5d9947bda01b99dbefa0d55b7d34357ee88857fbbde1a3b3d5e672803d0cb88173e0372c16746b195e8e4a35f6ddc163dd7f002a06c757bf1de913199c60033b148b9899399fb2c9c29e7458160b7d601f0482735675d81199802f494b2d2679d6c8395cd4638596893645847a6673c2af1589de33fbb1196ea6a65d9011e9cc42d25b34b5d3c116405a3fa6805172552437dd1f79efa2d00f325ca73bb07e6f3caeea1d2c4adbb1f3705ba6384e9fd052a76012f1e678a8003fed6ce55e580b157ffd3bcb47da6a9b8357c7ab41857d802f8e3935c2a1c386e32665a03358e3b8e9bb83b20aca2e746a84574f936befac7aa153212427c25d98d0ef77c720b9850152764398a9f404bc87d42fdaf94d553a8bb94b2438d7638e489d4edb2453c12afccf17b6df3325758512ac246f2086bcd8082fe5bee8d70532dd510f2e75c804459ef544f0862b8dc0b60ec0574ba091895c0f1c011dc13dd6e781e80354b5ee6ea092ebf78cc7175fe39944105335fc8e9e95022bcb3e83157ed462df4f77de80bc17fbff668366ef602ce100f2537a8be07da1da2e8206274541bcede1b802efa6639dc0d7baa6ea70fbb39020b0772ea1c935de19c8914bd7859e2122e72c6523c2512c9ec69a45eb13e1deba80d4ef7dda497051b486ea32320008169a5c0be29a2aeb52f20e17856dec08ee33ca7b905388c08145e0dbd6c5dfcd6afd0cc087ea1328618e9f1697", 0x1000, 0xc004, &(0x7f00000013c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}}, 0x1c)
openat$bsg(0xffffffffffffff9c, &(0x7f0000001400)='/dev/bsg\x00', 0x310400, 0x0)

15:43:08 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)

[  629.859143][ T9771] Bluetooth: hci3: command 0x0401 tx timeout
15:43:08 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)

15:43:08 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x6)

15:43:08 executing program 3:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

15:43:08 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:08 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x4}, 0x6)

15:43:08 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f00000015c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001580)={&(0x7f0000001500)={0x64, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xcb6}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x71e, 0x10001, 0x2]}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x9]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000000)
r5 = accept4$rose(r1, &(0x7f0000000340)=@full={0xb, @remote, @netrom, 0x0, [@null, @bcast, @default, @bcast, @remote, @default]}, &(0x7f0000000380)=0x40, 0x80800)
sendto$rose(r5, &(0x7f00000003c0)="613add3173b53c4751d9bfdf192313314e14bc4ea96cc24baa7047683e929375fc85bcd8fc6dba42fdcd94e41ab726d2f285ffbe5c3856b304852151da6fbeb07908d7320b4bda19518315af907f567ac38c978b08fb88ffcfbcb20f0dc86af8fd37160e1a3e603ebedf935e151280b90c543142ccd0e5db925f1c2ec4babd8e9ed7c1373be6f0b78a1b18c940dbe04a507141d364120ef27ac66fefd617a77a8ca1e41e24d98922cee6e091f3a3bffcf96f86fca494c0b3412a31e85dccd9a16c5fa8cd2df273f3f06738cfe508825346c6e6516637555d9a7f6e25e4688fb43489176e7b852935b1a9c135066a8aaaa45568e1ff2754f9569b83ceb15f0e4b70ff84638be16d5c1d14b956a09a47ea804b3597fa65d84440b07a96733e7acaf0dc9d4f6b000f249b5192a21c09b6de322a5dd660443acf929b5a3a1d2ad0ec9c5d8a7d4b51f3fdf6de8d0f5c30af2d7f2f55f0c19341088f1f90bb65732286f413986d26686108b91d6cb492cdfd51ceae49450a484c83674c0c3a66f1062488da91357d535cd4813b4d050fdbe325719bc61985e27204529bbd5555c79c063ea1d4f8b21c143e61c2bcbe4f7e25ceebc3ca534b91cacbfae2c55c414635028d3ff598807b2c94e87cbb5bdbee358b56b6a8743d7fb0e7318fd17879d60fe9179b01e9067d5f7ad8fe14559553f9ca77a7ef3c5f49722d5fd701ff237e0630284fa712b7e81f0e39ff2fba0077e2708f298be774d098ccb3957c7491a7bc53b447d83d1e7d76eae588099d4f12ecd30bbe83504318bf3bbc9b79c2f33d96479429dc4073edd8499d03137fbf8a2ab78cfbb74f50800e19718a147b7052f210675c61c9a5feda93e14ffeaade79a4719bb16241dae9b40c790085aa462543fad68b8645b3c48b4951fc3026f28dc3f8aa8899ed6ed3076059a28d2875ce8c5d2d49cdd26460fcc387684a4dd4ac415f92d62ddcf43b1ce4fb14d1ca87ba77230601d2e592acd088ab8d40da6fc2ff4257bf82c2696556bef305ab8016997dd36318ede45b2e363b034a5912535a205f5b596f66fc156fda4148eeeb6d3cce866b5bc61316e86c41133f69f4a3e37a00a0ae4b4ba6779b60396ae78c86da184fd037f7b9dae8c48933eb64627c14fa021a9b983f7473db116a54aeed05dfc7215c222dfed66c4d71e47dd0802d7de73a9cfd0adc67c8e62ee521d1c4dfced59ab6115f4231bddc2b2d2be1b415b73d725c9cf35b2e7e421b435ce672e85943954e3801ce41e90d4f5e0ba3a1b4fd0475243462e78aed931ee5ab364e51c27a60553505e53f62d1fd3fe7b1ea5824fb0b8d833a8f65a6698be21823b0c0f73235732a4353455544d50167c86497850b46d14f47dc2dde2f37d4b8c7a7cc75e7881de8f5ff16c539d7fa410bba5cfabeee6e2a3173c6cd3388d7c09fafd9f0605f002f5122831054d19dfe063e69930bb94936af12a5e0b46623d89caa3ad9e6083f9546cbc6d30b84dcf4c6c37abb666f0578ac34388acff5180564de388bfe129e1c859fbcd4edb40f7eaa4341ffa93ec84b5e8c474999ad48e67df4fe33ae10894410c1c487d6202e14dbd23cc23e65c441f8d413ca8a90c1aa9f735bd20bf2b935da11d9a56828a44dfa3585d52c4f53d18944e60124caead7ce96df4a44999e0074d5d462373122f92af6d87b79065b0d8455654d7b43885363223c4b356367ee4cdf8d40394adbe1c202296568cde7d66c1d3df962bdd687120e8ada7fe2d25795faa0b928803305dfb935906d9110b6d663d31d26937a88698088e857ec383cfc96d4c290bbf1220e745b1a50f3362e0c455e9ff44fe56fc88ef8e1b611bb1b1b41be756960f464b30b6d3a1b3dc7c157af311d92ff8a8775dd5df88ec987f35d08636ec5d33f7217b83859eb596b0e8281b52cae2ffcfe6917800f85159a8f5f7475b38aadecb2da20d878334ebed58fb73960e7108a16a061ad55110e9dbbfbd3bcd753bd7b260c1c8756d4268d52744f84b4b6d37c523a00154cf6887180cf60b034720948bb57fb14c785e196a8dddc9ebb911c52f4be0ac4ae163017bb4fb6134279a96e690879da7abe92ff5a497a5dd05b7da7c153ab5b6dfab606e8a4ae064b48c0c97a28c70c8e50a316343e20e834d80d2c6a54307caff0c3c6159b15c5a51b657b2c72c2a483f3e56f72cc613c3d4e73d315d2ce6b8e50c31e7982529ba275f6b7aed35f130327876102f8491feeac3e18bc0c7f8054c23826bcc16e756bf58d419542d1d71ce7fdf3b96623d596f79c94df21f1a899b9ec89bd3006920afe4b2d033cd3aa8bc9cf4b49a10454291aae85885d15fabf8072e405a0568a45e5c40451d91b1c13c416874af0335d8ccd6cc2e00445a88568734213f231237269c65126957cffbe8abfd3cf0c17a94ae1bbefc5b0562fc2d70f25a76aa16375dbc0302dc6facc0314da72108f62819dd23a530edc644be56c78c7da6b2320c6f800caa2f7d88187bc4e88902c8baf2b153397981008115027efa48b0913822065fa0756602cabf6b54cd04b6b016241e8a3b9df4eaf0edae65bd3bb5259a2758829549617fc34d45c37998a97bf4bfe5f4c7dc9bc5d3a92e5f9dff6fd9802476fe043f7764110ede5d2eefc20958b9bff7015aa15cab92f081f3aef4f3be66651e8bea2537c0cf88cef1a96038ea68759e4bbf69134b4609c84eb678a5f79bd890f133993ca5015fc48343cb5d1731d456f4c792e3713abdc4c09e55253a1235f0ddeda983c9f93ded481c594a75dd2a265c5ba3e158c84d3244f324482cb34f7ce6dcae689ce621196e4b45ea4024b8566d6d18f744fdd12b2956de44b3ad55b4e60602a63bb200cfacb3c29f0d8d699755205a20c2477102dce58f0ddbf21355defef9324d09731be978167a8cf143cb7eec56024dbc126cd081f027f43dbeb570cc1582929cc6ce6b51d36b029fef22feba74273692f8b62203e399e0a94be29c6a691c9ec8b35fc2d1e16e6ccdb559b4a9727f2f001b1ace88a12e63aa6017a9c886dba4ead14789206518b7835d925fd9171bf0a5cbbab699ce89f301b7d11928e56a538dce8fd87e3b0aa4e26fca2cb1fb9141e124e2305f5aa2a3d69aa86048e4b0653fba8d005700828ea99c0f3ecffcb40d658806791b1cb26b25c1ecf69018de8a055531f6ef03698abe6e27d56cbe0e0484fd5f69b850be8e9e7108ab8b0edab8714f399fd85a042d707421e2e64a6d3e923934e0dbd6e4d63419deb9be881a1cbaf37e3fddb709a27a1dc25239f45c3e7a8a657650223cb1dabd46de5b5bf2d27f09c99de9782841d16163e66e926a40e964534c12140577722febdd2e27fc3fb267d13f24dc9e8c920c856c1d7aea319137ada873731990632d55cf2aac4d3e9a64e81f7538c74282349ba5aeb387b943508e733e55ff401005f2dbc158da59466945536005c339d9068fadb4fec90371ed6c7f4847cb3f1bd063f994260c90204e53c1f258b35c63cd9c031195905355c1be3bf54abef8e3c827f96407cd73863489afd954071ae0c40d9c5fb3642493dda3e86f850b05635f5f6b6ea9530f645980a3250577f052e565c03e7e701576460fc7f50d94265371520f8c6a14566c7f81414a165cc1f05a762a5d9fd0d269ed48615415e3bcf1f6f4af00a281425f93e8b0cc3a62517a212aa3e74290f0a39a33106c2e3bd597864769f904de1c51b901071ea12182e109751c274eea43b0b544c6ce32a890aff7eb74555fc7f3a4bd1115befdf01ad42e9c32153cfa094107456a1fad2cf50137b567cb2146248011bbe056a9589f2f4304ad4ff89f7d51fc9b5946f9e66c85bba2fa06c18d81b6d1a04e50a6a498e475851d7c13551cab3b1cec7310cc6dcc7b776489ed4a7b24ad4ade911e0232467627f1107008634f40eb136e634718d2b1dd2681ba06e1e313a612237a39ed652d7c1156fffb44344689dffdc7b94e8b0b55beb4fed3bfc0034666c8778c4dc262a0220c407789ee62f8ac6e0c817283ed5106333c29e637abe42774cda0922b29cc615d0eb7164fbefda1017ac900c272cca5b2b20b124fdd3a1b7a704bac49b9693db4563360558699dcedf387559cbfc33394416b95372ef5128dc7e522ae624a1578b18e327e1a337147ebbfdac82afce78e180f79130a953ee237eefe66652e140a25723f88d35dde045c10cabf0b1022c54c2841d5332bc025d58688790b27b064f0f31ec9548a23c17a3707b63a34bfb9c941ef71934a82253a634e926811161801a69dcbb3208934905e22483951f959ead94edc84a45b19219d101f625f82154acd88df5f92ee59eea945cdc927104763901b9298188c38b1242d0c270e6754454229717e3f4ba187707005ea6c1439c9c40dbe6812d1f0652762368189a0b9a750bdb3db9443bc7fc303f18a853b1ab01e1b6fc05212b6797b2bf638430b1422c771685fa52f190ea6af1dabc8f5a7c8bcafefd6d7e3f33ac587a002da10d37523c5828f9059386184d719a3015ac80a03edc666daffabba4d2a0bf2dee43a2f18a313562af15d1e0d7684bdcf1728e831c3e889ea7c7f35ef01d434274771bf8fe90719f9f9f2ce762670548f8d002cf4a7dbea7a3921c1951b36527c59ecb3d292e6c6fd6a3f423f647657cfdc475e2626af87a377228d2f7d655ce691e1e9582b3b67edfb450f9e22dbb25c664392dc846a8f9de3950e779dcb52e6a3339c704b46af748b9cf51ee098738b88549ec076c6cc5cc069b3c9b6f63ddb7c84323d035ea97b8135477dfa2413a80b6ac08943d169edb7bde66d28317dabdc2b05f45251e9905fea7fb7f6274be707f9f7e29774aeb67da6a55c6911cdcdc5361f529b12e87345e074bd4964f1191d4cfd6b5b6176b70516e903aff0d6046e597f20439cb417dc7a64bb1facc89881a6354158805d61a571a8ca572ffdeb837d6c58975a8256c870068b7bb19767bb88dd54c717fc3c87b1d7e11498ca7a083e9e6f72b20f5bc224d19c6d46333a0a71ec2cf5ad7bf5efa21e40a5d9947bda01b99dbefa0d55b7d34357ee88857fbbde1a3b3d5e672803d0cb88173e0372c16746b195e8e4a35f6ddc163dd7f002a06c757bf1de913199c60033b148b9899399fb2c9c29e7458160b7d601f0482735675d81199802f494b2d2679d6c8395cd4638596893645847a6673c2af1589de33fbb1196ea6a65d9011e9cc42d25b34b5d3c116405a3fa6805172552437dd1f79efa2d00f325ca73bb07e6f3caeea1d2c4adbb1f3705ba6384e9fd052a76012f1e678a8003fed6ce55e580b157ffd3bcb47da6a9b8357c7ab41857d802f8e3935c2a1c386e32665a03358e3b8e9bb83b20aca2e746a84574f936befac7aa153212427c25d98d0ef77c720b9850152764398a9f404bc87d42fdaf94d553a8bb94b2438d7638e489d4edb2453c12afccf17b6df3325758512ac246f2086bcd8082fe5bee8d70532dd510f2e75c804459ef544f0862b8dc0b60ec0574ba091895c0f1c011dc13dd6e781e80354b5ee6ea092ebf78cc7175fe39944105335fc8e9e95022bcb3e83157ed462df4f77de80bc17fbff668366ef602ce100f2537a8be07da1da2e8206274541bcede1b802efa6639dc0d7baa6ea70fbb39020b0772ea1c935de19c8914bd7859e2122e72c6523c2512c9ec69a45eb13e1deba80d4ef7dda497051b486ea32320008169a5c0be29a2aeb52f20e17856dec08ee33ca7b905388c08145e0dbd6c5dfcd6afd0cc087ea1328618e9f1697", 0x1000, 0xc004, &(0x7f00000013c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}}, 0x1c)

15:43:09 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:09 executing program 3:
syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

15:43:09 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x4}, 0x6)

15:43:09 executing program 1:
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x6)

15:43:09 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f00000015c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001580)={&(0x7f0000001500)={0x64, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xcb6}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x71e, 0x10001, 0x2]}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x9]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000000)
accept4$rose(r1, &(0x7f0000000340)=@full={0xb, @remote, @netrom, 0x0, [@null, @bcast, @default, @bcast, @remote, @default]}, &(0x7f0000000380)=0x40, 0x80800)

15:43:09 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

15:43:09 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})

15:43:09 executing program 3:
syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

15:43:09 executing program 1:
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x6)

15:43:09 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x4}, 0x6)

15:43:09 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

15:43:09 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f00000015c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001580)={&(0x7f0000001500)={0x64, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xcb6}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x71e, 0x10001, 0x2]}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x9]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000000)

15:43:10 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:10 executing program 1:
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x6)

15:43:10 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)
prctl$PR_CAPBSET_DROP(0x1b, 0x15)

15:43:10 executing program 3:
syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1748, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

15:43:10 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

15:43:10 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

[  631.379115][T11942] Bluetooth: hci0: command 0x0c20 tx timeout
[  631.949078][ T9771] Bluetooth: hci3: command 0x0401 tx timeout
15:43:10 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})

15:43:10 executing program 3:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, 0x0)

15:43:10 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)

15:43:10 executing program 1:
r0 = syz_open_dev$ndb(0x0, 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x6)

15:43:10 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:10 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:10 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:10 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:10 executing program 1:
r0 = syz_open_dev$ndb(0x0, 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x6)

15:43:10 executing program 3:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, 0x0)

15:43:10 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r3=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r3})

15:43:11 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:11 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})

15:43:11 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:11 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800})

15:43:11 executing program 1:
r0 = syz_open_dev$ndb(0x0, 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x6)

15:43:11 executing program 3:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, 0x0)

15:43:11 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x2, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:11 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:11 executing program 1:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x6)

15:43:11 executing program 3:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x0, @bcast, @rose={'rose', 0x0}, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

15:43:11 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x1, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:11 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)

15:43:11 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})

15:43:12 executing program 1:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x6)

15:43:12 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x0, &(0x7f0000000000), &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:12 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})

15:43:12 executing program 3:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x0, @bcast, @rose={'rose', 0x0}, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})

15:43:12 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)

15:43:12 executing program 2:
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:12 executing program 1:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x6)

15:43:12 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x0, &(0x7f0000000000), &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:12 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180), 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)

[  633.459204][T11942] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:12 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)

15:43:12 executing program 2:
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:12 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})

15:43:12 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x0)

15:43:12 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x0, &(0x7f0000000000), &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:12 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800})

15:43:12 executing program 2:
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:12 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)

15:43:12 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x1, &(0x7f0000000000)=@raw=[@call], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:12 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x0)

15:43:12 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x1, &(0x7f0000000000)=@raw=[@call], 0x0, 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:12 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r4=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r4})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x1, 0x0, 0x9, 0x2, r1, 0x8eb6, [], 0x0, r3, 0x0, 0x2, 0x3}, 0x40)

15:43:12 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)

15:43:12 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x0)

[  634.019187][ T9777] Bluetooth: hci3: command 0x0401 tx timeout
15:43:13 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})

15:43:13 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:13 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x1, &(0x7f0000000000)=@raw=[@call], 0x0, 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:13 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800, 0x0, <r3=>0xffffffffffffffff})
io_uring_setup(0x6bf6, &(0x7f00000002c0)={0x0, 0xa18d, 0x8, 0x2, 0x36a, 0x0, r3})

15:43:13 executing program 5:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)

15:43:13 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x0)

15:43:13 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:13 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x1, &(0x7f0000000000)=@raw=[@call], 0x0, 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:13 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000240)=[0x400, 0x2, 0xc80, 0x9, 0x94e, 0x2], 0x6, 0x800})

15:43:13 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x0)

15:43:13 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:13 executing program 5:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:13 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})

15:43:13 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x1, &(0x7f0000000000)=@raw=[@call], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:13 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x0, 0x0)

15:43:13 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x0)

15:43:13 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)

15:43:13 executing program 5:
syz_open_dev$ndb(0x0, 0x0, 0xa0003)

15:43:13 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x3, 0x401, "5bf90b", 0xff, 0x30})

15:43:13 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x1, &(0x7f0000000000)=@raw=[@call], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:13 executing program 1:
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x0)

15:43:13 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)

15:43:13 executing program 5:
syz_open_dev$ndb(0x0, 0x0, 0xa0003)

15:43:13 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)

15:43:13 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x1, &(0x7f0000000000)=@raw=[@call], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:13 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)

15:43:13 executing program 1:
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x0)

15:43:13 executing program 5:
syz_open_dev$ndb(0x0, 0x0, 0xa0003)

15:43:13 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180), 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)

15:43:13 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)

15:43:13 executing program 1:
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x0)

15:43:13 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x1, &(0x7f0000000000)=@raw=[@call], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:13 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)

15:43:13 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800})

15:43:13 executing program 5:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)

15:43:14 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000), 0x6)

15:43:14 executing program 1:
r0 = syz_open_dev$ndb(0x0, 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x0)

15:43:14 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x1, &(0x7f0000000000)=@raw=[@call], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xd2f3}, 0x78)

15:43:14 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)

15:43:14 executing program 5:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)

15:43:14 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)

15:43:14 executing program 1:
r0 = syz_open_dev$ndb(0x0, 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x0)

15:43:14 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x1, &(0x7f0000000000)=@raw=[@call], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:43:14 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000), 0x6)

15:43:14 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)

[  635.539342][    T5] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:14 executing program 5:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)

15:43:14 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x401, "5bf90b", 0xff, 0x30})

15:43:14 executing program 1:
r0 = syz_open_dev$ndb(0x0, 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x0)

15:43:14 executing program 4:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)

15:43:14 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000), 0x6)

15:43:14 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:14 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0x97a, 0x81], 0x3, 0x800})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180), 0x2, {0xa, 0x4e23, 0x1f, @private0={0xfc, 0x0, [], 0x1}, 0x8}}}, 0x38)

15:43:14 executing program 1:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x0)

15:43:14 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)

15:43:14 executing program 4:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)

15:43:14 executing program 3:
syz_open_dev$ndb(0x0, 0x0, 0xa0003)

15:43:14 executing program 5:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:14 executing program 1:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x0)

[  636.099241][    T5] Bluetooth: hci3: command 0x0401 tx timeout
15:43:15 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff, 0x30})

15:43:15 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff}, 0x6)

15:43:15 executing program 4:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x10001)

15:43:15 executing program 3:
syz_open_dev$ndb(0x0, 0x0, 0xa0003)

15:43:15 executing program 5:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)

15:43:15 executing program 1:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x0)

15:43:15 executing program 2:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)
io_uring_setup(0x4809, &(0x7f0000000280)={0x0, 0xa3cb, 0x0, 0x3, 0x1aa, 0x0, r0})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000200)=0x80000000, 0x4)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)

15:43:15 executing program 3:
syz_open_dev$ndb(0x0, 0x0, 0xa0003)

15:43:15 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r2, 0x10000000)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r4, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x110, r5, 0x300, 0x70bd29, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x5}, {0xc, 0x90, 0x20}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7f}, {0xc}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x80000001}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x8}}]}, 0x110}, 0x1, 0x0, 0x0, 0x20000001}, 0x4040804)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, 0xffffffffffffffff, &(0x7f0000000000)={0xd0000000})

15:43:15 executing program 5:
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
setuid(0xee01)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x8000)

15:43:15 executing program 4:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)

15:43:15 executing program 2:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)
io_uring_setup(0x4809, &(0x7f0000000280)={0x0, 0xa3cb, 0x0, 0x3, 0x1aa, 0x0, r0})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000200)=0x80000000, 0x4)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)

15:43:16 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0x0, 0x30})

15:43:16 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)

15:43:16 executing program 5:
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
setuid(0xee01)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x8000)

15:43:16 executing program 4:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:16 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r2, 0x10000000)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r4, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x110, r5, 0x300, 0x70bd29, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x5}, {0xc, 0x90, 0x20}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7f}, {0xc}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x80000001}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x8}}]}, 0x110}, 0x1, 0x0, 0x0, 0x20000001}, 0x4040804)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, 0xffffffffffffffff, &(0x7f0000000000)={0xd0000000})

15:43:16 executing program 2:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@raw=[@call={0x85, 0x0, 0x0, 0x50}, @ldst={0x1, 0x3, 0x3fe32a02963d2bfa, 0xa, 0x1, 0x20, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xc940}], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x45, &(0x7f0000000080)=""/69, 0x41000, 0x0, [], 0x0, 0x0, r0, 0x8, &(0x7f0000000100)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x10, 0x7, 0x80000000}, 0x10, 0xd2f3}, 0x78)
io_uring_setup(0x4809, &(0x7f0000000280)={0x0, 0xa3cb, 0x0, 0x3, 0x1aa, 0x0, r0})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000200)=0x80000000, 0x4)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)

15:43:16 executing program 5:
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
setuid(0xee01)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x8000)

15:43:16 executing program 2:
prctl$PR_CAPBSET_DROP(0x8, 0xda)

15:43:16 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r2, 0x10000000)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r4, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x110, r5, 0x300, 0x70bd29, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x5}, {0xc, 0x90, 0x20}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7f}, {0xc}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x80000001}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x8}}]}, 0x110}, 0x1, 0x0, 0x0, 0x20000001}, 0x4040804)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, 0xffffffffffffffff, &(0x7f0000000000)={0xd0000000})

15:43:16 executing program 4:
syz_open_dev$ndb(0x0, 0x0, 0xa0003)

15:43:16 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)

[  637.626546][    T5] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:16 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0x0, 0x30})

15:43:16 executing program 2:
prctl$PR_CAPBSET_DROP(0x8, 0xda)

15:43:16 executing program 4:
syz_open_dev$ndb(0x0, 0x0, 0xa0003)

15:43:16 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r2, 0x10000000)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r4, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x110, r5, 0x300, 0x70bd29, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x5}, {0xc, 0x90, 0x20}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7f}, {0xc}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x80000001}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x8}}]}, 0x110}, 0x1, 0x0, 0x0, 0x20000001}, 0x4040804)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)

15:43:16 executing program 5:
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
setuid(0xee01)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0)

15:43:16 executing program 2:
prctl$PR_CAPBSET_DROP(0x8, 0xda)

15:43:16 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)

15:43:16 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r2, 0x10000000)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r3, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x110, r4, 0x300, 0x70bd29, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x5}, {0xc, 0x90, 0x20}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7f}, {0xc}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x80000001}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x8}}]}, 0x110}, 0x1, 0x0, 0x0, 0x20000001}, 0x4040804)

15:43:16 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0x0, 0x30})

15:43:16 executing program 5:
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0)

15:43:16 executing program 4:
syz_open_dev$ndb(0x0, 0x0, 0xa0003)

15:43:16 executing program 2:
prctl$PR_CAPBSET_DROP(0x8, 0x0)

15:43:16 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:16 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0x0, 0x30})

15:43:16 executing program 2:
prctl$PR_CAPBSET_DROP(0x8, 0x0)

15:43:16 executing program 4:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)

15:43:16 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r2, 0x10000000)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000180)='devlink\x00')

15:43:16 executing program 5:
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0)

15:43:16 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r2, 0x10000000)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)

15:43:16 executing program 5:
prctl$PR_CAPBSET_DROP(0x1b, 0x15)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0)

15:43:16 executing program 2:
prctl$PR_CAPBSET_DROP(0x8, 0x0)

15:43:16 executing program 4:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)

15:43:16 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r2, 0x10000000)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
socket$nl_generic(0x10, 0x3, 0x10)

[  638.179169][    T5] Bluetooth: hci3: command 0x0401 tx timeout
15:43:16 executing program 4:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)

15:43:17 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:17 executing program 3 (fault-call:0 fault-nth:0):
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:17 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:17 executing program 5:
setuid(0xee01)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0)

15:43:17 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r2, 0x10000000)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)

15:43:17 executing program 0 (fault-call:1 fault-nth:0):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:17 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:17 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

[  638.968452][T12402] FAULT_INJECTION: forcing a failure.
[  638.968452][T12402] name failslab, interval 1, probability 0, space 0, times 0
[  639.008148][T12402] CPU: 1 PID: 12402 Comm: syz-executor.3 Not tainted 5.11.0-rc1-syzkaller #0
[  639.017019][T12402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  639.027073][T12402] Call Trace:
[  639.030347][T12402]  dump_stack+0x107/0x163
[  639.032322][T12405] FAULT_INJECTION: forcing a failure.
[  639.032322][T12405] name failslab, interval 1, probability 0, space 0, times 0
[  639.034681][T12402]  should_fail.cold+0x5/0xa
[  639.052156][T12402]  ? getname_flags.part.0+0x50/0x4f0
[  639.057796][T12402]  should_failslab+0x5/0x10
[  639.062301][T12402]  kmem_cache_alloc+0x5b/0x440
[  639.067071][T12402]  getname_flags.part.0+0x50/0x4f0
[  639.072191][T12402]  getname+0x8e/0xd0
[  639.076114][T12402]  do_sys_openat2+0xf5/0x420
[  639.080700][T12402]  ? build_open_flags+0x680/0x680
[  639.085980][T12402]  ? wait_for_completion_io+0x260/0x260
[  639.091522][T12402]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  639.097771][T12402]  __x64_sys_open+0x119/0x1c0
[  639.102442][T12402]  ? do_sys_open+0x140/0x140
[  639.107028][T12402]  ? syscall_enter_from_user_mode+0x1d/0x50
[  639.113093][T12402]  do_syscall_64+0x2d/0x70
[  639.117500][T12402]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  639.123386][T12402] RIP: 0033:0x417d11
[  639.127273][T12402] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  639.147049][T12402] RSP: 002b:00007fc701dce810 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  639.155457][T12402] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 0000000000417d11
15:43:17 executing program 5:
setuid(0xee01)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)

[  639.163422][T12402] RDX: 0000000000000000 RSI: 00000000000a0003 RDI: 00007fc701dce840
[  639.171391][T12402] RBP: 00007fc701dceca0 R08: 000000000000000f R09: 0000000000000000
[  639.179620][T12402] R10: 0000000000000064 R11: 0000000000000293 R12: 0000000000000000
[  639.187588][T12402] R13: 00007fff3afa100f R14: 00007fc701dcf9c0 R15: 000000000119bf8c
[  639.195561][T12405] CPU: 0 PID: 12405 Comm: syz-executor.0 Not tainted 5.11.0-rc1-syzkaller #0
[  639.204328][T12405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  639.214374][T12405] Call Trace:
15:43:17 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r1, 0x10000000)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)

15:43:17 executing program 3 (fault-call:0 fault-nth:1):
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

[  639.217651][T12405]  dump_stack+0x107/0x163
[  639.221991][T12405]  should_fail.cold+0x5/0xa
[  639.226496][T12405]  ? tomoyo_realpath_from_path+0xc3/0x620
[  639.232221][T12405]  ? tomoyo_realpath_from_path+0xc3/0x620
[  639.238130][T12405]  should_failslab+0x5/0x10
[  639.242618][T12405]  __kmalloc+0x72/0x3e0
[  639.247136][T12405]  tomoyo_realpath_from_path+0xc3/0x620
[  639.253524][T12405]  ? tomoyo_profile+0x42/0x50
[  639.258180][T12405]  tomoyo_path_number_perm+0x1d5/0x590
[  639.263617][T12405]  ? tomoyo_path_number_perm+0x18d/0x590
[  639.269239][T12405]  ? tomoyo_execute_permission+0x4a0/0x4a0
[  639.275039][T12405]  ? lock_downgrade+0x6d0/0x6d0
[  639.279953][T12405]  ? __mutex_unlock_slowpath+0xe2/0x610
[  639.285574][T12405]  ? __fget_files+0x288/0x3d0
[  639.290655][T12405]  security_file_ioctl+0x50/0xb0
[  639.296018][T12405]  __x64_sys_ioctl+0xb3/0x200
[  639.301102][T12405]  do_syscall_64+0x2d/0x70
[  639.305915][T12405]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  639.312010][T12405] RIP: 0033:0x45e219
[  639.315883][T12405] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  639.335473][T12405] RSP: 002b:00007f0bee3f7c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  639.343862][T12405] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219
[  639.351826][T12405] RDX: 0000000020000040 RSI: 00000000800448f0 RDI: 0000000000000004
[  639.359771][T12405] RBP: 00007f0bee3f7ca0 R08: 0000000000000000 R09: 0000000000000000
[  639.367718][T12405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  639.375668][T12405] R13: 00007ffcb47b546f R14: 00007f0bee3f89c0 R15: 000000000119bf8c
[  639.389840][T12405] ERROR: Out of memory at tomoyo_realpath_from_path.
15:43:18 executing program 5:
setuid(0xee01)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)

15:43:18 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:18 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

[  639.474327][T12415] FAULT_INJECTION: forcing a failure.
[  639.474327][T12415] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  639.493057][T12415] CPU: 0 PID: 12415 Comm: syz-executor.3 Not tainted 5.11.0-rc1-syzkaller #0
[  639.501967][T12415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  639.512017][T12415] Call Trace:
[  639.515293][T12415]  dump_stack+0x107/0x163
[  639.519633][T12415]  should_fail.cold+0x5/0xa
15:43:18 executing program 5:
setuid(0xee01)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)

[  639.524146][T12415]  strncpy_from_user+0x34/0x3e0
[  639.529009][T12415]  getname_flags.part.0+0x95/0x4f0
[  639.534137][T12415]  getname+0x8e/0xd0
[  639.538034][T12415]  do_sys_openat2+0xf5/0x420
[  639.542624][T12415]  ? build_open_flags+0x680/0x680
[  639.547640][T12415]  ? wait_for_completion_io+0x260/0x260
[  639.553168][T12415]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  639.559397][T12415]  __x64_sys_open+0x119/0x1c0
[  639.564067][T12415]  ? do_sys_open+0x140/0x140
[  639.568643][T12415]  ? syscall_enter_from_user_mode+0x1d/0x50
[  639.574518][T12415]  do_syscall_64+0x2d/0x70
[  639.578932][T12415]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  639.584809][T12415] RIP: 0033:0x417d11
[  639.588694][T12415] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  639.608459][T12415] RSP: 002b:00007fc701dce810 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  639.616852][T12415] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 0000000000417d11
15:43:18 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r1, 0x10000000)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)

[  639.624803][T12415] RDX: 0000000000000000 RSI: 00000000000a0003 RDI: 00007fc701dce840
[  639.632846][T12415] RBP: 00007fc701dceca0 R08: 000000000000000f R09: 0000000000000000
[  639.640904][T12415] R10: 0000000000000064 R11: 0000000000000293 R12: 0000000000000001
[  639.648941][T12415] R13: 00007fff3afa100f R14: 00007fc701dcf9c0 R15: 000000000119bf8c
15:43:18 executing program 3 (fault-call:0 fault-nth:2):
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

[  639.699179][ T9777] Bluetooth: hci0: command 0x0c20 tx timeout
[  639.786397][T12427] FAULT_INJECTION: forcing a failure.
[  639.786397][T12427] name failslab, interval 1, probability 0, space 0, times 0
[  639.806380][T12427] CPU: 0 PID: 12427 Comm: syz-executor.3 Not tainted 5.11.0-rc1-syzkaller #0
[  639.815158][T12427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  639.825215][T12427] Call Trace:
[  639.828485][T12427]  dump_stack+0x107/0x163
[  639.832807][T12427]  should_fail.cold+0x5/0xa
[  639.837293][T12427]  ? __alloc_file+0x21/0x280
[  639.841867][T12427]  should_failslab+0x5/0x10
[  639.846353][T12427]  kmem_cache_alloc+0x5b/0x440
[  639.851112][T12427]  ? stack_trace_consume_entry+0x160/0x160
[  639.856906][T12427]  __alloc_file+0x21/0x280
[  639.861304][T12427]  alloc_empty_file+0x6d/0x170
[  639.866051][T12427]  path_openat+0xe3/0x2730
[  639.870449][T12427]  ? __lock_acquire+0x16b7/0x5500
[  639.875459][T12427]  ? path_lookupat+0x830/0x830
[  639.880205][T12427]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  639.886170][T12427]  do_filp_open+0x17e/0x3c0
[  639.890658][T12427]  ? may_open_dev+0xf0/0xf0
[  639.895153][T12427]  ? alloc_fd+0x2bc/0x640
[  639.899463][T12427]  ? lock_downgrade+0x6d0/0x6d0
[  639.904399][T12427]  ? do_raw_spin_lock+0x120/0x2b0
[  639.909437][T12427]  ? rwlock_bug.part.0+0x90/0x90
[  639.914445][T12427]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  639.920671][T12427]  ? _raw_spin_unlock+0x24/0x40
[  639.925522][T12427]  ? alloc_fd+0x2bc/0x640
[  639.929838][T12427]  do_sys_openat2+0x16d/0x420
[  639.934496][T12427]  ? build_open_flags+0x680/0x680
[  639.939522][T12427]  ? wait_for_completion_io+0x260/0x260
[  639.945053][T12427]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  639.951293][T12427]  __x64_sys_open+0x119/0x1c0
[  639.955949][T12427]  ? do_sys_open+0x140/0x140
[  639.960519][T12427]  ? syscall_enter_from_user_mode+0x1d/0x50
[  639.966395][T12427]  do_syscall_64+0x2d/0x70
[  639.970795][T12427]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  639.976669][T12427] RIP: 0033:0x417d11
[  639.980542][T12427] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  640.000320][T12427] RSP: 002b:00007fc701dce810 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  640.008887][T12427] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 0000000000417d11
[  640.017014][T12427] RDX: 0000000000000000 RSI: 00000000000a0003 RDI: 00007fc701dce840
[  640.024966][T12427] RBP: 00007fc701dceca0 R08: 000000000000000f R09: 0000000000000000
15:43:18 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:18 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)

15:43:18 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r1, 0x10000000)

15:43:18 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x0)

15:43:18 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r1, 0x10000000)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)

15:43:18 executing program 3 (fault-call:0 fault-nth:3):
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

[  640.032938][T12427] R10: 0000000000000064 R11: 0000000000000293 R12: 0000000000000002
[  640.040899][T12427] R13: 00007fff3afa100f R14: 00007fc701dcf9c0 R15: 000000000119bf8c
15:43:18 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)

15:43:18 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)

15:43:18 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x0)

[  640.172178][T12438] FAULT_INJECTION: forcing a failure.
[  640.172178][T12438] name failslab, interval 1, probability 0, space 0, times 0
[  640.191570][T12438] CPU: 0 PID: 12438 Comm: syz-executor.3 Not tainted 5.11.0-rc1-syzkaller #0
[  640.200426][T12438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  640.210476][T12438] Call Trace:
[  640.213755][T12438]  dump_stack+0x107/0x163
15:43:18 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r1, 0x10000000)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)

[  640.218107][T12438]  should_fail.cold+0x5/0xa
[  640.222704][T12438]  ? security_file_alloc+0x34/0x170
[  640.228082][T12438]  should_failslab+0x5/0x10
[  640.232595][T12438]  kmem_cache_alloc+0x5b/0x440
[  640.237379][T12438]  security_file_alloc+0x34/0x170
[  640.242417][T12438]  __alloc_file+0xd8/0x280
[  640.246841][T12438]  alloc_empty_file+0x6d/0x170
[  640.251608][T12438]  path_openat+0xe3/0x2730
[  640.256028][T12438]  ? __lock_acquire+0x16b7/0x5500
[  640.261062][T12438]  ? path_lookupat+0x830/0x830
[  640.265828][T12438]  ? lockdep_hardirqs_on_prepare+0x400/0x400
15:43:18 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x0)

15:43:18 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)

[  640.271819][T12438]  do_filp_open+0x17e/0x3c0
[  640.276326][T12438]  ? may_open_dev+0xf0/0xf0
[  640.280836][T12438]  ? alloc_fd+0x2bc/0x640
[  640.285162][T12438]  ? lock_downgrade+0x6d0/0x6d0
[  640.290014][T12438]  ? do_raw_spin_lock+0x120/0x2b0
[  640.295043][T12438]  ? rwlock_bug.part.0+0x90/0x90
[  640.299985][T12438]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  640.306232][T12438]  ? _raw_spin_unlock+0x24/0x40
[  640.311080][T12438]  ? alloc_fd+0x2bc/0x640
[  640.315400][T12438]  do_sys_openat2+0x16d/0x420
[  640.320062][T12438]  ? build_open_flags+0x680/0x680
[  640.325244][T12438]  ? wait_for_completion_io+0x260/0x260
[  640.330857][T12438]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  640.337101][T12438]  __x64_sys_open+0x119/0x1c0
[  640.341758][T12438]  ? do_sys_open+0x140/0x140
[  640.346331][T12438]  ? syscall_enter_from_user_mode+0x1d/0x50
[  640.352212][T12438]  do_syscall_64+0x2d/0x70
[  640.356609][T12438]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  640.362483][T12438] RIP: 0033:0x417d11
[  640.366357][T12438] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  640.385941][T12438] RSP: 002b:00007fc701dce810 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  640.394339][T12438] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 0000000000417d11
[  640.402287][T12438] RDX: 0000000000000000 RSI: 00000000000a0003 RDI: 00007fc701dce840
[  640.410237][T12438] RBP: 00007fc701dceca0 R08: 000000000000000f R09: 0000000000000000
[  640.418186][T12438] R10: 0000000000000064 R11: 0000000000000293 R12: 0000000000000003
[  640.426135][T12438] R13: 00007fff3afa100f R14: 00007fc701dcf9c0 R15: 000000000119bf8c
[  640.436025][ T9777] Bluetooth: hci3: command 0x0401 tx timeout
15:43:19 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:19 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)

15:43:19 executing program 3 (fault-call:0 fault-nth:4):
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:19 executing program 4 (fault-call:0 fault-nth:0):
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:19 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r1, 0x10000000)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x6b8640, 0x0)

15:43:19 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)

[  641.067165][T12459] FAULT_INJECTION: forcing a failure.
[  641.067165][T12459] name failslab, interval 1, probability 0, space 0, times 0
[  641.105188][T12463] FAULT_INJECTION: forcing a failure.
[  641.105188][T12463] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  641.110049][T12459] CPU: 1 PID: 12459 Comm: syz-executor.3 Not tainted 5.11.0-rc1-syzkaller #0
[  641.127176][T12459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  641.137224][T12459] Call Trace:
[  641.140491][T12459]  dump_stack+0x107/0x163
[  641.144828][T12459]  should_fail.cold+0x5/0xa
[  641.149328][T12459]  ? tomoyo_realpath_from_path+0xc3/0x620
[  641.155045][T12459]  ? tomoyo_realpath_from_path+0xc3/0x620
[  641.160767][T12459]  should_failslab+0x5/0x10
[  641.165272][T12459]  __kmalloc+0x72/0x3e0
[  641.169425][T12459]  tomoyo_realpath_from_path+0xc3/0x620
[  641.174990][T12459]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  641.181255][T12459]  tomoyo_check_open_permission+0x272/0x380
[  641.187146][T12459]  ? tomoyo_path_number_perm+0x590/0x590
[  641.192962][T12459]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  641.198964][T12459]  ? path_get+0x5d/0x80
[  641.203116][T12459]  ? lock_downgrade+0x6d0/0x6d0
[  641.207961][T12459]  ? do_raw_spin_lock+0x120/0x2b0
[  641.212983][T12459]  tomoyo_file_open+0xa3/0xd0
[  641.217657][T12459]  security_file_open+0x52/0x4f0
[  641.222593][T12459]  do_dentry_open+0x358/0x11b0
[  641.227354][T12459]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  641.233595][T12459]  ? may_open+0x1e4/0x400
[  641.237920][T12459]  path_openat+0x1b9a/0x2730
[  641.242513][T12459]  ? path_lookupat+0x830/0x830
[  641.247278][T12459]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  641.253259][T12459]  do_filp_open+0x17e/0x3c0
[  641.257762][T12459]  ? may_open_dev+0xf0/0xf0
[  641.262275][T12459]  ? do_raw_spin_lock+0x120/0x2b0
[  641.267293][T12459]  ? rwlock_bug.part.0+0x90/0x90
[  641.272227][T12459]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  641.278467][T12459]  ? _raw_spin_unlock+0x24/0x40
[  641.283309][T12459]  ? alloc_fd+0x2bc/0x640
[  641.287637][T12459]  do_sys_openat2+0x16d/0x420
[  641.292573][T12459]  ? build_open_flags+0x680/0x680
[  641.297613][T12459]  ? wait_for_completion_io+0x260/0x260
[  641.303152][T12459]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  641.309395][T12459]  __x64_sys_open+0x119/0x1c0
[  641.314066][T12459]  ? do_sys_open+0x140/0x140
[  641.318655][T12459]  ? syscall_enter_from_user_mode+0x1d/0x50
[  641.324560][T12459]  do_syscall_64+0x2d/0x70
[  641.328973][T12459]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  641.334859][T12459] RIP: 0033:0x417d11
[  641.338742][T12459] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  641.358344][T12459] RSP: 002b:00007fc701dce810 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
15:43:20 executing program 2 (fault-call:0 fault-nth:0):
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

[  641.366754][T12459] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 0000000000417d11
[  641.374716][T12459] RDX: 0000000000000000 RSI: 00000000000a0003 RDI: 00007fc701dce840
[  641.382679][T12459] RBP: 00007fc701dceca0 R08: 000000000000000f R09: 0000000000000000
[  641.390641][T12459] R10: 0000000000000064 R11: 0000000000000293 R12: 0000000000000004
[  641.398871][T12459] R13: 00007fff3afa100f R14: 00007fc701dcf9c0 R15: 000000000119bf8c
[  641.406846][T12463] CPU: 0 PID: 12463 Comm: syz-executor.4 Not tainted 5.11.0-rc1-syzkaller #0
15:43:20 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)

[  641.415612][T12463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  641.425659][T12463] Call Trace:
[  641.428940][T12463]  dump_stack+0x107/0x163
[  641.432233][T12459] ERROR: Out of memory at tomoyo_realpath_from_path.
[  641.433298][T12463]  should_fail.cold+0x5/0xa
[  641.433326][T12463]  _copy_to_user+0x2c/0x150
[  641.433348][T12463]  simple_read_from_buffer+0xcc/0x160
[  641.454601][T12463]  proc_fail_nth_read+0x187/0x220
[  641.459632][T12463]  ? proc_exe_link+0x1d0/0x1d0
15:43:20 executing program 3 (fault-call:0 fault-nth:5):
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

[  641.464400][T12463]  ? security_file_permission+0x248/0x560
[  641.470131][T12463]  ? proc_exe_link+0x1d0/0x1d0
[  641.474902][T12463]  vfs_read+0x1b5/0x570
[  641.479064][T12463]  ksys_read+0x12d/0x250
[  641.483301][T12463]  ? vfs_write+0xa30/0xa30
[  641.487710][T12463]  ? syscall_enter_from_user_mode+0x1d/0x50
[  641.493699][T12463]  do_syscall_64+0x2d/0x70
[  641.498482][T12463]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  641.504588][T12463] RIP: 0033:0x417b11
[  641.509244][T12463] Code: 75 14 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  641.529486][T12463] RSP: 002b:00007f367aad7c70 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
[  641.537880][T12463] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000417b11
[  641.545838][T12463] RDX: 000000000000000f RSI: 00007f367aad7cb0 RDI: 0000000000000003
[  641.553807][T12463] RBP: 00007f367aad7ca0 R08: 0000000000000000 R09: 0000000000000000
[  641.561761][T12463] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
15:43:20 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r1, 0x10000000)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)

[  641.569722][T12463] R13: 00007ffcf8a9603f R14: 00007f367aad89c0 R15: 000000000119bf8c
15:43:20 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x10, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

[  641.652009][T12473] FAULT_INJECTION: forcing a failure.
[  641.652009][T12473] name failslab, interval 1, probability 0, space 0, times 0
[  641.659784][T12472] FAULT_INJECTION: forcing a failure.
[  641.659784][T12472] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  641.670640][T12473] CPU: 1 PID: 12473 Comm: syz-executor.3 Not tainted 5.11.0-rc1-syzkaller #0
[  641.687074][T12473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  641.697126][T12473] Call Trace:
[  641.700403][T12473]  dump_stack+0x107/0x163
[  641.704736][T12473]  should_fail.cold+0x5/0xa
[  641.709238][T12473]  ? tomoyo_encode2.part.0+0xe9/0x3a0
[  641.714614][T12473]  ? tomoyo_encode2.part.0+0xe9/0x3a0
[  641.719988][T12473]  should_failslab+0x5/0x10
[  641.724486][T12473]  __kmalloc+0x72/0x3e0
[  641.728665][T12473]  tomoyo_encode2.part.0+0xe9/0x3a0
[  641.733861][T12473]  tomoyo_encode+0x28/0x50
[  641.738274][T12473]  tomoyo_realpath_from_path+0x186/0x620
[  641.743996][T12473]  tomoyo_check_open_permission+0x272/0x380
[  641.750064][T12473]  ? tomoyo_path_number_perm+0x590/0x590
[  641.755701][T12473]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  641.761705][T12473]  ? path_get+0x5d/0x80
[  641.765865][T12473]  ? lock_downgrade+0x6d0/0x6d0
[  641.770713][T12473]  ? do_raw_spin_lock+0x120/0x2b0
[  641.775744][T12473]  tomoyo_file_open+0xa3/0xd0
[  641.780427][T12473]  security_file_open+0x52/0x4f0
[  641.785362][T12473]  do_dentry_open+0x358/0x11b0
[  641.790133][T12473]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  641.796368][T12473]  ? may_open+0x1e4/0x400
[  641.800968][T12473]  path_openat+0x1b9a/0x2730
[  641.805759][T12473]  ? path_lookupat+0x830/0x830
[  641.810538][T12473]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  641.816532][T12473]  do_filp_open+0x17e/0x3c0
[  641.821032][T12473]  ? may_open_dev+0xf0/0xf0
[  641.825535][T12473]  ? do_raw_spin_lock+0x120/0x2b0
[  641.830554][T12473]  ? rwlock_bug.part.0+0x90/0x90
[  641.835492][T12473]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  641.841736][T12473]  ? _raw_spin_unlock+0x24/0x40
[  641.846855][T12473]  ? alloc_fd+0x2bc/0x640
[  641.851211][T12473]  do_sys_openat2+0x16d/0x420
[  641.855881][T12473]  ? build_open_flags+0x680/0x680
[  641.860914][T12473]  ? wait_for_completion_io+0x260/0x260
[  641.866453][T12473]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  641.872704][T12473]  __x64_sys_open+0x119/0x1c0
[  641.877374][T12473]  ? do_sys_open+0x140/0x140
[  641.881957][T12473]  ? syscall_enter_from_user_mode+0x1d/0x50
[  641.887871][T12473]  do_syscall_64+0x2d/0x70
[  641.892283][T12473]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  641.898170][T12473] RIP: 0033:0x417d11
[  641.902053][T12473] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  641.921652][T12473] RSP: 002b:00007fc701dce810 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  641.930061][T12473] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 0000000000417d11
[  641.938022][T12473] RDX: 0000000000000000 RSI: 00000000000a0003 RDI: 00007fc701dce840
[  641.945983][T12473] RBP: 00007fc701dceca0 R08: 000000000000000f R09: 0000000000000000
[  641.954124][T12473] R10: 0000000000000064 R11: 0000000000000293 R12: 0000000000000005
[  641.962178][T12473] R13: 00007fff3afa100f R14: 00007fc701dcf9c0 R15: 000000000119bf8c
[  641.970151][T12472] CPU: 0 PID: 12472 Comm: syz-executor.2 Not tainted 5.11.0-rc1-syzkaller #0
[  641.978912][T12472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  641.988960][T12472] Call Trace:
[  641.992234][T12472]  dump_stack+0x107/0x163
[  641.996570][T12472]  should_fail.cold+0x5/0xa
[  642.001077][T12472]  _copy_to_user+0x2c/0x150
[  642.005584][T12472]  simple_read_from_buffer+0xcc/0x160
[  642.010974][T12472]  proc_fail_nth_read+0x187/0x220
[  642.016012][T12472]  ? proc_exe_link+0x1d0/0x1d0
[  642.020775][T12472]  ? security_file_permission+0x248/0x560
[  642.026503][T12472]  ? proc_exe_link+0x1d0/0x1d0
[  642.031270][T12472]  vfs_read+0x1b5/0x570
[  642.033484][T12473] ERROR: Out of memory at tomoyo_realpath_from_path.
[  642.035424][T12472]  ksys_read+0x12d/0x250
[  642.035447][T12472]  ? vfs_write+0xa30/0xa30
15:43:20 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:20 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4c01, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:20 executing program 1:
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)

[  642.035470][T12472]  ? syscall_enter_from_user_mode+0x1d/0x50
[  642.056780][T12472]  do_syscall_64+0x2d/0x70
[  642.061194][T12472]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  642.067089][T12472] RIP: 0033:0x417b11
[  642.070979][T12472] Code: 75 14 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  642.090587][T12472] RSP: 002b:00007fde7c905c70 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
15:43:20 executing program 1:
openat$bsg(0xffffffffffffff9c, 0x0, 0x4b6d02, 0x0)

15:43:20 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000001, 0x4010, r1, 0x10000000)

15:43:20 executing program 3 (fault-call:0 fault-nth:6):
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

[  642.099001][T12472] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000417b11
[  642.106973][T12472] RDX: 000000000000000f RSI: 00007fde7c905cb0 RDI: 0000000000000003
[  642.114947][T12472] RBP: 00007fde7c905ca0 R08: 0000000000000000 R09: 0000000000000000
[  642.122909][T12472] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  642.130876][T12472] R13: 00007fff1ad6761f R14: 00007fde7c9069c0 R15: 000000000119bf8c
15:43:20 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x541b, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

[  642.163924][ T3205] Bluetooth: hci0: command 0x0c20 tx timeout
[  642.239015][T12486] FAULT_INJECTION: forcing a failure.
[  642.239015][T12486] name failslab, interval 1, probability 0, space 0, times 0
[  642.284379][T12486] CPU: 1 PID: 12486 Comm: syz-executor.3 Not tainted 5.11.0-rc1-syzkaller #0
[  642.293438][T12486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  642.303490][T12486] Call Trace:
[  642.306761][T12486]  dump_stack+0x107/0x163
[  642.311276][T12486]  should_fail.cold+0x5/0xa
[  642.315965][T12486]  ? nbd_alloc_config+0x3d/0x180
[  642.321089][T12486]  ? nbd_alloc_config+0x3d/0x180
[  642.326007][T12486]  should_failslab+0x5/0x10
[  642.330919][T12486]  kmem_cache_alloc_trace+0x55/0x360
[  642.336629][T12486]  nbd_alloc_config+0x3d/0x180
[  642.341375][T12486]  nbd_open+0x439/0x890
[  642.345518][T12486]  ? nbd_read_stat+0xfb0/0xfb0
[  642.350262][T12486]  ? kobject_get_unless_zero+0x15a/0x1e0
[  642.355881][T12486]  ? nbd_read_stat+0xfb0/0xfb0
[  642.360638][T12486]  __blkdev_get+0x12a/0xc10
[  642.365137][T12486]  blkdev_get_by_dev+0x260/0x5e0
[  642.370064][T12486]  blkdev_open+0x154/0x2b0
[  642.374465][T12486]  do_dentry_open+0x4b9/0x11b0
[  642.379212][T12486]  ? blkdev_get_by_dev+0x5e0/0x5e0
[  642.384309][T12486]  path_openat+0x1b9a/0x2730
[  642.388900][T12486]  ? path_lookupat+0x830/0x830
[  642.393666][T12486]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  642.399655][T12486]  do_filp_open+0x17e/0x3c0
[  642.404145][T12486]  ? may_open_dev+0xf0/0xf0
[  642.408641][T12486]  ? do_raw_spin_lock+0x120/0x2b0
[  642.413663][T12486]  ? rwlock_bug.part.0+0x90/0x90
[  642.418583][T12486]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  642.424808][T12486]  ? _raw_spin_unlock+0x24/0x40
[  642.429833][T12486]  ? alloc_fd+0x2bc/0x640
[  642.434148][T12486]  do_sys_openat2+0x16d/0x420
[  642.438809][T12486]  ? build_open_flags+0x680/0x680
[  642.443814][T12486]  ? wait_for_completion_io+0x260/0x260
[  642.449340][T12486]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  642.455568][T12486]  __x64_sys_open+0x119/0x1c0
[  642.460226][T12486]  ? do_sys_open+0x140/0x140
[  642.464799][T12486]  ? syscall_enter_from_user_mode+0x1d/0x50
[  642.470678][T12486]  do_syscall_64+0x2d/0x70
[  642.475075][T12486]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  642.480951][T12486] RIP: 0033:0x417d11
[  642.484838][T12486] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  642.504443][T12486] RSP: 002b:00007fc701dce810 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  642.512837][T12486] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 0000000000417d11
[  642.520789][T12486] RDX: 0000000000000000 RSI: 00000000000a0003 RDI: 00007fc701dce840
15:43:21 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:21 executing program 1:
openat$bsg(0xffffffffffffff9c, 0x0, 0x4b6d02, 0x0)

15:43:21 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)

15:43:21 executing program 4:
prctl$PR_CAPBSET_DROP(0x7, 0x700)

15:43:21 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x5421, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

[  642.528751][T12486] RBP: 00007fc701dceca0 R08: 000000000000000f R09: 0000000000000000
[  642.536962][T12486] R10: 0000000000000064 R11: 0000000000000293 R12: 0000000000000006
[  642.544916][T12486] R13: 00007fff3afa100f R14: 00007fc701dcf9c0 R15: 000000000119bf8c
[  642.556180][T11942] Bluetooth: hci3: command 0x0401 tx timeout
15:43:21 executing program 3 (fault-call:0 fault-nth:7):
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:21 executing program 4:
prctl$PR_CAPBSET_DROP(0x8, 0x700)

15:43:21 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x5450, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:21 executing program 1:
openat$bsg(0xffffffffffffff9c, 0x0, 0x4b6d02, 0x0)

15:43:21 executing program 2:
prctl$PR_CAPBSET_DROP(0x7, 0x700)

15:43:21 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x7fff, 0x7], 0x3, 0x80800})
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)

[  642.701255][T12502] FAULT_INJECTION: forcing a failure.
[  642.701255][T12502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  642.725043][T12502] CPU: 1 PID: 12502 Comm: syz-executor.3 Not tainted 5.11.0-rc1-syzkaller #0
[  642.733906][T12502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  642.743957][T12502] Call Trace:
[  642.747232][T12502]  dump_stack+0x107/0x163
15:43:21 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x5451, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:21 executing program 4:
prctl$PR_CAPBSET_DROP(0x18, 0x700)

15:43:21 executing program 2:
prctl$PR_CAPBSET_DROP(0x8, 0x700)

[  642.751570][T12502]  should_fail.cold+0x5/0xa
[  642.756081][T12502]  _copy_to_user+0x2c/0x150
[  642.760589][T12502]  simple_read_from_buffer+0xcc/0x160
[  642.765968][T12502]  proc_fail_nth_read+0x187/0x220
[  642.771001][T12502]  ? proc_exe_link+0x1d0/0x1d0
[  642.775768][T12502]  ? security_file_permission+0x248/0x560
[  642.781510][T12502]  ? proc_exe_link+0x1d0/0x1d0
[  642.786277][T12502]  vfs_read+0x1b5/0x570
[  642.790433][T12502]  ksys_read+0x12d/0x250
[  642.794679][T12502]  ? vfs_write+0xa30/0xa30
15:43:21 executing program 1:
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0)

[  642.799099][T12502]  ? syscall_enter_from_user_mode+0x1d/0x50
[  642.805011][T12502]  do_syscall_64+0x2d/0x70
[  642.809430][T12502]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  642.815570][T12502] RIP: 0033:0x417b11
[  642.819453][T12502] Code: 75 14 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  642.839043][T12502] RSP: 002b:00007fc701dcec70 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
15:43:21 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

[  642.847434][T12502] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000417b11
[  642.855378][T12502] RDX: 000000000000000f RSI: 00007fc701dcecb0 RDI: 0000000000000003
[  642.863325][T12502] RBP: 00007fc701dceca0 R08: 000000000000000f R09: 0000000000000000
[  642.871273][T12502] R10: 0000000000000064 R11: 0000000000000293 R12: 0000000000000007
[  642.879218][T12502] R13: 00007fff3afa100f R14: 00007fc701dcf9c0 R15: 000000000119bf8c
15:43:21 executing program 4:
prctl$PR_CAPBSET_DROP(0x1b, 0x700)

15:43:21 executing program 2:
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:21 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)

15:43:21 executing program 1:
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0)

15:43:21 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x5452, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:21 executing program 2:
prctl$PR_CAPBSET_DROP(0x18, 0x700)

15:43:21 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0007)

15:43:21 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:21 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)

15:43:21 executing program 1:
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0)

15:43:21 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x5460, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:21 executing program 2:
prctl$PR_CAPBSET_DROP(0x1b, 0x700)

15:43:21 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0009)

15:43:21 executing program 4:
prctl$PR_CAPBSET_DROP(0x2f, 0x700)

15:43:21 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x6364, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:21 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x5460, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0010)

15:43:22 executing program 5:
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4b6d02, 0x0)

15:43:22 executing program 2:
prctl$PR_CAPBSET_DROP(0x2f, 0x700)

15:43:22 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x28)

15:43:22 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8901, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x5460, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x707)

15:43:22 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x4001)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0)
write$FUSE_BMAP(r0, &(0x7f0000000080)={0x18, 0x0, 0x0, {0xffff}}, 0x18)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)

15:43:22 executing program 5:
openat$bsg(0xffffffffffffff9c, 0x0, 0x4b6d02, 0x0)

15:43:22 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x21)

15:43:22 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x5460, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8902, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x17)

15:43:22 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
bind$rds(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e24, @empty}, 0x10)

15:43:22 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000002080)='/dev/bsg\x00', 0x220e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, <r1=>0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
getpgid(r2)
write$FUSE_GETXATTR(r0, &(0x7f0000002040)={0x18, 0xffffffffffffffda, r1, {0x3}}, 0x18)
userfaultfd(0x0)

15:43:22 executing program 5:
openat$bsg(0xffffffffffffff9c, 0x0, 0x4b6d02, 0x0)

15:43:22 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8903, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x5460, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 4:
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, <r0=>0x0}, 0x2020)
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000002040)={0x60, 0x0, r0, {{0x1, 0x9, 0x2, 0x400, 0xb2, 0x5, 0x800, 0x1f}}}, 0x60)
socket$l2tp(0x2, 0x2, 0x73)
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:22 executing program 2:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x1bb000, 0x0)
accept4$rose(r0, &(0x7f0000000040)=@full={0xb, @remote, @rose, 0x0, [@null, @rose, @bcast, @rose, @default, @rose]}, &(0x7f0000000080)=0x40, 0x80000)

15:43:22 executing program 5:
openat$bsg(0xffffffffffffff9c, 0x0, 0x4b6d02, 0x0)

15:43:22 executing program 3:
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000180)={0x18, 0x0, 0x0, {0x100000001}}, 0x18)
ptrace$getregset(0x4204, 0x0, 0x2, &(0x7f0000000000)={&(0x7f00000000c0)=""/169, 0xa9})
syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0xa0003)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00')
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f00000001c0)={0x8})

15:43:22 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x5460, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8904, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 5:
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0)

15:43:22 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
socket$l2tp(0x2, 0x2, 0x73)

15:43:22 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$DEVLINK_CMD_SB_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x16c, 0x0, 0x4, 0x70bd2d, 0x25dfdbfb, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xfffffc00}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x55a}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x3}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x2}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x101}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x40864}, 0x0)

15:43:22 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
shmget$private(0x0, 0x4000, 0xe00, &(0x7f0000ff9000/0x4000)=nil)

15:43:22 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x5460, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 4:
shmctl$SHM_LOCK(0x0, 0xb)
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
accept4$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @my=0x0}, 0x10, 0x80800)

15:43:22 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8906, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 5:
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0)

15:43:22 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:22 executing program 3:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x2d8200)

15:43:22 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x5460, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8907, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
select(0x40, &(0x7f0000000000)={0x2, 0xab64, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})
socket$inet6_udp(0xa, 0x2, 0x0)
getitimer(0x0, &(0x7f0000000100))

15:43:22 executing program 5:
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0)

15:43:22 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x23)

15:43:22 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x5460, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 3:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:22 executing program 4:
ioctl$HIDIOCGRAWPHYS(0xffffffffffffffff, 0x80404805, &(0x7f0000000040))
write$nbd(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="674466980100000003000200040000007b6f6e43003107278f9f7e"], 0x1b)
prctl$PR_CAPBSET_DROP(0x17, 0x2000701)

[  644.180104][T11942] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:22 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8913, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:22 executing program 5:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
select(0x40, &(0x7f0000000000)={0x2, 0xab64, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})
socket$inet6_udp(0xa, 0x2, 0x0)
getitimer(0x0, &(0x7f0000000100))

15:43:23 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x5460, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:23 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
socketpair(0x18, 0x5, 0x1000, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080)='SEG6\x00')
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x1c}}, 0x0)

15:43:23 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000002100)={0x16, 0x98, 0xfa00, {&(0x7f00000020c0), 0x2, 0xffffffffffffffff, 0x0, 0x1, @in6={0xa, 0x4e23, 0x0, @remote, 0xe1e2}}}, 0xa0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_STATFS(r0, &(0x7f0000002040)={0x60, 0x0, r1, {{0xffffffffffffaae7, 0x5, 0x1, 0x800000000000000, 0x8001, 0x7ff, 0xfffffbff, 0xd595}}}, 0x60)

15:43:23 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0xafddfbd5528571c7)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x400, 0x4c2], 0x2, 0x0, 0x0, <r1=>0xffffffffffffffff})
syz_open_dev$ndb(&(0x7f0000000300)='/dev/nbd#\x00', 0x0, 0x10000)
r2 = socket(0x23, 0x0, 0x6)
ioctl$sock_bt_hci(r2, 0x800448f0, &(0x7f0000000340)="6d5639e9ee8529a10749f109009fcae3c3c0f43cda01631e93a75a1e3bea322766dd3605f050a4e977028f60e70eab8e54fcaa85bd66376fc006d0c469d70427039cb9455bc40fdf9106102e17d2dc1430a3041e4141e95d908425f7be3ad33eab2a6e1d5e11f7fa66bc25feb4d556839603340d2afecbc4d9700a998956ba641b3e9a2f38350ecc893bb2614ff346baf44279a649e512dbb1f604f6a3e70413a33d60b13df2d074d4b2ccc3aabe2299af84070beabefb4dc622a83948a298f2e9c661655e4885738ae81d3b22da")
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000280)={0x2, 0x0, [{0xf000, 0xcc, &(0x7f0000000100)=""/204}, {0xf000, 0x4f, &(0x7f0000000200)=""/79}]})
getuid()

15:43:23 executing program 5:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
select(0x40, &(0x7f0000000000)={0x2, 0xab64, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})
socket$inet6_udp(0xa, 0x2, 0x0)
getitimer(0x0, &(0x7f0000000100))

15:43:23 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x5460, 0x0)

15:43:23 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8914, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:23 executing program 2:
r0 = socket(0x21, 0x2, 0x2)
bind$rds(r0, &(0x7f0000000000)={0x2, 0x4e21, @multicast2}, 0x10)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:23 executing program 5:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
select(0x40, &(0x7f0000000000)={0x2, 0xab64, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})
socket$inet6_udp(0xa, 0x2, 0x0)
getitimer(0x0, &(0x7f0000000100))

15:43:23 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x200000, 0x0)

15:43:23 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8933, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:23 executing program 3:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:23 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0xafddfbd5528571c7)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x400, 0x4c2], 0x2, 0x0, 0x0, <r1=>0xffffffffffffffff})
syz_open_dev$ndb(&(0x7f0000000300)='/dev/nbd#\x00', 0x0, 0x10000)
r2 = socket(0x23, 0x0, 0x6)
ioctl$sock_bt_hci(r2, 0x800448f0, &(0x7f0000000340)="6d5639e9ee8529a10749f109009fcae3c3c0f43cda01631e93a75a1e3bea322766dd3605f050a4e977028f60e70eab8e54fcaa85bd66376fc006d0c469d70427039cb9455bc40fdf9106102e17d2dc1430a3041e4141e95d908425f7be3ad33eab2a6e1d5e11f7fa66bc25feb4d556839603340d2afecbc4d9700a998956ba641b3e9a2f38350ecc893bb2614ff346baf44279a649e512dbb1f604f6a3e70413a33d60b13df2d074d4b2ccc3aabe2299af84070beabefb4dc622a83948a298f2e9c661655e4885738ae81d3b22da")
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000280)={0x2, 0x0, [{0xf000, 0xcc, &(0x7f0000000100)=""/204}, {0xf000, 0x4f, &(0x7f0000000200)=""/79}]})
getuid()

15:43:23 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x2b)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000000)={0x0, 0x2710}, 0x10)

[  644.579080][ T3001] Bluetooth: hci3: command 0x0401 tx timeout
15:43:23 executing program 5:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
select(0x40, &(0x7f0000000000)={0x2, 0xab64, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})
socket$inet6_udp(0xa, 0x2, 0x0)

15:43:23 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x80000, 0x0)
ioctl$NBD_SET_SIZE(r0, 0xab02, 0x9)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x38, 0x0, &(0x7f0000000080)=[@request_death, @increfs={0x40046304, 0x1}, @increfs={0x40046304, 0x1}, @acquire={0x40046305, 0x1}, @clear_death={0x400c630f, 0x2}], 0x7b, 0x0, &(0x7f00000000c0)="90c9baf3349dcff1cc92ed9e05f419b9b2bcdb5eb60ae42a4197ce468aaea1a61791be2ef9e39708a8b1c9550189630be4e4c1b386f99bbbb3d3d099f61dae2cfe115987e67765a5b7ab02bfc0b7683a1cbb7f4ff507edd68d1323b8d5a42e744ecba719684463d12a85372f350d65fabdf5d414dbf6bc653eb18e"})

15:43:23 executing program 3:
r0 = userfaultfd(0x800)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000ff9000/0x4000)=nil, 0x4000})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000002c0)={&(0x7f0000000340)=[0x0, 0x8452, 0xfffffffc, 0x4006, 0x3, 0x3, 0x8a], 0x7, 0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000300)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x4000, 0x1})
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x121040, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000480)={&(0x7f00000003c0)="08eabce65d30ee92ff8cd0b825439dfcfca242d379aadd8705bfedaed334c2a98a82814f2cabdb7624293e9a59d0d55b66cc18f8ed9c8931e79927f1af3081fe9d4b9bd1502ffaa4604786176b29c539f5d8d2bb90f6234f47a4d78e87ac56b1b99fc7b255619e0db6ee1c9745881309071cd53b5079cbae8e821f4725e46d4d198e216ea93ac08f37f289468a", 0x8d})
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000000))
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000280)='/dev/bsg\x00', 0x2100, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000380)={0x40000002})
ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x9, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0='bpq0\x00', 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null]})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000180)={&(0x7f00000000c0)="7a78f6393cb0b3fac35add588fa145500bffc7ee55b8bc206b568590b15221ac060ac720eff91e12d62cb0d5fd0643583512c41ff2452ff04f93adeeb615dba2b3e30e533c83ce6124f490f1e0234f1bef627dbf75f86afc21fa507d5149b2b502f66d7f43949ef8677662d21c035bdbb546515e0a0ad0e968be57c6b0e9dc09f96b6802a2821a7adedb7d35c01de02cb81521d730420dac6900926bbb5e241c3202ee141b0b8a322dee6bf0bd3468c33bee2661cd02bdceace4", 0xba})
inotify_init()
ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0x3)

15:43:23 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8940, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:23 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x18)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r1, 0x0, 0x0)
setrlimit(0xa, &(0x7f0000001700)={0x7f, 0x5b31})
r2 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x9)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001600)={0x100, 0x0, &(0x7f0000001480)=[@acquire={0x40046305, 0x3}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f00000010c0)={@fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/175, 0xaf, 0x8, 0x36}, @ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/4096, 0x1000, 0x2, 0x35}}, &(0x7f0000001140)={0x0, 0x18, 0x40}}}, @free_buffer={0x40086303, r2}, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001280)={@flat=@weak_handle={0x77682a85, 0x0, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000001180)=""/220, 0xdc, 0x2, 0x17}, @flat=@weak_handle={0x77682a85, 0x1104, 0x3}}, &(0x7f0000001300)={0x0, 0x18, 0x40}}}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f00000013c0)={@fda={0x66646185, 0x0, 0x1, 0x5}, @flat=@weak_handle={0x77682a85, 0x10a, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000001340)=""/109, 0x6d, 0x2, 0x3c}}, &(0x7f0000001440)={0x0, 0x20, 0x38}}, 0x1000}, @free_buffer, @register_looper, @release={0x40046306, 0x3}], 0x62, 0x0, &(0x7f0000001580)="711cbee66c4440b3c1cd25b23b740411c4f92d037ab62b4f4445b5807807e2abdc55e358df26c9765dee1c9383415cdf6e0e9dd6bf4cae1f0d9c33a29125213b353933475f214eb6bb0e066243d7a00c55d76af244c273dc4199dcec97675083e121"})
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000001640)='/dev/dri/renderD128\x00', 0x101200, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f00000016c0)={&(0x7f0000001680)=[0x8], 0x1, 0x80800})

15:43:23 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0xafddfbd5528571c7)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x400, 0x4c2], 0x2, 0x0, 0x0, <r1=>0xffffffffffffffff})
syz_open_dev$ndb(&(0x7f0000000300)='/dev/nbd#\x00', 0x0, 0x10000)
r2 = socket(0x23, 0x0, 0x6)
ioctl$sock_bt_hci(r2, 0x800448f0, &(0x7f0000000340)="6d5639e9ee8529a10749f109009fcae3c3c0f43cda01631e93a75a1e3bea322766dd3605f050a4e977028f60e70eab8e54fcaa85bd66376fc006d0c469d70427039cb9455bc40fdf9106102e17d2dc1430a3041e4141e95d908425f7be3ad33eab2a6e1d5e11f7fa66bc25feb4d556839603340d2afecbc4d9700a998956ba641b3e9a2f38350ecc893bb2614ff346baf44279a649e512dbb1f604f6a3e70413a33d60b13df2d074d4b2ccc3aabe2299af84070beabefb4dc622a83948a298f2e9c661655e4885738ae81d3b22da")
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000280)={0x2, 0x0, [{0xf000, 0xcc, &(0x7f0000000100)=""/204}, {0xf000, 0x4f, &(0x7f0000000200)=""/79}]})
getuid()

15:43:23 executing program 5:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
select(0x40, &(0x7f0000000000)={0x2, 0xab64, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:23 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))

15:43:23 executing program 4:
r0 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r0, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r1 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r2 = getpgid(r0)
r3 = getpgid(r2)
rt_tgsigqueueinfo(r3, 0x0, 0xe, &(0x7f0000000000)={0x30, 0x3, 0xe5})
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:23 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8941, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:23 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0xafddfbd5528571c7)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x400, 0x4c2], 0x2, 0x0, 0x0, <r1=>0xffffffffffffffff})
syz_open_dev$ndb(&(0x7f0000000300)='/dev/nbd#\x00', 0x0, 0x10000)
r2 = socket(0x23, 0x0, 0x6)
ioctl$sock_bt_hci(r2, 0x800448f0, &(0x7f0000000340)="6d5639e9ee8529a10749f109009fcae3c3c0f43cda01631e93a75a1e3bea322766dd3605f050a4e977028f60e70eab8e54fcaa85bd66376fc006d0c469d70427039cb9455bc40fdf9106102e17d2dc1430a3041e4141e95d908425f7be3ad33eab2a6e1d5e11f7fa66bc25feb4d556839603340d2afecbc4d9700a998956ba641b3e9a2f38350ecc893bb2614ff346baf44279a649e512dbb1f604f6a3e70413a33d60b13df2d074d4b2ccc3aabe2299af84070beabefb4dc622a83948a298f2e9c661655e4885738ae81d3b22da")
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000280)={0x2, 0x0, [{0xf000, 0xcc, &(0x7f0000000100)=""/204}, {0xf000, 0x4f, &(0x7f0000000200)=""/79}]})
getuid()

15:43:23 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x400000, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000100)={0x1, 0x0, [{0x100000, 0x8a, &(0x7f0000000040)=""/138}]})
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x104, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000140), 0x0, r2, 0x30, 0x1, @in6={0xa, 0x4e23, 0x10000, @loopback, 0x744}}}, 0xa0)

15:43:23 executing program 5:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
select(0x40, &(0x7f0000000000)={0x2, 0xab64, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:23 executing program 3:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000080)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_GETXATTR(r0, &(0x7f00000020c0)={0x18, 0xfffffffffffffff5, r1, {0x7}}, 0x18)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
write$FUSE_GETXATTR(r0, &(0x7f0000002240)={0x18, 0x0, r1}, 0x18)
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
getsockopt$rose(0xffffffffffffffff, 0x104, 0x6, &(0x7f0000002140), &(0x7f0000002180)=0x4)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000021c0)='/dev/bsg\x00', 0x97314c95e9bbba72, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r3, 0x8004e500, &(0x7f0000002200)=r0)
bind$bt_hci(r2, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000002100)={0x3, 0x81})

15:43:23 executing program 4:
r0 = getpgid(0x0)
ptrace$getregs(0xffffffffffffffff, r0, 0x0, 0x0)
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:23 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x894c, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:23 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0xafddfbd5528571c7)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x400, 0x4c2], 0x2, 0x0, 0x0, <r1=>0xffffffffffffffff})
syz_open_dev$ndb(&(0x7f0000000300)='/dev/nbd#\x00', 0x0, 0x10000)
r2 = socket(0x23, 0x0, 0x6)
ioctl$sock_bt_hci(r2, 0x800448f0, &(0x7f0000000340)="6d5639e9ee8529a10749f109009fcae3c3c0f43cda01631e93a75a1e3bea322766dd3605f050a4e977028f60e70eab8e54fcaa85bd66376fc006d0c469d70427039cb9455bc40fdf9106102e17d2dc1430a3041e4141e95d908425f7be3ad33eab2a6e1d5e11f7fa66bc25feb4d556839603340d2afecbc4d9700a998956ba641b3e9a2f38350ecc893bb2614ff346baf44279a649e512dbb1f604f6a3e70413a33d60b13df2d074d4b2ccc3aabe2299af84070beabefb4dc622a83948a298f2e9c661655e4885738ae81d3b22da")
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000280)={0x2, 0x0, [{0xf000, 0xcc, &(0x7f0000000100)=""/204}, {0xf000, 0x4f, &(0x7f0000000200)=""/79}]})

15:43:23 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
prctl$PR_GET_TIMERSLACK(0x1e)

15:43:23 executing program 2:
read$fb(0xffffffffffffffff, &(0x7f0000000000)=""/154, 0x9a)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
socket$l2tp(0x2, 0x2, 0x73)

15:43:23 executing program 5:
select(0x40, &(0x7f0000000000)={0x2, 0xab64, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:23 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x20000700)

15:43:23 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0xafddfbd5528571c7)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x400, 0x4c2], 0x2})
syz_open_dev$ndb(&(0x7f0000000300)='/dev/nbd#\x00', 0x0, 0x10000)
r1 = socket(0x23, 0x0, 0x6)
ioctl$sock_bt_hci(r1, 0x800448f0, &(0x7f0000000340)="6d5639e9ee8529a10749f109009fcae3c3c0f43cda01631e93a75a1e3bea322766dd3605f050a4e977028f60e70eab8e54fcaa85bd66376fc006d0c469d70427039cb9455bc40fdf9106102e17d2dc1430a3041e4141e95d908425f7be3ad33eab2a6e1d5e11f7fa66bc25feb4d556839603340d2afecbc4d9700a998956ba641b3e9a2f38350ecc893bb2614ff346baf44279a649e512dbb1f604f6a3e70413a33d60b13df2d074d4b2ccc3aabe2299af84070beabefb4dc622a83948a298f2e9c661655e4885738ae81d3b22da")

15:43:23 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8982, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:23 executing program 3:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000200)={0x2, 0x5})
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x80000, 0x0)
ioctl$NBD_CLEAR_QUE(r1, 0xab05)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000180)={&(0x7f0000000100)="a0a7acdbcf0540c460e1cc177e3e9c0348dbf3f1f6954dd2198568e00cdda1a0c1f0962ed2c85b158f1b6d3e3b73f4efb4d949cb887a993b324c3e5177eb51d76368d26caa340867f963dcbea5", 0x4d})
ioctl$SIOCPNGETOBJECT(r1, 0x89e0, &(0x7f0000000080)=0xfffe)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f00000000c0)={&(0x7f0000000080)})

15:43:23 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x20)
geteuid()

15:43:24 executing program 5:
select(0x0, 0x0, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:24 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0xa6780, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0xb)

15:43:24 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x8983, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:24 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r1 = epoll_create(0x6)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r2, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2)
ioctl$NBD_SET_SIZE(r0, 0xab02, 0x8)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x44000, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x5, 0x8001, 0x9, 0x3f, 0x1, 0x1, 0x6, 0x1, 0x10001], 0x9, 0x80800, 0x0, <r4=>0xffffffffffffffff})
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000100)={0x2, r4})

15:43:24 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0xafddfbd5528571c7)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x400, 0x4c2], 0x2})
syz_open_dev$ndb(&(0x7f0000000300)='/dev/nbd#\x00', 0x0, 0x10000)
socket(0x23, 0x0, 0x6)

15:43:24 executing program 2:
read$FUSE(0xffffffffffffffff, &(0x7f0000000080)={0x2020, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2020)
r1 = getuid()
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x2801, &(0x7f00000020c0)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@allow_other='allow_other'}, {@blksize={'blksize'}}], [{@fowner_lt={'fowner<'}}, {@subj_role={'subj_role', 0x3d, ']$%\\\''}}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x38, 0x31, 0x30, 0x38, 0x63, 0x61, 0x33], 0x2d, [0x36, 0x34, 0x36, 0x31], 0x2d, [0x33, 0x30, 0x39, 0x35], 0x2d, [0x39, 0x63, 0x65, 0x66], 0x2d, [0x63, 0x37, 0x64, 0x34, 0x61, 0x35, 0x1]}}}, {@context={'context', 0x3d, 'root'}}, {@func={'func', 0x3d, 'PATH_CHECK'}}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@euid_eq={'euid', 0x3d, r1}}]}})
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:24 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
setsockopt$RDS_FREE_MR(r0, 0x114, 0x3, &(0x7f0000000000)={{0x8, 0x7f}, 0x40}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x6dd)

15:43:24 executing program 5:
select(0x0, 0x0, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:24 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x89a0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:24 executing program 4:
write$hidraw(0xffffffffffffffff, &(0x7f0000000040)="212bf5a550a5682c7cf244b3c0684081d7dc3a64bc07f70537348472a89e8a5f8e7ceb31", 0x24)
prctl$PR_CAPBSET_DROP(0x17, 0x9)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, 0xffffffffffffffff)

15:43:24 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0xafddfbd5528571c7)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x400, 0x4c2], 0x2})
socket(0x23, 0x0, 0x6)

15:43:24 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x149401)
r0 = shmget(0x0, 0x2000, 0x4, &(0x7f0000ffc000/0x2000)=nil)
openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x26c00, 0x0)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000040)=""/85)

15:43:24 executing program 2:
getuid()
inotify_add_watch(0xffffffffffffffff, 0x0, 0x22000040)

15:43:24 executing program 5:
select(0x0, 0x0, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:24 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x89a1, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:24 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
bind$phonet(0xffffffffffffffff, &(0x7f0000000000)={0x23, 0x0, 0x0, 0x2}, 0x10)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000010c0)={0x1, 0x1, &(0x7f0000000040)=""/4096, &(0x7f0000001040)=""/9, &(0x7f0000001080)=""/9, 0x2000})
shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000001100)=""/49)

15:43:24 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x6fd)

15:43:24 executing program 1:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0xafddfbd5528571c7)
socket(0x23, 0x0, 0x6)

15:43:24 executing program 5:
select(0x40, &(0x7f0000000000)={0x0, 0xab64, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:24 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x4383)

15:43:24 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000000)={0x2})

15:43:24 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0xb)

15:43:24 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448c9, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:24 executing program 1:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
socket(0x23, 0x0, 0x6)

15:43:24 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
ioctl$SOUND_MIXER_INFO(0xffffffffffffffff, 0x805c4d65, &(0x7f0000000000))

15:43:24 executing program 5:
select(0x40, &(0x7f0000000000)={0x0, 0xab64, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:24 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:24 executing program 3:
mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7, 0x110, 0xffffffffffffffff, 0x10000000)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x30, 0xffffffffffffffff, 0x10000000)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa0003)
setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, &(0x7f0000000000)={{0xb, 0x8}, 0x11}, 0x10)

15:43:24 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
userfaultfd(0x80000)
getsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4)

15:43:24 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x16)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x40, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_pwait(r1, &(0x7f0000000080)=[{}, {}, {}], 0x3, 0x40, &(0x7f00000000c0)={[0x8]}, 0x8)
ioctl$SIOCPNADDRESOURCE(r0, 0x89e0, &(0x7f0000000040)=0x81)

15:43:24 executing program 1:
socket(0x23, 0x0, 0x6)

15:43:24 executing program 5:
select(0x40, &(0x7f0000000000)={0x0, 0xab64, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:24 executing program 4:
select(0x40, &(0x7f0000000000)={0x16, 0x800100000000, 0x8, 0x8, 0x7, 0x3, 0x0, 0x4}, &(0x7f0000000040)={0x6fc3, 0x7fffffff, 0x1, 0x22, 0x1, 0x100000000}, &(0x7f0000000080)={0x7, 0xffffffffffffa5e1, 0x4, 0x1, 0x6, 0x5, 0xa182, 0x200}, &(0x7f00000000c0)={0x77359400})
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000580)=ANY=[@ANYBLOB="85616466000000000400000000000000000000000000000039000000000000008561646600000000010000000000000001000000000000001500000000000000852a6277000000001100000000000000000000000000000058d174407356e6f2e822a2a5ad66ba82109eae45a132825426229cbaef36c559773f7dae90"], &(0x7f00000002c0)={0x0, 0x20, 0x40}}, 0x40}], 0x5b, 0x0, &(0x7f0000000380)="b837bbdc5200ba033308b0b0b7c8fc49c1bdbefddf176adb398b63518edecc292b8a0f79f1892915057c7b4332484a24e73b808482789a5c04460779b3249812c2bee0f77c2f85429941a3572f315f0ea2b6e267751422600fcddc"})
syz_init_net_socket$rose(0xb, 0x5, 0x0)
clock_gettime(0x0, &(0x7f00000001c0)={<r1=>0x0, <r2=>0x0})
select(0x40, &(0x7f0000000100)={0xfffffffffffffffd, 0x3, 0x8, 0x2a4, 0x3, 0x7fff, 0x3153, 0x843d}, &(0x7f0000000140)={0xfffffffffffffffe, 0x6, 0x5, 0x68bd, 0x2, 0x7, 0xffffffffffffff81, 0xae}, &(0x7f0000000180)={0xfffffffffffffffe, 0xffff, 0x9, 0x7ff, 0x0, 0x7, 0xfffffffffffffffd, 0x380}, &(0x7f0000000200)={r1, r2/1000+60000})
ioctl$HIDIOCGFEATURE(r0, 0xc0404807, &(0x7f0000000500)={0x0, "a9d66e5177924483388961175c6067002317fce1c48377a8cc4a1c982e48a1d6a1fe3154811f78d76eee81310abecf3cb2ee0a959ea7bf14f86c20e2959063f8"})
recvfrom$rose(r0, &(0x7f0000000440)=""/66, 0x42, 0x10002, &(0x7f00000004c0)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, 0x1c)
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:24 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x1)

15:43:24 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448cb, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:24 executing program 1:
socket(0x0, 0x0, 0x6)

15:43:24 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x701e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0xfffffffffffffffe)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7fffffff], 0x1, 0x800})
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r2, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_ext={0x1c, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800730051000000000000007c01000018150000", @ANYRES16=r2, @ANYBLOB="0000000000e0000095000000000000af1ce0191be6241b4e8a58e3ae2963a1394754b70ef59109f09940a7b8443721e6d7d199130dbfb2526e968747e171bf71b53636ca707f8c5851cd54d90f8ace8620546bf57dc5d6f97f6b57b5d439cdb9dad73faea877e4ae5c55657632c048c4f8569cb75de6b2b9631e6c142e9c0a9cd8e17b67de7c08"], &(0x7f0000000180)='syzkaller\x00', 0x7, 0x96, &(0x7f0000000240)=""/150, 0x41000, 0x5, [], 0x0, 0x0, r0, 0x8, &(0x7f00000001c0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0xe, 0xd733, 0xffffffff}, 0x10, 0x21587, r0}, 0x78)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
write$FUSE_GETXATTR(r1, &(0x7f0000000080)={0x18, 0x0, 0x0, {0xbc2c}}, 0x18)

15:43:24 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x80000, 0x0)
recvfrom$phonet(r0, &(0x7f0000000080)=""/236, 0xec, 0x40000053, &(0x7f0000000000)={0x23, 0x6, 0x5, 0x6}, 0x10)
shmctl$SHM_INFO(0xffffffffffffffff, 0xe, &(0x7f0000000180)=""/148)

15:43:24 executing program 5:
select(0x40, &(0x7f0000000000)={0x2, 0x0, 0x7ff, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:24 executing program 4:
ioctl$NBD_SET_TIMEOUT(0xffffffffffffffff, 0xab09, 0x32f96eba)
prctl$PR_CAPBSET_DROP(0x18, 0x6)
prctl$PR_CAPBSET_DROP(0x17, 0x700)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001100)=@bpf_lsm={0x1d, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@alu={0x7, 0x1, 0xd, 0x8, 0x5, 0xc, 0x1}, @ldst={0x1, 0x1, 0x0, 0x4, 0x2, 0xfffffffffffffffe}, @generic={0x1, 0x6, 0xa, 0x800, 0xfffffff7}, @alu={0x7, 0x0, 0x6, 0xa, 0x6, 0x100}, @exit]}, &(0x7f0000000040)='GPL\x00', 0xb26, 0x1000, &(0x7f0000000080)=""/4096, 0x41100, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000001080)={0x6, 0x1}, 0x8, 0x10, &(0x7f00000010c0)={0x0, 0x3, 0x0, 0x200}, 0x10}, 0x78)

15:43:24 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448cc, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

[  646.259263][ T9766] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:25 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x3, 0x0, &(0x7f0000000040)=""/181, &(0x7f0000000100)=""/141, &(0x7f00000001c0)=""/113, 0x4})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000280)=[@clear_death={0x400c630f, 0x1}, @increfs_done, @acquire_done, @increfs_done={0x40106308, 0x1}], 0x7f, 0x0, &(0x7f0000000300)="77cd9b6320c1401b4fc05ee1f32d03451fb06fc0bc51247ab0fb4c6ccbedbabec19123465eac487ab2cb2f2a28ace0bcb8600f9fdb79f4bbc1bebd93b032a11bb05ff0d45b50cf292759650014a513e1a276bb94e135074f3f8a9fda9f321e4abcef27e33030f7d68b207a121c9c5b072a3da81cf6d4129e9dd1d8d1272646"})

15:43:25 executing program 1:
socket(0x0, 0x0, 0x6)

15:43:25 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x30000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000080)={0x204, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0xaa}, {0xc, 0x90, 0x200}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x3}, {0xc, 0x90, 0x101}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x378}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x3}, {0xc}, {0xc, 0x90, 0x800}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x3}, {0xc, 0x90, 0x4}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x689}, {0xc, 0x90, 0x9}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x8001}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x6}, {0xc, 0x90, 0xfffffffffffff49d}}]}, 0x204}, 0x1, 0x0, 0x0, 0xc0}, 0x80)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4008af14, &(0x7f0000000340))

15:43:25 executing program 5:
select(0x40, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x80, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:25 executing program 4:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={<r3=>0xffffffffffffffff}, 0x0, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000300)={0x16, 0x98, 0xfa00, {&(0x7f0000000240), 0x2, r3, 0x10, 0x0, @in6={0xa, 0x4e23, 0x800, @private0={0xfc, 0x0, [], 0x1}, 0x3}}}, 0xa0)
accept4$rose(0xffffffffffffffff, &(0x7f00000000c0)=@full={0xb, @dev, @rose, 0x0, [@default, @netrom, @default, @null, @netrom, @netrom]}, &(0x7f0000000100)=0x40, 0x800)

15:43:25 executing program 3:
shmget(0x3, 0x2000, 0x80, &(0x7f0000001000/0x2000)=nil)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:25 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:25 executing program 5:
select(0x40, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, 0xff, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:25 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

15:43:25 executing program 1:
socket(0x0, 0x0, 0x6)

15:43:25 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x6)
ioctl$SOUND_MIXER_INFO(0xffffffffffffffff, 0x805c4d65, &(0x7f0000000000))

15:43:25 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, &(0x7f0000000100)={0x1, 0x0, &(0x7f00000000c0)=[0x0]})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x6, 0xfffffff8, 0x1, 0x7, 0x4, 0x7e, 0x6, 0x0, 0xffffffff], 0x9, 0x80000, 0x0, <r1=>0xffffffffffffffff})
ioctl$NBD_CLEAR_QUE(r1, 0xab05)

15:43:25 executing program 5:
select(0x40, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:25 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0xce45, 0x81, 0x8], 0x3, 0x100000, 0x0, <r0=>0xffffffffffffffff})
ioctl$HIDIOCSFEATURE(r0, 0xc0404806, &(0x7f0000000080)="1fcc8f936f7f20315c2f453492e7aa7c2680fd9c020bb1c5a02301dd2faf94f70a")
sched_rr_get_interval(0x0, &(0x7f0000000140))
openat$bsg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bsg\x00', 0x2a2c0, 0x0)
read$fb(r0, &(0x7f00000000c0)=""/108, 0x6c)

15:43:25 executing program 1:
socket(0x23, 0x0, 0x0)

15:43:25 executing program 4:
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000000)={0x0, 0x2710}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x1d)

[  646.659201][ T9766] Bluetooth: hci3: command 0x0401 tx timeout
15:43:25 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x2)

15:43:25 executing program 1:
socket(0x23, 0x0, 0x0)

15:43:26 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:26 executing program 5:
select(0x40, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:26 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0)

15:43:26 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:26 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x100100000000006)

15:43:26 executing program 1:
socket(0x23, 0x0, 0x0)

15:43:26 executing program 5:
select(0x40, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:26 executing program 4:
socketpair(0x6, 0x800, 0x6, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00')
sendto$phonet(r1, &(0x7f0000000300)="696b5d4aa9ef482d67b8f3d8930dae4b8f3f4c7d38775786c830cc05b9df42577f696509085ca02c3a25313491a078c342ba14025c7253dd6726559439bd9eed520102459c5210404fda6ac872067cff665af8b8de9846c6e02eee19587fd74fd4a29683f9a1403c2b170fdf20cd5dbf3acf4fcdb09ffce48b48cc2104f7de822dd0db3aeefd974cf1d84bb8adbd587692248d36d5f4f598069fd4aa4e4b36161e8e9c1a7d601251f5dc06ce62c1b5a8aa5accb0f07ec8681fa606fa15bd213a7307c8c03072098c2eb08e32c2453d031b851bcd1080a949a09734a11cfd41fe49339291e7a6978f5b579bb5d012202bdcbbd537f887add0c9a4c9e79baf0a9cf689a5927d9cde1f92bfaf5a7f379a8d6b2819db07719ebcd732dd13cb779c81e79f4d611438770d5f2ed1a420c089b2839ab182945be0232c5ff018813a951c179f02055e632a7c42d4ce19d47ff2447d4173e3a8bae90397d3dc3aaf19ed6394c7abd3c558006d97eed27869f003bd691687d8ca83c2817db7cac75825815805ea9e1e7b90f01dd0ec47ad85aa3f5e3f51cc6dcfa8a74429030d363b57fc3886a40220935f87dc2c9b0f0847e1515ab94ba11faab7cd393cda2ffa3ac874d71571df1bebd542c5f5b0328a757fa73d5ea9faded1d9dbbe64e06fd2b890260d96c704ebdb84e97ba2290c1278f5912b680a74a602ed025e2dc9d64801ba1daff2c66ea5f5201bee2eb63d7cac5edb8011ec467762911ec3c471aca6c22e2097a495ec05154ceb23babb47732c2e449802653d7a5364d0ca90f58ab2e666d784d4475f5147b80f63017577e95834cddce1a80b688742623f46e3fe6bc523175bb0da8c1dd3f0e750bc8aac70475d647ca3e145e44b1ddec99e64f38c57ac478327ce1f90356ab0fda7afec5b68d1e9c41319ecfb91cf6d58442680806a2497925f419669bfdfe9f71e93cc803db75662927f5ce1b9da25680a1bb568881e3025fc4fce9bc1eaf4f8504cba4fc89787afa6643f8fbbe8bace0ec1d237815401d50e39e3e9db6825cd96af991c8f1007b83124fed9e0d11def1b76d45b5eae0bb0b90425f206143ef73a34983909b763c80abf775e23bd893b9435b15339cd984e87daac76ea6c1e4d7453a46eecff313b1cc063fd85bf958bbbef5c64716e2c8dcc95f62421eaf42c212bab5bc50792b33fa97f57d8f588d808cb5d129963d1c465863b88056662f4fff63d7ea25fb18284cab6948e72acbe82999d77e8e4df4c1cf0435a1cc22a3ef76f08144ce05ecb1dd951b4eb168edc5d97c76d96fded0063151f4a5fbb4cb02c123f54005c6914d4d2243f23a9e280cbfbcd7c992a1beb2a3e522139b947bc56dd931e588cdc9a3b8328991e846c71af1b14127549f08d9a4583ba20ab068aba556e57e1c1b24126daa7b39283ad4fd1a4e6d5748b498d5c3445913868ae4a8b2a7e1c3caf09c5fb5b24cfa9d44e7bd26a2fd2027e8e7839e9db633466837eebc7c027d2e10bf7f882b87e50c52a832ee4255dff120cc80321ab3e826e3b37b5c702d45902999598413bf811244922f5f874ac15e3b6857aae4e7478f4e3b78f4547097174e3e3b0acfd9e1a23292766ab9dffacc3f7551871cfcce079956779ca0dcaa62d7ce1b1596b96beec8cbb348121ef7b246432137d2a996cfa7a8f52d4811fa263dacea86f7ea78dc1fb92932b7e057817b81aef60f0f8300bf99e0b776c15d9fea7bfcd6f229e3e1782e5204a69eacb9f1004685b145d04cf8114209b767ce35e0d03a78641148a8d044ab03bd6d97c78531182bd4467927c7bcce29d24238ccbeedb0cb815fe6b5ed0b9654093073b6dd40514caf6e6ba9ecc9fc78cbaf7698a2e35dd7878964bee34913fbefe417bd4b61931dc6c94e67592c133c800b56e06cb3eec01fb8c0f9f5e56ae8a23608365b2539abe33420d501b84578d327d6479abc144f10d7232022f78ec419981d60ac26bbd5d23e70a38719e7a0b1a89fedeff14157b6e558c76055056d62e7e38d2bb4977a87d8d81b219aee7dfdde6f70dd8a4dc92d4028ef5d3825bafe71a8373274055e4f8830df0b6fa88d0aa2165299a3ce4a6f47f6adcc97c38a8ef55fab84bc3af10c93e6069567a55295eb6cb296b2dddba0fff7392abdeabe8090c79d15e7119c6d1a0d0d63e315df090d635e68d27e4a7fc671075fc46c8b019be4ea8b618195fda4eb8b31a2796f95feb9317070f893c63156a27107cbadc9f2f415917c87b603398425179efe7ae16e0032e15dcf4d88ffe1794c56365199d7541b7942772319333f4beeaea812da65f0f8d2aaeafbf8edd175bcceeee866034fcf3f1e4aa1f5441d8b6801b40ac696b62e201bbee75db73ad34bca0829f68199c0ba60335c1b9f1c4c7aebb1858ab8881d268548ab3a08fb1cad40ea75b8cf3c9ae9252532b074df772ad63c8a3b8598f6656d8ec528212a737171da525cf56e55c7fb2adb472d5f9ff44434645729582769afc1c1aa7882bed248afc7619d9db305c7eab07537cf9ee22feb32c08ab7054a007e0986d5f62cb68d15ddbf608eeee007d87d49f2c720a1407bd34c6f3bdf56784883cfd19653b983b7100e42a8ba41c706a9d9a67e4ec3b31183158838e4f5dbe4ebd74bd26469c2a2abd879258563f9899383f227a9260a8018a3d2a402f92a1e08730fe91c5774f2a1434e1cde4923f78a5a5487be3fb947ba87ec9be2a29ce5d23b5a0300c48c0d93feee54019fb33975a09c2e940f6ef688355d62067499305304ec991231d5c453bb82fee34250212bdf5aedfcd4f2b9cdad9f06c756fd744609d394f26eb99a461248f6352d21336103a8c4b19d69128c0afce34e470952d1c0afe4cff509a1a75c4ab683ec012a599a8293a449c0c69d95d10e6b3d538107f0ae272cc707dad9b478b1f9794f5ebd81c7b4f19c6f1a207fd5b32882be5237c5409093c874cb0ad8ac0ac08b81795527a5e82bcb5ed65cfb7b054f6d1fa2a7a9c0efa90cbe619223dd254edc07785205d45936578f91abb94bd78e67d234096a0509777d928591a488cd2f748ac00bbd5e8b1acec0e498a00c8f9d4f41c7cdcbb0f708b60b5701ad8c023d5f2a42e90bcf7f2a9fc2f6ff01ff11356f5ef0b27592156aea45b0906f8968db58fbbc5986442887b0d9e8aeb9bc8bc19e2d4c1a09a0c0aacbb3db2fc0ed5e45d591af799a275efd0422b460dcd8771650dc0891284e8c107ba583191d94bd9dbe8a657e70ecec6faba68f3c5fe457dd0924ac5452859f30f534367f6cc27be7905286317cd02541f2f382066f4d6f2756f81486eebc4b266366c16715ee2b8b13ad99996514d094e80cd9223420c374705d5323cdaa64ba746b1647ea992e0b0747d027ef796fc1c8e7e1322ceae26f5f4a00ff27fc011fc36d5d511c383ab796304f8dfc3135aab7f965d1f0e06823a7bd0e9fed43b244ae85e0e2db58c6c15455eba1643a0fbabbc79e6c89e670f81944161a34ee33e8ed327edf683774752ee8f284b49d4b4b756a5e6463039c520567042f697f608ffcb38b3becd69ac4f585a7a66e915f0054037e631c6cd000d2cb73dac39d28137911c6a35f30da06d98a41b93d46e28b7f723dc8768fab3236fedd7a5b19ff1e35700a4acf5ec79a3d2a407bbf40827433bef1d40e6389c2d514a8900511c283fb9d49945f65728c589a59183fa37dd88f85f2cc64092c7284668f5a4959d4c59e89a4356ceab4bf759aa6eda6515eae7b3b08bc28f9045b6e885fc0c606a636c9a3c195baded45bbeae0792c6ecfd9d7edd8ddd26cf50bd65e87814de9cd50e1f83044e7e0ba0e3b511023635d57f7da384e2dc6dd09823e1070d956253d30c692d59b249bf254d0f91961bfe8e248b787eee281b3fc5ec5762e26c89be04c8de0afc02fd303300ecd572b18df49a2f40d14c2b387c63ea06bd436367659a151bbb052bff1eaa3f2b15b48faa42b7c7e66000c89270663965ca4cc75b52b1dcd130029d51df6af43de34863be8391bff82e1ec4075b1055c779445a2c8feb4e381eeec2c16cb96f64748e32b7540ec6b6bffe266cd67bd358513b8166cbb3e98e12af106111a6eafcf9e4f04725b9807c2dc60419c4c7cdd411ef0973459253e2b1ba657e94d094bdf4b9dca0eb48992a4bba20d31a063b53c334e64f020361043044a3bb524a746b0f81dd29af31bd0af8a5387f418011410844dfe09a8ff3e8b9dccd758beb9f7bb12eed1ed215abe45a6f769d2c2e84970090ce17ffadf7e8d5cffa6045f75c1ca6f0ee9dcf68ccc243dcfce35553eacdfb655005303948b521c41773ff4dc83ff25eb7ad672055dcaa179f026016b373413ff96dde3b950a554f78f016f59522685ef154969e37472f9465a0ee31705b3212a1d31f039e63735a0b9a921005db6f2fa2fb8b803f51a671fb3f916d8c3ad85f51dfef7787d88d535d5746dd455daa1a78c84957335bbbeb15900c53edd9ca64301a3643fef076788552e16ef4f8149dae4a05b9c612e495b8d90857b5b95684ceee637f443673e0098655a65ed5bceb7499ccda92f6f6fcb8bce7c4deeafa69cb370e74c046bf3e122323f0f5abe7f5eb313f490b2ef175f5c679e74a17db81f4e3b508df4fb5f01a557187dd329ea357ab159d1cd576a2f6c9c1036d4494bbcf8b62cd884fc6825b08843908fbc021ab3584bddcdd980e21f81c232ecf3d97c10b80639973365c614e37ad1655196d2e779259a413f88d5aa8c5f34cf804c4e8bf696f6c32433281a5d3ff1e45cdf390a67d4e446fafae92780e7c26b32ed2971895909bea66c27119d9c09891ef57f99497b75df7e945f5cdbd80431f9a7165cb8a1628635e493cf4faf081c1223e22b3abe63c1d1f3a7fd06337267e3c7eca2e2553e1d4f1a757258277bc2a37994c12ed3a35f4349a5cd002290eb0013e52305da668b596176dda63c2b1c8cffaa0f0e08ee0fe0cb357e6eae1c5179af16920c3932bccd956e48a971ea54ed1a822e03c5e232af9d6d3345bacdba06784f259be76915d2a2a6e4914357e6cc671e57ebd2fc880f4fef1ac88a57a1130a00245b5789696aa6573bdd3abaeefee2ab693113c57e3d2bcf99d6cbc4426e5e7752e258a4279e3f2eda0a0121fe3f8e362a8182621b01f3015e6f9bebd09bb2e08d0dfc5f37633c71291b5c6bc2911e68ffe38eb7d4601f5c4e1209d43d9d1d8c5c7d03cb1a33752460cb342a2ab7e9bc60c59b15d5807c3fa2b266b5bc3e3d41131b73a59bf771ad511f07912959def6a45be64a59856fcd6e8830eb2848989693b8a6512b35781e1a3bd5786b8ca7a069b8781021490bba76a2e41ac8c3d0004d744ef8f676692163955dfd9e9b5393b7eea99a60052923ffce24cc7fbc39086965f7094a71b036d28daba72989bdc2ebf34416d9859d2d7461de32068c691a8e3e38d6687bf1712259d8e4162072bd1419ec0a7880c902bfda52dc38a71d31e7b9bf07c1dd3ed126b1549eed2ca3d828acb326fb92ceabcaeb40d56a4afc87ed575a075e8327a48aa2002ba8d3b66538d8ebc939b8455bf2ec4e495e9c0d2e21061c26ea39263440c9e46e25d37005058218440ba30820b1bfff04aa760574b3f6bc5f3908a9969ce2a34b129b7747a8e800ba9f95e1992d38e273c417834f7ffe64a5f0c5ad806a0b91ba091ec732e00e2d85cfc094d4faf23f077112a204580b1aff4606ddda0a26aa002deca5fb3b0cd70fc9e91e66279708c4e16588f5760c2dc7ea7b7a9b7b2749e770f951", 0x1000, 0x4080, &(0x7f0000001300)={0x23, 0x0, 0x40, 0x20}, 0x10)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)={0x188, r2, 0x400, 0x70bd26, 0x25dfdbfb, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x7fff}, {0x8, 0x13, 0x41c1}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x400}, {0x6, 0x11, 0x1}, {0x8, 0x13, 0x3ff}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0xffffff80}, {0x6, 0x11, 0xffff}, {0x8, 0x13, 0x401}, {0x5}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3ff}, {0x6, 0x11, 0x800}, {0x8, 0x13, 0x7f}, {0x5, 0x14, 0x1}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0x6, 0x11, 0x28}, {0x8, 0x13, 0x6}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x100}, {0x6, 0x11, 0xd785}, {0x8, 0x13, 0xaa3}, {0x5}}]}, 0x188}, 0x1, 0x0, 0x0, 0x8886}, 0x15)
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:26 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
epoll_wait(0xffffffffffffffff, &(0x7f0000000000)=[{}, {}], 0x2, 0x1)

15:43:26 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa2803)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x0, 0x3, 0x20, 0x8, 0x210, 0xffffffffffffffff, 0xfffffff8, [], 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x2}, 0x40)

15:43:26 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:26 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
ioctl$HIDIOCGRDESCSIZE(0xffffffffffffffff, 0x80044801, &(0x7f0000000000))

15:43:26 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400454ca, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:26 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040)={0x0, 0xfffffffffffffffe, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:26 executing program 3:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa0803)
prctl$PR_GET_TIMERSLACK(0x1e)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$NBD_SET_SIZE(r0, 0xab02, 0x2)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$HIDIOCGRDESCSIZE(r0, 0x80044801, &(0x7f0000000000))
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}})

15:43:26 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f00000020c0)="4d8a0a85293b26f34576eee735605e750017a649316127e6f4b30d713c4423584951480f6a7230dfbef0cf8fb9e8973f71487aa432a362d58dd2ac70ff5ac48ac9e11c08329aca393a9c33fb0f57d9b75ae340ee8e1a1eff0db5aa8cc42f0a5b322cf0fa58d3d6f7b2d73d8cf697105e3f578ca913a22c645cfca0cd82f6341d186e121e13e5b0d6ec6c8988594acb3f0778ed64de2904a35132ada77772294d35aa26431cfafcbea1718bae0ddc4a7e79517dd0c43d24252994d9")
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_DIRENT(r1, &(0x7f0000002080)={0x30, 0x0, r2, [{0x6, 0x0, 0x5, 0x3, '[$\r-\xbc'}]}, 0x30)

15:43:26 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x1a)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)="e50543ef2e1589962a480f9f5ea116ff4ee985158ec0f24cef1079ff67116f57d6f9b73b363f5771e9c40e8dff1f32d3", 0x30, <r0=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(0xffffffffffffffff, 0xc00464be, &(0x7f0000000080)={r0})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000100)={0x8, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f00000001c0)={&(0x7f0000000180)=[0x1, 0x6, 0x5, 0x3, 0x5], 0x5, 0x800, <r2=>0x0, <r3=>0xffffffffffffffff})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000380)={{&(0x7f0000ff9000/0x4000)=nil, 0x4000}, 0x1})
recvfrom$rose(r3, &(0x7f0000000280)=""/208, 0xd0, 0x40, &(0x7f0000000140)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast]}, 0x40)
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r1, 0xc00464c9, &(0x7f0000000240)={r2})

15:43:26 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x40049409, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:26 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, 0x0, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:26 executing program 2:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000020c0)='/dev/cuse\x00', 0x2, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
read$FUSE(r2, &(0x7f0000002100)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_LK(r0, &(0x7f0000002080)={0x28, 0xfffffffffffffffe, r4, {{0x10001, 0x9}}}, 0x28)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000000c0)={<r6=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r5, &(0x7f0000000140)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x4, r6, 0x30, 0x1, @in6={0xa, 0x4e21, 0x5, @private0, 0x3}}}, 0xa0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000280)={<r7=>0xffffffffffffffff}, 0x13f, 0x7bc89360de7c04ea}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000300)={0x10, 0x30, 0xfa00, {&(0x7f0000000240), 0x3, {0xa, 0x4e22, 0x2, @private2={0xfc, 0x2, [], 0x1}, 0xd8b}, r7}}, 0x38)

15:43:26 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x2aa001)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)
r2 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1\x00', 0x84101, 0x0)
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r2)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x28})

15:43:26 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x13)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(0xffffffffffffffff, 0x80044dfc, &(0x7f0000000040))
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
epoll_wait(r0, &(0x7f0000000000)=[{}, {}, {}, {}, {}], 0x5, 0x7fff)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x1d, 0x6, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6740}, [@alu={0x4, 0x1, 0x8, 0x3, 0x8, 0x100, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1f}]}, &(0x7f0000000140)='GPL\x00', 0x200800, 0x14, &(0x7f0000000180)=""/20, 0x41000, 0x1, [], 0x0, 0x1b, r0, 0x8, &(0x7f00000001c0)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000240)={0x1, 0x4, 0xba, 0x1}, 0x10, 0xffffffffffffffff}, 0x78)

[  648.349274][ T9766] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:27 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:27 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, 0x0, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:27 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4008af10, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:27 executing program 4:
prctl$PR_CAPBSET_DROP(0x18, 0x2)

15:43:27 executing program 2:
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/renderD128\x00', 0x80000, 0x0)

15:43:27 executing program 3:
recvfrom$rose(0xffffffffffffffff, &(0x7f0000000000)=""/131, 0x83, 0x2000, &(0x7f00000000c0)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c)

15:43:27 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, 0x0, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:27 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x4a0003)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$HIDIOCGRAWINFO(r0, 0x80084803, &(0x7f0000000040)=""/96)

15:43:27 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4008af14, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:27 executing program 4:
getresuid(&(0x7f0000000000), &(0x7f0000000040)=<r0=>0x0, &(0x7f0000000080))
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f00000000c0)={0x8001, [0x4, 0x7], 0xff}, 0x10)
ioprio_get$uid(0x3, r0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x8000)
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:27 executing program 2:
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000002100)=&(0x7f00000020c0))
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2020)
r1 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
rt_tgsigqueueinfo(r0, r1, 0x16, &(0x7f0000002040)={0x1b, 0x40, 0x8})

15:43:27 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040)={0x0, 0x0, 0x3, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

[  648.749097][ T9766] Bluetooth: hci3: command 0x0401 tx timeout
15:43:28 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:28 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x40186366, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:28 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
openat$bsg(0xffffffffffffff9c, &(0x7f0000002240)='/dev/bsg\x00', 0x20000, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000002180)={&(0x7f0000002100)="2598a305fe3f1ec26365160760c1e2e2b99285a31986cd567421c5b31bb8e3e001faf063f9c3e90037a3712ad13042e56713c80b09139fcc65c74aceffa6e23b03c815dc2a7aacad902162c18102b8cdc526b3eae6b375367ebb62931ecdcdc165ea2c8cde256e69f59180b5189dde7e", 0x70, <r0=>0x0})
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(0xffffffffffffffff, 0xc01064ac, &(0x7f0000002200)={r0, 0x2a, &(0x7f00000021c0)=""/42})
read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
shmctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000002080)={{0x0, 0xee00, 0x0, 0xee00, 0x0, 0x40, 0x8000}, 0x10000, 0x8001, 0x7fffffff, 0x1, r1, 0x0, 0x7f})

15:43:28 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
recvfrom$rose(r0, &(0x7f0000000000)=""/165, 0xa5, 0x40000040, 0x0, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f00000000c0)=0xe9c2, 0x8)
sendto$phonet(0xffffffffffffffff, &(0x7f0000000100)="c7de2adbd9500be98ca3ed15d46673b401fc6f4e91e5ce2d575fa38b62f5611a5116e0d699a37bdac513", 0x2a, 0x0, &(0x7f0000000140)={0x23, 0x6, 0x0, 0x9}, 0x10)
ioctl$SIOCRSACCEPT(r0, 0x89e3)

15:43:28 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)

15:43:28 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x8, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:28 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:28 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0xa000, 0x0)
mmap$fb(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x200000a, 0x80010, r0, 0x94000)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)

15:43:28 executing program 3:
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xcc, 0x0, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x1}, {0xc}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x90e8}, {0xc, 0x90, 0x8}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x800}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4040080}, 0x10)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:28 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:28 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x4703)
r0 = epoll_create(0x6)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$NBD_CLEAR_QUE(r1, 0xab05)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:43:28 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4028af11, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:29 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x2, 0x0)

15:43:29 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x6fe)

15:43:29 executing program 4:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000000c0)={0x3})
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x200000, 0x0)
ioctl$FBIOGET_FSCREENINFO(r1, 0x4602, &(0x7f0000000040))

15:43:29 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x200000000700)

15:43:29 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:29 executing program 3:
ioctl$SIOCPNGETOBJECT(0xffffffffffffffff, 0x89e0, &(0x7f0000000040)=0x8)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0xffffffff}, 0x10, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x987103)

15:43:29 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3ff}}, 0x18)

[  650.426426][T11942] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:29 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x23)

15:43:29 executing program 3:
seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000040))
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:29 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:29 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x702)

15:43:29 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x80086301, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x24)

15:43:29 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x2f39799d53cadade)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x2})

15:43:29 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:29 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0x3000})
openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x90000, 0x0)

15:43:29 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x1a)
getresgid(&(0x7f0000000000)=<r0=>0x0, &(0x7f0000000040), &(0x7f0000000080))
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
write$bt_hci(r1, &(0x7f0000000140)={0x1, @read_local_amp_assoc={{0x140a, 0x5}, {0xc8, 0x1ff, 0x9}}}, 0x9)
setfsgid(r0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb, 0x249, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x2}, 0x40)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100)='devlink\x00')

15:43:29 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:29 executing program 3:
write$nbd(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="674466980000000004000300030000007a4bc4887edebc522c636347ad9e8abe61a3573ee8e0a427254a862bc30161467c2e086549f23c6e7cb37f47ff3c9a0ab7cc1801a3033b41346456f4983638397c826407fe59827221da8f2fbfffe6d7c1f081279dbc1ecd47e24b7b107fb089f7b6d7c8b60e8a11c9e301c5244ec23965167aa218f0369650f2aeb616bb48a2093df1194fd2d0406164c391e2a5f49354667817badfc667773a04d850a3f18615acc238697a9e185fd7418640fbf0c13540d5f9b3ff89134bdcd2db615e8fc8400f455cd76e1b1306efca08b20be2cf27d336f2c4b863d73b956e639ef6418f3d04504256bb9bd360b6f07945d9519b9723f24772a9928986ca8575fa85f236fc8e0d9fb016bada0c85004532d2d043eedcd74db50d9fda5c5bdacd38a561cb3c80208dc495da57c20a193acd954965079d981bbbcdf4664c364b0c7a2157684e2adf851a7cd6f0933fbfd83b0386ca602045fbb35a9c34a2a7c59e4a6139150dae3cbb775ac714ffffe31c959fa228aeb67394571ad330bc28e2f821dece9f00e477233c3d2e69b2f55823bc4f35dec405b95e422c799205f03e599d10e807fa687afca081f8b06f27e2a27d0b04d95306fe03ee28aceedf3ebde33883615baa9480a7ddf42384d6186b10daa3297a19d5e19b9009c43ccfb13a2a61af53756cebe51d37095ed7dc8b3103962251ad1514dca0f57de665274db8d59cb42fc082aee2a51b59c088babc79ded75cdd54bfce92a59ad8b71e18323a2d633f491cc9b819a2fb26c269df92e5a94165e64fa1438021b613eae899e6398d8b7633b9f1f9b0ed74e29280b127209a3cdbc317eaaed5719743a0c3687c5cb5097ed3001525a8c3da70adc99806ef723cd51f9ab965ec249b1b82ed5e862ba71ef7e51e56b61bbc87948950e43c70e234bbe8856b18e61b27777e62cd09eaf05af488b261280cb8b8c59f9b6c9420fd5983e7aaf87b8f17b9bf4f4093baa3f3222d94fb902acfb511793a75d2e103e132fbbdc77125369998148b737685cf81cc224532b80aef316d604926a193431cd05543a7dbe5029ffcfe71d511e16482a688a96759d84d451a9495463d69d3f8d18c76640057a795a5a56c0c658c97da3d67251d63052a6913b6ecbe0ee33bed38450f71ef00abde5a5efdfdfe4ef683a083f52353f285d6dd51e64b9f8a607e67dc12cbdde3412296076b184a369d1a202e11bfa5f84e8688511dad4869c18e87d9c1c2dced725ed1794a0a2473d428179da15c1adaf2b1b9767244f777c1f83c685decbceed2d68a7cfad6862f48ea048c2336b04a9e0097fe6712a18de126f4e0bfe9d2a724c01355fa424331326a5f9299f4583436077281d34f4076d73892c45543b103bf27cfe4a9f79eb4d924c0009abeace94972d6c67d3d69cea98bd001000a387269315de7f24e16dfece02cb95d3d0f56e1a321f5aee0fdf483e18daa61fc6e58dc3c6ec6837584fa4d0c7c33e721f881ff8489c8294324d09c717e66e13ff345a0ba72d7f2bb6f480e9c9d8cba7b5cd41de2e8b936d98930528da6f1300b3830927a53c4b70e98575ffc33969d9479bf885c7c578f26d4c3157476fe83d08e389de85f3f7036df839625ced1f68b7af6906d8493e32a9c091d158efeed429f9bfba8c5a45f0c2b30054c6e70224ee56cdb46b91cfcacfda6ca85c5c7a30ee586bc354437c1d08efe42eba4c7e0d50e7b6bff31c11e934832a46f407e2d53594558d222f46e31d56b1df53077e3abfacdc047bb59348d330e960de0a98605d7920470e954294b4754bf038059b46232452a21f6fd825ee237dc4564136355b89e6d9a637036429ba0e7a60e22a6f1273d0eedb5a83c555688dc7f0739fb59462e1a9798143c9fc8f3526893c499994ae2760e1bbcfd944fb265def2e03396615f741ae0598f48bbedb2f91550598ae48576ac0fe90bf4786c4f3189aafa9eec20542e02e963f5b26b9e52dc9c1be7d6b9a1b19f4bfe7e1a1a71cf6bdd42e68b26d4ebcc8291e178938dbd98842240342571d9f9aceffe968baf6c29803bff32268f724d243447e39ac0ebb4d7874906340c458762e40a39508dcac46689bdc281d93c797bcb43061c5bbc0de1da482d4bf71249953865a996635a5d8d639f9acca34ac3b62fbbbd7cf89a9a03e0365075939c6e5167cbd8297ab3e33f42870957063e76f13fc59015a23bd8fd07bb89efa5df1c37bf77b972d9796b646558f5e664ddd25fa0da0930ac9d7fa1f7a74390a1f05d1652a66e727f236a94ced10bb314d4f60d0b14733b9291984f1d42ec420396108f398d3c3ece40a3764cc7e3c0c2e472925f8fefc578cb6471cbf31feca5def62b2c88c54fdc1db9bddc0e2c7773148891076dc728b70e5b26599fbba908bda4025c1b12cb2033afc98f5a71c7a0c59db0bb8755f688e303c615b4bfbb830bc9dd4b090af80f37e937a71581a41c6c84f799c48ecf755c9bbbf204b453ef5ed05ca5684c2332eabafa247ae329f3bcb6a8a26496aee3d1cb7fdc490c76135c67c0622c618701be623d12c6bc0cabd7d43021f5c91b141f7bc4155102745737ff958488f83584e2ba05516101e1c2c8d38a6995e2d66809f04e106025b52e203707edd3e8a03e8c4605a7cf3947008b45876199fa2e75ff7c1ef6011736d50bd1786ced4b5081f6a5fba4d6e15add670747d1d52e23e5dd624a687404f1ad778dafe7b617cb447f055fca122239833df333cbf57b18b870e1525726f1a3858ed1862556202c07aaee8ebcbafe2fc3e816344a1708c4c43584085373e0e873afafa8a533f3a527118dfd6402d514e986f52dd2fd74a94bebd4041e7ecf2355bbb78376b3dfff9fe13adda17d2a883ebbe1623e1efbdae0ca6edc3b599f5502ed68a5a738ef461b0c52067f0e709ce861819b0746c72272b595e98718fac951323ab93a5b4557e5d9860582d8d2dcb1d0b2cad88aa554f192c4954e7eacf8f30b5e0cf0122c4531c69754eeaa2cc900f1d666c2aa4fe13ad890263cf745cce46fddac523ac274e2583fbea5ff591d744cfc113efd03ee8c59f4adb72ec6873af99ec6be8a48079c5042c8a35e5b69cf7fd72d89f0e6c468c421fd060da2c32ae15446d93a67fb3b2204af2463da05777b9cdc9b9992b2be9ffa0cd1a9fd02c6d37850c18656d70468acd0cf3634a2cde6410f3894f86b708b8358f083ee7af2e0b121b5984c51c705a9b0134bf54238dd4dbff03ddc970dfa07937c5c263346e3be3e7d50e91b0e8f93fd37ad203f1aa09d232cfd2e78291ed267bb3fcaf4a8b23ecca5123fd75a5ced3dff09bc1735d62ad37dc82abbb38094780a362bc13b812d583225add73eab8ce80f31a8a0b4a9b4007086c10f17fc45739efa21402667b139932432519f9d16a2edf904f0a4b89fffa21c55d6945e1d5510a874b05473e1809a373288d0465f450eb80f88500e84085ca061b0118d9e5228c91389890687c40171902451afcac9cc4055a34f6f68b5dfd468dcfbb741fbb13c99af1049f409cae6e913a9649b9fe3b204db6acd1b4925efaa3bb567b21544d427e11a5a9528c5505f3deb75ea4d6b12bd72b8e6137d1731b005c2a85700d704ee7ad1096473151069e441fc89c34e7b8cea1c5c1709568614ae519298e771179593eeca49425720a2568ab61b376a9153b37a9de011ca1abb8ac22e600bbbce2d12d3ed59a0875dc8c99ced5e36f535bf6a7d1ce46b772eff8ea2ac88c842af86aa8d1d4f5c3960ccdc1b6903c5820e9609a1a702b87f5a46a50635869dbbe7c25623de71da5ae8733ab01a649f2de2852581073eba0a408c231a94dcadc4bbb00394ae1b741b88e69376a8e18cfd5593137a5f6c496f5152cbfde1d607c0110d39122c1cbbefa2484b353b76e7fb0a590efc0c5b3306cdd5756d9e1152cda9393fd40994d9d46df7478bf72f56739f3df661f1881e19ac15c8020d72f15b0dd6e7540c2cecb77f2ceb27c7587c64b10966f66ee6ff0ca8c328843c095a6d4c7e52be94add98fad5e1916fe63681ea5b9627a2fd981d74f8c13e10d0f0cbb580c46932cbf96a9176b828f6bdf7457b01165ef20ac4add63f4d5c4a481db921c68054d3b5b62bc614a0e1e36aabf7562eea14b2b417c5967d9f6faeed1bf044c033ebcdf74a7cabe31a001f47386a778fef82d4db2eea285a426bb44926ed659a4c0a7af6071dfb818cacfa77decdf6c5b65ad48af8cfbdc98fd8fbc1c80871e95b97a2c98ff6da1a2f2681384c300c502b1f1b22cbed74579dda9539086906fbbae82de8cf66b3856a5bccde3200bdc318a4d5811f079351e08d42a4957208729c6fde8b58a8faad06682cdd63f32b0b02557bdc20cc0205c28a369c209b8fe6119b0eb77b0e6f6bb6d8c1fdbec0c7227e81fd9ddd3c93ae81380c813a83c4687d3bd0f589ed2368d7788cc5a7a1f78cbc42ca7a9d6c75a1c2e2be76cb678452be36f5494c25b474736d24d67d0571f0684626544b1e9d10f9ba0b61d1cd60af6dd6b946e989cfbbd63ac16263b5057007edb9cf13fc28649f4cf62002f55d48ad1e587ee394c6b4f4014197a88a495c322dd8b1ad89fdf46ba775870bf9b6517e883fca4e8ecc8b8b46793829e8f1d2736617de5185ab446a928efb140aac31b2690628c86a74a7f29f70ef3be6915943cb6c1989737f75c703a987ba8dcbce0c53868cc2c7960c895b1b6b646adb39aa326693224dbe276ce474dd497503fe9c3527378b2ae096b91631a50be14120c5d260b1f7d7ebb6b290b9e72a89546b1fcf1b3b2b141c081740baf1f8748793de9c5452e724be7fe8f84fbbeb688f6601fd159936055f44644f58464d06781ac22515653a06a1f6fcc72dca7d51cd671c4180f3fd45e47ea2599031e3cc2906d700c441645e8280e9f70bc23e1945c9e93aa9b329a562d09d95fafd657e0663a7af292d1cb9d404013e595f50da40d9a115e39eed739e9ed65f12117e52289066214c478fe50c5beb3a3385286eb925ce416d525b0d78b55489d9b7558b8a8bb497342512f0c4b713a6e897cc9170ed63ceb163277504fc12c18b8845a1537218d0ee8f4c808115d5851cd363d64426c15d0be699fc67ed5dee1cc10d45c53f1da767e324ff728e615e5f3a1e02dcfc08f3bb3028ab6d46027f7efbf7d85c7d0fe5403a42ce75fc9559e55073f0e71403ad27ad0be1c1c4e765c5a3af066391cb7dc94655480b11ce9adb88d1dcec99b5c0ec9063997268cfceb4dc9b44844bf919df6e2080f475b6beeadac5b8249642a7f65e3e87b75a0976bcb36435a5f21cb3a5471faf5725c35c1cc654e9d0b4aaace86542d13e57713614c664c2caa92fc76a3ebd7a849858e1c0e3eeef0186671f6825d15f90e296ac9c974a3deeb1038810714e736218024aa9dcaca2d437aa0d0627c9d9a5b8c8554e811215edb30b3c806efd25797093984887720bf2c20a48ab3d0e190c1c5c4ecd36cc55b8c78cd93b5d7c3530d27fdce930cba977879813d0305da9a7751de23d8b10bf6c20c7750d34b398112459bc072979b39658d0967212f1d8cb0f47a0b559cb4f2a91566a3049faca092ea96c331f28b2f4ffd6f2b5446145eec437f04fe76a22fdb26c2682d4784f40250989a5df55efaf940b0444fa823c890bc671a0e35f4d5bf332970aed72ed07a0524932a82bf39bb7ff324ceb4c7ee3bb651b9259ccdd0492e9c002227bf4c83b1e9f0082283229e6eab0cb5774a1f926e1f923b4b007f5d8873b60cc7453e08ad9a27edab08ff7d"], 0x1010)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000001140)='devlink\x00')
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000001280)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001240)={&(0x7f0000001180)={0xa8, r0, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}]}, 0xa8}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
write$FUSE_DIRENT(r1, &(0x7f0000001080)={0x78, 0x0, 0x0, [{0x1, 0xffff, 0xa, 0x401, '/dev/nbd#\x00'}, {0x6, 0x4, 0x6, 0x4, '}/%)@('}, {0x0, 0x0, 0x4, 0xfffffff8, '\xb6}*#'}]}, 0x78)

15:43:29 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x80108906, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x2000000704)

15:43:29 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:43:29 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
time(&(0x7f0000000040))

15:43:29 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
socket$inet6_udplite(0xa, 0x2, 0x88)

15:43:29 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x80108907, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
userfaultfd(0x100800)

15:43:29 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
r1 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
rt_tgsigqueueinfo(0x0, r1, 0xc, &(0x7f0000000080)={0x3f, 0x7, 0x81})

15:43:29 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:43:29 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:29 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448dd, 0x0)

15:43:29 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x144, r0, 0x1, 0x70bd2b, 0x25dfdbff, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x1000}, {0xc, 0x90, 0x5}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0xfff}, {0xc, 0x90, 0x3f}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x100000001}, {0xc, 0x90, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x2}, {0xc, 0x90, 0x4}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x2}, {0xc, 0x90, 0xfffffffffffeffff}}]}, 0x144}, 0x1, 0x0, 0x0, 0x40001}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000440)={&(0x7f00000002c0)={0x144, 0x0, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x10001}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x2}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x100}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffffff00}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x7}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xf6d9}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3f}}]}, 0x144}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/bsg\x00', 0x2, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x50, r0, 0xa80, 0x4, 0x25dfdbfc, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x8}, {0xc, 0x90, 0x50}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4000020)

15:43:29 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x111, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e21, 0xfffff001, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xbc6}, r1}}, 0x38)

15:43:29 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:43:30 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000040)=0x5, 0x4)

15:43:30 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448dd, 0x0)

15:43:30 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:30 executing program 4:
syz_init_net_socket$rose(0xb, 0x5, 0x0)
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0xfffffffffffffffe, 0x0, {{0xfffffffffffffff7, 0x6, 0x1, 0x2, 0x4, 0x800, 0x7fffffff}}}, 0x60)
openat$fb1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x800, 0x0)

15:43:30 executing program 2:
ioctl$HIDIOCGRAWINFO(0xffffffffffffffff, 0x80084803, &(0x7f0000000000)=""/94)
prctl$PR_CAPBSET_DROP(0x1c, 0x1e)

15:43:30 executing program 3:
socket(0x26, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f00000023c0)={&(0x7f0000002300)="dbe1d0afc64b3a22e3a6ed2962fdfc7ac5ca042d0ba72507d5633a3f12f338cf8cd793363b282b5d6fe39984475b4ff11a3e8f0a7840464b7f18d5b932ec5f4b895f7bdad3979df7ab969f7dc79fa85ab82f960177051c9d97c106cf07679ec36a60fd293abab68339d97334be51026a07261fa10cea8e3b51bb8bcf65c46c5f569bb0f949e97284dd7e9a7f7752c870195e982f376650d4c499bc870a7e404f4335ef12e507cf1260699b3e20ae7fa84a2962dade", 0xb5, <r0=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(0xffffffffffffffff, 0xc00464be, &(0x7f0000002400)={r0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000002280)={0x3, 0x1, &(0x7f00000000c0)=""/138, &(0x7f0000000180)=""/22, &(0x7f00000001c0)=""/53, 0x4})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r1, 0x28, 0x1, &(0x7f0000000000)=0xfffffff000000000, 0x8)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x100)
read$FUSE(r1, &(0x7f0000000240)={0x2020}, 0x2020)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1})

15:43:30 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x0, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:30 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448dd, 0x0)

15:43:30 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x10000000701)
syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802)

15:43:30 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:30 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
geteuid()

15:43:30 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b"})

15:43:30 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x0, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:30 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000), 0x0, 0x80000, 0x0, <r0=>0xffffffffffffffff})
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x266d)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)

15:43:30 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:30 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$NBD_SET_SIZE(r0, 0xab02, 0x8)

15:43:30 executing program 2:
shmget(0x0, 0x1000, 0x1000, &(0x7f0000ffd000/0x1000)=nil)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:30 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:30 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x0, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:30 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d16, &(0x7f0000000000)=0x4)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
read$fb(r0, &(0x7f0000000040)=""/4081, 0xff1)

15:43:30 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x9)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00')

15:43:30 executing program 2:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x0, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x200800, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r2, 0xc01064c7, &(0x7f0000000100)={0x8, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000000)=0xf62c, 0x4)
ioctl$SOUND_MIXER_READ_STEREODEVS(r0, 0x80044dfb, &(0x7f0000000040))
prctl$PR_CAPBSET_DROP(0x1c, 0x18)

15:43:30 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x6, 0x0, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:31 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}})

15:43:31 executing program 4:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x202404, 0x0)
ioctl$FBIOGET_FSCREENINFO(r0, 0x4602, &(0x7f0000000040))
prctl$PR_CAPBSET_DROP(0x17, 0x3)
ioctl$SNDCTL_TMR_SOURCE(0xffffffffffffffff, 0xc0045406)

15:43:31 executing program 3:
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x18004261}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x180, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8e}, {0x6, 0x16, 0xff00}, {0x5, 0x12, 0x1}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0xffffff3e, 0xb, 0x4}, {0x6, 0x16, 0xa387}, {0x5}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x8000000}, {0x6, 0x16, 0x1fd9}, {0x5, 0x12, 0x1}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0xffffffff}, {0x6, 0x16, 0x8}, {0x5}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x101}, {0x6}, {0x5}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x9}, {0x5, 0x12, 0x1}}]}, 0x180}, 0x1, 0x0, 0x0, 0x4090}, 0x8000)
ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhost-vsock\x00', 0x2, 0x0)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:31 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x6, 0x0, 0x0, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:31 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448dd, &(0x7f0000000040)={0x0, 0x0, "5bf90b"})

[  652.499219][T11942] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:31 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
ioctl$VHOST_GET_FEATURES(0xffffffffffffffff, 0x8008af00, &(0x7f0000000000))

15:43:31 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x2, 0x0, "5bf90b", 0xff})

15:43:31 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:31 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x100000, &(0x7f0000000080)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1200}}, {@blksize={'blksize', 0x3d, 0x400}}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@blksize={'blksize', 0x3d, 0x400}}], [{@context={'context', 0x3d, 'staff_u'}}, {@fowner_gt={'fowner>', 0xee00}}]}})

15:43:31 executing program 4:
ioctl$HIDIOCGRAWNAME(0xffffffffffffffff, 0x80404804, &(0x7f0000000000))
prctl$PR_CAPBSET_DROP(0x17, 0x11)

15:43:31 executing program 3:
shmctl$IPC_RMID(0xffffffffffffffff, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0x1000000)
shmctl$SHM_INFO(0xffffffffffffffff, 0xe, &(0x7f0000000080)=""/113)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:31 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x200001c)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00')
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x84, r1, 0x8, 0x70bd28, 0x25dfdbff, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0x84}, 0x1, 0x0, 0x0, 0xc1}, 0x4000010)

15:43:31 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x1d)

15:43:31 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:31 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x100c40, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x200, 0xfffffff9], 0x2, 0x0, 0x0, <r1=>0xffffffffffffffff})
epoll_pwait(r1, &(0x7f0000000100)=[{}, {}, {}], 0x3, 0x3ba6, &(0x7f0000000140)={[0x5]}, 0x8)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1, r0})

15:43:31 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x6}, &(0x7f00000000c0)={0x0, 0x2710})

15:43:32 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x200001c)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00')
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x84, r1, 0x8, 0x70bd28, 0x25dfdbff, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0x84}, 0x1, 0x0, 0x0, 0xc1}, 0x4000010)

15:43:32 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x1a)
io_uring_setup(0x6bb3, &(0x7f0000000000)={0x0, 0x63f3, 0x0, 0x0, 0x17f})

15:43:32 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x3, 0x0, "5bf90b", 0xff})

15:43:32 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = userfaultfd(0x80800)
r1 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r2, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r1, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000040)={0xffffffffffffffff, r2, 0x80000001})
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000000)={&(0x7f0000ffd000/0x1000)=nil, 0x1000})

15:43:32 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x7)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x20000, 0x0)
accept4$rose(0xffffffffffffffff, &(0x7f0000000080)=@short={0xb, @dev, @null}, &(0x7f00000000c0)=0x1c, 0x80800)

15:43:32 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x6}, 0x0)

15:43:32 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x6)

15:43:32 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}})

15:43:32 executing program 3:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x2000, 0x0)
ioctl$SNDCTL_TMR_SOURCE(r3, 0xc0045406)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f00000002c0)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1})
ioctl$mixer_OSS_GETVERSION(r2, 0x80044d76, &(0x7f00000001c0))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0)

15:43:32 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x1, 0x2, 0x2, 0x2, "0e3aa7d3392ececee4edc446ead1a3c7dff697f8cd25b158029c808ddfef"}, 0x2e)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x200040, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
prctl$PR_CAPBSET_DROP(0x17, 0x13)

15:43:32 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x9)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00')

15:43:32 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:43:32 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x123401, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0x0, 0x50000)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000040))
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)

15:43:32 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x2000, 0x0)
ioctl$SNDCTL_TMR_SOURCE(r3, 0xc0045406)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f00000002c0)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1})
ioctl$mixer_OSS_GETVERSION(r2, 0x80044d76, &(0x7f00000001c0))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0)

15:43:33 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x4, 0x0, "5bf90b", 0xff})

15:43:33 executing program 2:
r0 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0x0, 0x101100)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x5)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x4000, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r1, 0xc01064c7, &(0x7f0000000080)={0x7, 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})

15:43:33 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
epoll_create(0x6)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
epoll_wait(r0, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}], 0x6, 0x44)
getpgid(0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r1 = getpgid(0x0)
sched_rr_get_interval(r1, &(0x7f0000000000))

15:43:33 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x2000, 0x0)
ioctl$SNDCTL_TMR_SOURCE(r3, 0xc0045406)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f00000002c0)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1})
ioctl$mixer_OSS_GETVERSION(r2, 0x80044d76, &(0x7f00000001c0))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0)

15:43:33 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000040)={0x1, 0x40000000})
socket$inet6_udplite(0xa, 0x2, 0x88)

15:43:33 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x6}, 0x0)

15:43:33 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x1000, 0x1})

15:43:33 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
r1 = getuid()
getresgid(&(0x7f0000000000), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080))
write$FUSE_DIRENTPLUS(r0, &(0x7f00000000c0)={0x1e8, 0x0, 0x0, [{{0x4, 0x3, 0xff, 0x78, 0x31d4, 0x8, {0x1, 0x9, 0x2, 0x26b, 0x6, 0x40, 0x7, 0x6, 0x10001, 0x4000, 0x7f, r1, r2, 0x8000, 0x9}}, {0x6, 0x3ff, 0x4, 0x4, '/$)^'}}, {{0x1, 0x3, 0x1, 0xffffffffffffffa6, 0x2, 0xffff4178, {0x4, 0x8, 0xb2e, 0x876, 0x0, 0x2, 0x81, 0x7, 0x6bf8f98d, 0x6000, 0x460c, 0xee00, 0xee00, 0x7fffffff, 0xffffffc0}}, {0x0, 0x7fff, 0x1, 0x100, '%'}}, {{0x1, 0x2, 0x8001, 0x2, 0x3, 0x6, {0x6, 0x1ca4, 0xff, 0x3, 0x80000001, 0x1, 0x4, 0x5, 0x40, 0xa000, 0xff, 0xee01, 0xffffffffffffffff, 0x8, 0x1}}, {0x6, 0x8, 0x0, 0x8}}]}, 0x1e8)
r3 = getuid()
read$FUSE(r0, &(0x7f00000002c0)={0x2020, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
r5 = getuid()
read$FUSE(r0, &(0x7f0000002300)={0x2020, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
r7 = getpgid(0x0)
r8 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r8, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
shmctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000004340)={{0x0, r3, r4, r5, r6, 0x40, 0x1}, 0x2, 0xff, 0x9, 0x401, r7, r8, 0x8001})

15:43:33 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x6006c3)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x24000904)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x4c040, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4, 0x50, r0, 0x0)
ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0xcf93)

[  654.579991][ T3001] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:33 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x2000, 0x0)
ioctl$SNDCTL_TMR_SOURCE(r3, 0xc0045406)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f00000002c0)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1})
ioctl$mixer_OSS_GETVERSION(r2, 0x80044d76, &(0x7f00000001c0))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0)

15:43:33 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r0, 0x89e2, &(0x7f0000000040)=@default)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
accept4$vsock_stream(r1, &(0x7f0000000000), 0x10, 0x1800)

15:43:33 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x16, 0x61], 0x2, 0x80000, 0x0, <r0=>0xffffffffffffffff})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x1000})
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100)='devlink\x00')
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
recvfrom$rose(r2, &(0x7f0000000380)=""/148, 0x94, 0x40000000, &(0x7f0000000440)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x1, @null}, 0x1c)
ioctl$NBD_SET_SIZE_BLOCKS(0xffffffffffffffff, 0xab07, 0x1f)
socketpair(0x6, 0x0, 0x1f, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r3, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x10c, r1, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x400}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x9}, {0x5}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8}, {0x6, 0x16, 0x3}, {0x5}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x5}, {0x5}}]}, 0x10c}, 0x1, 0x0, 0x0, 0x40804}, 0x4810)

[  654.739301][ T3001] Bluetooth: hci2: command 0x0401 tx timeout
15:43:34 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x5, 0x0, "5bf90b", 0xff})

15:43:34 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x106, 0x2}}, 0x20)
syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2)

15:43:34 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x1017)
write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000000)={0x30, 0x0, 0x0, [{0x1, 0x3ff, 0x1, 0x2, '\''}]}, 0x30)

15:43:34 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x2000, 0x0)
ioctl$SNDCTL_TMR_SOURCE(r3, 0xc0045406)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f00000002c0)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1})
ioctl$mixer_OSS_GETVERSION(r2, 0x80044d76, &(0x7f00000001c0))

15:43:34 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
sendmsg$DEVLINK_CMD_SB_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x5c, 0x0, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0xfff}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x40}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000050}, 0x20008000)

15:43:34 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040), &(0x7f0000000080)={0x6}, 0x0)

15:43:34 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0xf)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x18, 0xd7f5, 0x2, 0x5, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_tracing={0x1a, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5c4f0dbf, 0x0, 0x0, 0x0, 0xfffffffa}, [@jmp={0x5, 0x0, 0x1, 0x3, 0x4, 0xffffffffffffffe0}, @exit, @map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000080)='syzkaller\x00', 0x4c2, 0x55, &(0x7f00000000c0)=""/85, 0x40f00, 0x0, [], 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x917, 0x6, 0x2, 0x2}, 0x10, 0x1410e}, 0x78)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x20300, 0x0)
write$FUSE_BMAP(r1, &(0x7f0000000280)={0x18, 0x0, 0x0, {0x100400000000000}}, 0x18)

15:43:34 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x1)

15:43:34 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x2000, 0x0)
ioctl$SNDCTL_TMR_SOURCE(r3, 0xc0045406)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f00000002c0)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1})

15:43:34 executing program 3:
socketpair(0x2, 0x0, 0x0, &(0x7f0000000080))
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa2003)
clock_getres(0x4, &(0x7f0000000040))

15:43:34 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4008af14, &(0x7f0000000040)={0x1, 0x5})

15:43:34 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x2000, 0x0)
ioctl$SNDCTL_TMR_SOURCE(r3, 0xc0045406)

[  655.703442][ T3001] Bluetooth: hci3: command 0x0401 tx timeout
15:43:35 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x6, 0x0, "5bf90b", 0xff})

15:43:35 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x701)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1)

15:43:35 executing program 2:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x13f, 0xe}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f00000000c0)={0x16, 0x98, 0xfa00, {&(0x7f0000000000), 0x0, r1, 0x1c, 0x0, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0xa0)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:35 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x2000, 0x0)

15:43:35 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x5)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00')
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, &(0x7f0000000340)={0x2, 0x4e20, @multicast1}, 0x10)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r1, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1cc, r2, 0x200, 0x70bd28, 0x25dfdbfb, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xfffffffe}, {0x6, 0x16, 0x9}, {0x5}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x5}, {0x6, 0x16, 0x8000}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x1}, {0x6}, {0x5}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x400}, {0x5}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0x8, 0xb, 0xffffffff}, {0x6, 0x16, 0x2}, {0x5}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xffffffff}, {0x6, 0x16, 0x8001}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x7}, {0x5, 0x12, 0x1}}]}, 0x1cc}, 0x1, 0x0, 0x0, 0x20048080}, 0x2010)

15:43:35 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0xf)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x18, 0xd7f5, 0x2, 0x5, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_tracing={0x1a, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5c4f0dbf, 0x0, 0x0, 0x0, 0xfffffffa}, [@jmp={0x5, 0x0, 0x1, 0x3, 0x4, 0xffffffffffffffe0}, @exit, @map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000080)='syzkaller\x00', 0x4c2, 0x55, &(0x7f00000000c0)=""/85, 0x40f00, 0x0, [], 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x917, 0x6, 0x2, 0x2}, 0x10, 0x1410e}, 0x78)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x20300, 0x0)
write$FUSE_BMAP(r1, &(0x7f0000000280)={0x18, 0x0, 0x0, {0x100400000000000}}, 0x18)

15:43:35 executing program 4:
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d09, &(0x7f0000000000)=0x17)
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:35 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)

15:43:35 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0xf)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x18, 0xd7f5, 0x2, 0x5, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_tracing={0x1a, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5c4f0dbf, 0x0, 0x0, 0x0, 0xfffffffa}, [@jmp={0x5, 0x0, 0x1, 0x3, 0x4, 0xffffffffffffffe0}, @exit, @map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000080)='syzkaller\x00', 0x4c2, 0x55, &(0x7f00000000c0)=""/85, 0x40f00, 0x0, [], 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x917, 0x6, 0x2, 0x2}, 0x10, 0x1410e}, 0x78)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x20300, 0x0)
write$FUSE_BMAP(r1, &(0x7f0000000280)={0x18, 0x0, 0x0, {0x100400000000000}}, 0x18)

15:43:35 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x7, 0x0, "5bf90b", 0xff})

15:43:35 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x7, 0x7], 0x2, 0x80800, 0x0, <r1=>0xffffffffffffffff})
ioctl$sock_rose_SIOCRSCLRRT(r1, 0x89e4)
bind$bt_hci(r0, 0x0, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
clock_getres(0x6, &(0x7f00000003c0))
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, 0x0)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r5, 0x0, 0x0, 0x0)
ioctl$sock_rose_SIOCDELRT(r5, 0x890c, &(0x7f0000000100)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x5, @null, @rose={'rose', 0x0}, 0x7, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f00000001c0)={&(0x7f0000000180)=[0x400], 0x1, 0x0, 0x0, <r6=>0xffffffffffffffff})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_ext={0x1c, 0x3, &(0x7f0000000240)=@raw=[@map_val={0x18, 0x1, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x8}, @call={0x85, 0x0, 0x0, 0x65}], &(0x7f0000000280)='syzkaller\x00', 0x7, 0x9c, &(0x7f0000000540)=""/156, 0x41100, 0x15, [], 0x0, 0x0, r1, 0x8, &(0x7f00000002c0)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x2, 0x3, 0x6, 0x6}, 0x10, 0x1a7b1}, 0x78)
bind$bt_hci(r2, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000040))
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x2})

15:43:35 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x4365c1)
ptrace$getregset(0x4204, 0xffffffffffffffff, 0x200, &(0x7f00000001c0)={&(0x7f0000000340)=""/162, 0xa2})
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
syz_open_dev$hidraw(&(0x7f0000000040)='/dev/hidraw#\x00', 0x8, 0x2)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
sendto$rose(0xffffffffffffffff, &(0x7f0000000500)="a510db3e4679b04dd3f5fb00913e50c53f94bdfaafb0abf8c413047ea65f744cda0377b671383fdfd31bb56a4599cc1b8508b944", 0x34, 0x0, &(0x7f0000000540)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x40)
read$hidraw(0xffffffffffffffff, &(0x7f0000000240)=""/240, 0xf0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000480)={&(0x7f0000000440)=[0x0], 0x1, 0x80000, 0x0, <r1=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0xe0d)
openat$drirender128(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/dri/renderD128\x00', 0x800, 0x0)
r2 = inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x1000000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x7, 0x6, 0x2, 0x0, 0x1f], 0x5, 0x80000, 0x0, <r3=>0xffffffffffffffff})
inotify_rm_watch(r0, r2)
r4 = syz_open_dev$ndb(&(0x7f0000000140)='/dev/nbd#\x00', 0x0, 0x58902)
openat$fb1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb1\x00', 0x404902, 0x0)
ioctl$NBD_SET_SOCK(r4, 0xab00, r3)
r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r5, 0xc028aa03, 0x0)
inotify_add_watch(r5, &(0x7f0000000400)='./file0\x00', 0xe000000)

15:43:35 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x8)

15:43:35 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x8, 0x0, "5bf90b", 0xff})

15:43:35 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)

15:43:35 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0xf)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x18, 0xd7f5, 0x2, 0x5, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_tracing={0x1a, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5c4f0dbf, 0x0, 0x0, 0x0, 0xfffffffa}, [@jmp={0x5, 0x0, 0x1, 0x3, 0x4, 0xffffffffffffffe0}, @exit, @map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000080)='syzkaller\x00', 0x4c2, 0x55, &(0x7f00000000c0)=""/85, 0x40f00, 0x0, [], 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x917, 0x6, 0x2, 0x2}, 0x10, 0x1410e}, 0x78)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x20300, 0x0)
write$FUSE_BMAP(r1, &(0x7f0000000280)={0x18, 0x0, 0x0, {0x100400000000000}}, 0x18)

15:43:35 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x300, 0x0, "5bf90b", 0xff})

15:43:35 executing program 2:
shmctl$SHM_LOCK(0xffffffffffffffff, 0xb)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x100010, 0xffffffffffffffff, 0x0)

[  656.659437][ T3001] Bluetooth: hci0: command 0x0c20 tx timeout
[  656.670421][ T3001] Bluetooth: hci4: command 0x0401 tx timeout
15:43:35 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$SOUND_OLD_MIXER_INFO(r0, 0x80304d65, &(0x7f0000000040))
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r1 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x20001)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)

15:43:35 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x13)

15:43:35 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0xf)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x18, 0xd7f5, 0x2, 0x5, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_tracing={0x1a, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5c4f0dbf, 0x0, 0x0, 0x0, 0xfffffffa}, [@jmp={0x5, 0x0, 0x1, 0x3, 0x4, 0xffffffffffffffe0}, @exit, @map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000080)='syzkaller\x00', 0x4c2, 0x55, &(0x7f00000000c0)=""/85, 0x40f00, 0x0, [], 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x917, 0x6, 0x2, 0x2}, 0x10, 0x1410e}, 0x78)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x20300, 0x0)

15:43:35 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)

15:43:35 executing program 2:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x8, 0x8, 0x100, 0x7], 0x4, 0x80800, 0x0, <r1=>0xffffffffffffffff})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000000)={&(0x7f0000ffc000/0x4000)=nil, 0x4000})
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:35 executing program 4:
ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f0000000000))
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
write$FUSE_WRITE(r0, &(0x7f0000000040)={0x18}, 0x18)

15:43:35 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x500, 0x0, "5bf90b", 0xff})

15:43:35 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x4a8002)

15:43:35 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)

15:43:35 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0xf)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x18, 0xd7f5, 0x2, 0x5, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_tracing={0x1a, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5c4f0dbf, 0x0, 0x0, 0x0, 0xfffffffa}, [@jmp={0x5, 0x0, 0x1, 0x3, 0x4, 0xffffffffffffffe0}, @exit, @map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000080)='syzkaller\x00', 0x4c2, 0x55, &(0x7f00000000c0)=""/85, 0x40f00, 0x0, [], 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x917, 0x6, 0x2, 0x2}, 0x10, 0x1410e}, 0x78)

15:43:35 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x600, 0x0, "5bf90b", 0xff})

15:43:35 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x25)
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000080)={0x2020, 0x0, <r1=>0x0}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f00000020c0)={0x2020, 0x0, 0x0, <r2=>0x0}, 0x2020)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000008300)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000008380)='/dev/sequencer2\x00', 0x403, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000004100)={0x2020, 0x0, <r4=>0x0, 0x0, <r5=>0x0}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f0000006140)={0x2020, 0x0, 0x0, <r6=>0x0}, 0x2020)
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0xbc6)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000083c0)='/dev/fuse\x00', 0x2, 0x0)
write$FUSE_STATFS(r7, &(0x7f0000008400)={0x60, 0x0, r4, {{0x5, 0x7, 0xae, 0x1, 0x9, 0xfffeffff, 0x5, 0x2}}}, 0x60)
write$FUSE_DIRENTPLUS(r0, &(0x7f0000008180)={0x148, 0xfffffffffffffff5, r1, [{{0x3, 0x3, 0x2, 0x100000001, 0x1, 0x7, {0x0, 0xfffffffffffffffa, 0x5, 0x7ff, 0xfffffffffffffff7, 0x61, 0x1f, 0x5, 0x3, 0xa000, 0xffff0407, r2, r5, 0x6, 0x43d}}, {0x6, 0x4, 0x0, 0x10000}}, {{0x2, 0x3, 0xa662, 0x7, 0x1ff, 0x8, {0x3, 0x6, 0x9, 0x0, 0x3ff, 0x698, 0x6, 0x0, 0x0, 0x2000, 0xfffffffb, r6, 0xee00, 0xb73, 0x60}}, {0x0, 0x80000000, 0x4, 0x3f, '}(-*'}}]}, 0x148)
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000000)={0x1000, [0x2, 0x7]}, 0x10)
openat$bsg(0xffffffffffffff9c, &(0x7f0000008340)='/dev/bsg\x00', 0x113000, 0x0)
socket$l2tp(0x2, 0x2, 0x73)

15:43:35 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x26)

15:43:35 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)

15:43:35 executing program 3:
setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=0x9, 0x4)
r0 = getpgid(0xffffffffffffffff)
waitid(0x1, r0, &(0x7f0000000040), 0x40000000, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$bt_hci(r2, &(0x7f0000000140)={0x1, @read_clock_offset={{0x41f, 0x2}, {0xc9}}}, 0x6)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x400003], 0x1})

15:43:35 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0xf)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x18, 0xd7f5, 0x2, 0x5, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)

15:43:35 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x700, 0x0, "5bf90b", 0xff})

15:43:35 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
socket$inet_udplite(0x2, 0x2, 0x88)

15:43:35 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x100808)

15:43:35 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x18, 0xd7f5, 0x2, 0x5, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)

15:43:35 executing program 3:
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:35 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)

15:43:36 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xff00, 0x0, "5bf90b", 0xff})

15:43:36 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, <r0=>0x0}, 0x2020)
r1 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000002040)={0x28, 0xffffffffffffffda, r0, {{0x1, 0x5, 0x1, r1}}}, 0x28)

15:43:36 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x18)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00')
r0 = socket(0x1f, 0x4, 0x101)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000000000)={0x1, "99"}, 0x2)

15:43:36 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:43:36 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)

15:43:36 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:36 executing program 3:
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x20000, 0x0)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x80000)

15:43:36 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x701)

15:43:36 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)

15:43:36 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:43:36 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0xffff)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x1, 0x1f, 0x7fffffff, 0x9, 0x4, 0x1], 0x6, 0x800, 0x0, <r0=>0xffffffffffffffff})
getresuid(&(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0), &(0x7f0000000100))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r2, &(0x7f0000002500)={&(0x7f0000002400)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000024c0)={&(0x7f0000002440)={0x50, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0xc2e}, {0x5}}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x24000090)
read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
r4 = inotify_add_watch(r0, &(0x7f0000002540)='./file0\x00', 0x0)
inotify_rm_watch(r0, r4)
write$FUSE_DIRENTPLUS(r0, &(0x7f0000002180)={0x278, 0x0, 0x0, [{{0x3, 0x0, 0x2, 0x4, 0x5e, 0x101, {0x5, 0x3, 0x4, 0x3f, 0x3e08, 0x1, 0xb, 0x7, 0x80000001, 0xa000, 0x7, r1, 0xffffffffffffffff, 0x10001, 0x4b7f}}, {0x2, 0x4, 0x0, 0x7ff}}, {{0x5, 0x1, 0x1, 0x3, 0x7, 0x200, {0x6, 0x7fffffff, 0xa34, 0x4, 0x7, 0x3, 0x8, 0x1, 0x5, 0xa000, 0x10001, 0xffffffffffffffff, r3, 0x2d59, 0xfff}}, {0x0, 0xacd, 0x6, 0x0, ']#&/-#'}}, {{0x6, 0x2, 0x7, 0x3f, 0x7fff, 0x3, {0x3, 0x2, 0x7, 0x4, 0x7, 0x9, 0x0, 0x826c, 0x8, 0xa000, 0x0, 0xee00, 0xee00, 0x1, 0x1ff}}, {0x0, 0x9, 0x0, 0x18d}}, {{0x1, 0x2, 0x3, 0x7ff, 0x400, 0x6, {0x1, 0x100, 0x2, 0x7, 0x2, 0x4, 0x8e98, 0x1ff, 0x0, 0x4000, 0x0, 0xee00, 0xffffffffffffffff, 0x1, 0x7fff}}, {0x5, 0x4, 0x0, 0x7}}]}, 0x278)

[  657.539281][ T9766] Bluetooth: hci5: command 0x0401 tx timeout
15:43:36 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)

15:43:36 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x8300, 0x0)

15:43:36 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x40000013)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000000)=0x7, 0x8)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x13f, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {&(0x7f0000000040), 0x0, r0, 0x30, 0x0, @in={0x2, 0x4e22, @multicast1}}}, 0xa0)

15:43:36 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:43:36 executing program 1:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100), 0x15, 0x3}}, 0x20)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)

15:43:36 executing program 3:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x20000)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:37 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x2, "5bf90b", 0xff})

15:43:37 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x1)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000002080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000002040), 0x106, 0x4}}, 0x20)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, 0x0, 0x0, <r2=>0x0}, 0xffffffffffffffbd)
setfsgid(r2)

15:43:37 executing program 1:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)

15:43:37 executing program 2:
ioctl$VHOST_GET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af14, &(0x7f0000000000)={0x3, 0x10001})
clock_gettime(0x7, &(0x7f0000000040))
prctl$PR_CAPBSET_DROP(0x1c, 0x25)

15:43:37 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0xd7f5, 0x2, 0x5, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)

15:43:37 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xadc281f0583d76cc)
io_uring_setup(0x2577, &(0x7f0000000080)={0x0, 0x1bde, 0x4, 0x1, 0x3})
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r1, 0x0, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r2, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000700)={0x14c, 0x0, &(0x7f0000000480)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000100)=ANY=[], &(0x7f0000000180)={0x0, 0x18, 0x38}}, 0x40}, @acquire_done={0x40106309, 0x3}, @exit_looper, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x15, 0x3}, @flat=@weak_handle={0x77682a85, 0xa, 0xfffffffd}, @fd}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x400}, @exit_looper, @transaction={0x40406300, {0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@fd={0x66642a85, 0x0, r1}, @flat=@binder={0x73622a85, 0x2100}, @flat=@weak_handle={0x77682a85, 0x0, 0x1}}, &(0x7f0000000380)={0x0, 0x18, 0x30}}}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000740)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x2, 0x1, 0x2b}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}}, @clear_death={0x400c630f, 0x2}], 0xc5, 0x0, &(0x7f0000000600)="adaa407fca4d93c1526affbc2d64d8a89f894f79b4710d1fd9667c85b9c914fda7108b62cc5ba9d485f640764c354547430c0ad29da8e552ae116116e53ebb504e420f5c79b58c4cfdc6496fb31a0828b95c8e2410ee30aed4f32b22572148a7e27a2dcf0aace044c3ee33fa0f84e07fc1b0aca7832ab02b91e396c618145baf4e11523e80431f20c56d2f5ad8f85cb365253c0fe983c95b5644c30428155902ec29be0cb3a379b7f25d8bda55dbc464ab92af2021da0f28b4473db0179d6967cfcca3bf7c"})
ioctl$HIDIOCGRAWPHYS(0xffffffffffffffff, 0x80404805, &(0x7f0000000040))
ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x2f6a)

15:43:37 executing program 4:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x10000, 0x0, 0xfffffff9, 0x1], 0x4, 0x800, 0x0, <r0=>0xffffffffffffffff})
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f00000000c0), 0x10)
ioctl$UFFDIO_WAKE(0xffffffffffffffff, 0x8010aa02, &(0x7f0000000000)={&(0x7f0000ff7000/0x7000)=nil, 0x7000})

15:43:37 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x5, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)

15:43:37 executing program 1:
syz_open_dev$ndb(0x0, 0x0, 0xa2082)

15:43:37 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x10000001a)

15:43:37 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$NBD_SET_SIZE(r0, 0xab02, 0x9)

15:43:37 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x27)

[  658.739313][ T9766] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:37 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x3, "5bf90b", 0xff})

15:43:37 executing program 1:
syz_open_dev$ndb(0x0, 0x0, 0xa2082)

15:43:37 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x446a00)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
socket(0xb, 0x800, 0x1)
ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x8001)

15:43:37 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)

15:43:37 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r3 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r3, 0x0)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x9)

15:43:37 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0xe)

15:43:38 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/85, 0x55, 0x100, &(0x7f0000000080)={0x23, 0xff, 0x0, 0x18}, 0x10)
recvfrom$phonet(0xffffffffffffffff, &(0x7f00000000c0)=""/55, 0x37, 0x40000061, &(0x7f0000000100)={0x23, 0x4, 0x1, 0x45}, 0x10)

15:43:38 executing program 1:
syz_open_dev$ndb(0x0, 0x0, 0xa2082)

15:43:38 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x8002)

15:43:38 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1e, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)

15:43:38 executing program 2:
sendto$phonet(0xffffffffffffffff, &(0x7f0000000000)="23a8720a163309d7ee76eca4f5a8e143d3f5834f1d3512b2711db61693aafb5fb902bb4c213b2a471548558c80696907afa4590412303e9c420d920ad1310601896b3e4372f91a24569c3bd2e69ee572aec2bf56b74724e0b2c06fcf4200e687f1b7b1980f639b8644f512490d0e81bf13083928f58ba0f2e63001319b2def8b165acd8b7670c2bdc359b556c9c4e767e6ad308f7d255bc2aceddf105b24d07cce5aee24e9286cdb7a08ef40e988558c41c84d755b", 0xb5, 0x0, &(0x7f00000000c0)={0x23, 0x2, 0x7, 0x1}, 0x10)

15:43:38 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "176b78", 0x5})
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:38 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x4, "5bf90b", 0xff})

15:43:38 executing program 1:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)

15:43:38 executing program 2:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x20, 0x20, 0x9, 0x4, 0x80, 0x9], 0x6, 0x80800, 0x0, <r0=>0xffffffffffffffff})
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1177d0800000", @ANYRES16=0x0, @ANYBLOB="080027bd7000fbdbdf25140000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000008000b00030000000600110054da000008001500060000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b000600000006001100050000000800150009000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b000700000006001100080000000800150000008001"], 0xd0}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dri/renderD128\x00', 0x400000, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
getsockopt$rose(r1, 0x104, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)
ioctl$SOUND_MIXER_READ_CAPS(0xffffffffffffffff, 0x80044dfc, &(0x7f0000000000))
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r2 = socket(0x6, 0x1, 0x401)
bind$bt_hci(r2, &(0x7f0000000300)={0x1f, 0x4, 0x3}, 0x6)

15:43:38 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)

15:43:38 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x1a1080)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
socket$rds(0x15, 0x5, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x40})
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)

15:43:38 executing program 1:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)

15:43:39 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0xd)
ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f0000000000))

15:43:39 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)

15:43:39 executing program 3:
syz_genetlink_get_family_id$devlink(&(0x7f0000000000)='devlink\x00')
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa0303)

15:43:39 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f00000000c0))
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:39 executing program 1:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)

[  660.819213][ T3001] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:39 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)

15:43:39 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0xf)

15:43:39 executing program 1:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)

15:43:39 executing program 3:
read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, 0x0, <r0=>0x0}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f00000040c0)={0x78, 0xfffffffffffffff5, 0x0, {0x80000000, 0x3, 0x0, {0x5, 0x823, 0xff, 0x401, 0x6, 0x3, 0xffffffb8, 0x2, 0x80000000, 0x0, 0x3ff, r0, r1, 0x89, 0x4}}}, 0x78)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:39 executing program 2:
r0 = socket(0x9, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xd0, r1, 0x10, 0x70bd2d, 0x25dfdbff, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x5}, {0x8, 0x15, 0xa9}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7ff}, {0x6, 0x11, 0xaee}, {0x8, 0x15, 0x80000000}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x1000}, {0x8, 0x15, 0x8}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20000004}, 0x11)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x7fff)
getitimer(0x0, &(0x7f0000000040))
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000002c0)={<r3=>0xffffffffffffffff}, 0x0, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000280), 0x3, {0xa, 0x4e22, 0xffffffff, @mcast1, 0x4}, r3}}, 0x38)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)

15:43:39 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x5, "5bf90b", 0xff})

15:43:39 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1e, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x40)

15:43:39 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x4, "5bf90b", 0xff})

15:43:39 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x800011)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x6, <r0=>0x0}, 0x8)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000080)={0x5}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r0, 0x4)

15:43:39 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
setrlimit(0x7, &(0x7f0000000040)={0x4, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x1, 0x4, 0x2, 0x5, 0x1000, 0x80000000, 0x80000001, 0xa7f], 0x8, 0x800, 0x0, <r0=>0xffffffffffffffff})
ioctl$HIDIOCGRAWNAME(r0, 0x80404804, &(0x7f0000000100))

15:43:39 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x180000)
accept4$rose(r1, 0x0, &(0x7f0000000080), 0x800)
getsockopt$rose(r0, 0x104, 0x5, &(0x7f0000000000), &(0x7f0000000040)=0x3)

15:43:40 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1e, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x40)

15:43:40 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
userfaultfd(0x80800)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0xc740, 0x7fff], 0x2, 0x80800, 0x0, <r1=>0xffffffffffffffff})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000040)={0x20000011})

15:43:40 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000100)={&(0x7f0000000000), 0x0, 0x80800, 0x0, <r0=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f00000001c0)=[0x81, 0x0, 0x10001, 0x14, 0x1, 0x2, 0x4, 0x98, 0x4], 0x9, 0x800, 0x0, <r1=>0xffffffffffffffff})
r2 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000140)={0x28, 0x0, 0xffffffff}, 0x10, 0x800)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000180)={0x80000001})
syz_genetlink_get_family_id$devlink(&(0x7f00000000c0)='devlink\x00')
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000080)={0x3, 0x1, "800585", 0x7, 0x6})
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x48100, 0x0)
setsockopt$bt_hci_HCI_FILTER(r4, 0x0, 0x2, &(0x7f0000000280)={0x107, [0x2, 0x1], 0x400}, 0x10)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x22})
ioctl$HIDIOCSFEATURE(r3, 0xc0404806, &(0x7f0000000000)="0589327490d868b9f4aa8ecabf2a3ce0247e7a2fca09fc52622c38e6e33d6ce40b3ede556af2a20d31d18042c78181dab8b7a36d8a9dd12a1b43f7e027")

15:43:40 executing program 4:
read$FUSE(0xffffffffffffffff, &(0x7f0000000180)={0x2020, 0x0, <r0=>0x0}, 0x2020)
write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f00000021c0)={0x98, 0x0, r0, [{0x0, 0x9, 0xd, 0x0, '0000:00:10.0\x00'}, {0x3, 0x8, 0x0, 0x27}, {0x6, 0x8, 0xd, 0x7, '0000:00:10.0\x00'}, {0x1, 0x3, 0x4, 0x1f, '!^\\['}]}, 0x98)
prctl$PR_CAPBSET_DROP(0x17, 0x700)
sendmsg$DEVLINK_CMD_SB_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x84, 0x0, 0x400, 0x70bd2a, 0x5, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xff}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x8d}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x7}}]}, 0x84}, 0x1, 0x0, 0x0, 0x40}, 0x20044044)

15:43:40 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1e, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x40)

15:43:40 executing program 2:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x701800, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_DIRENT(r0, &(0x7f0000002140)={0xf0, 0x0, r1, [{0x1, 0x3, 0x8, 0x9, '/$!/$-@\\'}, {0x0, 0x3, 0x2, 0x0, '\'}'}, {0x2, 0x5, 0x5, 0x81, '+):!-'}, {0x0, 0x1, 0xc, 0x101, '@!-}}#+]\x1a-+\\'}, {0x3, 0x1, 0x2, 0x40, ',!'}, {0x3, 0x5b, 0x0, 0x7}, {0x4, 0x1, 0x5, 0x3, '#!\'&@'}]}, 0xf0)
getresgid(&(0x7f0000000000)=<r2=>0x0, &(0x7f0000000040), &(0x7f0000000080))
setfsgid(r2)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:40 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x6, "5bf90b", 0xff})

15:43:40 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x8200, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, 0xffffffffffffffff)

15:43:40 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x180000)
accept4$rose(r1, 0x0, &(0x7f0000000080), 0x800)
getsockopt$rose(r0, 0x104, 0x5, &(0x7f0000000000), &(0x7f0000000040)=0x3)

15:43:40 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa4003)

15:43:40 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socketpair(0x26, 0xa, 0x8, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80100}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2fa4d91c", @ANYRES16=r2, @ANYBLOB="160225bd7000ffdbdf25170000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000200000008000b000900000006001600060000000500120000000000080001007063690011000200303030303a30303a31302174e2a6b619cbe35cc42e3000000000080003000300000008000b00ff0f000006001600ff07000005001200010000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000100000008000b000104000006001600040000000500120000000000080001007063690011000200303030303a30303a31302e0003000000000008000b004fffffff060016000700"], 0x10c}}, 0x20000800)
syz_genetlink_get_family_id$SEG6(&(0x7f00000002c0)='SEG6\x00')
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:40 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1e, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x40)

15:43:40 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x7, 0x5, 0x8001, 0x10001, 0x5, 0x1, 0x4, [], 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x2}, 0x40)
socketpair(0x9, 0x5, 0x5, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x38c208af63ffdf67}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010700000000fddbdf2501000000050005000000000008000c000100cabd000006001b004e20000006000e00112c160100"], 0x34}, 0x1, 0x0, 0x0, 0x40040}, 0x64001884)

15:43:40 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1e, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x4}, 0x40)

15:43:40 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x3}, 0x6)

15:43:40 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r7, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:40 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x20, 0x7, 0x9576], 0x3, 0x0, 0x0, <r0=>0xffffffffffffffff})
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r1, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f00000000c0)={0x20000008})
r2 = epoll_create(0xffffffff)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r3)

15:43:41 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x180000)
accept4$rose(r1, 0x0, &(0x7f0000000080), 0x800)
getsockopt$rose(r0, 0x104, 0x5, &(0x7f0000000000), &(0x7f0000000040)=0x3)

15:43:41 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7, "5bf90b", 0xff})

15:43:41 executing program 2:
ioctl$HIDIOCGRAWPHYS(0xffffffffffffffff, 0x80404805, &(0x7f0000000000))
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:41 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1e, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x4}, 0x40)

15:43:41 executing program 4:
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x20})
prctl$PR_CAPBSET_DROP(0x17, 0x700)
write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0xfffffffffffffff5, 0x0, {0x7}}, 0x18)

15:43:41 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x180000)
accept4$rose(r1, 0x0, &(0x7f0000000080), 0x800)
getsockopt$rose(r0, 0x104, 0x5, &(0x7f0000000000), &(0x7f0000000040)=0x3)

15:43:41 executing program 3:
prctl$PR_GET_TIMERSLACK(0x1e)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x4002)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000080)=""/152, 0x98}], 0x1, &(0x7f0000000240)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000180)=""/65, 0x41}, &(0x7f0000000200), 0x30}}], 0x30, 0x40000}, 0x2004c8a4)

[  662.909250][    T5] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:41 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
geteuid()
mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0xfffffffffffffffa)

15:43:41 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x180000)
accept4$rose(r1, 0x0, &(0x7f0000000080), 0x800)

15:43:41 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
accept4$rose(0xffffffffffffffff, &(0x7f0000000000)=@short={0xb, @dev, @bcast, 0x1, @default}, &(0x7f0000000040)=0x1c, 0x80000)

15:43:41 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1e, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x4}, 0x40)

15:43:41 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0)

15:43:41 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x12)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000640)='/dev/bsg\x00', 0x202000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)={0x9, 0xfffff800, 0xffffff81, 0x8, 0x2, r0, 0x5, [], 0x0, r0, 0x5, 0x0, 0x3}, 0x40)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x8ba], 0x1, 0x80000, 0x0, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000600)={0x7, 0x0, 0x80002, 0x8, 0x0, 0xffffffffffffffff, 0x1, [], 0x0, r1, 0x5, 0x4, 0x3}, 0x40)
sendmsg$rds(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)=""/225, 0xe1}, {&(0x7f0000000140)=""/1, 0x1}, {&(0x7f0000000180)=""/222, 0xde}, {&(0x7f0000000280)=""/48, 0x30}, {&(0x7f00000002c0)=""/92, 0x5c}, {&(0x7f0000000340)=""/224, 0xe0}], 0x6, &(0x7f00000004c0)=[@zcopy_cookie={0x18, 0x114, 0xc, 0x18f5}, @zcopy_cookie={0x18, 0x114, 0xc, 0x200}], 0x30, 0x10}, 0x4880)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)

15:43:42 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x8, "5bf90b", 0xff})

15:43:42 executing program 4:
r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$IPC_RMID(r0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, &(0x7f0000000000)="0d64067ffc0ebaebe58d29986624e9f977cd67de79ee8c7d28a178a512fe9ad7bb1050b8489b899918e20828b3ef5b7ab611cbc25d8464b7003239866d62dd8b9a37fd612258ed43b09d7b4175c65eb8aaef8f87e6dbfee159f141ee7843670688107ec94a28e7f844585d3d523e577fd8c59f9ff7e3b0a46edc6d37a462d201722831442b02fd6671070df81b2f673e47cb971577eca71a424d30a78264c322cbd9133fa08a8368d50b1fe8aa4bac4a17756cd16af30a964e0d163162c7c8355b7c54f356d634a96f3eb93d5c3541d0f6996223f3aa9b2711fa35e5a9ded235c562fa23cfe4bee08bfc53ec8cac65ef5f89d054a15f346b")
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:42 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r7, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:42 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x180000)

15:43:42 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x6e200)
getpgid(0xffffffffffffffff)
r0 = socket(0xb, 0xa, 0x1000)
ioctl$SIOCPNADDRESOURCE(r0, 0x89e0, &(0x7f0000000040)=0x5)

15:43:42 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x13)

15:43:42 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
ioctl$SOUND_MIXER_READ_CAPS(0xffffffffffffffff, 0x80044dfc, &(0x7f0000000200))
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4300000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x110, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x101}, {0x6, 0x11, 0x3}, {0x8, 0x13, 0xfffffff9}, {0x5, 0x14, 0x1}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x401}, {0x8, 0x13, 0x7fff}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x200}, {0x6, 0x11, 0x200}, {0x8, 0x13, 0x6}, {0x5, 0x14, 0x1}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0x5}, {0x8, 0x13, 0x9}, {0x5, 0x14, 0x1}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

15:43:42 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x180000)

15:43:42 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0xc)

15:43:42 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r7, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:42 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$SIOCPNGETOBJECT(r0, 0x89e0, &(0x7f0000000040)=0x5)

15:43:42 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x180000)

15:43:43 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x300, "5bf90b", 0xff})

15:43:43 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000000)={0x0, 0x493})
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$SOUND_MIXER_READ_RECMASK(r0, 0x80044dfd, &(0x7f0000000040))

15:43:43 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r7, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:43 executing program 3:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa0003)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))

15:43:43 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x180000)

15:43:43 executing program 2:
setuid(0xee00)
socketpair(0x10, 0x6, 0xff, &(0x7f0000000040))
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x20200, 0x0)
ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f0000000080)={0x1, 0x9})
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x5, 0x200, 0x2, 0xfffffffb, 0x2, 0x400, 0xfffffff8, 0x1000, 0x0, 0x615], 0xa, 0x800, 0x0, <r1=>0xffffffffffffffff})
read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_DIRENT(r1, &(0x7f0000002180)={0x48, 0x0, r2, [{0x4, 0x5}, {0x6, 0x6, 0x6, 0x7fff, '.%|}$\\'}]}, 0x48)
ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x81)
ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000002200)={0x0, 0x80})

15:43:43 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r7, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})

15:43:43 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x22500, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000040))

15:43:43 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x2df, 0x2, 0xfffffffb, 0x9], 0x4, 0x80800, 0x0, <r0=>0xffffffffffffffff})
bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)

15:43:43 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
read$fb(r0, &(0x7f0000000080)=""/79, 0x4f)
prctl$PR_CAPBSET_DROP(0x17, 0x20)

15:43:43 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x0)
accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x180000)

15:43:43 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r7, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})

[  664.979255][ T3001] Bluetooth: hci0: command 0x0c20 tx timeout
15:43:44 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x500, "5bf90b", 0xff})

15:43:44 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x34f643)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
syz_open_dev$ndb(&(0x7f0000000240)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)=[0x0, 0x0]})
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {&(0x7f00000000c0), 0x2, 0xffffffffffffffff, 0x1c, 0x1, @ib={0x1b, 0x743a, 0x0, {"f586b7e49d3922ad4e3ecb1d2b9390a6"}, 0x18, 0x5, 0x7fff}}}, 0xfffffe7b)

15:43:44 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00')

15:43:44 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x12)
inotify_init()

15:43:44 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x180000)

15:43:44 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})

15:43:44 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x3)

15:43:44 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x180000)

15:43:44 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:43:44 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, <r0=>0x0}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f0000002040)={0x2020, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
getresuid(&(0x7f0000004080), &(0x7f00000040c0), &(0x7f0000004100)=<r2=>0x0)
getresuid(&(0x7f0000004140), &(0x7f0000004180)=<r3=>0x0, &(0x7f00000041c0))
getresgid(&(0x7f0000004200), &(0x7f0000004240)=<r4=>0x0, &(0x7f0000004280))
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000006900)={0x28, 0x0, 0x2710, @my=0x1}, 0x10, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r5, 0x28, 0x0, &(0x7f0000006940), 0x8)
read$FUSE(0xffffffffffffffff, &(0x7f00000042c0)={0x2020, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
r7 = geteuid()
getresgid(&(0x7f0000006300)=<r8=>0x0, &(0x7f0000006340), &(0x7f0000006380))
r9 = geteuid()
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000063c0)={0x508, 0x0, r0, [{{0x3, 0x0, 0x3, 0x7fffffff, 0x491, 0x8, {0x4, 0x1, 0x1, 0x7, 0x1, 0x8, 0x79, 0x100, 0x3, 0x9000, 0x401, 0xee00, r1, 0x3, 0x7}}, {0x4, 0x67a2, 0x1, 0x5, '&'}}, {{0x0, 0x1, 0x36, 0x9, 0xfffffffa, 0x8, {0x2, 0x1, 0x5, 0x0, 0xd76, 0x3ff, 0x3, 0x5, 0x2, 0xc000, 0x5, r2, 0xee00, 0x2, 0x100}}, {0x6, 0x1519a688, 0x0, 0x2}}, {{0x3, 0x1, 0x20, 0x5c, 0x9, 0xd7, {0x2, 0x8000, 0x8, 0x1, 0x7fffffff, 0x101, 0x852, 0xaf, 0x5, 0x6000, 0x1, r3, r4, 0x2, 0x1000}}, {0x2, 0x9, 0x0, 0x3}}, {{0x5, 0x0, 0x5df0, 0x6, 0xff, 0x7, {0x4, 0x4fa7, 0x1, 0x3f, 0x5, 0x88, 0x8, 0x3, 0x8, 0x6000, 0x80000001, 0xee01, 0xee00, 0x0, 0x9}}, {0x0, 0x8, 0x5, 0x5, '!{\x86]#'}}, {{0x4, 0x2, 0x6, 0x0, 0x0, 0x2, {0x1, 0x7, 0xca9f, 0x4ca, 0x6, 0x3, 0x6f, 0xffffff30, 0x40, 0xc000, 0x9, 0xee01, r6, 0x7, 0x776e}}, {0x0, 0x9, 0x2, 0x32f, '*,'}}, {{0x4, 0x2, 0x2, 0x5, 0x81, 0x6d, {0x2, 0x3, 0x4, 0x2, 0x10000, 0x0, 0x10000, 0x81, 0x5, 0xa000, 0x9, r7, r8, 0x1f, 0x4c5}}, {0x6, 0x1, 0x3, 0x7, ')@,'}}, {{0x4, 0x3, 0x0, 0x0, 0x0, 0x7fffffff, {0x4, 0x8, 0xffff, 0x1, 0xfff, 0x1, 0x0, 0x4, 0x3, 0x6000, 0x2, 0xee00, 0xee00, 0x1, 0x6}}, {0x5, 0x100000001, 0xc, 0xf3, '\x9b^{.\x7f&**)!@-'}}, {{0x5, 0x0, 0x7, 0x80, 0xc00000, 0x7, {0x5, 0x8000, 0x3, 0x80000001, 0x8000, 0x7, 0x8, 0x0, 0x600, 0x2000, 0x2, r9, 0xee00, 0xfffff4ed, 0x8}}, {0x6, 0xcc33, 0x5, 0x800, '^],+}'}}]}, 0x508)

15:43:44 executing program 3:
write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, 0x0, {0x1ff}}, 0x18)
setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, &(0x7f0000000080)={{0x3ff, 0x3}, 0x8}, 0x10)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0043)

15:43:44 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080))

15:43:45 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x600, "5bf90b", 0xff})

15:43:45 executing program 4:
shmget$private(0x0, 0x3000, 0x40, &(0x7f0000ffc000/0x3000)=nil)
prctl$PR_CAPBSET_DROP(0x17, 0x700)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020}, 0x2020)
getuid()

15:43:45 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x180000)

15:43:45 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:43:45 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
socket$inet6_udplite(0xa, 0x2, 0x88)

15:43:45 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
openat$fb1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x4000, 0x0)

15:43:45 executing program 3:
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1f}, {0x6, 0x11, 0x470}, {0x8, 0x13, 0x96}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x810)
shmget$private(0x0, 0x2000, 0x269066b311e5e6e, &(0x7f0000004000/0x2000)=nil)
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
mmap$IORING_OFF_SQES(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x200000c, 0x810, 0xffffffffffffffff, 0x10000000)

15:43:45 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x100, 0x101, 0xf4, 0x6, 0x5, 0x7, 0x200], 0x7, 0x40800, 0x0, <r0=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x2009})

15:43:45 executing program 2:
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x1}, @SEG6_ATTR_SECRET={0x14, 0x4, [0x8000, 0x2, 0x7, 0x4]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x101}]}, 0x38}}, 0x4010)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)

15:43:45 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x180000)

15:43:45 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:43:45 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x23)

[  667.059293][T11942] Bluetooth: hci0: command 0x0401 tx timeout
15:43:46 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x700, "5bf90b", 0xff})

15:43:46 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x180000)

15:43:46 executing program 2:
ioctl$VHOST_SET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af13, &(0x7f0000000000)={0x2})
prctl$PR_CAPBSET_DROP(0x1c, 0x1d)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

15:43:46 executing program 3:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x600e41)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r0)

15:43:46 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})

15:43:46 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2020)
setfsgid(r0)
r1 = accept4$rose(0xffffffffffffffff, &(0x7f0000002040)=@full={0xb, @remote, @rose, 0x0, [@remote, @default, @null, @netrom]}, &(0x7f0000002080)=0x40, 0x40000)
accept4$rose(r1, 0x0, &(0x7f00000020c0), 0x80400)

15:43:46 executing program 3:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:46 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x180000)

15:43:46 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x60080, 0x0)
ioctl$SOUND_OLD_MIXER_INFO(r0, 0x80304d65, &(0x7f0000000040))
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x531cc3, 0x0)
mmap$fb(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000002, 0x13, r1, 0x58000)

15:43:46 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x8)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_create(0xffffff01)
ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000040)={0x3, r1})
geteuid()

15:43:46 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, 0x0, 0x7, r6, &(0x7f0000000240)={r1, r1, 0x3})

15:43:46 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x591243)

15:43:47 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0xff00, "5bf90b", 0xff})

15:43:47 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, 0x0, 0x7, r6, &(0x7f0000000240)={r1, r1, 0x3})

15:43:47 executing program 1:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x180000)

15:43:47 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
ioctl$NBD_SET_FLAGS(0xffffffffffffffff, 0xab0a, 0x1)
bind$rds(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @private=0xa010100}, 0x10)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1, @le_reject_cis={{0x2067, 0x3}, {0xc8, 0x81}}}, 0x7)

15:43:47 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
r1 = accept4$rose(r0, &(0x7f0000000100)=@short={0xb, @dev, @remote, 0x1, @rose}, &(0x7f0000000140)=0x1c, 0x80800)
getsockopt$rose(r1, 0x104, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
accept4$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0xffffd8ee, @my=0x1}, 0x10, 0x800)
getresgid(&(0x7f0000000240), &(0x7f0000000280)=<r2=>0x0, &(0x7f00000002c0))
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000300)={{0x0, 0xee01, r2, 0xee00, 0xee01, 0x31, 0x8}, 0x80, 0x2, 0x1, 0x3f, 0x0, 0xffffffffffffffff, 0x800})
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/renderD128\x00', 0x8000, 0x0)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f00000000c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000080)}}, 0x18)

15:43:47 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
ptrace$getregset(0x4204, r1, 0x6, &(0x7f0000000080)={&(0x7f0000000000)=""/93, 0x5d})
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x6)

15:43:47 executing program 1:
syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x180000)

15:43:47 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, 0x0, 0x7, r6, &(0x7f0000000240)={r1, r1, 0x3})

15:43:47 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x381043)
r0 = getpgid(0xffffffffffffffff)
r1 = getpgid(r0)
ptrace$getregset(0x4204, r1, 0x1, &(0x7f0000000140)={&(0x7f0000000280)=""/207, 0xcf})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bsg\x00', 0x0, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
read$fb(r3, &(0x7f00000001c0)=""/162, 0xa2)
ioctl$SNDCTL_TMR_SOURCE(r2, 0xc0045406)

15:43:47 executing program 2:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$SOUND_MIXER_READ_RECMASK(r0, 0x80044dfd, &(0x7f0000000080))
inotify_init()
prctl$PR_CAPBSET_DROP(0x1c, 0x23)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
getsockopt$PNPIPE_INITSTATE(r1, 0x113, 0x4, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x34})
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r3, 0x114, 0x6, &(0x7f0000000180)=0x1, 0x4)
bind$bt_hci(r2, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r2, 0x4008af23, &(0x7f0000000140)={0x0, 0x6})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r1, 0xc00464be, &(0x7f0000000040)={0x1})

15:43:47 executing program 4:
ioprio_get$uid(0x0, 0xee00)
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:43:47 executing program 1:
syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x180000)

[  669.139231][ T3205] Bluetooth: hci0: command 0x0401 tx timeout
15:43:48 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "25f90b", 0xff})

15:43:48 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
r6 = getpgid(0x0)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})

15:43:48 executing program 3:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x400, 0x81, 0x3cc, 0xffffffff, 0x7, 0x0], 0x6, 0x800, 0x0, <r0=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000100)={0x11, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x18)
prctl$PR_CAPBSET_DROP(0x18, 0x19)

15:43:48 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00')
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d1b, &(0x7f0000000040)=0x4d)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))
getuid()

15:43:48 executing program 2:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000000)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x7, [@default, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
ioctl$SIOCPNGETOBJECT(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)=0x4)

15:43:48 executing program 1:
syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x180000)

15:43:48 executing program 1:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)

15:43:48 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x6ff)

15:43:48 executing program 3:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x753a)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180)={<r1=>0xffffffffffffffff}, 0x3, {0xa, 0x4e20, 0xb9, @private1={0xfc, 0x1, [], 0x60}, 0x400}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000240)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r1}}, 0x18)
read$fb(0xffffffffffffffff, &(0x7f0000000040)=""/252, 0xfc)

15:43:48 executing program 1:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)

15:43:48 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
r6 = getpgid(0x0)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})

15:43:48 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
openat$fb1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x80000, 0x0)
r0 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x40)
inotify_rm_watch(0xffffffffffffffff, r0)

15:43:49 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5cf90b", 0xff})

15:43:49 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r3 = socket$l2tp(0x2, 0x2, 0x73)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r4, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r2, 0x7, r3, &(0x7f0000000180)={r0, r4, 0x3e})
r5 = getpgid(0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r2, r5, 0x7, r6, &(0x7f0000000240)={r0, r0, 0x3})

15:43:49 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0xfffffffffffffff7)

15:43:49 executing program 3:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x101341)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x509000)

15:43:49 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x2001b)
r0 = shmget(0x0, 0x1000, 0x54000000, &(0x7f0000ffd000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x0)
write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="1801000007ac0700", @ANYRES64=0x0, @ANYBLOB="050000000000000069000000000000000300000000040000275c2c000000000005000000000000005020000000000000010000000500000026000000000000000200000000000000d7a000000000000003000000a90000002628270000000000040000000000000000010000000000000b000000e20a00002a2a255b272e2c2d2f5e400000000000050000000000000000040000000000000d000000d30000002f217b2b2a213f3a712d2726230000000b198097241fdcbf8e980100000000000000ff0f000000000000030000003f0000005b5e2d00000000000400000000000000010400000000000000000000050000000200000000000000560300000000f0ff050000006b020000255e7d255d400000858b2bc8ce9f5c59b3889d4a317aecb723669ff40d82a2123621f87ccd3a9f2270e1ac5c26aa36228a9dfdebd7d0b442e7f210a6055ad595341b305767d80e27e5fcb4a1af7b494e11dbf6232926946ce0e0bc8c0c8ddec75fc0c78f0b7cd61dbf0040af0834f41fedfee5e604f3a2016600b199dcbb0e5e9a3faf4d133657d9c0230251a10318469f39"], 0x118)

15:43:49 executing program 1:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)

15:43:49 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
prctl$PR_CAPBSET_DROP(0x18, 0x8)

15:43:49 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
socket$l2tp(0x2, 0x2, 0x73)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r3, 0x0, 0x0)
r4 = getpgid(0x0)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r2, r4, 0x7, r5, &(0x7f0000000240)={r0, r0, 0x3})

15:43:49 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
openat$fb1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x80000, 0x0)
r0 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x40)
inotify_rm_watch(0xffffffffffffffff, r0)

15:43:49 executing program 3:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)

15:43:49 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x4200000000704)
r0 = io_uring_setup(0x4c42, &(0x7f0000000000)={0x0, 0x90d3, 0x10, 0x0, 0x4})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000006, 0x8010, r0, 0x0)

15:43:49 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
socket$l2tp(0x2, 0x2, 0x73)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = getpgid(0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r4, &(0x7f0000000240)={r0, r0, 0x3})

[  671.229298][ T9766] Bluetooth: hci0: command 0x0401 tx timeout
15:43:50 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
socket$l2tp(0x2, 0x2, 0x73)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r3, 0x0, 0x0)
r4 = getpgid(0x0)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r2, r4, 0x7, r5, &(0x7f0000000240)={r0, r0, 0x3})

15:43:50 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x1a)

15:43:50 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90f", 0xff})

15:43:50 executing program 3:
syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x58d541)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x60000)

15:43:50 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
socket$l2tp(0x2, 0x2, 0x73)
r3 = getpgid(0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r4, &(0x7f0000000240)={r0, r0, 0x3})

15:43:50 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = syz_open_dev$hidraw(&(0x7f00000000c0)='/dev/hidraw#\x00', 0x89f2, 0x200000)
ioctl$HIDIOCGRAWNAME(r0, 0x80404804, &(0x7f0000000100))
time(&(0x7f0000000000))
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x10, 0xfa00, {&(0x7f0000000040)}}, 0x18)

15:43:50 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
socket$l2tp(0x2, 0x2, 0x73)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r3, 0x0, 0x0)
r4 = getpgid(0x0)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r2, r4, 0x7, r5, &(0x7f0000000240)={r0, r0, 0x3})

15:43:50 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001000)='/dev/bsg\x00', 0x240c80, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
sendto$phonet(r1, &(0x7f0000001040)="5997e0c53a1e1e481e857db13d2ec15fa79fbe699653cee021c0dba3fa6734df0cf0cad431e25260ffd18536c1ec32d2c4eb3e099bdd1201684e6d21b4ffd1535a4a55a9af3f75f6c70d5aa7504fbf83f16aa46d3124629adc580c71c3129eecd4b0f5fc165331c8e97a1f6aeb949f01c2363fde57a92c6a71758154817d78793220c5ac59842c6756c55f1001e314d8e56c18ef7c3fc001f3d5b728058a7f8a06f4e8e5ba83c445aa3f47d1b1c66b9cc37a", 0xb2, 0x40, 0x0, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$sock_bt_hci(r0, 0x800448d5, &(0x7f0000000000)="ad56c90c644d6bada193b7a3c33af5ff6491308ac3df8c22615bb4e5344b7f444a1bf053b593594185ec68a1381ccbdaf52cbef0bea9d6d67db07288998d1d15d9288b1aba0254a921f88820f4cb6f435d02769561830873964fd6574052e741923711e364262d0c529556a8ed3efcbab2900529a48aa97e11ccb7dc3784b66532b773050ddd8695e9c162a699e54279c3d555e989316d96fdd39a0915f925e93e4a398b4a171306989bc76eff82fb257899de57cbc6f24e7d2d119e58d305d00e824386b2e2ec26c449de0cb92a203f79f5bbc25e5b6d2d97ef54fa076fc50036c5be3ffbe2a601e0b2c8e70167153ab1837977b5354d6a14eb5f1f5e39b49b650ecde12f98983bc0c6d6ce78968cbfd1d7a248f3f788d7e55be346234100f40c18aa42383a657fb8613fec78584665ca4bfe32d4e7162725ee3a77d4c070f988aac4b486c85fe108701000140b21d5b9db8033388372f257af8250091824db84c69c9741a578330ddcb1b63819d0b5f19e2bafc6decdffacfdda57928a1dda78c26e482fc872cb19d8ffbd352866aa7ed3136de06444bcd4ede13e9fd024a1e566e8b84c037ead329d2f3f9ab2d4b39e3616a48ac4a2fba208bf42cce874ec9221917656919fc896142ff81f7c8ed075808832304097a4b9fc1cf4543eb81b1461109830808b409f6baa2cfa13347c947e55f3ae0cf52dab578145fbe7c40428bbf5fc7a55e34da0779e79e12c7b8e64ad0af752de5e29ea416980e956b4aaa6a51f674a5ec64e2f0af202a38ec7a209469dad35c8916bff9d74ebee3e6948e20fcb629ca596b0cb8d2d0c5a80da7a171eb0dae73414936b2e486513fa10cf2c83e8e581a33013860e52458bff17896db5515f77cec8d98fc2c1e602b85e1ad0e1f1e1421f2053eb149e12735e65130736b32df1059eef7c8c60984a533e40d309edcd6f340d65b55d0dd60a0f1481a35bfc4a3c557615fc09f46f9182f466eab01a7bcbb8d1f491f9b1ac80c9a2277c984b3601ff0fb1944df1677cd5e2c087e8859610b7d681651ca3b5da97b87cf16a4b99c99d1788143a75c0261ffd72c6cd099f0ac1138ec972c680c7f70d3c9d0613c1c36da4617bb216f74de6fc8a10a734bcda3f042272c94e22ab0a952d9f62677dc3b78c5e3d8404fa71698ffd68c785988fdbc9711dc884765303781bcc5c868098e90faa9c2bad8b450f1b3f88e4ffe072806fd55a42fcc1fba0bae1a7cfcbdbdd097b166f6a5575878bf323a117f78a99dd4d803bceaf393f481e2866ce13c6c959474541268c73d2e357edbdcceb3af651e7a7608d8c75a46c28f71b543d2650e227651438ae17ee2feb984840f33ef0b48984f1adbf2d886237e605165fe05a98b77df16b5043379da41be9ebe07afe73cb2989940b2790e38060949b5566fa5473ab6f475a4386fe389de3d922989c474a4a2643790f73fad29ba9dc729464acbdb69788b592693ce39f5e2f7d695263363a76aaaa3573dcb7720a99da65fc71e4be1f8fbda2616326aa8eb0fa98fe4ef72cc9e8b1ff0ea6e5237bbdba34a5850975c99f0d7f5d1708a1d6c25901d67c37af223ba58eb8c09e7fed93dc52bed0a95a17c3c2e617af4a6087c6361639a457ab20626cf9044e2dfd693ec52d522b484d1db0ba9d78a89101373131b06b5f0a13d36e32e7f3ad5e6e0b6ea7d26e0ae452d5a8f29f6fb43b557a0339bec981f5ae74667d391705b8584d9a9f6a0db88e1947b293c2e6e67c07c7f7f8a2007aeba291907dc3a19cb0ab529d18d2809d6347b5e92d557ace23536a8268c59b07b929097d1d65529a80dcf9df245fed135c47531ab20b916861bd4bc3583d4c36a14eaf4835355c0c636037a9657e686214cb886712270b569c3f5a8f2fea1cd3f34adac244983919e01714d949c33516d60c663ea8d71e0b18abf1855dc5f5b914d2e78f20d5776b54a6a7e9831c6f7addb2623832f275b54aae272250b692c3f31c2466e66df0addceac3ef44facdc602952f255cdd62934b95c4efd755091c9d6615a1260da1f1c35e5dbdb2c99a7a0aa63e80fa77f70fece7530b4e1952dee03f94d269ed3f2a96e32446df17c845976518c9dc04c40b295a6f452439475a38cae7f6ecd20a050ee3d6dbbdc1fc48bf2cc91e034fa7f98a6e783dd80e246745c4d5425ed1c2a3c63fa7a8a8b9a8c26dce61b7940c943d33c91cec1d141377974ef413483b6dc84e66d3aba4b3d504b392b9ff8c6dd300274d4b182464f2338b9d60938ea20a8bb731dab0f6293f907e62913505cb9772b6c3f03772e60b8060fd4fdf4d1bd2f0a6c288631ac271b370ab5b9d228a125a0bb2d52452d67fa5b5535d0c6da6ce2d27554702874c28778112abe20847d116586b9abd874348c5f2cc7de1246a8348b7c7537f237dda1291670523218424a9929920b7bf8845d12a2ce1e30fb338958fda7a2f5e0deafc39f80357b9819d8a8b1eaa5b5d19bb20f0b8c784c3e053f20893993573776590a8557aa193657b9c064614078b2820065b939bfb05f7fc056796dd1f10471909ba1a6cc7e1ce86fef84043e167723a9d71e134dff0ab114d968163bc572bcda290de0188d52f22eacf155dcc4ea42dc0a6452337c32d0a83ac79eb64eaa502567b41878de908712edf22b343769131f8ba87dfaf9b5865174fafa315965ffa68c7b41802ebdf8333adf285e0a066f813021ff391d27e9676bb435c3ba3ba3894713dbb6f3379fc6b6c82e576eca3201bc15cd5f07a4260b12d6d44e481bd5a1fd1580a25b943769cf3a84db0441936eee579f626f898ef79503982a4d42e0223838c6414d685688343b6fdcae6f1d0de185d5ee9c4a92e79744e0eef552adfbeb51fde246126749f87cc82718a7c9402f6bef7a1ae34563efa6403c7d026a22aad99139673fc07e9ecbba12c396326fa484fedd6b521f81de11c8722f830b7d20389ab10e4b5b73ba806c787f69f85056d78d4ee5be03431cda6f01a8d4aeceded706327876a2794f224b7c3720f0c471a5183e65facab376e87ca5cfc1e549ec61b3e74bb2f9699e16b9cc12aaad792b7bcc7603e59a7d199819d2a94766aaba5bb1f7ffea57ebec3075b81a095eec432d1d149123e05b39c4732dba02b339e7e5392dbbb11b517751ea4b7cb8c3ebb1c213858418b331c5e7b0b6772b6cca79a411619b00bf3fa2c255ed57a54d4b777e198d2baa4b290d88bb884170e6852f0c33f673196c087e50f0b95329df0d18a3300028ee56e2b67db4ba6ee658f2569fce11825d3dee8d81b1bc34f16f8cd578e7d2249ab9197c467eb0039245f5ff24ba6a65753ab833b8c77e43bb350a78bca0d6ff138a7bfce413b3aff5b2f2e5be7196853d67c3a77e2ad7c43ae514880896c681f83708f2acf44c70a8c18c762861865b5e5aaa478b16932ce37bcc580fbfb2f20cd7d2c1a4427f3ecf74d6870b8449d8f604377e7f74deccfc13711f1c8f3e3ad08292b37af6b4626a2eb6905b95fbb52836de5d5508aa96dd124ed265d022d33202904c618343b16c5f5056f34232337c4bee10fe45cabce6ac9cec68dd2e9974681ae3d8961018fb3e845f53250cc4cb7101f12bd02a528372929afc6b3baa99248eef42af38c538dbcc1299459b946048162d3b48b90bf2554749f6022dab1154d2e225bc0eff152397c59bca354a8b12ed54dc131d1f1090277bd51356b5086cd20d1497bcc0f1a7206c769ee6f9565d72f8b50b2c6b7935e26ec5289c89da915779e7ba97ea3e6d9fee1941fdf64266d5d4accfb7e2a318660164f5dce86ae038cc0ffd461628509bf4e2c0ce0e4d7082532e1cc1e9271fcbae045a69f7dc391111dd711db36bcaf248254f07a4ed49d1b4fef72de5533ea05ba899fbe67febbdb6ca0ac86c7c170eb0965d2be5dcab90a6f63d95ee5ee57acc23795617cde965863ac0ff02238166f8ae60dd08e160445b6990a01967e771a17c67c630a516aac664599a2d15cd6a77c41a16fcb5ea9bd0d98e1be199148d9e361ed9a457921e0dede1bfe468ccceeb5b679d2e5a410795480303a43c60ab05df18e5ef95a410760064649df595cf33bfdb86602110db22fdddfae6affecfc39c86c7d5404903e0ad7f7a12b46b9c822cd6aaf9c7c92ed92ba3ef9959bb3308d5fb7688bf6bd31c435cd34a28a9078acbdf6b42132313e1838e40f15b32d94895c9bfd188b96d7676e1ccc79c2a057a2faadfa76f9fe08f4cb545489870430aeeebc0ffebe63c8eb94b77d6a6dfa4c8cd3ee55a411a2338dd6d27abe8486f0e70594f28bdaf7d44e9756c5553356c86406d425c2c0567d4fb198deb2594a07387ec9bbd9b8413cf421df31a382e77dd37682cee7783640fdf0ee0674f64afc057f6ed58ff46270d541d3f7840e97b70e0685245e045b30c53b8aea690f5b937c879f111966534e02b582bfed2c0bffe3aebddb15097954c462ac6f8108820bb9efb761f84aff01dc236a333b27c115919382b282d66663f39668b6c780bb582945a71bc4e9aab54852a9304bce170cec30b45f1ab9cb0bf3f606be3ea5024ecae129463bef5203889305f42a87baf5fe78cb3063f0bb22271a34d45fd8e88caa2bc24ba48b709c849d49f73a6286e5c4cecd21356b1bae94e612e2aef0ce119ce9a27503a79d623361373500c843d51cf3e679ca93002ab61bb5e93752ed360d0ba652e954d17355618ccf9a627ecc5c28f8178f77d4912c66ff35648d87a2067335e9cda253a3e0a977b6c7e4e25461d83dcb9f49ffd2d3af9fb9e6dbba5aefa4680103f55cbfddd42bac23807ee67a89582e271eab09e70db6183d654623c65f12c82c80b6e0995d057ecb57b0ff4c5a5e83c0a2080d9abde183c58300a4777e2dc72ca3b744420f95ae43936f700fa2178dc0d463ff35788dedf6557f75fe7b8eadb95cc02b123a3fe5179b993e4b82482b5848a182e168416ff31683f4bd6af52035f32fc5fa1fbb601a19a00b5a15db5fc736790357c297df93ee9313457b365917f39de0e3611bb46c3f697ace929ec4a735e6b69b18714de92e5dcd31b8f1fe05606a6798d2e72fabd7aa9030bb051d4ce75dc53ea9b616579e932cbb1837f6d6f33fbf25e3e469a25eda1376f5c9dafa6fd5e179b324353a4ed4c95af6cac8a5971e4e692a74f5ec3ca31f60c4c92bc15a72ac7076b3de056d87b664434532e6695a9f2ac73e5a9a25e21a99482ef94063c0b3d0876379741654b67ebb30ee782313dd4e6eb566925d3b0fabfca38ccc88d47d7fcdf9febe9e27ebf8aeb431f3132266b5b8387b1902556223bb56a4b633b0858ebfa9c0ee9aa7522d03e44176574a7da54b9b7d97b52c15873f1c77f79b57225b62d583e1d572c95001319f4972ebc15601f2e2adabfa8043f9db5113e3ff91d6ea205a5a6f8d335bf8d9d9b3fa396f49a00c9cd5a3235b45fde854efc0839281cda74607946454bbf307a9a8bd84e16388a1f078dd8458fa893a6d62f1a1d4a637c5935a707076fd196bcc8198d20943b1e824fd7d23f1bd4070955ca5c1d4691f13ac47da73b12b0716b37f93cdc70dfc464d41833ae3df5c5bd4a9bafa87062afca2e822c8e98ecf31fb9c9407a15d473e2b5d566bb68ebb86cf3877f5e68dee279b414cb72bb314fea7812947b252ab791c7f3d84a17551dddc4f9f1d0a736bd176e05f251bc2358483246c1349e3943d75189f9af4ad8c86a4e37e64e53a87cf61009759a393b407491bafe09a31f01018175046816c678ff174ad71213ae4")

15:43:50 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r3 = getpgid(0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r4, &(0x7f0000000240)={r0, r0, 0x3})

15:43:50 executing program 3:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, 0x0, 0x0)
r3 = getpgid(0xffffffffffffffff)
sched_rr_get_interval(r3, &(0x7f0000000000))
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000040)={0x2, 0x3})
syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0x0, 0x4000)

15:43:50 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x8704)
r0 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xf594, 0x100)
read$hidraw(r0, &(0x7f0000000040)=""/136, 0x88)
ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f0000000300))
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, r1, 0x300, 0x70bd25, 0x25dfdbff, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x8}, {0x6, 0x16, 0x3f}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x7}, {0x5}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xffff}, {0x6, 0x16, 0x200}, {0x5}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4011}, 0x80)

15:43:50 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x6)
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000000)={0x2, 0x4e24, @broadcast}, 0x10)

15:43:50 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
r3 = getpgid(0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r4, &(0x7f0000000240)={r0, r0, 0x3})

15:43:50 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r3 = getpgid(0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r4, &(0x7f0000000240)={r0, r0, 0x3})

15:43:50 executing program 2:
mmap$fb(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000004, 0x20010, 0xffffffffffffffff, 0x46000)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$HIDIOCGRDESCSIZE(r0, 0x80044801, &(0x7f0000000000))

15:43:50 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x28)

15:43:50 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf910", 0xff})

15:43:50 executing program 3:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4008af14, &(0x7f0000000000)={0x0, 0x3})

15:43:50 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, r3, &(0x7f0000000240)={r0, r0, 0x3})

15:43:50 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x8704)
r0 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xf594, 0x100)
read$hidraw(r0, &(0x7f0000000040)=""/136, 0x88)
ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f0000000300))
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, r1, 0x300, 0x70bd25, 0x25dfdbff, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x8}, {0x6, 0x16, 0x3f}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x7}, {0x5}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xffff}, {0x6, 0x16, 0x200}, {0x5}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4011}, 0x80)

15:43:51 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x4200000000704)
r0 = io_uring_setup(0x4c42, &(0x7f0000000000)={0x0, 0x90d3, 0x10, 0x0, 0x4})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000006, 0x8010, r0, 0x0)

15:43:51 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00')
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d1b, &(0x7f0000000040)=0x4d)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))
getuid()

15:43:51 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, r3, &(0x7f0000000240)={r0, r0, 0x3})

15:43:51 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0xf)

15:43:51 executing program 3:
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x32000)
r0 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r0, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
ptrace$getregset(0x4204, r0, 0x6, &(0x7f0000000000)={&(0x7f0000000080)=""/162, 0xa2})
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(0xffffffffffffffff, 0x4008af23, &(0x7f0000000140)={0x2, 0x10001})

15:43:51 executing program 1:
syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(0xffffffffffffffff, 0x0, 0x0, 0x180000)

15:43:51 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00')
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d1b, &(0x7f0000000040)=0x4d)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))
getuid()

15:43:51 executing program 3:
recvfrom$rose(0xffffffffffffffff, &(0x7f0000000080)=""/55, 0x37, 0x20, &(0x7f00000000c0)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, 0x1, @null}, 0x1c)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
socketpair(0x6, 0xa, 0x2, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
ioctl$sock_bt_hci(r0, 0x400448e4, &(0x7f0000000080))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000180)={<r1=>0xffffffffffffffff}, 0x106, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000140), 0x0, r1, 0x30, 0x1, @in6={0xa, 0x4e21, 0x1, @private0, 0xffffffff}}}, 0xa0)

15:43:51 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf912", 0xff})

15:43:51 executing program 2:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
r1 = accept4$rose(r0, &(0x7f0000000100)=@short={0xb, @dev, @remote, 0x1, @rose}, &(0x7f0000000140)=0x1c, 0x80800)
getsockopt$rose(r1, 0x104, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
accept4$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0xffffd8ee, @my=0x1}, 0x10, 0x800)
getresgid(&(0x7f0000000240), &(0x7f0000000280)=<r2=>0x0, &(0x7f00000002c0))
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000300)={{0x0, 0xee01, r2, 0xee00, 0xee01, 0x31, 0x8}, 0x80, 0x2, 0x1, 0x3f, 0x0, 0xffffffffffffffff, 0x800})
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/renderD128\x00', 0x8000, 0x0)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f00000000c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000080)}}, 0x18)

15:43:51 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, r3, &(0x7f0000000240)={r0, r0, 0x3})

15:43:51 executing program 1:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
r1 = accept4$rose(r0, &(0x7f0000000100)=@short={0xb, @dev, @remote, 0x1, @rose}, &(0x7f0000000140)=0x1c, 0x80800)
getsockopt$rose(r1, 0x104, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
accept4$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0xffffd8ee, @my=0x1}, 0x10, 0x800)
getresgid(&(0x7f0000000240), &(0x7f0000000280)=<r2=>0x0, &(0x7f00000002c0))
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000300)={{0x0, 0xee01, r2, 0xee00, 0xee01, 0x31, 0x8}, 0x80, 0x2, 0x1, 0x3f, 0x0, 0xffffffffffffffff, 0x800})
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/renderD128\x00', 0x8000, 0x0)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f00000000c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000080)}}, 0x18)

15:43:51 executing program 3:
ioctl$SIOCPNADDRESOURCE(0xffffffffffffffff, 0x89e0, &(0x7f0000000040)=0x8001)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x200c0, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x88c43, 0x0)
ioctl$SOUND_OLD_MIXER_INFO(r1, 0x80304d65, &(0x7f0000000180))
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x5], 0x400000000000002b, 0x800, 0x0, <r2=>0xffffffffffffffff})
write$bt_hci(r2, &(0x7f0000000140)=ANY=[], 0x7)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0043)

15:43:51 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00')
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d1b, &(0x7f0000000040)=0x4d)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))
getuid()

15:43:51 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, 0x0, 0x7, r6, &(0x7f0000000240)={r1, r1, 0x3})

15:43:51 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00')
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d1b, &(0x7f0000000040)=0x4d)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))

15:43:51 executing program 1:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x180000)

15:43:51 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
r1 = getpgid(0x0)
r2 = getpgid(0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r3, &(0x7f0000000240)={r0, r0, 0x3})

15:43:52 executing program 3:
r0 = getpgid(0x0)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000280)={0x3})
rt_tgsigqueueinfo(0x0, r0, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
ptrace$getregs(0xffffffffffffffff, r0, 0x7, &(0x7f0000000080)=""/153)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xd4, 0x0, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0xc9}, {0xc, 0x90, 0x80000001}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0xffffffffffffffff}, {0xc, 0x90, 0x80000001}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x800}}]}, 0xd4}, 0x1, 0x0, 0x0, 0x1}, 0x4005)
mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='fuse\x00', 0x3869, &(0x7f0000000580)=ANY=[@ANYBLOB="67645cbb97a49a42ddcf17976c61ceb6aef2303382ff7c56520a0a6a403200d5ff1658bb0ea3dc885c8b055f3b22c94d2f1eff6559f16176b3d5eb448b9ddc437e3f208362f58c7097160a07b0e28e17076a1d894ea12efe8ebe60cda1a039bf23a3e5866e8ce3039dcf92c544263136c2cdf3", @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75575f69641179ddd3d0ecb8c09ce8a3bf584bed607c3f9b46f628d27b6775a1e61fb74500313a4f410613d803b5b86cb0a8f82be89c0b126dc4f4caf192824110f2e11d0c18e0d53a7c386923b21be7bca03c7815b69114e5acb46aafb8fe97da9e3c525a4e05aa8e11256a1938542db075c99f64757daf2f4faaf85d6e9d042fc47d6fbbbbe9790f07", @ANYRESDEC=0xee01, @ANYBLOB=',max_read=0x0000000000000101,allow_other,permit_directio,func=FILE_MMAP,dont_measure,\x00'])
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
sched_rr_get_interval(r2, &(0x7f0000000240))
bind$bt_hci(r1, 0x0, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000040)={0xdf316881da2d0e04})
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

[  673.311259][T11942] Bluetooth: hci0: command 0x0401 tx timeout
15:43:52 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00')
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d1b, &(0x7f0000000040)=0x4d)
ioctl$SOUND_MIXER_READ_CAPS(0xffffffffffffffff, 0x80044dfc, &(0x7f00000000c0))

15:43:52 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf9c0", 0xff})

15:43:52 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})

15:43:52 executing program 2:
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1f}, {0x6, 0x11, 0x470}, {0x8, 0x13, 0x96}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x810)
shmget$private(0x0, 0x2000, 0x269066b311e5e6e, &(0x7f0000004000/0x2000)=nil)
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
mmap$IORING_OFF_SQES(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x200000c, 0x810, 0xffffffffffffffff, 0x10000000)

15:43:52 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = getpgid(0x0)
r2 = getpgid(0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r3, &(0x7f0000000240)={r0, r0, 0x3})

15:43:52 executing program 3:
read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, <r0=>0x0}, 0x2020)
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000002080)={0x60, 0x0, r0, {{0x800, 0x2, 0x81, 0x100, 0x8a32, 0x4, 0x2, 0x1}}}, 0x60)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
socket$nl_generic(0x10, 0x3, 0x10)

15:43:52 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00')
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d1b, &(0x7f0000000040)=0x4d)
ioctl$SOUND_MIXER_READ_CAPS(0xffffffffffffffff, 0x80044dfc, &(0x7f00000000c0))

15:43:52 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf912", 0xff})

15:43:52 executing program 2:
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1f}, {0x6, 0x11, 0x470}, {0x8, 0x13, 0x96}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x810)
shmget$private(0x0, 0x2000, 0x269066b311e5e6e, &(0x7f0000004000/0x2000)=nil)
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
mmap$IORING_OFF_SQES(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x200000c, 0x810, 0xffffffffffffffff, 0x10000000)

15:43:52 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00')
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d1b, &(0x7f0000000040)=0x4d)
ioctl$SOUND_MIXER_READ_CAPS(0xffffffffffffffff, 0x80044dfc, &(0x7f00000000c0))

15:43:52 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:52 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x84041)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000000c0)=""/184)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x1}, 0x8)
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
r1 = shmget$private(0x0, 0xf000, 0x10, &(0x7f0000ff1000/0xf000)=nil)
shmat(r1, &(0x7f0000ff5000/0x1000)=nil, 0x2000)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:52 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:53 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b"})

15:43:53 executing program 2:
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1f}, {0x6, 0x11, 0x470}, {0x8, 0x13, 0x96}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x810)
shmget$private(0x0, 0x2000, 0x269066b311e5e6e, &(0x7f0000004000/0x2000)=nil)
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
mmap$IORING_OFF_SQES(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x200000c, 0x810, 0xffffffffffffffff, 0x10000000)

15:43:53 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00')
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))

15:43:53 executing program 3:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x3f, 0x0, 0x7f, 0x4, 0x400, 0x1000], 0x6, 0x80000, 0x0, <r0=>0xffffffffffffffff})
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100)={0x0, r0}, 0x10)
ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, &(0x7f00000000c0)=r0)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:53 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:53 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x84041)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000000c0)=""/184)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x1}, 0x8)
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
r1 = shmget$private(0x0, 0xf000, 0x10, &(0x7f0000ff1000/0xf000)=nil)
shmat(r1, &(0x7f0000ff5000/0x1000)=nil, 0x2000)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:53 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf912", 0xff})

15:43:53 executing program 4:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))

15:43:53 executing program 2:
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1f}, {0x6, 0x11, 0x470}, {0x8, 0x13, 0x96}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x810)
shmget$private(0x0, 0x2000, 0x269066b311e5e6e, &(0x7f0000004000/0x2000)=nil)
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)

15:43:53 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:53 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:43:53 executing program 2:
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1f}, {0x6, 0x11, 0x470}, {0x8, 0x13, 0x96}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x810)
shmget$private(0x0, 0x2000, 0x269066b311e5e6e, &(0x7f0000004000/0x2000)=nil)
socket$phonet_pipe(0x23, 0x5, 0x2)

15:43:53 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x84041)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000000c0)=""/184)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x1}, 0x8)
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
r1 = shmget$private(0x0, 0xf000, 0x10, &(0x7f0000ff1000/0xf000)=nil)
shmat(r1, &(0x7f0000ff5000/0x1000)=nil, 0x2000)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:53 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:53 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))

15:43:54 executing program 2:
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1f}, {0x6, 0x11, 0x470}, {0x8, 0x13, 0x96}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x810)
shmget$private(0x0, 0x2000, 0x269066b311e5e6e, &(0x7f0000004000/0x2000)=nil)

15:43:54 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x84041)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000000c0)=""/184)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x1}, 0x8)
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
r1 = shmget$private(0x0, 0xf000, 0x10, &(0x7f0000ff1000/0xf000)=nil)
shmat(r1, &(0x7f0000ff5000/0x1000)=nil, 0x2000)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:54 executing program 5:
getpgid(0x0)
r0 = getpgid(0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, r1, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

[  675.379274][ T9766] Bluetooth: hci0: command 0x0401 tx timeout
15:43:54 executing program 3:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))

15:43:54 executing program 2:
shmget$private(0x0, 0x2000, 0x269066b311e5e6e, &(0x7f0000004000/0x2000)=nil)

15:43:54 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))

15:43:54 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x84041)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000000c0)=""/184)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x1}, 0x8)
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmget$private(0x0, 0xf000, 0x10, &(0x7f0000ff1000/0xf000)=nil)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:54 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff, 0x2})

15:43:54 executing program 5:
getpgid(0x0)
r0 = getpgid(0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, r1, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:54 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))

15:43:54 executing program 5:
getpgid(0x0)
r0 = getpgid(0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, r1, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:54 executing program 3:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:54 executing program 2:
shmget$private(0x0, 0x2000, 0x0, &(0x7f0000004000/0x2000)=nil)

15:43:54 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x84041)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000000c0)=""/184)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x1}, 0x8)
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:54 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x109801, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))

15:43:54 executing program 2:
shmget$private(0x0, 0x2000, 0x0, &(0x7f0000004000/0x2000)=nil)

15:43:54 executing program 5:
r0 = getpgid(0x0)
getpgid(0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, r1, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:55 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f00000000c0))

15:43:55 executing program 3:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:55 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff, 0x3})

15:43:55 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x84041)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000000c0)=""/184)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x1}, 0x8)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:55 executing program 5:
r0 = getpgid(0x0)
getpgid(0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, r1, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:55 executing program 4:
openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(0xffffffffffffffff, 0x80044dfc, &(0x7f00000000c0))

15:43:55 executing program 3:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:55 executing program 2:
shmget$private(0x0, 0x2000, 0x0, &(0x7f0000004000/0x2000)=nil)

15:43:55 executing program 5:
r0 = getpgid(0x0)
getpgid(0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, r1, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:55 executing program 2:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x84041)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000000c0)=""/184)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x1}, 0x8)
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:55 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x84041)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000000c0)=""/184)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:55 executing program 3:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:55 executing program 4:
openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(0xffffffffffffffff, 0x80044dfc, &(0x7f00000000c0))

15:43:55 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

[  677.459380][ T9766] Bluetooth: hci0: command 0x0401 tx timeout
15:43:56 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff, 0x4})

15:43:56 executing program 4:
openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(0xffffffffffffffff, 0x80044dfc, &(0x7f00000000c0))

15:43:56 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x84041)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:56 executing program 2:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x84041)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000000c0)=""/184)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x1}, 0x8)
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmget$private(0x0, 0xf000, 0x10, &(0x7f0000ff1000/0xf000)=nil)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:56 executing program 3:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:56 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:56 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, 0x0)

15:43:56 executing program 2:
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1f}, {0x6, 0x11, 0x470}, {0x8, 0x13, 0x96}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x810)
shmget$private(0x0, 0x2000, 0x269066b311e5e6e, &(0x7f0000004000/0x2000)=nil)
socket$phonet_pipe(0x23, 0x5, 0x2)

15:43:56 executing program 3:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:56 executing program 1:
ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05)

15:43:56 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:56 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, 0x0)

15:43:57 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff, 0x5})

15:43:57 executing program 3:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:57 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x180000)

15:43:57 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, 0x0)

15:43:57 executing program 1:
ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05)

15:43:57 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0)
ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, 0x0)

15:43:57 executing program 1:
ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05)

15:43:57 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff, 0x4})

15:43:57 executing program 3:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:57 executing program 4:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:57 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, 0x0)

15:43:57 executing program 1:
r0 = syz_open_dev$ndb(0x0, 0x0, 0x84041)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

[  679.539333][ T9766] Bluetooth: hci0: command 0x0401 tx timeout
15:43:58 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff, 0x6})

15:43:58 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, 0x0)

15:43:58 executing program 4:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:58 executing program 1:
r0 = syz_open_dev$ndb(0x0, 0x0, 0x84041)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:58 executing program 3:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:58 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, &(0x7f0000000240))

15:43:58 executing program 4:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:58 executing program 2:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, 0x0)

15:43:58 executing program 1:
r0 = syz_open_dev$ndb(0x0, 0x0, 0x84041)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:58 executing program 3:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:58 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x180000)

15:43:58 executing program 2:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, 0x0)

15:43:59 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff, 0x7})

15:43:59 executing program 4:
write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, 0x0, {0x1ff}}, 0x18)
setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, &(0x7f0000000080)={{0x3ff, 0x3}, 0x8}, 0x10)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0043)

15:43:59 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)

15:43:59 executing program 3:
getpgid(0x0)
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:43:59 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:43:59 executing program 2:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, 0x0)

15:43:59 executing program 2:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, 0x0)

15:43:59 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x180000)

15:43:59 executing program 1:
syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05)

15:43:59 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:43:59 executing program 2:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, 0x0)

15:43:59 executing program 3:
getpgid(0x0)
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

[  681.619229][ T3001] Bluetooth: hci0: command 0x0401 tx timeout
15:44:00 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff, 0x8})

15:44:00 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:44:00 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r1, 0x0, 0x0, 0x180000)

15:44:00 executing program 2:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, 0x0)

15:44:00 executing program 1:
syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05)

15:44:00 executing program 3:
getpgid(0x0)
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:44:00 executing program 3:
r0 = getpgid(0x0)
getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:44:00 executing program 1:
syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05)

15:44:00 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:44:00 executing program 4:
syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0)
ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05)

15:44:00 executing program 2:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, 0x0)

15:44:00 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x22500, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000040))

15:44:01 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x0)
r2 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0x100000001, 0x68a002)
ioctl$HIDIOCGRAWPHYS(r2, 0x80404805, &(0x7f0000000100))

15:44:01 executing program 3:
r0 = getpgid(0x0)
getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:44:01 executing program 2:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, 0x0)

15:44:01 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
kcmp$KCMP_EPOLL_TFD(r3, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:44:01 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x22500, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000040))

15:44:01 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r7, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})

15:44:01 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
kcmp$KCMP_EPOLL_TFD(r3, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:44:01 executing program 3:
r0 = getpgid(0x0)
getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:44:01 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x22500, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000040))

15:44:01 executing program 2:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, 0x0)

15:44:01 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r7, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})

15:44:01 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
kcmp$KCMP_EPOLL_TFD(r3, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:44:02 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7, "5bf90b", 0xff})
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000100)={0x60, 0xfffffffffffffff5, 0x0, {{0x8, 0x74, 0x1f, 0xe01a, 0x6200, 0x5, 0x3, 0x9}}}, 0x60)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x202300, 0x0)
bind$bt_hci(r1, &(0x7f00000000c0)={0x1f, 0x2, 0x2}, 0x6)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000080)={0x1, r1})

15:44:02 executing program 3:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, 0x0)

15:44:02 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000040))

15:44:02 executing program 2:
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, 0x0)

15:44:02 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
r6 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:44:02 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7, "5bf90b", 0xff})

15:44:02 executing program 3:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, 0x0)

15:44:02 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000040))

15:44:02 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
r6 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r1, r1, 0x3})

15:44:02 executing program 2:
getpgid(0x0)
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, 0x0)

15:44:02 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000040))

15:44:02 executing program 3:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, 0x0)

[  683.699598][ T9766] Bluetooth: hci0: command 0x0401 tx timeout
15:44:03 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x22500, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000040))

15:44:03 executing program 2:
getpgid(0x0)
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, 0x0)

15:44:03 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
read$hidraw(r1, &(0x7f0000000240)=""/4096, 0x1000)
setsockopt$bt_hci_HCI_DATA_DIR(r3, 0x0, 0x1, &(0x7f0000000000)=0x10000, 0x4)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0xa, 0x0, r2)

15:44:03 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x0)
r2 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0x100000001, 0x68a002)
ioctl$HIDIOCGRAWPHYS(r2, 0x80404805, &(0x7f0000000100))

15:44:03 executing program 3:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000240))

15:44:03 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r3 = socket$l2tp(0x2, 0x2, 0x73)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r4, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r2, 0x7, r3, &(0x7f0000000180)={r0, r4, 0x3e})
r5 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r2, r5, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:03 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x22500, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000040))

15:44:03 executing program 2:
getpgid(0x0)
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, 0x0)

15:44:03 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r4 = socket$l2tp(0x2, 0x2, 0x73)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r5, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r3, 0x7, r4, &(0x7f0000000180)={r1, r5, 0x3e})
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000040)=0x8002, 0x4)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x20002000})
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x0, [0x674, 0x4], 0x20}, 0x10)
r6 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r7, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r6, 0x7, r7, &(0x7f0000000240)={r1, r1, 0x3})
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:44:03 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x22500, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000040))

15:44:03 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
socket$l2tp(0x2, 0x2, 0x73)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r3, 0x0, 0x0)
r4 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r2, r4, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:03 executing program 2:
r0 = getpgid(0x0)
getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, 0x0)

15:44:03 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1e, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x4}, 0x40)

15:44:03 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x22500, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000040))

15:44:03 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
socket$l2tp(0x2, 0x2, 0x73)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:04 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r3, 0xb)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:04 executing program 2:
r0 = getpgid(0x0)
getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, 0x0)

15:44:04 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000040))

15:44:04 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
socket$l2tp(0x2, 0x2, 0x73)
r3 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:04 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1e, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x4}, 0x40)

15:44:04 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r2, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x180000)
accept4$rose(r1, 0x0, &(0x7f0000000080), 0x800)
getsockopt$rose(r0, 0x104, 0x5, &(0x7f0000000000), &(0x7f0000000040)=0x3)

15:44:04 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1e, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x4}, 0x40)

15:44:04 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r3 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r3, 0x0)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x9)

15:44:04 executing program 4:
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000040))

15:44:04 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r3 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:04 executing program 2:
r0 = getpgid(0x0)
getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, 0x0)

15:44:04 executing program 4:
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000040))

[  685.779281][ T9766] Bluetooth: hci0: command 0x0c1a tx timeout
15:44:05 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff, 0x1})
getsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
setsockopt$bt_hci_HCI_DATA_DIR(r1, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4)

15:44:05 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:44:05 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r3 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r3, 0x0)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x9)

15:44:05 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r3 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r3, 0x0)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x9)

15:44:05 executing program 4:
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000040))

15:44:05 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
r3 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:05 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, 0x0)

15:44:05 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:05 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r3 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r3, 0x0)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x9)

15:44:05 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:44:05 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r3, 0xb)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:05 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:06 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x2, 0x0, "5bf90b", 0xff, 0xa9})
syz_genetlink_get_family_id$devlink(&(0x7f0000000000)='devlink\x00')

15:44:06 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, 0x0)

15:44:06 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r3 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r3, 0x0)

15:44:06 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:44:06 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:06 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:06 executing program 4:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, 0x0)

15:44:06 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x4}, 0x40)

15:44:06 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
r1 = getpgid(0x0)
r2 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:06 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:06 executing program 2:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, 0x0)

15:44:06 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

[  687.869229][ T3001] Bluetooth: hci0: command 0x0c1a tx timeout
15:44:07 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0xfff9, "c34000", 0xd7, 0x2})

15:44:07 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:07 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

15:44:07 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = getpgid(0x0)
r2 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:07 executing program 2:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, 0x0)

15:44:07 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:07 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
socket$phonet_pipe(0x23, 0x5, 0x2)
r2 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r2, 0x0)

15:44:07 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r3, 0xb)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:07 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

15:44:07 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:44:07 executing program 2:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, 0x0)

15:44:07 executing program 2:
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, 0x0)

15:44:08 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bsg\x00', 0x1, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x7, &(0x7f0000000100)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0xfffff801, 0x0, 0x0, 0x0, 0x5}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0x74}, @alu={0x7, 0x1, 0x4, 0x1, 0xa, 0x20, 0xffffffffffffffff}], &(0x7f0000000140)='syzkaller\x00', 0x8, 0x0, 0x0, 0x83e00, 0xa, [], 0x0, 0x0, r1, 0x8, &(0x7f0000000240)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0xf, 0x7b, 0x2}, 0x10, 0x2ff4a}, 0x78)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000340)='/dev/bsg\x00', 0x440040, 0x0)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r2 = geteuid()
r3 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
time(&(0x7f0000000000))
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x3, r2, 0xee00, 0xee00, 0x0, 0x41, 0x7}, 0xffff, 0x100, 0x9, 0x6, r3, 0xffffffffffffffff, 0x6})

15:44:08 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

15:44:08 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:44:08 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r2, 0x0)

15:44:08 executing program 2:
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, 0x0)

15:44:08 executing program 2:
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, 0x0)

15:44:08 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r3, 0xb)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:08 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r3, 0xb)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:08 executing program 5:
getpgid(0x0)
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:44:08 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
r1 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r1, 0x0)

15:44:08 executing program 2:
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, 0x0)

15:44:08 executing program 5:
getpgid(0x0)
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

[  689.619159][T11942] Bluetooth: hci2: command 0x0401 tx timeout
[  689.949326][ T3001] Bluetooth: hci0: command 0x0c1a tx timeout
15:44:09 executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10001, 0x0)
socket(0x14, 0xa, 0x0)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000180)={0x2, 0x8, 'y~p', 0x6, 0xff})
ioctl$SIOCPNADDRESOURCE(r4, 0x89e0, &(0x7f0000000540)=0x2)
setsockopt$bt_hci_HCI_DATA_DIR(r4, 0x0, 0x1, &(0x7f0000000140)=0x20, 0x4)
setrlimit(0xb, &(0x7f00000000c0)={0x8, 0x3})

15:44:09 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r1, 0x0)

15:44:09 executing program 2:
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, 0x0)

15:44:09 executing program 5:
getpgid(0x0)
r0 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(0x0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:44:09 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r3, 0xb)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:09 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r3, 0xb)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:09 executing program 5:
r0 = getpgid(0x0)
getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:44:09 executing program 2:
r0 = openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, 0x0)

15:44:09 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
socket$rds(0x15, 0x5, 0x0)
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:09 executing program 2:
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, 0x0)

15:44:09 executing program 5:
r0 = getpgid(0x0)
getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:44:09 executing program 2:
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, 0x0)

15:44:10 executing program 0:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$SOUND_MIXER_INFO(r0, 0x805c4d65, &(0x7f0000000080))

15:44:10 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:10 executing program 5:
r0 = getpgid(0x0)
getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff, 0x3})

15:44:10 executing program 2:
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, 0x0)

15:44:10 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r3, 0xb)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:10 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r2, 0xb)

15:44:10 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, 0x0)

15:44:10 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, 0x0)

15:44:10 executing program 0:
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, 0x0, {{0x1, 0x9, 0xbf, 0x8, 0x5, 0xffffffff, 0xffffffff, 0x954}}}, 0x60)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmat(0xffffffffffffffff, &(0x7f0000fec000/0x13000)=nil, 0x2000)
openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x100, 0x0)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

15:44:10 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10001, 0x0)
socket(0x14, 0xa, 0x0)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000180)={0x2, 0x8, 'y~p', 0x6, 0xff})
ioctl$SIOCPNADDRESOURCE(r4, 0x89e0, &(0x7f0000000540)=0x2)
setsockopt$bt_hci_HCI_DATA_DIR(r4, 0x0, 0x1, &(0x7f0000000140)=0x20, 0x4)
setrlimit(0xb, &(0x7f00000000c0)={0x8, 0x3})

15:44:10 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:10 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)

15:44:10 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, 0x0)

15:44:10 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

[  691.699245][    T5] Bluetooth: hci2: command 0x0401 tx timeout
15:44:10 executing program 5:
r0 = getpgid(0x0)
r1 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000240))

15:44:10 executing program 1:
r0 = io_uring_setup(0x0, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

[  692.019278][    T5] Bluetooth: hci0: command 0x0c1a tx timeout
15:44:11 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r2, 0xb)

15:44:11 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:11 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:11 executing program 1:
r0 = io_uring_setup(0x0, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:11 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$rds(0xffffffffffffffff, &(0x7f00000016c0)={&(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10, &(0x7f00000013c0)=[{&(0x7f0000000080)=""/183, 0xb7}, {&(0x7f0000000140)=""/213, 0xd5}, {&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000001240)=""/20, 0x14}, {&(0x7f0000001280)=""/62, 0x3e}, {&(0x7f00000012c0)=""/205, 0xcd}], 0x6, &(0x7f0000001600)=[@rdma_dest={0x18, 0x114, 0x2, {0xa011}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x1}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001440)=""/251, 0xfb}, &(0x7f0000001540), 0xc}}, @mask_fadd={0x58, 0x114, 0x8, {{0x1ff, 0x8000}, &(0x7f0000001580)=0x401, &(0x7f00000015c0)=0xa2, 0x5, 0x3f, 0x1f, 0x4, 0x2}}], 0xb8, 0x40}, 0x20000000)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000001700)={0x8, [0x5, 0x8], 0xf9}, 0x10)

15:44:11 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:11 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:11 executing program 1:
r0 = io_uring_setup(0x0, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:11 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)

15:44:11 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10001, 0x0)
socket(0x14, 0xa, 0x0)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000180)={0x2, 0x8, 'y~p', 0x6, 0xff})
ioctl$SIOCPNADDRESOURCE(r4, 0x89e0, &(0x7f0000000540)=0x2)
setsockopt$bt_hci_HCI_DATA_DIR(r4, 0x0, 0x1, &(0x7f0000000140)=0x20, 0x4)
setrlimit(0xb, &(0x7f00000000c0)={0x8, 0x3})

15:44:11 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

15:44:11 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:11 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:11 executing program 1:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:11 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:11 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:12 executing program 0:
shmctl$IPC_RMID(0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:12 executing program 1:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:12 executing program 5:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:12 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)

15:44:12 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

15:44:12 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10001, 0x0)
socket(0x14, 0xa, 0x0)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000180)={0x2, 0x8, 'y~p', 0x6, 0xff})
ioctl$SIOCPNADDRESOURCE(r4, 0x89e0, &(0x7f0000000540)=0x2)
setsockopt$bt_hci_HCI_DATA_DIR(r4, 0x0, 0x1, &(0x7f0000000140)=0x20, 0x4)
setrlimit(0xb, &(0x7f00000000c0)={0x8, 0x3})

15:44:12 executing program 1:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:12 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

15:44:12 executing program 5:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:12 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)

15:44:12 executing program 5:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

[  693.699263][ T3205] Bluetooth: hci4: command 0x0401 tx timeout
15:44:12 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)

[  693.784894][ T3205] Bluetooth: hci2: command 0x0401 tx timeout
[  694.099402][    T5] Bluetooth: hci0: command 0x0c1a tx timeout
15:44:13 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$VHOST_SET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af13, &(0x7f0000000000))
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000001540)=0x1, 0x4)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001500)={&(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10, &(0x7f0000001280)=[{&(0x7f00000000c0)=""/61, 0x3d}, {&(0x7f0000000100)=""/170, 0xaa}, {&(0x7f00000001c0)=""/56, 0x38}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000280)=""/4096, 0x1000}], 0x5, &(0x7f0000001400)=[@rdma_dest={0x18, 0x114, 0x2, {0x5, 0x3ff}}, @rdma_dest={0x18, 0x114, 0x2, {0x7ff, 0x5}}, @fadd={0x58, 0x114, 0x6, {{0x80000001, 0x55}, &(0x7f0000001300), &(0x7f0000001340)=0xdca4, 0xc1a0, 0x4, 0x3, 0x1f, 0x5c, 0x1}}, @cswp={0x58, 0x114, 0x7, {{0x5, 0x7fffffff}, &(0x7f0000001380)=0x2, &(0x7f00000013c0)=0x6, 0x81, 0x5, 0x3, 0xffffffffffffff74, 0x42, 0x1}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x31b}], 0xf8}, 0x80)

15:44:13 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0x0, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:13 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

15:44:13 executing program 5:
r0 = io_uring_setup(0x0, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:13 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:44:13 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10001, 0x0)
socket(0x14, 0xa, 0x0)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000180)={0x2, 0x8, 'y~p', 0x6, 0xff})
ioctl$SIOCPNADDRESOURCE(r4, 0x89e0, &(0x7f0000000540)=0x2)
setsockopt$bt_hci_HCI_DATA_DIR(r4, 0x0, 0x1, &(0x7f0000000140)=0x20, 0x4)

15:44:13 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:13 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:44:13 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:13 executing program 5:
r0 = io_uring_setup(0x0, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:13 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:44:13 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:14 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x3, 0x0, "5bf90b", 0xfe})

15:44:14 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:14 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:14 executing program 5:
r0 = io_uring_setup(0x0, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:14 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x2, 0x100, 0x6, 0x101}, 0x40)

15:44:14 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10001, 0x0)
socket(0x14, 0xa, 0x0)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000180)={0x2, 0x8, 'y~p', 0x6, 0xff})
ioctl$SIOCPNADDRESOURCE(r4, 0x89e0, &(0x7f0000000540)=0x2)

15:44:14 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:14 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x2, 0x100, 0x6, 0x101}, 0x40)

15:44:14 executing program 5:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:14 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:14 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x2, 0x100, 0x6, 0x101}, 0x40)

15:44:14 executing program 5:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

[  695.779140][ T3205] Bluetooth: hci4: command 0x0401 tx timeout
[  695.859133][ T3205] Bluetooth: hci2: command 0x0401 tx timeout
[  696.179287][ T3205] Bluetooth: hci0: command 0x0401 tx timeout
15:44:15 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r1 = socket(0x9, 0x1, 0xfaed)
ioctl$SIOCPNADDRESOURCE(r1, 0x89e0, &(0x7f0000000000)=0x7)

15:44:15 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:15 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:15 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x100, 0x6, 0x101}, 0x40)

15:44:15 executing program 5:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:15 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10001, 0x0)
socket(0x14, 0xa, 0x0)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000180)={0x2, 0x8, 'y~p', 0x6, 0xff})

15:44:15 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0x0, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:15 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:15 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x0, 0x6, 0x101}, 0x40)

15:44:15 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x0, 0x0, 0x101}, 0x40)

15:44:15 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:15 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:15 executing program 0:
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000000)={0x0, 0x3f})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x80000000, 0xffffffff], 0x2, 0x80000, 0x0, <r1=>0xffffffffffffffff})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, 0x10010, r1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r2, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)={0x188, r3, 0x100, 0x70bd25, 0x25dfdbfc, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x96}, {0x6, 0x16, 0x4}, {0x5, 0x12, 0x1}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x1f8}, {0x6}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x3}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0xb8}, {0x6}, {0x5, 0x12, 0x1}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7368}, {0x6, 0x16, 0x7ff}, {0x5}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8}, {0x6, 0x16, 0x8}, {0x5, 0x12, 0x1}}]}, 0x188}, 0x1, 0x0, 0x0, 0x10}, 0x810)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, r3, 0x0, 0x70bd26, 0x25dfdbfd, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}, {0xc, 0x8f, 0x469}, {0xc, 0x90, 0x2}}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0)

15:44:15 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:15 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x0, 0x0, 0x101}, 0x40)

15:44:15 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:15 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:15 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10001, 0x0)
socket(0x14, 0xa, 0x0)

15:44:16 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:16 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
socket(0x14, 0xa, 0x0)

15:44:16 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:16 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x0, 0x0, 0x101}, 0x40)

15:44:16 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x104e}, 0x78)

15:44:16 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x10, r0, 0x0)

[  697.540394][T12446] Bluetooth: hci3: command 0x0401 tx timeout
[  697.939204][T12446] Bluetooth: hci2: command 0x0401 tx timeout
15:44:16 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
syz_genetlink_get_family_id$devlink(&(0x7f0000000000)='devlink\x00')

15:44:16 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

15:44:16 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x0, 0x6}, 0x40)

15:44:16 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580)})
socket(0x14, 0xa, 0x0)

15:44:16 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:16 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x10, r0, 0x0)

15:44:16 executing program 4:
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000000)={0x0, 0x3f})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x80000000, 0xffffffff], 0x2, 0x80000, 0x0, <r1=>0xffffffffffffffff})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, 0x10010, r1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r2, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)={0x188, r3, 0x100, 0x70bd25, 0x25dfdbfc, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x96}, {0x6, 0x16, 0x4}, {0x5, 0x12, 0x1}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x1f8}, {0x6}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x3}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0xb8}, {0x6}, {0x5, 0x12, 0x1}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7368}, {0x6, 0x16, 0x7ff}, {0x5}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8}, {0x6, 0x16, 0x8}, {0x5, 0x12, 0x1}}]}, 0x188}, 0x1, 0x0, 0x0, 0x10}, 0x810)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, r3, 0x0, 0x70bd26, 0x25dfdbfd, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}, {0xc, 0x8f, 0x469}, {0xc, 0x90, 0x2}}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0)

15:44:17 executing program 3:
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000000)={0x0, 0x3f})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x80000000, 0xffffffff], 0x2, 0x80000, 0x0, <r1=>0xffffffffffffffff})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, 0x10010, r1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r2, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)={0x188, r3, 0x100, 0x70bd25, 0x25dfdbfc, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x96}, {0x6, 0x16, 0x4}, {0x5, 0x12, 0x1}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x1f8}, {0x6}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x3}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0xb8}, {0x6}, {0x5, 0x12, 0x1}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7368}, {0x6, 0x16, 0x7ff}, {0x5}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8}, {0x6, 0x16, 0x8}, {0x5, 0x12, 0x1}}]}, 0x188}, 0x1, 0x0, 0x0, 0x10}, 0x810)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, r3, 0x0, 0x70bd26, 0x25dfdbfd, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}, {0xc, 0x8f, 0x469}, {0xc, 0x90, 0x2}}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0)

15:44:17 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
socket(0x14, 0xa, 0x0)

15:44:17 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:17 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x10, r0, 0x0)

[  698.259345][ T3001] Bluetooth: hci0: command 0x0c1a tx timeout
15:44:17 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket(0x14, 0xa, 0x0)

15:44:17 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x1, 0x40], 0x2, 0x80800, 0x0, <r1=>0xffffffffffffffff})
write$bt_hci(r1, &(0x7f00000000c0)={0x1, @read_remote_features={{0x41b, 0x2}, {0xc8}}}, 0x6)

15:44:17 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:17 executing program 1:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:17 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
socket(0x14, 0xa, 0x0)

15:44:17 executing program 4:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket(0x14, 0xa, 0x0)

15:44:17 executing program 3:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x10, r0, 0x0)

15:44:18 executing program 4:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:18 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
socket(0x14, 0xa, 0x0)

15:44:18 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:18 executing program 1:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:18 executing program 3:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:18 executing program 2:
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
socket(0x14, 0xa, 0x0)

[  700.019222][T11942] Bluetooth: hci2: command 0x0401 tx timeout
15:44:18 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x1, 0x0, "5bf90b", 0xff})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x100, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000180)={0x27c, 0x0, 0x10, 0x70bd28, 0x25dfdbfc, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x728}, {0x6, 0x11, 0x93e}, {0x8, 0x13, 0x3}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x4}, {0x6}, {0x8, 0x13, 0xb2}, {0x5}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0xad1}, {0x6, 0x11, 0x4}, {0x8, 0x13, 0x7f}, {0x5, 0x14, 0x1}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xbf}, {0x6, 0x11, 0x3}, {0x8}, {0x5, 0x14, 0x1}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x86}, {0x6, 0x11, 0x1f}, {0x8}, {0x5}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0xda}, {0x8, 0x13, 0x7}, {0x5}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x800}, {0x6, 0x11, 0xd7d1}, {0x8, 0x13, 0x3}, {0x5, 0x14, 0x1}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xff}, {0x6, 0x11, 0x4}, {0x8, 0x13, 0x867c}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x7fff}, {0x8, 0x13, 0x117}, {0x5}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0xfff7}, {0x8, 0x13, 0x2}, {0x5}}]}, 0x27c}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x80, 0xcf, 0x1, 0x7], 0x4, 0x0, 0x0, <r2=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x18, 0xfff, 0x0, 0x6, 0x1a00, r1, 0x7f, [], 0x0, r2, 0x0, 0x0, 0x1}, 0x40)

15:44:18 executing program 4:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580)})
socket(0x14, 0xa, 0x0)

15:44:18 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x10, r0, 0x0)

15:44:18 executing program 1:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:18 executing program 2:
socket(0x14, 0xa, 0x0)

15:44:18 executing program 3:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:18 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x1, 0x40], 0x2, 0x80800, 0x0, <r1=>0xffffffffffffffff})
write$bt_hci(r1, &(0x7f00000000c0)={0x1, @read_remote_features={{0x41b, 0x2}, {0xc8}}}, 0x6)

15:44:18 executing program 2:
socket(0x0, 0xa, 0x0)

15:44:18 executing program 3:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:18 executing program 1:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10001, 0x0)
socket(0x14, 0xa, 0x0)

15:44:19 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x10, r0, 0x0)

15:44:19 executing program 2:
socket(0x0, 0xa, 0x0)

[  700.346096][T11942] Bluetooth: hci0: command 0x0401 tx timeout
15:44:19 executing program 0:
socket$l2tp(0x2, 0x2, 0x73)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x2000, 0x3, "5bf90b", 0xff})

15:44:19 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x10, r0, 0x0)

15:44:19 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x10, r0, 0x0)

15:44:19 executing program 2:
socket(0x0, 0xa, 0x0)

15:44:19 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:19 executing program 4:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10001, 0x0)
socket(0x14, 0xa, 0x0)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000180)={0x2, 0x8, 'y~p', 0x6, 0xff})

15:44:19 executing program 2:
socket(0x14, 0x0, 0x0)

15:44:19 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:19 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x0, 0x0, 0x101}, 0x40)

15:44:19 executing program 5:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:19 executing program 0:
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x408100, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x2, 0x73, "a93b00", 0xff})

15:44:20 executing program 3:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:20 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x0, 0x0, 0x101}, 0x40)

15:44:20 executing program 2:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0x0, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:20 executing program 5:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:20 executing program 3:
r0 = io_uring_setup(0x0, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:20 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x0, 0x0, 0x101}, 0x40)

15:44:20 executing program 4:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:20 executing program 2:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:20 executing program 5:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:20 executing program 3:
r0 = io_uring_setup(0x0, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:20 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

[  702.099149][T11942] Bluetooth: hci2: command 0x0401 tx timeout
15:44:20 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x0, "5bf90b", 0xff})

15:44:20 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:44:20 executing program 3:
r0 = io_uring_setup(0x0, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:20 executing program 5:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:20 executing program 2:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:20 executing program 4:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000840)={0x9, 0x0, [{0x1, 0x69, &(0x7f0000000480)=""/105}, {0x10000, 0x7c, &(0x7f0000000240)=""/124}, {0x2, 0x12, &(0x7f0000000300)=""/18}, {0x100000, 0xde, &(0x7f0000000340)=""/222}, {0x6000, 0xd4, &(0x7f0000000580)=""/212}, {0x10000, 0x5c, &(0x7f0000000680)=""/92}, {0x0, 0x92, &(0x7f0000000a00)=""/146}, {0x109001, 0x19000, &(0x7f0000002580)=""/102400}, {0x5000, 0xf4, &(0x7f0000000740)=""/244}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f0000000000)={0x0, 0xfe, "db054b", 0xff})
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10001, 0x0)
socket(0x14, 0xa, 0x0)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000180)={0x2, 0x8, 'y~p', 0x6, 0xff})
ioctl$SIOCPNADDRESOURCE(r4, 0x89e0, &(0x7f0000000540)=0x2)
setsockopt$bt_hci_HCI_DATA_DIR(r4, 0x0, 0x1, &(0x7f0000000140)=0x20, 0x4)

15:44:21 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:44:21 executing program 2:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:21 executing program 5:
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x408100, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x2, 0x73, "a93b00", 0xff})

[  702.259353][T11942] Bluetooth: hci1: command 0x0401 tx timeout
15:44:21 executing program 3:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:21 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x101}, 0x40)

15:44:21 executing program 3:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

[  702.419279][T11942] Bluetooth: hci0: command 0x0401 tx timeout
15:44:21 executing program 0:
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8, 0x10, 0xffffffffffffffff, 0x10000000)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/renderD128\x00', 0x2860c2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000080)={&(0x7f00000000c0)=[0x1f, 0x1f, 0x1, 0x80, 0x7, 0xfff, 0x0, 0x1], 0x8, 0x81000, 0x0, <r2=>0xffffffffffffffff})
mmap$fb(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000000, 0x80010, r2, 0xdb000)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
geteuid()

15:44:21 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0)

15:44:21 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x101}, 0x40)

15:44:21 executing program 3:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:21 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

15:44:21 executing program 5:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)

15:44:21 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x101}, 0x40)

15:44:21 executing program 4:
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, 0x0, {{0x1, 0x9, 0xbf, 0x8, 0x5, 0xffffffff, 0xffffffff, 0x954}}}, 0x60)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmat(0xffffffffffffffff, &(0x7f0000fec000/0x13000)=nil, 0x2000)
openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x100, 0x0)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

15:44:21 executing program 3:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:22 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0)

15:44:22 executing program 5:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_LOCK(r2, 0xb)

15:44:22 executing program 2:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0)

15:44:22 executing program 0:
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000080)=""/184, 0xb8, 0x1, &(0x7f0000000000)={0x23, 0x0, 0xaf, 0x6f}, 0x10)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:22 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe}, 0x40)

15:44:22 executing program 3:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:22 executing program 5:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:22 executing program 2:
r0 = io_uring_setup(0x0, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:22 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:22 executing program 5:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

15:44:22 executing program 2:
r0 = io_uring_setup(0x0, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:22 executing program 4:
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, 0x0, {{0x1, 0x9, 0xbf, 0x8, 0x5, 0xffffffff, 0xffffffff, 0x954}}}, 0x60)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmat(0xffffffffffffffff, &(0x7f0000fec000/0x13000)=nil, 0x2000)
openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x100, 0x0)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

15:44:22 executing program 3:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

[  704.179115][T11942] Bluetooth: hci2: command 0x0401 tx timeout
15:44:23 executing program 2:
r0 = io_uring_setup(0x0, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:23 executing program 5:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)

[  704.346905][T11942] Bluetooth: hci1: command 0x0401 tx timeout
[  704.499348][ T9766] Bluetooth: hci0: command 0x0401 tx timeout
15:44:23 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
getpgid(0xffffffffffffffff)
bind$bt_hci(r1, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r1, &(0x7f0000000000)={0x48000002})

15:44:23 executing program 3:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x10, r0, 0x0)

15:44:23 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:23 executing program 2:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:23 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)

15:44:23 executing program 2:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:23 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)

15:44:23 executing program 4:
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, 0x0, {{0x1, 0x9, 0xbf, 0x8, 0x5, 0xffffffff, 0xffffffff, 0x954}}}, 0x60)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmat(0xffffffffffffffff, &(0x7f0000fec000/0x13000)=nil, 0x2000)
openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x100, 0x0)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

15:44:23 executing program 2:
r0 = io_uring_setup(0x1b14, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0)

15:44:23 executing program 3:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x10, r0, 0x0)

15:44:23 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_ext={0x1c, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @alu={0x4, 0x0, 0xb, 0x0, 0x6, 0x18, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc5e}, @ldst={0x1, 0x2, 0x6, 0x9, 0x8, 0xfffffffffffffffe}, @alu={0x4, 0x0, 0xd, 0x5, 0x8, 0x8, 0xfffffffffffffff0}, @ldst={0x1, 0x2, 0x2, 0x0, 0x9, 0xffffffffffffffff, 0x1}, @exit, @alu={0x7, 0x0, 0x1, 0x4, 0x7, 0xffffffffffffffc0, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @generic={0x7f, 0x6, 0x5, 0xb82, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x10000000, 0xf2, &(0x7f0000000140)=""/242, 0x40e00, 0x20, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x9, 0x2, 0xfff}, 0x10, 0x104e}, 0x78)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmget(0x0, 0x3000, 0x100, &(0x7f0000ffb000/0x3000)=nil)

15:44:23 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x2, 0x100, 0x6, 0x101}, 0x40)

[  705.389180][ T9766] Bluetooth: hci4: command 0x0401 tx timeout
15:44:24 executing program 0:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r1)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "000500", 0xff})

15:44:24 executing program 2:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0)

15:44:24 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:44:24 executing program 3:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x10, r0, 0x0)

15:44:24 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r0, 0x0)

15:44:24 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

15:44:24 executing program 3:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:24 executing program 2:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0)

15:44:24 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r3 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:24 executing program 4:
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, 0x0, {{0x1, 0x9, 0xbf, 0x8, 0x5, 0xffffffff, 0xffffffff, 0x954}}}, 0x60)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmat(0xffffffffffffffff, &(0x7f0000fec000/0x13000)=nil, 0x2000)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

15:44:24 executing program 3:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:24 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

[  706.266039][ T9766] Bluetooth: hci2: command 0x0401 tx timeout
[  706.589317][T11942] Bluetooth: hci0: command 0x0401 tx timeout
15:44:25 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0xfbff, 0x1, '\x00', 0xff, 0x8})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
shmctl$SHM_INFO(0xffffffffffffffff, 0xe, &(0x7f0000000080)=""/235)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000040)=0xdefa, 0x4)

15:44:25 executing program 2:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0)

15:44:25 executing program 1:
r0 = io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0)

15:44:25 executing program 3:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)

15:44:25 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x2, 0x100, 0x6, 0x101}, 0x40)

15:44:25 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x2, 0x100, 0x6, 0x101}, 0x40)

15:44:25 executing program 2:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0)

15:44:25 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$HIDIOCGRDESCSIZE(r1, 0x80044801, &(0x7f0000000000))
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
userfaultfd(0x80800)

15:44:25 executing program 4:
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, 0x0, {{0x1, 0x9, 0xbf, 0x8, 0x5, 0xffffffff, 0xffffffff, 0x954}}}, 0x60)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

15:44:25 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0xfbff, 0x1, '\x00', 0xff, 0x8})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
shmctl$SHM_INFO(0xffffffffffffffff, 0xe, &(0x7f0000000080)=""/235)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000040)=0xdefa, 0x4)

15:44:25 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x440, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90010000", @ANYRES16=r1, @ANYBLOB="040027bd7000fcdbdf250b000000080001007063690011000200303030303a30303a31302e300000000008000b001f0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0081000000080001007063690011000200303030303a30303a31302e300000000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b007be00000080001007063690011000200303030303a3030000008000b00000200000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b009efffffffb0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00e5f5a4f92500000040080001007063690011000200300100000000000000302e300000000008000b00020000000e0001006e657464657673696d0000020f0002006e657464657673696d30000008000b000001000000000000000000"], 0x190}, 0x1, 0x0, 0x0, 0x24000000}, 0x480d0)
r2 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r2, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
r3 = getpgid(0x0)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, 0xffffffffffffffff, &(0x7f0000000240)={r0, r0, 0x3})

15:44:25 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x2, 0x100, 0x6, 0x101}, 0x40)

15:44:25 executing program 2:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0)

15:44:25 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r3 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r3, 0x0)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x9)

15:44:25 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x100, 0x6, 0x101}, 0x40)

15:44:25 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x600, 0x0, "5bf90b", 0xff})

15:44:25 executing program 2:
io_uring_setup(0x1b14, &(0x7f00000014c0))
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0)

15:44:25 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x0, 0x6, 0x101}, 0x40)

15:44:26 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x500, 0x0, "5bf90b", 0xff})

[  707.459155][T11942] Bluetooth: hci4: command 0x0401 tx timeout
15:44:26 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x70, 0x0, &(0x7f0000000100)=[@acquire, @increfs, @release={0x40046306, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x0, 0x3}, @fda={0x66646185, 0x7, 0x0, 0x20}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}, 0x1000}, @dead_binder_done], 0x0, 0x0, &(0x7f0000000180)})
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:26 executing program 4:
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, 0x0, {{0x1, 0x9, 0xbf, 0x8, 0x5, 0xffffffff, 0xffffffff, 0x954}}}, 0x60)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

15:44:26 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r3 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r3, 0x0)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x9)

15:44:26 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x8, 0x0, "5bf90b", 0xff})

15:44:26 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x0, 0x0, 0x0, 0x101}, 0x40)

15:44:26 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x5)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00')
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, &(0x7f0000000340)={0x2, 0x4e20, @multicast1}, 0x10)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r1, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1cc, r2, 0x200, 0x70bd28, 0x25dfdbfb, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xfffffffe}, {0x6, 0x16, 0x9}, {0x5}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x5}, {0x6, 0x16, 0x8000}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x1}, {0x6}, {0x5}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x400}, {0x5}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0x8, 0xb, 0xffffffff}, {0x6, 0x16, 0x2}, {0x5}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xffffffff}, {0x6, 0x16, 0x8001}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x7}, {0x5, 0x12, 0x1}}]}, 0x1cc}, 0x1, 0x0, 0x0, 0x20048080}, 0x2010)

15:44:26 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$HIDIOCGRDESCSIZE(r1, 0x80044801, &(0x7f0000000000))
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
userfaultfd(0x80800)

15:44:26 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe}, 0x40)

15:44:26 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x6, 0x0, "5bf90b", 0xff})

15:44:26 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r3 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r3, 0x0)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x9)

15:44:26 executing program 4:
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, 0x0, {{0x1, 0x9, 0xbf, 0x8, 0x5, 0xffffffff, 0xffffffff, 0x954}}}, 0x60)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

15:44:26 executing program 4:
write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000040)={0x60, 0x0, 0x0, {{0x1, 0x9, 0xbf, 0x8, 0x5, 0xffffffff, 0xffffffff, 0x954}}}, 0x60)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

[  708.348220][ T9766] Bluetooth: hci2: command 0x0401 tx timeout
[  708.659290][T11942] Bluetooth: hci0: command 0x0401 tx timeout
15:44:27 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$RDS_CANCEL_SENT_TO(0xffffffffffffffff, 0x114, 0x1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000000c0))
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x20, 0x0, "5bf90b", 0xfb})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
setsockopt$RDS_FREE_MR(r2, 0x114, 0x3, &(0x7f0000000100)={{0x1, 0x1ff}, 0x40}, 0x10)

15:44:27 executing program 5:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x15, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x4, {0xa, 0x4e22, 0x800, @rand_addr=' \x01\x00', 0x5}, r0}}, 0x38)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0xa2082)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x6)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d14, &(0x7f0000000080)=0x5d)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bsg\x00', 0x2000, 0x0)

15:44:27 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x6, 0x0, "5bf90b", 0xff})

15:44:27 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r3 = io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, r3, 0x0)

15:44:27 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

15:44:27 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x4, 0x0, "5bf90b", 0xff})

15:44:27 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x6, 0x0, "5bf90b", 0xff})

15:44:27 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0x0, 0x101100)
ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x5)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x4000, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r1, 0xc01064c7, &(0x7f0000000080)={0x7, 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})

15:44:27 executing program 0:
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer\x00', 0x101802, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ptrace$getregset(0x4204, 0xffffffffffffffff, 0x6, &(0x7f0000000000)={&(0x7f0000000080)=""/245, 0xf5})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448dc, &(0x7f0000000180)="c72a6f5b91ce5a252f593c6695817562a80cdd7237d8b2d22c5ef978e768022fb5e1949082f644c6aae311ce86fb0a14dcba6bd2dba303d615152c3c8cac9fcc3c32fbac766f93a0b4c4e0bac9c5cd5befc9f8b8e8074cd6b8b79cd03e6c9e39210a0817871662cee12b39354f50c8bafd62423f984a9534c4dbb9db2324a358969ac1e96ba32c2e4de603e2a8bf60e14d17a18418")
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:27 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
io_uring_setup(0x1b14, &(0x7f00000014c0)={0x0, 0xe07c, 0x2, 0x1, 0x339})

15:44:27 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:27 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x6, 0x0, "5bf90b", 0xff})

15:44:28 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x6, 0x0, "5bf90b", 0xff})

15:44:28 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:28 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)

15:44:28 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x6, 0x0, "5bf90b", 0xff})

[  709.549563][ T9766] Bluetooth: hci4: command 0x0401 tx timeout
15:44:28 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

15:44:28 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:28 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:28 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x6, 0x0, "5bf90b", 0xff})

15:44:28 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x2, 0x0, "5bf90b", 0xff})

15:44:28 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))
socket$phonet_pipe(0x23, 0x5, 0x2)

15:44:28 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

15:44:28 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x6, 0x0, "5bf90b", 0xff})

15:44:28 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0)

15:44:28 executing program 1:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x0, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x200800, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r2, 0xc01064c7, &(0x7f0000000100)={0x8, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000000)=0xf62c, 0x4)
ioctl$SOUND_MIXER_READ_STEREODEVS(r0, 0x80044dfb, &(0x7f0000000040))
prctl$PR_CAPBSET_DROP(0x1c, 0x18)

15:44:28 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
r1 = syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)
ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000040))

15:44:28 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:28 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x6, 0x0, "5bf90b", 0xff})

15:44:28 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)
syz_open_dev$hidraw(&(0x7f0000000000)='/dev/hidraw#\x00', 0xfffffffffffffff7, 0x20000)

15:44:28 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0)

15:44:28 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000000)={0x4, 0x9, "001900", 0x4d, 0x2})

[  710.429190][ T9766] Bluetooth: hci2: command 0x0401 tx timeout
[  710.739303][ T3001] Bluetooth: hci0: command 0x0401 tx timeout
15:44:29 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="8000fcffffffedff", @ANYRES64=0x0, @ANYBLOB="03000000000000000800000000000000000000000000000006000000000000001d9100000000000003000000090000007d2b3a00000000000600000000000000fa0000000000000007000000050000007d5c28285c5e27000200000000000000a8dc000000000000000000001f000000"], 0x80)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x691e, 0x7ff, 0x3ff, 0x8, 0x0, 0x9], 0x6, 0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "ab000b", 0x81, 0x6})

15:44:29 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)

15:44:29 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:29 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)

15:44:29 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:29 executing program 5:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0)

15:44:29 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:29 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)

15:44:29 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:29 executing program 5:
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:29 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)

15:44:29 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
write$bt_hci(r1, &(0x7f0000000080)={0x1, @le_read_remote_features={{0x2016, 0x2}, {0xc9}}}, 0x6)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "000002", 0xff})
syz_genetlink_get_family_id$devlink(&(0x7f0000000000)='devlink\x00')

15:44:29 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:30 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)

15:44:30 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:30 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)

15:44:30 executing program 5:
r0 = io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x5a49, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:30 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:30 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:30 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x9, "001900", 0x4d, 0x2})

15:44:30 executing program 5:
r0 = io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x5a49, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:30 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x3)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:30 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

[  711.619326][    T5] Bluetooth: hci4: command 0x0401 tx timeout
15:44:31 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0xb, '\x00', 0x5, 0xfc})

15:44:31 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:31 executing program 5:
r0 = io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x5a49, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:31 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:31 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x0, "001900", 0x4d, 0x2})

15:44:31 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:31 executing program 3:
socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:31 executing program 5:
r0 = io_uring_setup(0x5e22, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:31 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:31 executing program 3:
socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:31 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc020660b, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:31 executing program 5:
r0 = io_uring_setup(0x5e22, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

[  712.499247][ T3205] Bluetooth: hci2: command 0x0401 tx timeout
[  712.819304][    T5] Bluetooth: hci0: command 0x0401 tx timeout
15:44:32 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socketpair(0x2c, 0x1, 0x6, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x2, 0xfffc, "001a8b", 0xff})
read$FUSE(0xffffffffffffffff, &(0x7f0000000080)={0x2020, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
kcmp$KCMP_EPOLL_TFD(0x0, r2, 0x7, r0, &(0x7f00000020c0)={0xffffffffffffffff, r1, 0x7ff})

15:44:32 executing program 3:
socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:32 executing program 5:
r0 = io_uring_setup(0x5e22, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:32 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc020660b, 0x0)

15:44:32 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x0, "001900", 0x0, 0x2})

15:44:32 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:32 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, 0x0, 0x4000000)

15:44:32 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x0, "001900", 0x0, 0x2})

15:44:32 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000000)=0x6, 0x8)

15:44:32 executing program 5:
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:32 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:32 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, 0x0, 0x4000000)

15:44:32 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, 0x0, 0x4000000)

15:44:32 executing program 5:
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:32 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:32 executing program 5:
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:32 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

[  713.699229][ T3205] Bluetooth: hci4: command 0x0401 tx timeout
15:44:32 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x6, 0x0, "5bf90b"})

15:44:32 executing program 5:
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49, 0x0, 0x0, 0x3ba})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:33 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x0, "001900", 0x0, 0x2})

15:44:33 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r1, 0x0, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(r2, 0x0, 0x0)
ioctl$VHOST_RESET_OWNER(r2, 0xaf02, 0x0)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00')
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r3, @ANYBLOB="10002cbd7000fddbdf25100000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800678aa307000006001100375c00004e0013000000000005001400010000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0003002000060011000100000008001300030000000500140000000000080001007063690011000200303030303230303a31302e300000000008000b0008000000060011004200000008001300010100000500140000000000"], 0xd0}, 0x1, 0x0, 0x0, 0x810}, 0x0)

15:44:33 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:33 executing program 5:
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:33 executing program 2:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, 0x0, 0x4000000)

15:44:33 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)

15:44:33 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x0, "001900", 0x4d})

15:44:33 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:33 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:33 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:33 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:33 executing program 5:
io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49})
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0)

15:44:33 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

[  714.579316][ T3001] Bluetooth: hci2: command 0x0401 tx timeout
[  714.899376][ T9766] Bluetooth: hci0: command 0x0401 tx timeout
15:44:34 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x840, 0x0)
write$bt_hci(r1, &(0x7f0000000080)={0x1, @le_set_ext_scan_rsp_data={{0x2038, 0x23}, {0x5, 0x0, 0x7, 0x6, "e8df208c9b2251d534d1f1701cf61929c8ca5a7b4122a0e221a5a1c3bebda3"}}}, 0x27)

15:44:34 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:34 executing program 5:
io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49})
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0)

15:44:34 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:34 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:34 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x0, "001900", 0x4d})

15:44:34 executing program 5:
io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49})
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0)

15:44:34 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:34 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:34 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:34 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:34 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

[  715.789177][ T9766] Bluetooth: hci4: command 0x0401 tx timeout
15:44:35 executing program 0:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$HIDIOCGRAWPHYS(r0, 0x80404805, &(0x7f0000000080))
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
getuid()

15:44:35 executing program 5:
io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49})
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0)

15:44:35 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:35 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:35 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:35 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:35 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:35 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:35 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:35 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:35 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:35 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x840, 0x0)
write$bt_hci(r1, &(0x7f0000000080)={0x1, @le_set_ext_scan_rsp_data={{0x2038, 0x23}, {0x5, 0x0, 0x7, 0x6, "e8df208c9b2251d534d1f1701cf61929c8ca5a7b4122a0e221a5a1c3bebda3"}}}, 0x27)

[  716.659146][ T9766] Bluetooth: hci2: command 0x0401 tx timeout
[  716.989299][ T3001] Bluetooth: hci0: command 0x0401 tx timeout
15:44:36 executing program 0:
setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000000)=0x1, 0x4)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:36 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x4, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:36 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:36 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:36 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:36 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x840, 0x0)
write$bt_hci(r1, &(0x7f0000000080)={0x1, @le_set_ext_scan_rsp_data={{0x2038, 0x23}, {0x5, 0x0, 0x7, 0x6, "e8df208c9b2251d534d1f1701cf61929c8ca5a7b4122a0e221a5a1c3bebda3"}}}, 0x27)

15:44:36 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}], 0x3, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:36 executing program 4:
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:36 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:36 executing program 4:
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:36 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:36 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}], 0x2, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

[  717.859157][ T3001] Bluetooth: hci4: command 0x0401 tx timeout
15:44:37 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x20000, 0x0)
read$FUSE(r1, &(0x7f0000000080)={0x2020}, 0x2020)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:37 executing program 4:
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:37 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0189436, 0x0)

15:44:37 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:37 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:37 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x840, 0x0)
write$bt_hci(r1, &(0x7f0000000080)={0x1, @le_set_ext_scan_rsp_data={{0x2038, 0x23}, {0x5, 0x0, 0x7, 0x6, "e8df208c9b2251d534d1f1701cf61929c8ca5a7b4122a0e221a5a1c3bebda3"}}}, 0x27)

15:44:37 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:37 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0045878, 0x0)

15:44:37 executing program 4:
socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:37 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0189436, 0x0)

15:44:37 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:37 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0189436, 0x0)

[  718.739186][ T9766] Bluetooth: hci2: command 0x0401 tx timeout
[  719.069182][ T3001] Bluetooth: hci0: command 0x0401 tx timeout
15:44:37 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x1, 0x1, "00e2e1", 0xfd, 0x9})
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x40000013)
socket$inet6_udp(0xa, 0x2, 0x0)

15:44:37 executing program 4:
socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:37 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0189436, 0x0)

15:44:37 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {0x0}], 0x2, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:37 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0189436, 0x0)

15:44:37 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x840, 0x0)

15:44:38 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0189436, 0x0)

15:44:38 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{0x0}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:38 executing program 4:
socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:38 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b"})

15:44:38 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, 0x0, 0x4000000)

15:44:38 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, 0x0)

15:44:38 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffd000/0x3000)=nil)
shmat(r1, &(0x7f0000ffc000/0x3000)=nil, 0x5000)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:38 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{0x0}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:38 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x20000, 0x0)
read$FUSE(r1, &(0x7f0000000080)={0x2020}, 0x2020)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:38 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, 0x0, 0x4000000)

15:44:38 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, 0x0)

15:44:38 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:39 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, 0x0)

15:44:39 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{0x0}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:39 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, 0x0, 0x4000000)

15:44:39 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:39 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, 0x0)

15:44:39 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

[  720.819094][ T3001] Bluetooth: hci2: command 0x0401 tx timeout
15:44:39 executing program 0:
ioctl$sock_rose_SIOCRSCLRRT(0xffffffffffffffff, 0x89e4)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:39 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x41041}, 0x4000000)

15:44:39 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, 0x0)

15:44:39 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:39 executing program 2:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, 0x0, 0x4000000)

15:44:39 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

[  721.139256][    T5] Bluetooth: hci0: command 0x0401 tx timeout
15:44:39 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, 0x0)

15:44:39 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2}, 0x4000000)

15:44:40 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffd000/0x3000)=nil)
shmat(r1, &(0x7f0000ffc000/0x3000)=nil, 0x5000)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:40 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:40 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/181, 0xb5}], 0x5, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:40 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2}, 0x0)

[  721.379116][T12446] Bluetooth: hci1: command 0x0401 tx timeout
15:44:40 executing program 0:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:40 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffd000/0x3000)=nil)
shmat(r1, &(0x7f0000ffc000/0x3000)=nil, 0x5000)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:40 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:40 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, 0x0, 0x0, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:40 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2}, 0x0)

15:44:40 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffd000/0x3000)=nil)
shmat(r1, &(0x7f0000ffc000/0x3000)=nil, 0x5000)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:40 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, 0x0, 0x0, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:41 executing program 5:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:41 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2}, 0x0)

15:44:41 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, 0x0, 0x0, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:41 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000200)=""/4096, 0x1000}], 0x4, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:41 executing program 3:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, 0x0, 0x0, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:41 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x401, "5bf90b", 0x7f})

15:44:41 executing program 5:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:41 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}, {&(0x7f00000001c0)=""/11, 0xb}], 0x3, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:41 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:41 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffd000/0x3000)=nil)
shmat(r1, &(0x7f0000ffc000/0x3000)=nil, 0x5000)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:41 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x1, 0x1, "00e2e1", 0xfd, 0x9})
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x40000013)
socket$inet6_udp(0xa, 0x2, 0x0)

15:44:41 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {&(0x7f0000000140)=""/72, 0x48}], 0x2, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:41 executing program 3:
setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000000)=0x1, 0x4)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

[  723.219307][T12446] Bluetooth: hci0: command 0x0401 tx timeout
15:44:41 executing program 5:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:42 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:42 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:42 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

[  723.459159][T12446] Bluetooth: hci1: command 0x0401 tx timeout
15:44:42 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0xffff, '\x00', 0xff, 0x2})

15:44:42 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:42 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:42 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x1, 0x1, "00e2e1", 0xfd, 0x9})
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x40000013)
socket$inet6_udp(0xa, 0x2, 0x0)

15:44:42 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffd000/0x3000)=nil)
shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x5000)

15:44:42 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x5000)

15:44:42 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:42 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/35, 0x23}, {0x0}], 0x2, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:42 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:42 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x5000)

15:44:42 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x5000)

15:44:43 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)
ioctl$sock_bt_hci(r0, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:43 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
geteuid()

15:44:43 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{0x0}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:43 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x5000)

15:44:43 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x1, 0x1, "00e2e1", 0xfd, 0x9})
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x40000013)
socket$inet6_udp(0xa, 0x2, 0x0)

15:44:43 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:43 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:43 executing program 2:
r0 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffd000/0x3000)=nil)
shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x5000)

15:44:43 executing program 3:
r0 = io_uring_setup(0x5e22, &(0x7f0000000000)={0x0, 0x5a49})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)

15:44:43 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:43 executing program 2:
r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x5000)

15:44:43 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{0x0}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:43 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{0x0}], 0x1, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

[  725.299260][T12446] Bluetooth: hci0: command 0x0401 tx timeout
[  725.539103][T12446] Bluetooth: hci1: command 0x0401 tx timeout
15:44:44 executing program 0:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x9, @default, @netrom={'nr', 0x0}, 0x86, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:44 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2, &(0x7f0000001440)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001340)=""/134, 0x86}, &(0x7f0000001400), 0x56}}], 0x30, 0x41041}, 0x4000000)

15:44:44 executing program 2:
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x5000)

15:44:44 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x1, 0x1, "00e2e1", 0xfd, 0x9})
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x40000013)

15:44:44 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d7, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:44 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x111, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e21, 0xfffff001, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xbc6}, r1}}, 0x38)

15:44:44 executing program 2:
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x5000)

15:44:44 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x41041}, 0x4000000)

15:44:44 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)
ioctl$sock_bt_hci(r0, 0x0, &(0x7f00000000c0)="f4b62efbbdb332dae9cfd8fe237794b55866f6e2a321b8e5a6eb0c42f334fc3506e9969e21672a919ac313912d92a54419d2a353e3e5ebc7fc9078c36f9cc1819cbcf4b0df38fc709d2fe02d401982d02b4d6ae6b694d22f17c4c95f5b3513bfccf3ab0f98f40ce374980f85be34b42e220566ff17227837d76a13a6ec4f839e844e4863cb02eb0cf570a348f7784f65787764cbb0dbacc1c8677cf28ac59466632f35f1dab1ea2500419c05c52719ce740ce87d0d94b4eab67de2cb5e149f32dd6562b3e7b744d0935e0a7130a8fc067f988e63858500661bfe7ca61df50c9f6f69f4f686dfa4b1")

15:44:44 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x111, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e21, 0xfffff001, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xbc6}, r1}}, 0x38)

15:44:44 executing program 2:
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x5000)

15:44:44 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2}, 0x4000000)

15:44:45 executing program 2:
r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x0)

15:44:45 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, 0x0)
ioctl$sock_bt_hci(r0, 0x0, 0x0)

15:44:45 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2}, 0x0)

15:44:45 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x40000013)

15:44:45 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$sock_bt_hci(r0, 0x400448e4, &(0x7f0000000080)="4b59530eb877412113db47dd4038932fd360575d4efb9bb8184a99090ec82df27e4a8e78f6da7324e475bb3ec80a37c47c32915ce00750380ceb67e9dd81f27ee5a3125d5deaf5a573b997bff6e658a31b43b90ce26e0e3519f17eec723bb4f2673e526e373b4373d10ffa1731565e98e04aa86b7d9240b147f1a22edaf044703d784a24d65f0fb6cdd3acd69e40e0ed32bc1bf01cfe29e7d191441093330d5250267e8b79386f24a49e21dca0d284aef186b46d86eec63a38ca7160426d79246684e6032f0917cecaa79f84e4c1d6d74d2171813dac0cc118889d8c48c9458f93fe378278f10ad50295037ffa6e")

15:44:45 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x111, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e21, 0xfffff001, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xbc6}, r1}}, 0x38)

15:44:45 executing program 2:
r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x0)

15:44:45 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2}, 0x0)

15:44:45 executing program 5:
r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x0)

15:44:45 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001480)={&(0x7f00000000c0), 0x10, &(0x7f00000012c0)=[{0x0}, {0x0}], 0x2}, 0x0)

15:44:45 executing program 2:
r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)
shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x0)

15:44:45 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x1, 0x1, "00e2e1", 0xfd, 0x9})
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x40000013)

15:44:45 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:45 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x40000013)

15:44:45 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x40000013)

15:44:45 executing program 2:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x9, @default, @netrom={'nr', 0x0}, 0x86, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

[  727.379290][T12446] Bluetooth: hci0: command 0x0401 tx timeout
[  727.619098][T12446] Bluetooth: hci1: command 0x0401 tx timeout
15:44:46 executing program 0:
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$HIDIOCGRAWNAME(0xffffffffffffffff, 0x80404804, &(0x7f0000000400))
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r1, &(0x7f00000003c0)={&(0x7f0000000080), 0xc, &(0x7f0000000380)={&(0x7f00000000c0)={0x284, 0x0, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x473}, {0x6, 0x16, 0x3e89}, {0x5}, {0x6, 0x11, 0x600}, {0x8, 0xb, 0x64cf}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x8}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x401}, {0x8, 0xb, 0x5}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x732c}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x1}, {0x8, 0xb, 0x10000}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x902e}, {0x6, 0x16, 0x401}, {0x5}, {0x6}, {0x8, 0xb, 0x9}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x1}, {0x6, 0x16, 0x1000}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x6}, {0x8, 0xb, 0x3}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xd75}, {0x6, 0x16, 0xdfb}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x7ff}, {0x8, 0xb, 0x1}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xff}, {0x6, 0x16, 0xd7}, {0x5}, {0x6, 0x11, 0x2}, {0x8, 0xb, 0x401}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x1}, {0x5}, {0x6, 0x11, 0xffff}, {0x8, 0xb, 0x3}}]}, 0x284}, 0x1, 0x0, 0x0, 0x4040081}, 0x4000000)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:46 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:46 executing program 1:
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x40000013)

15:44:46 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:46 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x1, 0x1, "00e2e1", 0xfd, 0x9})
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x40000013)

15:44:46 executing program 2:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x9, @default, @netrom={'nr', 0x0}, 0x86, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:46 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:46 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:46 executing program 1:
prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x40000013)

15:44:46 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:46 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:46 executing program 3:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:47 executing program 0:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(0xffffffffffffffff, 0xc01064ac, &(0x7f0000000040)={0x2, 0x5c, &(0x7f0000000140)=""/92})
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
read$hidraw(r1, &(0x7f00000001c0)=""/65, 0x41)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000480)={0x3, 0x0, [{0x3000, 0xf5, &(0x7f0000000240)=""/245}, {0x4, 0xbf, &(0x7f0000000340)=""/191}, {0x0, 0x50, &(0x7f0000000400)=""/80}]})
getsockopt$PNPIPE_INITSTATE(r0, 0x113, 0x4, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
ioctl$HIDIOCGRDESCSIZE(r1, 0x80044801, &(0x7f0000000500))
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000000080)={0x7, 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
socket$inet_udp(0x2, 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

15:44:47 executing program 1:
prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0)

15:44:47 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:47 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:47 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0xc0045878, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:47 executing program 2:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
r1 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
rt_tgsigqueueinfo(0x0, r1, 0xc, &(0x7f0000000080)={0x3f, 0x7, 0x81})

15:44:47 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:47 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x80108906, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:47 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:47 executing program 1:
prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0)

15:44:47 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000)='devlink\x00')
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:47 executing program 2:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
r1 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
rt_tgsigqueueinfo(0x0, r1, 0xc, &(0x7f0000000080)={0x3f, 0x7, 0x81})

15:44:47 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:47 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:47 executing program 1:
prctl$PR_CAP_AMBIENT(0x2f, 0x0, 0x0)

15:44:47 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x80108906, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:47 executing program 2:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
r1 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
rt_tgsigqueueinfo(0x0, r1, 0xc, &(0x7f0000000080)={0x3f, 0x7, 0x81})

15:44:48 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:48 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:48 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:48 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x80108906, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:48 executing program 3:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

[  729.459410][T12446] Bluetooth: hci0: command 0x0401 tx timeout
[  729.699117][    T5] Bluetooth: hci1: command 0x0401 tx timeout
15:44:48 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)

15:44:48 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:48 executing program 2:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
r1 = getpgid(0x0)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})

15:44:48 executing program 3:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:48 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:48 executing program 5:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x80108906, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:48 executing program 3:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:48 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:48 executing program 5:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x80108906, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:48 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:48 executing program 2:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)
getpgid(0x0)

15:44:48 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:49 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x1, [0x2, 0x101]}, 0x10)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x4, "e84dbc", 0xff})

15:44:49 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

15:44:49 executing program 5:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x80108906, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:49 executing program 2:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)
syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0)

15:44:49 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:49 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:49 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

15:44:49 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:49 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x80108906, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:49 executing program 2:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)

15:44:49 executing program 4:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:49 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

[  731.539240][    T5] Bluetooth: hci0: command 0x0401 tx timeout
[  731.779091][    T5] Bluetooth: hci1: command 0x0401 tx timeout
15:44:50 executing program 0:
setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)=0xff, 0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f00000001c0)={0x16, 0x98, 0xfa00, {&(0x7f0000000180), 0x2, 0xffffffffffffffff, 0x1c, 0x0, @in6={0xa, 0x4e22, 0xfffffffa, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x80000000}}}, 0xa0)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x839], 0x1, 0x0, 0x0, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f0000000040)={0x4005, 0x2, '\x00\x00\b', 0xff})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$nbd(r4, &(0x7f0000000480)={0x67446698, 0x0, 0x1, 0x2, 0x4, "2afd862cc8ab3305f699f7418621b26d9fac8a23d9e68af61fd4ae359501d81bdec580a3c895445e99ef5c0785233ddbb1c08195573a70faf3533013dfc13bbb953d56130c90ec9d050fb922c7dddbff04bef098239c7f5ae30a9ecba8d6be1152c56be57f3a0b387da99d0e627a18b5df569693d5fe9c7d59090d6be62d36c5e043f7348cefe7e052edd75badfdd773c0fc8d482f6dcdc2fe5d3b8a6d6583ad8664b0b2341c4fa6d6ff2414889e47d26c3b432c429a99f514fff3a72c2b66beedaae7"}, 0xd3)
r5 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/bsg\x00', 0x404002, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r6, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
bind$bt_hci(r6, &(0x7f0000000340)={0x1f, 0x1, 0x1}, 0x6)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r5, 0xc01064c7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)})
clock_getres(0x3, &(0x7f00000000c0))
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r2, 0x4008af23, &(0x7f0000000280)={0x1, 0x1})

15:44:50 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:50 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:50 executing program 2:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
read$fb(0xffffffffffffffff, &(0x7f0000000140)=""/1, 0x1)

15:44:50 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x80108906, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:50 executing program 4:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:50 executing program 2:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
read$fb(0xffffffffffffffff, &(0x7f0000000140)=""/1, 0x1)

15:44:50 executing program 4:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:50 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:44:50 executing program 1:
prctl$PR_CAPBSET_DROP(0x1c, 0x28)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:50 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socketpair(0x10, 0x0, 0x7, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$bt_hci(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="0100200105"], 0x5)
ioctl$sock_bt_hci(r0, 0x400448e0, &(0x7f0000000080)="77206ed4dceac77fcad6a0344efbbff27a3442508c44529a0ec6c3a804e85f59732b06287ae9475156b329337bec40e91c68f6079cffa4d16d74b1b8643233004b7ee45fafbf23c96000ef09bebe6a3b13b2717955bfb1060f6361cf6717195534ae16d2682d08df541e90a7d84ab71209e1f37e1f36d114fce50b69c7d371b895ffe98eea1ba37c9c815b575655227e917f79a470e5a707c6154d4f6cfd9f6df2a04ae0e04c7e11fd17e19820e3cd65cb63aace902b4b6e8c78aa83577ec2670027595ed49a18af702d81f4a70da2658a786c9ef712320f4f04f1")
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:50 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x80108906, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:50 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:44:50 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:50 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

15:44:50 executing program 2:
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0xa0003)
read$fb(0xffffffffffffffff, &(0x7f0000000140)=""/1, 0x1)

15:44:51 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:44:51 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x80108906, 0x0)

15:44:51 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

15:44:51 executing program 2:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)

15:44:51 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:51 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:51 executing program 0:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
write$FUSE_GETXATTR(r0, &(0x7f0000000000)={0x18, 0xffffffffffffffda, 0x0, {0xfff}}, 0x18)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x8], 0x40000000000000cb, 0x80000, 0x0, <r2=>0xffffffffffffffff})
ioctl$SIOCRSACCEPT(r2, 0x89e3)

15:44:51 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x80108906, 0x0)

15:44:51 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

15:44:51 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:51 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:51 executing program 2:
r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)

15:44:51 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:51 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:51 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:44:51 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:51 executing program 2:
r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)

15:44:51 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

[  733.620133][    T5] Bluetooth: hci0: command 0x0401 tx timeout
[  733.859145][    T5] Bluetooth: hci1: command 0x0401 tx timeout
15:44:52 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000000000)={0x2, 'Qc'}, 0x3)

15:44:52 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:52 executing program 3:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111}}, 0x20)

15:44:52 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:44:52 executing program 1:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:52 executing program 2:
r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x80080, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)

15:44:52 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x1, [0x2, 0x101]}, 0x10)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x4, "e84dbc", 0xff})

15:44:52 executing program 2:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x0, 0x0)
read$fb(r0, &(0x7f0000000140)=""/1, 0x1)

15:44:52 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:52 executing program 1:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:52 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:44:52 executing program 2:
openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x0, 0x0)
read$fb(0xffffffffffffffff, &(0x7f0000000140)=""/1, 0x1)

15:44:53 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$HIDIOCSFEATURE(0xffffffffffffffff, 0xc0404806, &(0x7f0000000000)="7fc0f8578426a7b627f49a32b0ce183b2006")
prctl$PR_GET_TIMERSLACK(0x1e)

15:44:53 executing program 5:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:53 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:53 executing program 2:
openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x0, 0x0)
read$fb(0xffffffffffffffff, &(0x7f0000000140)=""/1, 0x1)

15:44:53 executing program 1:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:53 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:53 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:53 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:53 executing program 2:
openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x0, 0x0)
read$fb(0xffffffffffffffff, &(0x7f0000000140)=""/1, 0x1)

15:44:53 executing program 5:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:53 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

15:44:53 executing program 5:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

[  735.699281][T12446] Bluetooth: hci0: command 0x0401 tx timeout
15:44:54 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x5, "01e7e5", 0xff})

15:44:54 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:54 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:54 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

15:44:54 executing program 2:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x0, 0x0)
read$fb(r0, 0x0, 0x0)

15:44:54 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

[  735.940115][T12446] Bluetooth: hci1: command 0x0401 tx timeout
15:44:54 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

15:44:54 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111}}, 0x20)

15:44:54 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:54 executing program 2:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x0, 0x0)
read$fb(r0, 0x0, 0x0)

15:44:54 executing program 3:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:54 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111}}, 0x20)

15:44:55 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:55 executing program 2:
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x0, 0x0)
read$fb(r0, 0x0, 0x0)

15:44:55 executing program 3:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:55 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:55 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:55 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:55 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:55 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:55 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:44:55 executing program 5:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:55 executing program 3:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:55 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

[  737.779216][ T3001] Bluetooth: hci0: command 0x0401 tx timeout
15:44:56 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$l2tp6(0xa, 0x2, 0x73)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000080)={0x1, 0x1f})

15:44:56 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:44:56 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:56 executing program 5:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:56 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:56 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:56 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:56 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:56 executing program 4:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:56 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:44:56 executing program 5:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111, 0x2}}, 0x20)

15:44:56 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:57 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$bt_hci(r0, &(0x7f0000000000)={0x1, @le_create_cis={{0x2064, 0x5}, {0x1, [{0x400, 0xffff}]}}}, 0x9)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xffffffffffffffff, 0x0, "5bf90b", 0xff})
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000080)=""/120, 0x78, 0x40, 0x0, 0x0)

15:44:57 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:57 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:57 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:57 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

15:44:57 executing program 4:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:57 executing program 4:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:57 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:57 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:57 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

15:44:57 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, 0x0)

15:44:57 executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socketpair(0x4, 0x0, 0x93, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x2000, '\x00', 0xff, 0x1f})

15:44:57 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:57 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:57 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:57 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)

15:44:57 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, 0x0)

15:44:57 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$NBD_SET_SIZE(0xffffffffffffffff, 0xab02, 0x9d5)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000080)={0x2020, 0x0, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_ATTR(r1, &(0x7f00000020c0)={0x78, 0x0, 0x0, {0x2, 0x2, 0x0, {0x1, 0x5, 0x1, 0x2a4f, 0x6, 0xa, 0x100, 0xd6a, 0x3, 0x6000, 0x0, r2, 0x0, 0x7fffffff, 0xb3bb}}}, 0x78)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000000)={0x2, 0x11})
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:57 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111}}, 0x20)

15:44:57 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:57 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:58 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, 0x0)

15:44:58 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:44:58 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, 0x0)

15:44:58 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:58 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b"})

15:44:58 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, 0x0)

15:44:58 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:58 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

[  739.859288][    T5] Bluetooth: hci0: command 0x0401 tx timeout
15:44:58 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xffff, 0xfffd, "5bf90b", 0x29})
r1 = getpgid(0x0)
r2 = socket(0xf, 0x1, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f0000000000)=0x3, 0x4)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
ptrace$getregs(0xc, r1, 0x5, &(0x7f0000000080)=""/4096)

15:44:58 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, 0x0)

15:44:58 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, 0x0)

15:44:58 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000040)={0x0, 0x0, "5bf90b"})

15:44:58 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:44:58 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, 0x0)

15:44:58 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, 0x0)

15:44:58 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:44:58 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, 0x0)

15:44:58 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, 0x0)

15:44:58 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:58 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, 0x0)

15:44:58 executing program 0:
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x105800, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x1, 0x0)
ioctl$SOUND_MIXER_READ_RECMASK(r0, 0x80044dfd, &(0x7f0000000180))
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x400040, 0x0)
ioctl$SOUND_MIXER_INFO(r2, 0x805c4d65, &(0x7f00000000c0))
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000000)={0x0, 0x0, "5bf90b", 0xff})

15:44:59 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, 0x0)

15:44:59 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, 0x0)

15:44:59 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, 0x0)

15:44:59 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, &(0x7f0000000040)={0x0, 0x0, "5bf90b"})

15:44:59 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:59 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, 0x0)

15:44:59 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b"})

15:44:59 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, 0x0)

15:44:59 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, 0x0)

15:44:59 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x0, 0x2}}, 0x20)

15:44:59 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, 0x0)

15:44:59 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ptrace$getregset(0x4204, 0x0, 0x2, &(0x7f0000000000)={&(0x7f0000000080)=""/204, 0xcc})
socketpair(0x21, 0x800, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$rds(r1, &(0x7f00000001c0)={0x2, 0x4e24, @private=0xa010101}, 0x10)

15:44:59 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xffff, 0xfffd, "5bf90b", 0x29})
r1 = getpgid(0x0)
r2 = socket(0xf, 0x1, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f0000000000)=0x3, 0x4)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
ptrace$getregs(0xc, r1, 0x5, &(0x7f0000000080)=""/4096)

15:44:59 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d3, 0x0)

15:44:59 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x111}}, 0x20)

15:44:59 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, 0x0)

15:44:59 executing program 3:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, 0x0)

15:45:00 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, 0x0)

15:45:00 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, 0x0)

15:45:00 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:00 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xffff, 0xfffd, "5bf90b", 0x29})
r1 = getpgid(0x0)
r2 = socket(0xf, 0x1, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f0000000000)=0x3, 0x4)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
ptrace$getregs(0xc, r1, 0x5, &(0x7f0000000080)=""/4096)

15:45:00 executing program 3:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, 0x0)

15:45:00 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, 0x0)

[  741.939343][    T5] Bluetooth: hci0: command 0x0401 tx timeout
15:45:00 executing program 0:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4040, 0x0)
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r0, 0xc00464c9, &(0x7f0000000140))
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000080))
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000000)={0x1, 0x0, "5bf90b", 0xff})
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$nbd(r3, &(0x7f00000001c0)={0x67446698, 0x1, 0x0, 0x3, 0x2, "58aedba9bc81f2dda39ac84b65220b5bf3e91cc252c1bc167ff1a55e0f22bfa28cf0e2a89d0623cd7364b9f4aed55ceccc86378ff58d1f71c297dc5ec5f01f81735a94df217ecaa47d791d8fda48871088b055312358a16e7703e74a94099fe62987082578b225db32da90a8bcf5af81e03c7528418a4dc6577baa26554e6c5614a868961e494438ba78dc0328e58b73c88e9f358f3d858c8c0aa922c4e1e60642ea0391d4e030117c614c2d07f94628445aadc4c35912b28c19fd657b3f434c85704bfeda2187f11f243cff1fa382eb6add571ecfe2b443b0d4906919de073f3a1af718ee9196"}, 0xf7)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f00000000c0)=0x4)

15:45:00 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d4, 0x0)

15:45:00 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xffff, 0xfffd, "5bf90b", 0x29})
r1 = getpgid(0x0)
r2 = socket(0xf, 0x1, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f0000000000)=0x3, 0x4)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})
ptrace$getregs(0xc, r1, 0x5, &(0x7f0000000080)=""/4096)

15:45:00 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448d2, 0x0)

15:45:00 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, 0x0)

15:45:00 executing program 3:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, 0x0)

15:45:00 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:00 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, 0x0)

15:45:00 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x2}}, 0x20)

15:45:01 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xffff, 0xfffd, "5bf90b", 0x29})
r1 = getpgid(0x0)
r2 = socket(0xf, 0x1, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f0000000000)=0x3, 0x4)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})

15:45:01 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, 0x0)

15:45:01 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xffff, 0xfffd, "5bf90b", 0x29})
getpgid(0x0)
r1 = socket(0xf, 0x1, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000000)=0x3, 0x4)

15:45:01 executing program 0:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x7}}, 0x18)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
shmctl$IPC_INFO(0xffffffffffffffff, 0x3, &(0x7f0000000080)=""/135)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:01 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, 0x0)

15:45:01 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, 0x0)

15:45:01 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xffff, 0xfffd, "5bf90b", 0x29})
r1 = getpgid(0x0)
r2 = socket(0xf, 0x1, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f0000000000)=0x3, 0x4)
rt_tgsigqueueinfo(0x0, r1, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x4})

15:45:01 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xffff, 0xfffd, "5bf90b", 0x29})
getpgid(0x0)
socket(0xf, 0x1, 0x0)

15:45:01 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xffff, 0xfffd, "5bf90b", 0x29})
socket(0xf, 0x1, 0x0)

15:45:01 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x4703)
r0 = epoll_create(0x6)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$NBD_CLEAR_QUE(r1, 0xab05)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:01 executing program 2:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, 0x0)

15:45:01 executing program 5:
select(0x40, &(0x7f0000000000)={0x2}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x5, 0x100000001, 0x3, 0xffff}, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:01 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d3, 0x0)

15:45:02 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x4703)
r0 = epoll_create(0x6)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$NBD_CLEAR_QUE(r1, 0xab05)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:02 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket(0xf, 0x1, 0x0)

[  744.019272][    T5] Bluetooth: hci0: command 0x0401 tx timeout
15:45:02 executing program 0:
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000200)={0x77359400}, 0x10)
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000180))
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}, {}], 0x2, 0x80000001, &(0x7f0000000140)={[0xfffffffffffff000]}, 0x8)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000580)={0x10, 0x30, 0xfa00, {&(0x7f0000000540), 0x1, {0xa, 0x4e22, 0x7, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x1000}}}, 0x38)
ioctl$HIDIOCGRAWPHYS(0xffffffffffffffff, 0x80404805, &(0x7f0000000000))
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ptrace$getregset(0x4204, 0xffffffffffffffff, 0x202, &(0x7f0000000340)={&(0x7f0000000240)=""/217, 0xd9})
bind$bt_hci(0xffffffffffffffff, &(0x7f00000001c0)={0x1f, 0xfffe, 0x3}, 0x6)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002540)='/dev/vhost-vsock\x00', 0x2, 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x24)
socketpair(0x8, 0x2, 0xed, &(0x7f0000000380)={<r1=>0xffffffffffffffff})
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r1, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="b0010000ac1d15296a1623511670046c39de571a75a5bc1377dcca008fc72b302e5d195a7a466f2c92c2f640799745ea8ea0d1c67b6321d0585e9e7fa6a355cf1c97df96a33914132a430b6d700037ed607550405e0000c05fbcb3b79a034f7d825954077286824ff7510ea340af51370b3ce1b9b747cd237c1b7226e796f11b6e07526c8ef8e59bae4ebc70ad3ec08b9452eaf52850b5014fc3334c8cb7604edc0a1441227ae3ff5f21ac17e8c1228ca3dfc753cc349ae58cd906b7658171f5278e1890e17b443e7419da6881f78f361d17cbaef1e00672801343c70d3629cd67", @ANYRES16=0x0, @ANYBLOB="000428bd7000fcdbdf25180000000e0001006e6574641d28b77b501608ad74453f1c657673696d0000000f0002006e657464657673696d300000080003000300000008000b000500000006001600a50000000500120000000000060011000080000008000b003f000000080001007063690011000200303030303a30303a31302e3000000000080003000100000008000b000700000006001600090000000500120000000000e4ff10000100000008000b00eb000000"], 0xb0}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)
ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f00000000c0)=&(0x7f0000000080))

15:45:02 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:02 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, 0x0)

15:45:02 executing program 3:
prctl$PR_CAPBSET_DROP(0x17, 0x700)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x0)
recvfrom$rose(r0, &(0x7f0000000000)=""/165, 0xa5, 0x40000040, 0x0, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f00000000c0)=0xe9c2, 0x8)
sendto$phonet(0xffffffffffffffff, &(0x7f0000000100)="c7de2adbd9500be98ca3ed15d46673b401fc6f4e91e5ce2d575fa38b62f5611a5116e0d699a37bdac513", 0x2a, 0x0, &(0x7f0000000140)={0x23, 0x6, 0x0, 0x9}, 0x10)
ioctl$SIOCRSACCEPT(r0, 0x89e3)

15:45:02 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x4703)
r0 = epoll_create(0x6)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$NBD_CLEAR_QUE(r1, 0xab05)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:02 executing program 4:
socket(0xf, 0x1, 0x0)

15:45:02 executing program 3:
getresuid(&(0x7f0000000000), &(0x7f0000000040)=<r0=>0x0, &(0x7f0000000080))
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f00000000c0)={0x8001, [0x4, 0x7], 0xff}, 0x10)
ioprio_get$uid(0x3, r0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x8000)
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:45:02 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:02 executing program 4:
socket(0x0, 0x1, 0x0)

15:45:02 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x4703)
r0 = epoll_create(0x6)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$NBD_CLEAR_QUE(r1, 0xab05)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:02 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, 0x0)

15:45:02 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
write$bt_hci(r0, &(0x7f0000000000)={0x1, @change_conn_link_key={{0x415, 0x2}, {0xc8}}}, 0x6)

15:45:03 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:03 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x2aa001)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_CLEAR_QUE(r0, 0xab05)
r2 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1\x00', 0x84101, 0x0)
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r2)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x28})

15:45:03 executing program 2:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d2, 0x0)

15:45:03 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x4703)
r0 = epoll_create(0x6)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:03 executing program 4:
socket(0x0, 0x1, 0x0)

[  744.339253][    T5] Bluetooth: hci1: command 0x0401 tx timeout
15:45:03 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x4703)
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:03 executing program 5:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:03 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x40049409, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:03 executing program 4:
socket(0x0, 0x1, 0x0)

15:45:03 executing program 2:
select(0x40, &(0x7f0000000000)={0x2}, 0x0, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:03 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x4703)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000040)={0xc000200a})

15:45:03 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0xfdfc, 0x0, '\x00', 0x2})

15:45:03 executing program 5:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:03 executing program 4:
socket(0xf, 0x0, 0x0)

15:45:03 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x4703)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000040)={0xc000200a})

15:45:03 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x40049409, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:03 executing program 2:
select(0x40, &(0x7f0000000000)={0x2}, 0x0, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:04 executing program 5:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:04 executing program 1:
prctl$PR_CAPBSET_DROP(0x17, 0x4703)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000040)={0xc000200a})

15:45:04 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}})

15:45:04 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
write$bt_hci(r0, &(0x7f0000000000)={0x1, @change_conn_link_key={{0x415, 0x2}, {0xc8}}}, 0x6)

15:45:04 executing program 2:
select(0x40, &(0x7f0000000000)={0x2}, 0x0, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:04 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x40049409, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:04 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:04 executing program 2:
select(0x0, 0x0, 0x0, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:04 executing program 3:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x40049409, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:04 executing program 1:
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:04 executing program 2:
select(0x0, 0x0, 0x0, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:04 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:04 executing program 1:
r0 = epoll_create(0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:04 executing program 3:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x40049409, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

[  746.099331][ T3205] Bluetooth: hci0: command 0x0401 tx timeout
15:45:04 executing program 0:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0)
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}})
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x10000, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:04 executing program 5:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:04 executing program 3:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x40049409, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:04 executing program 1:
r0 = epoll_create(0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:04 executing program 2:
select(0x0, 0x0, 0x0, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:04 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:05 executing program 1:
r0 = epoll_create(0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:05 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4020940d, 0x0)

15:45:05 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x6, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:05 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x40049409, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:05 executing program 1:
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:05 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f00000020c0)="4d8a0a85293b26f34576eee735605e750017a649316127e6f4b30d713c4423584951480f6a7230dfbef0cf8fb9e8973f71487aa432a362d58dd2ac70ff5ac48ac9e11c08329aca393a9c33fb0f57d9b75ae340ee8e1a1eff0db5aa8cc42f0a5b322cf0fa58d3d6f7b2d73d8cf697105e3f578ca913a22c645cfca0cd82f6341d186e121e13e5b0d6ec6c8988594acb3f0778ed64de2904a35132ada77772294d35aa26431cfafcbea1718bae0ddc4a7e79517dd0c43d24252994d9")
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_DIRENT(r1, &(0x7f0000002080)={0x30, 0x0, r2, [{0x6, 0x0, 0x5, 0x3, '[$\r-\xbc'}]}, 0x30)

[  746.419310][ T3205] Bluetooth: hci1: command 0x0401 tx timeout
15:45:05 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7ff, '\x00', 0xff, 0x4})
write$bt_hci(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="010104d06aab90e203f3008a630b0f744949c0581dd66a29e1127c232f52aafafa171d429cf7ffa94b46af0891131f0e280d8460e334a194449e166b206ec021b2644068fbb1b347bfbff9d8ebcd7078f6eb1b0e5068fa61158a7c2fd6c13015c2580fd6266b40772beae91002950ff6d4d6841e71096b01a39fd2733d8b4699312b79502791a44c47eafe4058ebf1c1ead40f53adb513180a8e2d603039809fb4d41cd2b8e6510fdf664096de0849a0f1b965010b59ac366a4fc10d49569c0705ca5bfb19604142422bbb45446bb7eec1abaa29c05e2de9cd83bb0918af5f8fe1a84f0f7a6720d2daa661802e30ef62c97f086ee4fe8d5495618b2a82d02f6a20fe93dc215de41a5d127f1c884a4cc0dbbc5b7952c9a1cb696e9e41c177a20738486d1eb82017b8afa762f5b6d01a6042d9a9af9f22f3047078cc613b72bff09d434948a65445128d60ef270c1b8d88d27ff39e3b665f21dcbb5c964962f524af005c9b267e6c7abb"], 0x9)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
socket(0xf, 0x1, 0x2)
sendto$phonet(r1, &(0x7f0000000180)="cd80ef4e60c56b48a4899afb9248794007596c1c02f7d8e1b07d182a2dd4ce4ab89cb6f797866e96e0d1fd06f276518961400ffbd6fc7d5ed913e88b19a28d0dc6894226e24babd8d75c62daabd1db588ce165151be26c91f5d2e1035fea289ccec80687c3e36a0e5f3539d4f09ef9b24dbd0bc27e3e8896d4adf6ef4f27cd1d5c73109b0ef333370277db4d42b8e7de5f849593b1f51e974b2f31c55f1585f46ca1de563c2aa88a579ef20a7f81078355fef9fb33e654ad476888f835483fb646f820f4ede2dddc4ef70f8ad10df75727fe4536c35201305ad4a947578864f24bc7392fce11aaac8fd5a2b9a710979f2b4e7225ed79a9d702fcc25ed5762201e3540b7d88db2d447d5b656b254df20125901e461ba8a8232247a5e24413897eaf72e09a4c133403fbfefef04130a525fec5d42d098a2cd14475d6f246710fbcf5b589cf1ba53b7480bd4b5a6ee6d03b88d75dc1f8f9c5bb22aa5d0607a3ee378451f86b2c12bdda56714aa1b99f1496f294250b56a5ef1f39ac415e159b99f92b6b8bbf9feb5e367d546ceb46f29e955238ffbfdb5c71d63d7254d1e815c98439c674655693b53b311c3899fbd01cf1854b3b0b729baaefb454712650af631e86792bb10e307a4cbb07eca85c1b5671179ce95b3adf484d6c62c3639cadbbad094eba11a196364ba1ea4036a97d0a2c0fdff18026bb18ff7170a0d5b4d8196e41606f6210f0f2c3a392960b379bc756fa25b7d7a0c80198f5b98583378a9da63445742b5e0aa2f11b65f66a711a558a7cf6c93538f41a5c49239ee7c4b94901f9e2a9cdd4323f2a44c92f4728fe1a93106e0c679f32484fefc0118d3853589dbc7825bd8664416a44bca6ef4e81e3f690f16dfb6204f46d586f9b777587eacc32a88bbc92c53bd0f036b233d56724fb3a3a6662bc1d4a374a65e0858ed3ff641e945ee20a86354833a04d00a2c46d56659fdc8f47c325aa0e131f9884246ceaba8bd3feefddaa0924ed2962c44a61b1dc913baaf096c64ff9b1f73ccf2a39b2e42838f74f6d174bc448af051b838c1a329fe16c07c02e827ad3b09f4c2f7277ceed362eaace466f9d637b2056bc5b6f6c3a5ca349659d3a2c2b8acc5377510d4e1b1aa5b97ea45090054457912fe2c4a47a7b377e5f3afdc5c4ad4df2d60da052b6269847e2a0aa32ecdd45f85b5974506b0796467e094227062805be4bfffde81ceb9442cc77c6aa542c37da2a557d2ddabf41652f8763b1e99fea03d7ff9369718cba0e9708ef6c5660dca81bade99106d59547be978045c729f9a4e42319b0c30a8207f791cbf496c04f6c5e0f883c7b5557dbcf4157f390a654a391fbf2a75d0a08a2059e7c1b58b4d93898ba5f7fe0972aa3defde3b6654c3ffd5e438c1c6850db964ecd44a3659d3e2e6ec08bebe4e71354c04454bd191a971be507c5e1a70438ffbcfb609eb36cac6f6820f7c209f8a9c955befac40f89cccfb9dbe1e898ec6bd3c3b1594119d3e7e7a9e968aa3777558402cb11b25368e0044cddec135e8c1dceb4abdce805fb56cbfd021c8043364c535fe2111bd2c1911d12c99ad5bfce18873942acd5bd1160a085a2fa239ff48c5d44656d7f30d864c278d08ac2a2061d4c0820a3c8a853110558627c8a32a6c4ae29f351130a3e2496f11da6cb3ad4aac786e9db4a750f52f7bf783488bc2aa9b54f46808b0623f8a3c4fbcb006139dcbc1d3986149a7ff4d687888be415586c0d9673f6ebb7d02a602264ed070b9d29efdfafed1a699921a6215a7ec783ca0cf8e08517a983eb2b122dd3de204ac6f19a890977f40a19bd5b893b6d64bd364cfb25670973be4bf1d0dc53da829607e886745fe2e7ed714e16306ab7732442dc029a13aa0a3855a312205cce90e32fc6c39b4e905a6159846491670f8bf4ca94ddfc3626af98a447853e75d10ab672e11b99ce807596f3174e798136d53262177e24736ed7608965d7f193f0163d44ad0a0194f572c3886993a53d75053ed9847d8605e56876f546e712f9b532b0caeda74fd3263df04f3780ef666d11d3d11b28d0c910e2727acd9ef7bc605174516d762c16f1d5b83efe23f84229a6bfa39f0b4480eb70b48483ccd61af1fc70cf67041586df4d4c9379460d0bf6f4dca1e4e88760f4b543623e06ca3b0a41d205d10389ac7aad6ad3588a21b50f5a76a1a2c1dce0fd079b5fbd4e577be2ca6ec6d85199a18262289784898b3bd3ba19c0abc683581548342c6ead5abd871fc3ffd92bcfdeb610a8768311d2ac47b277f6838707f00ba975f9746a6c5648b6902cca51d85dd5da1c4414b0a63537da03603c37d993938ffe62c2d1295b69cfc29e36db2f7db588ab47710ec05a3e288d92c8b0d5134649daa48db6709150d4925ba7392863edea63ccc144ea2f79f869fd1e4c8961eff9ff826d494a8a3c2de0ec58556b7d9fcef4d21a5340f2e0ff4500aeb2db999622ad1c0077f38305cbacdcefa72be74993c3c58adc2e52a523a3357d90f7679ae98c712a6b64b4d731c987696bd162aa6ac4965afd7effc3c76c7cbb214a0a3880d063761c86edb67194525dbffb62f597878f3644d6e25ff723dbd36fc4908d3a3353f8a6ee7843df5743b08a7671727fe255d38f07d8850aead0f8bab0e6883afcd388b1e5b0cc917969900c917fe516c23255fea5d9ba06eddd28f0b8e2d193260d15f00480b8cee2ebe6b096bc7b80004c79f33be1ce8e129fa0d1eeda88eedd4e5a926a8eea2157545564fe656ea8a25f091e1d801d459f2638a4704f12868faa52ffb9bb3a306b4a19b71b09d685ec16d1e6ca805f6f90f76a7dc9da55ff5859aa0be630081d44f30bb047d10b59aa17afa5b4698843a5315976ad104fbf890aac9dd5e38555ee90dccd641ea58b39c3f119d1d1c5ab02e4af3a34e2451ce4913452bade503818daf2e7383bdff0becf866e5faf937514335da140e7d2a91b0b5b0c5fc7dfd0c78adfe9f6a4ded9ceac9a06b2e56d20803c2b37ea6b26b6e1205b9dcb111a570fbbd482662b93f30d545eaa67f40b43321c2b6ced8e8780767f80ac7988a429cdc62fc2913b45f92baa97a02cd73bd28e8db26a08ac05afad6ef9d3b0c201928eebca6fb0a5eb306561602c3eb1416217dadc5d540a0fe3a217c976756637ae726977110245292ecba35bf835f1963e90a782f24bae99d4e8aee7fa42344f210dc6d39afb7e620047c9676b66245996b00da3e0c38e1ae6fe37ce2036053d1a9e4d6b82d99bfbb28c4a4e97cd4fdcee530cdd662e5417a40da70d3ba30effa6975b3a1bb7d4b139effee474449ade9539c68cce80ce5d8d0cbf467af1647b405203db88888a7b966fa6e78a5f04eb8205451bd751908e6a4af817feba8a1636a7e9a7fd9995d5eb4c3c1eda9c8ed986d4cadd1e8d9eab64568371e4971d659f9590dc27cfe2250f0facc4578fd980c705a036f4521f75794d245186196fb693163e1828dc7b2be70480fe01ab35cdeb6387a57b5538dfe704ed1245dd0b42bacca8e76ddc3920d115f7156f50306d258b9a5930f4d3d94f3ce1945f79eebf7929775718afc72f992162a123db10c362c0ae97c174836d3f4fa15bd2f95045b0ea0672a1463236bc460856eca1544adc41d7f1dbd1eb228a5dde4a0852077f47396cc4f87004da03bbde8dd7bc037e8f9d02d903f50dd30992990acba44cb823894477d39f8c2807a5bc64fbe37aa72072ab798999d74a04a11c43bd6de55ad913e21280f5f71bc82e3c12e9d08035191b5724dcdfdeb1b97c808ed9b8edc7f160c6b215596c8e6a34dcf2d0942a9279d3f3321c0ea18c411a6ab9231f6fa94752e58a2c9831f94325e72a036b878f37cf4175039402310d08601dc912c58ddca737090ba6e92ced3c6398793ae94e75d7f815d4fb63b9975196a48ff7f4593aebba5ceb6c3acc04fad381c036b4c04e07dce25fc4b477dc071b3552e6dca3514d8b1d486660b4d2a1b0ce9a833bb35d8bc763c6ac5515d9d40f7ecb52d802bc46b9e9f320fb1aed2db8d67ff9e94510eebb5f0fa709d8c2b1a2d9cf0c0c258b55719cd482570e1bd2fa0471f0fee369312c243a61b973263f73dd9b002194466ddd2e5224948ad64fefb3100c4ad4ade6f14840d40c9b296f3b77b6f8cf26cd745572dbb09118a0b861f5d274978300b8ed9533e3b6fa9b297b57e4350f6ae47dae7bbba78a38fbe701f419280af1ae8c6dbcdbbd279b443c3de6e48e81bd3621763e0f9869ee7e49273aba58ec4c61a7855596a9514e8270ad472f96a088e406b31fe4b72073c84416ed336877bb5fdb21aeaf0be1b31a294b599b30ed48d68c1f05bedaf09c7c5c051ce188b3c806d8f20673814647b9c0b3f6aba5c6f6800672344000cc272bd0e97fcefbbffd8d57a0e9dec6fa4a57cfc1174f6db8626f8846d40ed7d6a2fa2553c6b5e0cf6ee63aed321158ef975dbd2eccfec135aece70a3ce6b6d9876b92f965f7eef4bfdd51e5fb8ff3e471ee7b59af806188b920e1aaaeab945ae105708fd1334b9765ec4cf4e5967e9849aaa3ac32d9a1f2dbb0c442fc035bf0bbe9f588e763a5edc30dd90f6371593f18fd9172bbe62ff82e405919feeb2d3d8efca804e27b665c49ad98d45521eee4a236affd801f3a81fddad285a9aaf0338bc825f637edb5a29195bd738d02e8643628d33fe3a0ca212bf0d44654e47e10425d902534fc522bf251818022399c10cfda5dc7ace2ea715906f3de2feac5dad33841c582d3094f33ccd781b472fa4b96479c1757876c355fae948b48c551893ff442b50824e042e07694c6aa699c34eb2aa155aa5ac928321bb71573599710dc2380e8bc8503975933a95d3697ac182714ac9ae61b257f108448e0752d9fa59354ca08b19f1ef5e9c81ca79ba91c31e71c2fae1cc1f40df02b4356c22dbbff79f6da53e341d980296ec38696a22ef3332fe12362a775cf3239dbabe495ca91dc8dec9ca3bcbadd330caf6d9dfc2bf6e025e05f8041f858b910f2eff2103af06ebdcccf4aa758a2b1f969abe8d7e66fdd3e6feb747b3eac50d970a52f377b8be3f498f2818621794c14b7b01410b6e7d486116e838dd46e0f6468e5612bc03af8b47cc1734271bf37737f49378a7feab30a4316387c4d01dd743809800fe501782a88faea8e1ee7fb4d50bf6649737ccae288f84ecb23c4c059389512881895fca0eb0313c2e605a8af9ae77cbb7dfb9c682ec04376e172ff59aadc9146947e9ad4234487d5d72557f5fe478e619d345b0040db7db87aa51cd24c79e87916865189615c097adeeaec53ca2687d7bcb56545c9b723cf65347d0068f07d5d7ba65ec629471b419c359c841fd73be88a3c7057d79c1d054573fe14a74e1932571cfc60a5b182cbe96e450615d87670a8749b125a0f98fcaa3453764c55bf34d8a259c2c7474f2a6901ba29e8e42678769479757744e8b17e5fc9a52ea69b414e45d47c8b03d9e9da1e0b9848ce1750106261a8a1fcd0adc46f8a19f928f437be0ba2e9007b03fe1edea79af7c50c68742b2a5b6a6c9bb4bf3ad8cf93b593e459b5da5b07bde4a0e7261641d96acebe98d8704a7897f60e344f0cac8dbac242864133de3da1935cc6254fd6db5f4f9b923ab626fb7acbf40b26c3ec71370cefeadd38adc549006dfb5b1bb198e6d374be01a102df1bb6d29310f6a3794d801ef888d8e63e864c2766be68166daf881965a2cb0b610f6230c0bcb9d5749504db8e2d813a50992b2c0b2f3c0abc42f725643e292c0ec28376d9d9898", 0x1000, 0x4010, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000001840)={0x2020, 0x0, <r2=>0x0}, 0x2020)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
ioctl$NBD_SET_TIMEOUT(r3, 0xab09, 0x1e0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000001180)={0x78, 0xb, r2, {0xa664, 0x6, 0x0, {0x0, 0x3f, 0x46ab, 0x49, 0x7, 0x37, 0xc700, 0x7e, 0x7, 0x1c000, 0x20, 0x0, 0xee00, 0x3, 0x1}}}, 0x78)

15:45:05 executing program 1:
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:05 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:45:05 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4020940d, 0x0)

15:45:05 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x40049409, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:05 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4020940d, 0x0)

15:45:05 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4020940d, 0x0)

15:45:05 executing program 1:
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000040)={0xc000200a})

15:45:05 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4020940d, 0x0)

15:45:05 executing program 3:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x40049409, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:05 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:45:06 executing program 1:
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, 0xffffffffffffffff, &(0x7f0000000040)={0xc000200a})

15:45:06 executing program 0:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0xa7, 0x1], 0x2, 0x80800, 0x0, <r0=>0xffffffffffffffff})
write$bt_hci(r0, &(0x7f00000000c0)={0x1, @exit_sniff_mode={{0x804, 0x2}, {0xc9}}}, 0x6)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000001c0)={&(0x7f0000000180)=[0x8, 0x2, 0x7f, 0x7, 0xbc19], 0x5, 0x80800, 0x0, <r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)={0x10000000})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000040)={0xff7c, 0x40, '\x00', 0x5, 0x7})
io_uring_setup(0x2cd2, &(0x7f0000000100)={0x0, 0x6057, 0x10, 0x2, 0x18, 0x0, r0})

15:45:06 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4020940d, &(0x7f0000000040)={0x0, 0x0, "5bf90b"})

15:45:06 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:45:06 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x40049409, 0x0)

15:45:06 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x4020940d, 0x0)

15:45:06 executing program 1:
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, 0xffffffffffffffff, &(0x7f0000000040)={0xc000200a})

15:45:06 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7ff, '\x00', 0xff, 0x4})
write$bt_hci(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="010104d06aab90e203f3008a630b0f744949c0581dd66a29e1127c232f52aafafa171d429cf7ffa94b46af0891131f0e280d8460e334a194449e166b206ec021b2644068fbb1b347bfbff9d8ebcd7078f6eb1b0e5068fa61158a7c2fd6c13015c2580fd6266b40772beae91002950ff6d4d6841e71096b01a39fd2733d8b4699312b79502791a44c47eafe4058ebf1c1ead40f53adb513180a8e2d603039809fb4d41cd2b8e6510fdf664096de0849a0f1b965010b59ac366a4fc10d49569c0705ca5bfb19604142422bbb45446bb7eec1abaa29c05e2de9cd83bb0918af5f8fe1a84f0f7a6720d2daa661802e30ef62c97f086ee4fe8d5495618b2a82d02f6a20fe93dc215de41a5d127f1c884a4cc0dbbc5b7952c9a1cb696e9e41c177a20738486d1eb82017b8afa762f5b6d01a6042d9a9af9f22f3047078cc613b72bff09d434948a65445128d60ef270c1b8d88d27ff39e3b665f21dcbb5c964962f524af005c9b267e6c7abb"], 0x9)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
socket(0xf, 0x1, 0x2)
sendto$phonet(r1, &(0x7f0000000180)="cd80ef4e60c56b48a4899afb9248794007596c1c02f7d8e1b07d182a2dd4ce4ab89cb6f797866e96e0d1fd06f276518961400ffbd6fc7d5ed913e88b19a28d0dc6894226e24babd8d75c62daabd1db588ce165151be26c91f5d2e1035fea289ccec80687c3e36a0e5f3539d4f09ef9b24dbd0bc27e3e8896d4adf6ef4f27cd1d5c73109b0ef333370277db4d42b8e7de5f849593b1f51e974b2f31c55f1585f46ca1de563c2aa88a579ef20a7f81078355fef9fb33e654ad476888f835483fb646f820f4ede2dddc4ef70f8ad10df75727fe4536c35201305ad4a947578864f24bc7392fce11aaac8fd5a2b9a710979f2b4e7225ed79a9d702fcc25ed5762201e3540b7d88db2d447d5b656b254df20125901e461ba8a8232247a5e24413897eaf72e09a4c133403fbfefef04130a525fec5d42d098a2cd14475d6f246710fbcf5b589cf1ba53b7480bd4b5a6ee6d03b88d75dc1f8f9c5bb22aa5d0607a3ee378451f86b2c12bdda56714aa1b99f1496f294250b56a5ef1f39ac415e159b99f92b6b8bbf9feb5e367d546ceb46f29e955238ffbfdb5c71d63d7254d1e815c98439c674655693b53b311c3899fbd01cf1854b3b0b729baaefb454712650af631e86792bb10e307a4cbb07eca85c1b5671179ce95b3adf484d6c62c3639cadbbad094eba11a196364ba1ea4036a97d0a2c0fdff18026bb18ff7170a0d5b4d8196e41606f6210f0f2c3a392960b379bc756fa25b7d7a0c80198f5b98583378a9da63445742b5e0aa2f11b65f66a711a558a7cf6c93538f41a5c49239ee7c4b94901f9e2a9cdd4323f2a44c92f4728fe1a93106e0c679f32484fefc0118d3853589dbc7825bd8664416a44bca6ef4e81e3f690f16dfb6204f46d586f9b777587eacc32a88bbc92c53bd0f036b233d56724fb3a3a6662bc1d4a374a65e0858ed3ff641e945ee20a86354833a04d00a2c46d56659fdc8f47c325aa0e131f9884246ceaba8bd3feefddaa0924ed2962c44a61b1dc913baaf096c64ff9b1f73ccf2a39b2e42838f74f6d174bc448af051b838c1a329fe16c07c02e827ad3b09f4c2f7277ceed362eaace466f9d637b2056bc5b6f6c3a5ca349659d3a2c2b8acc5377510d4e1b1aa5b97ea45090054457912fe2c4a47a7b377e5f3afdc5c4ad4df2d60da052b6269847e2a0aa32ecdd45f85b5974506b0796467e094227062805be4bfffde81ceb9442cc77c6aa542c37da2a557d2ddabf41652f8763b1e99fea03d7ff9369718cba0e9708ef6c5660dca81bade99106d59547be978045c729f9a4e42319b0c30a8207f791cbf496c04f6c5e0f883c7b5557dbcf4157f390a654a391fbf2a75d0a08a2059e7c1b58b4d93898ba5f7fe0972aa3defde3b6654c3ffd5e438c1c6850db964ecd44a3659d3e2e6ec08bebe4e71354c04454bd191a971be507c5e1a70438ffbcfb609eb36cac6f6820f7c209f8a9c955befac40f89cccfb9dbe1e898ec6bd3c3b1594119d3e7e7a9e968aa3777558402cb11b25368e0044cddec135e8c1dceb4abdce805fb56cbfd021c8043364c535fe2111bd2c1911d12c99ad5bfce18873942acd5bd1160a085a2fa239ff48c5d44656d7f30d864c278d08ac2a2061d4c0820a3c8a853110558627c8a32a6c4ae29f351130a3e2496f11da6cb3ad4aac786e9db4a750f52f7bf783488bc2aa9b54f46808b0623f8a3c4fbcb006139dcbc1d3986149a7ff4d687888be415586c0d9673f6ebb7d02a602264ed070b9d29efdfafed1a699921a6215a7ec783ca0cf8e08517a983eb2b122dd3de204ac6f19a890977f40a19bd5b893b6d64bd364cfb25670973be4bf1d0dc53da829607e886745fe2e7ed714e16306ab7732442dc029a13aa0a3855a312205cce90e32fc6c39b4e905a6159846491670f8bf4ca94ddfc3626af98a447853e75d10ab672e11b99ce807596f3174e798136d53262177e24736ed7608965d7f193f0163d44ad0a0194f572c3886993a53d75053ed9847d8605e56876f546e712f9b532b0caeda74fd3263df04f3780ef666d11d3d11b28d0c910e2727acd9ef7bc605174516d762c16f1d5b83efe23f84229a6bfa39f0b4480eb70b48483ccd61af1fc70cf67041586df4d4c9379460d0bf6f4dca1e4e88760f4b543623e06ca3b0a41d205d10389ac7aad6ad3588a21b50f5a76a1a2c1dce0fd079b5fbd4e577be2ca6ec6d85199a18262289784898b3bd3ba19c0abc683581548342c6ead5abd871fc3ffd92bcfdeb610a8768311d2ac47b277f6838707f00ba975f9746a6c5648b6902cca51d85dd5da1c4414b0a63537da03603c37d993938ffe62c2d1295b69cfc29e36db2f7db588ab47710ec05a3e288d92c8b0d5134649daa48db6709150d4925ba7392863edea63ccc144ea2f79f869fd1e4c8961eff9ff826d494a8a3c2de0ec58556b7d9fcef4d21a5340f2e0ff4500aeb2db999622ad1c0077f38305cbacdcefa72be74993c3c58adc2e52a523a3357d90f7679ae98c712a6b64b4d731c987696bd162aa6ac4965afd7effc3c76c7cbb214a0a3880d063761c86edb67194525dbffb62f597878f3644d6e25ff723dbd36fc4908d3a3353f8a6ee7843df5743b08a7671727fe255d38f07d8850aead0f8bab0e6883afcd388b1e5b0cc917969900c917fe516c23255fea5d9ba06eddd28f0b8e2d193260d15f00480b8cee2ebe6b096bc7b80004c79f33be1ce8e129fa0d1eeda88eedd4e5a926a8eea2157545564fe656ea8a25f091e1d801d459f2638a4704f12868faa52ffb9bb3a306b4a19b71b09d685ec16d1e6ca805f6f90f76a7dc9da55ff5859aa0be630081d44f30bb047d10b59aa17afa5b4698843a5315976ad104fbf890aac9dd5e38555ee90dccd641ea58b39c3f119d1d1c5ab02e4af3a34e2451ce4913452bade503818daf2e7383bdff0becf866e5faf937514335da140e7d2a91b0b5b0c5fc7dfd0c78adfe9f6a4ded9ceac9a06b2e56d20803c2b37ea6b26b6e1205b9dcb111a570fbbd482662b93f30d545eaa67f40b43321c2b6ced8e8780767f80ac7988a429cdc62fc2913b45f92baa97a02cd73bd28e8db26a08ac05afad6ef9d3b0c201928eebca6fb0a5eb306561602c3eb1416217dadc5d540a0fe3a217c976756637ae726977110245292ecba35bf835f1963e90a782f24bae99d4e8aee7fa42344f210dc6d39afb7e620047c9676b66245996b00da3e0c38e1ae6fe37ce2036053d1a9e4d6b82d99bfbb28c4a4e97cd4fdcee530cdd662e5417a40da70d3ba30effa6975b3a1bb7d4b139effee474449ade9539c68cce80ce5d8d0cbf467af1647b405203db88888a7b966fa6e78a5f04eb8205451bd751908e6a4af817feba8a1636a7e9a7fd9995d5eb4c3c1eda9c8ed986d4cadd1e8d9eab64568371e4971d659f9590dc27cfe2250f0facc4578fd980c705a036f4521f75794d245186196fb693163e1828dc7b2be70480fe01ab35cdeb6387a57b5538dfe704ed1245dd0b42bacca8e76ddc3920d115f7156f50306d258b9a5930f4d3d94f3ce1945f79eebf7929775718afc72f992162a123db10c362c0ae97c174836d3f4fa15bd2f95045b0ea0672a1463236bc460856eca1544adc41d7f1dbd1eb228a5dde4a0852077f47396cc4f87004da03bbde8dd7bc037e8f9d02d903f50dd30992990acba44cb823894477d39f8c2807a5bc64fbe37aa72072ab798999d74a04a11c43bd6de55ad913e21280f5f71bc82e3c12e9d08035191b5724dcdfdeb1b97c808ed9b8edc7f160c6b215596c8e6a34dcf2d0942a9279d3f3321c0ea18c411a6ab9231f6fa94752e58a2c9831f94325e72a036b878f37cf4175039402310d08601dc912c58ddca737090ba6e92ced3c6398793ae94e75d7f815d4fb63b9975196a48ff7f4593aebba5ceb6c3acc04fad381c036b4c04e07dce25fc4b477dc071b3552e6dca3514d8b1d486660b4d2a1b0ce9a833bb35d8bc763c6ac5515d9d40f7ecb52d802bc46b9e9f320fb1aed2db8d67ff9e94510eebb5f0fa709d8c2b1a2d9cf0c0c258b55719cd482570e1bd2fa0471f0fee369312c243a61b973263f73dd9b002194466ddd2e5224948ad64fefb3100c4ad4ade6f14840d40c9b296f3b77b6f8cf26cd745572dbb09118a0b861f5d274978300b8ed9533e3b6fa9b297b57e4350f6ae47dae7bbba78a38fbe701f419280af1ae8c6dbcdbbd279b443c3de6e48e81bd3621763e0f9869ee7e49273aba58ec4c61a7855596a9514e8270ad472f96a088e406b31fe4b72073c84416ed336877bb5fdb21aeaf0be1b31a294b599b30ed48d68c1f05bedaf09c7c5c051ce188b3c806d8f20673814647b9c0b3f6aba5c6f6800672344000cc272bd0e97fcefbbffd8d57a0e9dec6fa4a57cfc1174f6db8626f8846d40ed7d6a2fa2553c6b5e0cf6ee63aed321158ef975dbd2eccfec135aece70a3ce6b6d9876b92f965f7eef4bfdd51e5fb8ff3e471ee7b59af806188b920e1aaaeab945ae105708fd1334b9765ec4cf4e5967e9849aaa3ac32d9a1f2dbb0c442fc035bf0bbe9f588e763a5edc30dd90f6371593f18fd9172bbe62ff82e405919feeb2d3d8efca804e27b665c49ad98d45521eee4a236affd801f3a81fddad285a9aaf0338bc825f637edb5a29195bd738d02e8643628d33fe3a0ca212bf0d44654e47e10425d902534fc522bf251818022399c10cfda5dc7ace2ea715906f3de2feac5dad33841c582d3094f33ccd781b472fa4b96479c1757876c355fae948b48c551893ff442b50824e042e07694c6aa699c34eb2aa155aa5ac928321bb71573599710dc2380e8bc8503975933a95d3697ac182714ac9ae61b257f108448e0752d9fa59354ca08b19f1ef5e9c81ca79ba91c31e71c2fae1cc1f40df02b4356c22dbbff79f6da53e341d980296ec38696a22ef3332fe12362a775cf3239dbabe495ca91dc8dec9ca3bcbadd330caf6d9dfc2bf6e025e05f8041f858b910f2eff2103af06ebdcccf4aa758a2b1f969abe8d7e66fdd3e6feb747b3eac50d970a52f377b8be3f498f2818621794c14b7b01410b6e7d486116e838dd46e0f6468e5612bc03af8b47cc1734271bf37737f49378a7feab30a4316387c4d01dd743809800fe501782a88faea8e1ee7fb4d50bf6649737ccae288f84ecb23c4c059389512881895fca0eb0313c2e605a8af9ae77cbb7dfb9c682ec04376e172ff59aadc9146947e9ad4234487d5d72557f5fe478e619d345b0040db7db87aa51cd24c79e87916865189615c097adeeaec53ca2687d7bcb56545c9b723cf65347d0068f07d5d7ba65ec629471b419c359c841fd73be88a3c7057d79c1d054573fe14a74e1932571cfc60a5b182cbe96e450615d87670a8749b125a0f98fcaa3453764c55bf34d8a259c2c7474f2a6901ba29e8e42678769479757744e8b17e5fc9a52ea69b414e45d47c8b03d9e9da1e0b9848ce1750106261a8a1fcd0adc46f8a19f928f437be0ba2e9007b03fe1edea79af7c50c68742b2a5b6a6c9bb4bf3ad8cf93b593e459b5da5b07bde4a0e7261641d96acebe98d8704a7897f60e344f0cac8dbac242864133de3da1935cc6254fd6db5f4f9b923ab626fb7acbf40b26c3ec71370cefeadd38adc549006dfb5b1bb198e6d374be01a102df1bb6d29310f6a3794d801ef888d8e63e864c2766be68166daf881965a2cb0b610f6230c0bcb9d5749504db8e2d813a50992b2c0b2f3c0abc42f725643e292c0ec28376d9d9898", 0x1000, 0x4010, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000001840)={0x2020, 0x0, <r2=>0x0}, 0x2020)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
ioctl$NBD_SET_TIMEOUT(r3, 0xab09, 0x1e0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000001180)={0x78, 0xb, r2, {0xa664, 0x6, 0x0, {0x0, 0x3f, 0x46ab, 0x49, 0x7, 0x37, 0xc700, 0x7e, 0x7, 0x1c000, 0x20, 0x0, 0xee00, 0x3, 0x1}}}, 0x78)

[  748.179267][    T5] Bluetooth: hci0: command 0x0401 tx timeout
15:45:06 executing program 1:
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, 0xffffffffffffffff, &(0x7f0000000040)={0xc000200a})

15:45:06 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x0, 0xfffffffffffff000, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:06 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x40049409, 0x0)

15:45:06 executing program 4:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, 0x0)

15:45:07 executing program 1:
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, 0x0)

15:45:07 executing program 0:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x412000, 0x0)
ioctl$SOUND_MIXER_READ_STEREODEVS(r0, 0x80044dfb, &(0x7f0000000080))
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$SOUND_MIXER_READ_RECMASK(0xffffffffffffffff, 0x80044dfd, &(0x7f0000000000))

15:45:07 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x0, 0x0, 0x100000001, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:07 executing program 4:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, 0x0)

15:45:07 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x40049409, 0x0)

15:45:07 executing program 4:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, 0x0)

15:45:07 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x101000, 0x0)
ioctl$SOUND_MIXER_INFO(r1, 0x805c4d65, &(0x7f0000000080))
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:07 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7ff, '\x00', 0xff, 0x4})
write$bt_hci(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="010104d06aab90e203f3008a630b0f744949c0581dd66a29e1127c232f52aafafa171d429cf7ffa94b46af0891131f0e280d8460e334a194449e166b206ec021b2644068fbb1b347bfbff9d8ebcd7078f6eb1b0e5068fa61158a7c2fd6c13015c2580fd6266b40772beae91002950ff6d4d6841e71096b01a39fd2733d8b4699312b79502791a44c47eafe4058ebf1c1ead40f53adb513180a8e2d603039809fb4d41cd2b8e6510fdf664096de0849a0f1b965010b59ac366a4fc10d49569c0705ca5bfb19604142422bbb45446bb7eec1abaa29c05e2de9cd83bb0918af5f8fe1a84f0f7a6720d2daa661802e30ef62c97f086ee4fe8d5495618b2a82d02f6a20fe93dc215de41a5d127f1c884a4cc0dbbc5b7952c9a1cb696e9e41c177a20738486d1eb82017b8afa762f5b6d01a6042d9a9af9f22f3047078cc613b72bff09d434948a65445128d60ef270c1b8d88d27ff39e3b665f21dcbb5c964962f524af005c9b267e6c7abb"], 0x9)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
socket(0xf, 0x1, 0x2)
sendto$phonet(r1, &(0x7f0000000180)="cd80ef4e60c56b48a4899afb9248794007596c1c02f7d8e1b07d182a2dd4ce4ab89cb6f797866e96e0d1fd06f276518961400ffbd6fc7d5ed913e88b19a28d0dc6894226e24babd8d75c62daabd1db588ce165151be26c91f5d2e1035fea289ccec80687c3e36a0e5f3539d4f09ef9b24dbd0bc27e3e8896d4adf6ef4f27cd1d5c73109b0ef333370277db4d42b8e7de5f849593b1f51e974b2f31c55f1585f46ca1de563c2aa88a579ef20a7f81078355fef9fb33e654ad476888f835483fb646f820f4ede2dddc4ef70f8ad10df75727fe4536c35201305ad4a947578864f24bc7392fce11aaac8fd5a2b9a710979f2b4e7225ed79a9d702fcc25ed5762201e3540b7d88db2d447d5b656b254df20125901e461ba8a8232247a5e24413897eaf72e09a4c133403fbfefef04130a525fec5d42d098a2cd14475d6f246710fbcf5b589cf1ba53b7480bd4b5a6ee6d03b88d75dc1f8f9c5bb22aa5d0607a3ee378451f86b2c12bdda56714aa1b99f1496f294250b56a5ef1f39ac415e159b99f92b6b8bbf9feb5e367d546ceb46f29e955238ffbfdb5c71d63d7254d1e815c98439c674655693b53b311c3899fbd01cf1854b3b0b729baaefb454712650af631e86792bb10e307a4cbb07eca85c1b5671179ce95b3adf484d6c62c3639cadbbad094eba11a196364ba1ea4036a97d0a2c0fdff18026bb18ff7170a0d5b4d8196e41606f6210f0f2c3a392960b379bc756fa25b7d7a0c80198f5b98583378a9da63445742b5e0aa2f11b65f66a711a558a7cf6c93538f41a5c49239ee7c4b94901f9e2a9cdd4323f2a44c92f4728fe1a93106e0c679f32484fefc0118d3853589dbc7825bd8664416a44bca6ef4e81e3f690f16dfb6204f46d586f9b777587eacc32a88bbc92c53bd0f036b233d56724fb3a3a6662bc1d4a374a65e0858ed3ff641e945ee20a86354833a04d00a2c46d56659fdc8f47c325aa0e131f9884246ceaba8bd3feefddaa0924ed2962c44a61b1dc913baaf096c64ff9b1f73ccf2a39b2e42838f74f6d174bc448af051b838c1a329fe16c07c02e827ad3b09f4c2f7277ceed362eaace466f9d637b2056bc5b6f6c3a5ca349659d3a2c2b8acc5377510d4e1b1aa5b97ea45090054457912fe2c4a47a7b377e5f3afdc5c4ad4df2d60da052b6269847e2a0aa32ecdd45f85b5974506b0796467e094227062805be4bfffde81ceb9442cc77c6aa542c37da2a557d2ddabf41652f8763b1e99fea03d7ff9369718cba0e9708ef6c5660dca81bade99106d59547be978045c729f9a4e42319b0c30a8207f791cbf496c04f6c5e0f883c7b5557dbcf4157f390a654a391fbf2a75d0a08a2059e7c1b58b4d93898ba5f7fe0972aa3defde3b6654c3ffd5e438c1c6850db964ecd44a3659d3e2e6ec08bebe4e71354c04454bd191a971be507c5e1a70438ffbcfb609eb36cac6f6820f7c209f8a9c955befac40f89cccfb9dbe1e898ec6bd3c3b1594119d3e7e7a9e968aa3777558402cb11b25368e0044cddec135e8c1dceb4abdce805fb56cbfd021c8043364c535fe2111bd2c1911d12c99ad5bfce18873942acd5bd1160a085a2fa239ff48c5d44656d7f30d864c278d08ac2a2061d4c0820a3c8a853110558627c8a32a6c4ae29f351130a3e2496f11da6cb3ad4aac786e9db4a750f52f7bf783488bc2aa9b54f46808b0623f8a3c4fbcb006139dcbc1d3986149a7ff4d687888be415586c0d9673f6ebb7d02a602264ed070b9d29efdfafed1a699921a6215a7ec783ca0cf8e08517a983eb2b122dd3de204ac6f19a890977f40a19bd5b893b6d64bd364cfb25670973be4bf1d0dc53da829607e886745fe2e7ed714e16306ab7732442dc029a13aa0a3855a312205cce90e32fc6c39b4e905a6159846491670f8bf4ca94ddfc3626af98a447853e75d10ab672e11b99ce807596f3174e798136d53262177e24736ed7608965d7f193f0163d44ad0a0194f572c3886993a53d75053ed9847d8605e56876f546e712f9b532b0caeda74fd3263df04f3780ef666d11d3d11b28d0c910e2727acd9ef7bc605174516d762c16f1d5b83efe23f84229a6bfa39f0b4480eb70b48483ccd61af1fc70cf67041586df4d4c9379460d0bf6f4dca1e4e88760f4b543623e06ca3b0a41d205d10389ac7aad6ad3588a21b50f5a76a1a2c1dce0fd079b5fbd4e577be2ca6ec6d85199a18262289784898b3bd3ba19c0abc683581548342c6ead5abd871fc3ffd92bcfdeb610a8768311d2ac47b277f6838707f00ba975f9746a6c5648b6902cca51d85dd5da1c4414b0a63537da03603c37d993938ffe62c2d1295b69cfc29e36db2f7db588ab47710ec05a3e288d92c8b0d5134649daa48db6709150d4925ba7392863edea63ccc144ea2f79f869fd1e4c8961eff9ff826d494a8a3c2de0ec58556b7d9fcef4d21a5340f2e0ff4500aeb2db999622ad1c0077f38305cbacdcefa72be74993c3c58adc2e52a523a3357d90f7679ae98c712a6b64b4d731c987696bd162aa6ac4965afd7effc3c76c7cbb214a0a3880d063761c86edb67194525dbffb62f597878f3644d6e25ff723dbd36fc4908d3a3353f8a6ee7843df5743b08a7671727fe255d38f07d8850aead0f8bab0e6883afcd388b1e5b0cc917969900c917fe516c23255fea5d9ba06eddd28f0b8e2d193260d15f00480b8cee2ebe6b096bc7b80004c79f33be1ce8e129fa0d1eeda88eedd4e5a926a8eea2157545564fe656ea8a25f091e1d801d459f2638a4704f12868faa52ffb9bb3a306b4a19b71b09d685ec16d1e6ca805f6f90f76a7dc9da55ff5859aa0be630081d44f30bb047d10b59aa17afa5b4698843a5315976ad104fbf890aac9dd5e38555ee90dccd641ea58b39c3f119d1d1c5ab02e4af3a34e2451ce4913452bade503818daf2e7383bdff0becf866e5faf937514335da140e7d2a91b0b5b0c5fc7dfd0c78adfe9f6a4ded9ceac9a06b2e56d20803c2b37ea6b26b6e1205b9dcb111a570fbbd482662b93f30d545eaa67f40b43321c2b6ced8e8780767f80ac7988a429cdc62fc2913b45f92baa97a02cd73bd28e8db26a08ac05afad6ef9d3b0c201928eebca6fb0a5eb306561602c3eb1416217dadc5d540a0fe3a217c976756637ae726977110245292ecba35bf835f1963e90a782f24bae99d4e8aee7fa42344f210dc6d39afb7e620047c9676b66245996b00da3e0c38e1ae6fe37ce2036053d1a9e4d6b82d99bfbb28c4a4e97cd4fdcee530cdd662e5417a40da70d3ba30effa6975b3a1bb7d4b139effee474449ade9539c68cce80ce5d8d0cbf467af1647b405203db88888a7b966fa6e78a5f04eb8205451bd751908e6a4af817feba8a1636a7e9a7fd9995d5eb4c3c1eda9c8ed986d4cadd1e8d9eab64568371e4971d659f9590dc27cfe2250f0facc4578fd980c705a036f4521f75794d245186196fb693163e1828dc7b2be70480fe01ab35cdeb6387a57b5538dfe704ed1245dd0b42bacca8e76ddc3920d115f7156f50306d258b9a5930f4d3d94f3ce1945f79eebf7929775718afc72f992162a123db10c362c0ae97c174836d3f4fa15bd2f95045b0ea0672a1463236bc460856eca1544adc41d7f1dbd1eb228a5dde4a0852077f47396cc4f87004da03bbde8dd7bc037e8f9d02d903f50dd30992990acba44cb823894477d39f8c2807a5bc64fbe37aa72072ab798999d74a04a11c43bd6de55ad913e21280f5f71bc82e3c12e9d08035191b5724dcdfdeb1b97c808ed9b8edc7f160c6b215596c8e6a34dcf2d0942a9279d3f3321c0ea18c411a6ab9231f6fa94752e58a2c9831f94325e72a036b878f37cf4175039402310d08601dc912c58ddca737090ba6e92ced3c6398793ae94e75d7f815d4fb63b9975196a48ff7f4593aebba5ceb6c3acc04fad381c036b4c04e07dce25fc4b477dc071b3552e6dca3514d8b1d486660b4d2a1b0ce9a833bb35d8bc763c6ac5515d9d40f7ecb52d802bc46b9e9f320fb1aed2db8d67ff9e94510eebb5f0fa709d8c2b1a2d9cf0c0c258b55719cd482570e1bd2fa0471f0fee369312c243a61b973263f73dd9b002194466ddd2e5224948ad64fefb3100c4ad4ade6f14840d40c9b296f3b77b6f8cf26cd745572dbb09118a0b861f5d274978300b8ed9533e3b6fa9b297b57e4350f6ae47dae7bbba78a38fbe701f419280af1ae8c6dbcdbbd279b443c3de6e48e81bd3621763e0f9869ee7e49273aba58ec4c61a7855596a9514e8270ad472f96a088e406b31fe4b72073c84416ed336877bb5fdb21aeaf0be1b31a294b599b30ed48d68c1f05bedaf09c7c5c051ce188b3c806d8f20673814647b9c0b3f6aba5c6f6800672344000cc272bd0e97fcefbbffd8d57a0e9dec6fa4a57cfc1174f6db8626f8846d40ed7d6a2fa2553c6b5e0cf6ee63aed321158ef975dbd2eccfec135aece70a3ce6b6d9876b92f965f7eef4bfdd51e5fb8ff3e471ee7b59af806188b920e1aaaeab945ae105708fd1334b9765ec4cf4e5967e9849aaa3ac32d9a1f2dbb0c442fc035bf0bbe9f588e763a5edc30dd90f6371593f18fd9172bbe62ff82e405919feeb2d3d8efca804e27b665c49ad98d45521eee4a236affd801f3a81fddad285a9aaf0338bc825f637edb5a29195bd738d02e8643628d33fe3a0ca212bf0d44654e47e10425d902534fc522bf251818022399c10cfda5dc7ace2ea715906f3de2feac5dad33841c582d3094f33ccd781b472fa4b96479c1757876c355fae948b48c551893ff442b50824e042e07694c6aa699c34eb2aa155aa5ac928321bb71573599710dc2380e8bc8503975933a95d3697ac182714ac9ae61b257f108448e0752d9fa59354ca08b19f1ef5e9c81ca79ba91c31e71c2fae1cc1f40df02b4356c22dbbff79f6da53e341d980296ec38696a22ef3332fe12362a775cf3239dbabe495ca91dc8dec9ca3bcbadd330caf6d9dfc2bf6e025e05f8041f858b910f2eff2103af06ebdcccf4aa758a2b1f969abe8d7e66fdd3e6feb747b3eac50d970a52f377b8be3f498f2818621794c14b7b01410b6e7d486116e838dd46e0f6468e5612bc03af8b47cc1734271bf37737f49378a7feab30a4316387c4d01dd743809800fe501782a88faea8e1ee7fb4d50bf6649737ccae288f84ecb23c4c059389512881895fca0eb0313c2e605a8af9ae77cbb7dfb9c682ec04376e172ff59aadc9146947e9ad4234487d5d72557f5fe478e619d345b0040db7db87aa51cd24c79e87916865189615c097adeeaec53ca2687d7bcb56545c9b723cf65347d0068f07d5d7ba65ec629471b419c359c841fd73be88a3c7057d79c1d054573fe14a74e1932571cfc60a5b182cbe96e450615d87670a8749b125a0f98fcaa3453764c55bf34d8a259c2c7474f2a6901ba29e8e42678769479757744e8b17e5fc9a52ea69b414e45d47c8b03d9e9da1e0b9848ce1750106261a8a1fcd0adc46f8a19f928f437be0ba2e9007b03fe1edea79af7c50c68742b2a5b6a6c9bb4bf3ad8cf93b593e459b5da5b07bde4a0e7261641d96acebe98d8704a7897f60e344f0cac8dbac242864133de3da1935cc6254fd6db5f4f9b923ab626fb7acbf40b26c3ec71370cefeadd38adc549006dfb5b1bb198e6d374be01a102df1bb6d29310f6a3794d801ef888d8e63e864c2766be68166daf881965a2cb0b610f6230c0bcb9d5749504db8e2d813a50992b2c0b2f3c0abc42f725643e292c0ec28376d9d9898", 0x1000, 0x4010, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000001840)={0x2020, 0x0, <r2=>0x0}, 0x2020)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
ioctl$NBD_SET_TIMEOUT(r3, 0xab09, 0x1e0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000001180)={0x78, 0xb, r2, {0xa664, 0x6, 0x0, {0x0, 0x3f, 0x46ab, 0x49, 0x7, 0x37, 0xc700, 0x7e, 0x7, 0x1c000, 0x20, 0x0, 0xee00, 0x3, 0x1}}}, 0x78)

15:45:07 executing program 1:
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, 0x0)

15:45:07 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8000000, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:07 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x40049409, &(0x7f0000000040)={0x0, 0x0, "5bf90b"})

15:45:07 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, 0x0)

15:45:07 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, 0x0)

15:45:07 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x40049409, 0x0)

15:45:07 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:07 executing program 1:
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, 0x0)

15:45:08 executing program 1:
r0 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000040))

15:45:08 executing program 3:
select(0x40, &(0x7f0000000000), 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:45:08 executing program 0:
geteuid()
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:08 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7ff, '\x00', 0xff, 0x4})
write$bt_hci(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="010104d06aab90e203f3008a630b0f744949c0581dd66a29e1127c232f52aafafa171d429cf7ffa94b46af0891131f0e280d8460e334a194449e166b206ec021b2644068fbb1b347bfbff9d8ebcd7078f6eb1b0e5068fa61158a7c2fd6c13015c2580fd6266b40772beae91002950ff6d4d6841e71096b01a39fd2733d8b4699312b79502791a44c47eafe4058ebf1c1ead40f53adb513180a8e2d603039809fb4d41cd2b8e6510fdf664096de0849a0f1b965010b59ac366a4fc10d49569c0705ca5bfb19604142422bbb45446bb7eec1abaa29c05e2de9cd83bb0918af5f8fe1a84f0f7a6720d2daa661802e30ef62c97f086ee4fe8d5495618b2a82d02f6a20fe93dc215de41a5d127f1c884a4cc0dbbc5b7952c9a1cb696e9e41c177a20738486d1eb82017b8afa762f5b6d01a6042d9a9af9f22f3047078cc613b72bff09d434948a65445128d60ef270c1b8d88d27ff39e3b665f21dcbb5c964962f524af005c9b267e6c7abb"], 0x9)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
socket(0xf, 0x1, 0x2)
sendto$phonet(r1, &(0x7f0000000180)="cd80ef4e60c56b48a4899afb9248794007596c1c02f7d8e1b07d182a2dd4ce4ab89cb6f797866e96e0d1fd06f276518961400ffbd6fc7d5ed913e88b19a28d0dc6894226e24babd8d75c62daabd1db588ce165151be26c91f5d2e1035fea289ccec80687c3e36a0e5f3539d4f09ef9b24dbd0bc27e3e8896d4adf6ef4f27cd1d5c73109b0ef333370277db4d42b8e7de5f849593b1f51e974b2f31c55f1585f46ca1de563c2aa88a579ef20a7f81078355fef9fb33e654ad476888f835483fb646f820f4ede2dddc4ef70f8ad10df75727fe4536c35201305ad4a947578864f24bc7392fce11aaac8fd5a2b9a710979f2b4e7225ed79a9d702fcc25ed5762201e3540b7d88db2d447d5b656b254df20125901e461ba8a8232247a5e24413897eaf72e09a4c133403fbfefef04130a525fec5d42d098a2cd14475d6f246710fbcf5b589cf1ba53b7480bd4b5a6ee6d03b88d75dc1f8f9c5bb22aa5d0607a3ee378451f86b2c12bdda56714aa1b99f1496f294250b56a5ef1f39ac415e159b99f92b6b8bbf9feb5e367d546ceb46f29e955238ffbfdb5c71d63d7254d1e815c98439c674655693b53b311c3899fbd01cf1854b3b0b729baaefb454712650af631e86792bb10e307a4cbb07eca85c1b5671179ce95b3adf484d6c62c3639cadbbad094eba11a196364ba1ea4036a97d0a2c0fdff18026bb18ff7170a0d5b4d8196e41606f6210f0f2c3a392960b379bc756fa25b7d7a0c80198f5b98583378a9da63445742b5e0aa2f11b65f66a711a558a7cf6c93538f41a5c49239ee7c4b94901f9e2a9cdd4323f2a44c92f4728fe1a93106e0c679f32484fefc0118d3853589dbc7825bd8664416a44bca6ef4e81e3f690f16dfb6204f46d586f9b777587eacc32a88bbc92c53bd0f036b233d56724fb3a3a6662bc1d4a374a65e0858ed3ff641e945ee20a86354833a04d00a2c46d56659fdc8f47c325aa0e131f9884246ceaba8bd3feefddaa0924ed2962c44a61b1dc913baaf096c64ff9b1f73ccf2a39b2e42838f74f6d174bc448af051b838c1a329fe16c07c02e827ad3b09f4c2f7277ceed362eaace466f9d637b2056bc5b6f6c3a5ca349659d3a2c2b8acc5377510d4e1b1aa5b97ea45090054457912fe2c4a47a7b377e5f3afdc5c4ad4df2d60da052b6269847e2a0aa32ecdd45f85b5974506b0796467e094227062805be4bfffde81ceb9442cc77c6aa542c37da2a557d2ddabf41652f8763b1e99fea03d7ff9369718cba0e9708ef6c5660dca81bade99106d59547be978045c729f9a4e42319b0c30a8207f791cbf496c04f6c5e0f883c7b5557dbcf4157f390a654a391fbf2a75d0a08a2059e7c1b58b4d93898ba5f7fe0972aa3defde3b6654c3ffd5e438c1c6850db964ecd44a3659d3e2e6ec08bebe4e71354c04454bd191a971be507c5e1a70438ffbcfb609eb36cac6f6820f7c209f8a9c955befac40f89cccfb9dbe1e898ec6bd3c3b1594119d3e7e7a9e968aa3777558402cb11b25368e0044cddec135e8c1dceb4abdce805fb56cbfd021c8043364c535fe2111bd2c1911d12c99ad5bfce18873942acd5bd1160a085a2fa239ff48c5d44656d7f30d864c278d08ac2a2061d4c0820a3c8a853110558627c8a32a6c4ae29f351130a3e2496f11da6cb3ad4aac786e9db4a750f52f7bf783488bc2aa9b54f46808b0623f8a3c4fbcb006139dcbc1d3986149a7ff4d687888be415586c0d9673f6ebb7d02a602264ed070b9d29efdfafed1a699921a6215a7ec783ca0cf8e08517a983eb2b122dd3de204ac6f19a890977f40a19bd5b893b6d64bd364cfb25670973be4bf1d0dc53da829607e886745fe2e7ed714e16306ab7732442dc029a13aa0a3855a312205cce90e32fc6c39b4e905a6159846491670f8bf4ca94ddfc3626af98a447853e75d10ab672e11b99ce807596f3174e798136d53262177e24736ed7608965d7f193f0163d44ad0a0194f572c3886993a53d75053ed9847d8605e56876f546e712f9b532b0caeda74fd3263df04f3780ef666d11d3d11b28d0c910e2727acd9ef7bc605174516d762c16f1d5b83efe23f84229a6bfa39f0b4480eb70b48483ccd61af1fc70cf67041586df4d4c9379460d0bf6f4dca1e4e88760f4b543623e06ca3b0a41d205d10389ac7aad6ad3588a21b50f5a76a1a2c1dce0fd079b5fbd4e577be2ca6ec6d85199a18262289784898b3bd3ba19c0abc683581548342c6ead5abd871fc3ffd92bcfdeb610a8768311d2ac47b277f6838707f00ba975f9746a6c5648b6902cca51d85dd5da1c4414b0a63537da03603c37d993938ffe62c2d1295b69cfc29e36db2f7db588ab47710ec05a3e288d92c8b0d5134649daa48db6709150d4925ba7392863edea63ccc144ea2f79f869fd1e4c8961eff9ff826d494a8a3c2de0ec58556b7d9fcef4d21a5340f2e0ff4500aeb2db999622ad1c0077f38305cbacdcefa72be74993c3c58adc2e52a523a3357d90f7679ae98c712a6b64b4d731c987696bd162aa6ac4965afd7effc3c76c7cbb214a0a3880d063761c86edb67194525dbffb62f597878f3644d6e25ff723dbd36fc4908d3a3353f8a6ee7843df5743b08a7671727fe255d38f07d8850aead0f8bab0e6883afcd388b1e5b0cc917969900c917fe516c23255fea5d9ba06eddd28f0b8e2d193260d15f00480b8cee2ebe6b096bc7b80004c79f33be1ce8e129fa0d1eeda88eedd4e5a926a8eea2157545564fe656ea8a25f091e1d801d459f2638a4704f12868faa52ffb9bb3a306b4a19b71b09d685ec16d1e6ca805f6f90f76a7dc9da55ff5859aa0be630081d44f30bb047d10b59aa17afa5b4698843a5315976ad104fbf890aac9dd5e38555ee90dccd641ea58b39c3f119d1d1c5ab02e4af3a34e2451ce4913452bade503818daf2e7383bdff0becf866e5faf937514335da140e7d2a91b0b5b0c5fc7dfd0c78adfe9f6a4ded9ceac9a06b2e56d20803c2b37ea6b26b6e1205b9dcb111a570fbbd482662b93f30d545eaa67f40b43321c2b6ced8e8780767f80ac7988a429cdc62fc2913b45f92baa97a02cd73bd28e8db26a08ac05afad6ef9d3b0c201928eebca6fb0a5eb306561602c3eb1416217dadc5d540a0fe3a217c976756637ae726977110245292ecba35bf835f1963e90a782f24bae99d4e8aee7fa42344f210dc6d39afb7e620047c9676b66245996b00da3e0c38e1ae6fe37ce2036053d1a9e4d6b82d99bfbb28c4a4e97cd4fdcee530cdd662e5417a40da70d3ba30effa6975b3a1bb7d4b139effee474449ade9539c68cce80ce5d8d0cbf467af1647b405203db88888a7b966fa6e78a5f04eb8205451bd751908e6a4af817feba8a1636a7e9a7fd9995d5eb4c3c1eda9c8ed986d4cadd1e8d9eab64568371e4971d659f9590dc27cfe2250f0facc4578fd980c705a036f4521f75794d245186196fb693163e1828dc7b2be70480fe01ab35cdeb6387a57b5538dfe704ed1245dd0b42bacca8e76ddc3920d115f7156f50306d258b9a5930f4d3d94f3ce1945f79eebf7929775718afc72f992162a123db10c362c0ae97c174836d3f4fa15bd2f95045b0ea0672a1463236bc460856eca1544adc41d7f1dbd1eb228a5dde4a0852077f47396cc4f87004da03bbde8dd7bc037e8f9d02d903f50dd30992990acba44cb823894477d39f8c2807a5bc64fbe37aa72072ab798999d74a04a11c43bd6de55ad913e21280f5f71bc82e3c12e9d08035191b5724dcdfdeb1b97c808ed9b8edc7f160c6b215596c8e6a34dcf2d0942a9279d3f3321c0ea18c411a6ab9231f6fa94752e58a2c9831f94325e72a036b878f37cf4175039402310d08601dc912c58ddca737090ba6e92ced3c6398793ae94e75d7f815d4fb63b9975196a48ff7f4593aebba5ceb6c3acc04fad381c036b4c04e07dce25fc4b477dc071b3552e6dca3514d8b1d486660b4d2a1b0ce9a833bb35d8bc763c6ac5515d9d40f7ecb52d802bc46b9e9f320fb1aed2db8d67ff9e94510eebb5f0fa709d8c2b1a2d9cf0c0c258b55719cd482570e1bd2fa0471f0fee369312c243a61b973263f73dd9b002194466ddd2e5224948ad64fefb3100c4ad4ade6f14840d40c9b296f3b77b6f8cf26cd745572dbb09118a0b861f5d274978300b8ed9533e3b6fa9b297b57e4350f6ae47dae7bbba78a38fbe701f419280af1ae8c6dbcdbbd279b443c3de6e48e81bd3621763e0f9869ee7e49273aba58ec4c61a7855596a9514e8270ad472f96a088e406b31fe4b72073c84416ed336877bb5fdb21aeaf0be1b31a294b599b30ed48d68c1f05bedaf09c7c5c051ce188b3c806d8f20673814647b9c0b3f6aba5c6f6800672344000cc272bd0e97fcefbbffd8d57a0e9dec6fa4a57cfc1174f6db8626f8846d40ed7d6a2fa2553c6b5e0cf6ee63aed321158ef975dbd2eccfec135aece70a3ce6b6d9876b92f965f7eef4bfdd51e5fb8ff3e471ee7b59af806188b920e1aaaeab945ae105708fd1334b9765ec4cf4e5967e9849aaa3ac32d9a1f2dbb0c442fc035bf0bbe9f588e763a5edc30dd90f6371593f18fd9172bbe62ff82e405919feeb2d3d8efca804e27b665c49ad98d45521eee4a236affd801f3a81fddad285a9aaf0338bc825f637edb5a29195bd738d02e8643628d33fe3a0ca212bf0d44654e47e10425d902534fc522bf251818022399c10cfda5dc7ace2ea715906f3de2feac5dad33841c582d3094f33ccd781b472fa4b96479c1757876c355fae948b48c551893ff442b50824e042e07694c6aa699c34eb2aa155aa5ac928321bb71573599710dc2380e8bc8503975933a95d3697ac182714ac9ae61b257f108448e0752d9fa59354ca08b19f1ef5e9c81ca79ba91c31e71c2fae1cc1f40df02b4356c22dbbff79f6da53e341d980296ec38696a22ef3332fe12362a775cf3239dbabe495ca91dc8dec9ca3bcbadd330caf6d9dfc2bf6e025e05f8041f858b910f2eff2103af06ebdcccf4aa758a2b1f969abe8d7e66fdd3e6feb747b3eac50d970a52f377b8be3f498f2818621794c14b7b01410b6e7d486116e838dd46e0f6468e5612bc03af8b47cc1734271bf37737f49378a7feab30a4316387c4d01dd743809800fe501782a88faea8e1ee7fb4d50bf6649737ccae288f84ecb23c4c059389512881895fca0eb0313c2e605a8af9ae77cbb7dfb9c682ec04376e172ff59aadc9146947e9ad4234487d5d72557f5fe478e619d345b0040db7db87aa51cd24c79e87916865189615c097adeeaec53ca2687d7bcb56545c9b723cf65347d0068f07d5d7ba65ec629471b419c359c841fd73be88a3c7057d79c1d054573fe14a74e1932571cfc60a5b182cbe96e450615d87670a8749b125a0f98fcaa3453764c55bf34d8a259c2c7474f2a6901ba29e8e42678769479757744e8b17e5fc9a52ea69b414e45d47c8b03d9e9da1e0b9848ce1750106261a8a1fcd0adc46f8a19f928f437be0ba2e9007b03fe1edea79af7c50c68742b2a5b6a6c9bb4bf3ad8cf93b593e459b5da5b07bde4a0e7261641d96acebe98d8704a7897f60e344f0cac8dbac242864133de3da1935cc6254fd6db5f4f9b923ab626fb7acbf40b26c3ec71370cefeadd38adc549006dfb5b1bb198e6d374be01a102df1bb6d29310f6a3794d801ef888d8e63e864c2766be68166daf881965a2cb0b610f6230c0bcb9d5749504db8e2d813a50992b2c0b2f3c0abc42f725643e292c0ec28376d9d9898", 0x1000, 0x4010, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000001840)={0x2020, 0x0, <r2=>0x0}, 0x2020)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
ioctl$NBD_SET_TIMEOUT(r3, 0xab09, 0x1e0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000001180)={0x78, 0xb, r2, {0xa664, 0x6, 0x0, {0x0, 0x3f, 0x46ab, 0x49, 0x7, 0x37, 0xc700, 0x7e, 0x7, 0x1c000, 0x20, 0x0, 0xee00, 0x3, 0x1}}}, 0x78)

15:45:08 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x4020940d, 0x0)

15:45:08 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f00000000c0)={0x0, 0x2710})

15:45:08 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:08 executing program 3:
select(0x40, &(0x7f0000000000), 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:45:08 executing program 3:
select(0x40, &(0x7f0000000000), 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:45:08 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:08 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:08 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080), &(0x7f00000000c0)={0x0, 0x2710})

15:45:08 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:08 executing program 3:
select(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2710})

[  750.259295][ T3205] Bluetooth: hci0: command 0x0401 tx timeout
15:45:09 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x8001, "5bf90b", 0xff})
socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000000), 0x4)

15:45:09 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080), 0x0)

15:45:09 executing program 4:
socketpair(0x6, 0x800, 0x6, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00')
sendto$phonet(r1, &(0x7f0000000300)="696b5d4aa9ef482d67b8f3d8930dae4b8f3f4c7d38775786c830cc05b9df42577f696509085ca02c3a25313491a078c342ba14025c7253dd6726559439bd9eed520102459c5210404fda6ac872067cff665af8b8de9846c6e02eee19587fd74fd4a29683f9a1403c2b170fdf20cd5dbf3acf4fcdb09ffce48b48cc2104f7de822dd0db3aeefd974cf1d84bb8adbd587692248d36d5f4f598069fd4aa4e4b36161e8e9c1a7d601251f5dc06ce62c1b5a8aa5accb0f07ec8681fa606fa15bd213a7307c8c03072098c2eb08e32c2453d031b851bcd1080a949a09734a11cfd41fe49339291e7a6978f5b579bb5d012202bdcbbd537f887add0c9a4c9e79baf0a9cf689a5927d9cde1f92bfaf5a7f379a8d6b2819db07719ebcd732dd13cb779c81e79f4d611438770d5f2ed1a420c089b2839ab182945be0232c5ff018813a951c179f02055e632a7c42d4ce19d47ff2447d4173e3a8bae90397d3dc3aaf19ed6394c7abd3c558006d97eed27869f003bd691687d8ca83c2817db7cac75825815805ea9e1e7b90f01dd0ec47ad85aa3f5e3f51cc6dcfa8a74429030d363b57fc3886a40220935f87dc2c9b0f0847e1515ab94ba11faab7cd393cda2ffa3ac874d71571df1bebd542c5f5b0328a757fa73d5ea9faded1d9dbbe64e06fd2b890260d96c704ebdb84e97ba2290c1278f5912b680a74a602ed025e2dc9d64801ba1daff2c66ea5f5201bee2eb63d7cac5edb8011ec467762911ec3c471aca6c22e2097a495ec05154ceb23babb47732c2e449802653d7a5364d0ca90f58ab2e666d784d4475f5147b80f63017577e95834cddce1a80b688742623f46e3fe6bc523175bb0da8c1dd3f0e750bc8aac70475d647ca3e145e44b1ddec99e64f38c57ac478327ce1f90356ab0fda7afec5b68d1e9c41319ecfb91cf6d58442680806a2497925f419669bfdfe9f71e93cc803db75662927f5ce1b9da25680a1bb568881e3025fc4fce9bc1eaf4f8504cba4fc89787afa6643f8fbbe8bace0ec1d237815401d50e39e3e9db6825cd96af991c8f1007b83124fed9e0d11def1b76d45b5eae0bb0b90425f206143ef73a34983909b763c80abf775e23bd893b9435b15339cd984e87daac76ea6c1e4d7453a46eecff313b1cc063fd85bf958bbbef5c64716e2c8dcc95f62421eaf42c212bab5bc50792b33fa97f57d8f588d808cb5d129963d1c465863b88056662f4fff63d7ea25fb18284cab6948e72acbe82999d77e8e4df4c1cf0435a1cc22a3ef76f08144ce05ecb1dd951b4eb168edc5d97c76d96fded0063151f4a5fbb4cb02c123f54005c6914d4d2243f23a9e280cbfbcd7c992a1beb2a3e522139b947bc56dd931e588cdc9a3b8328991e846c71af1b14127549f08d9a4583ba20ab068aba556e57e1c1b24126daa7b39283ad4fd1a4e6d5748b498d5c3445913868ae4a8b2a7e1c3caf09c5fb5b24cfa9d44e7bd26a2fd2027e8e7839e9db633466837eebc7c027d2e10bf7f882b87e50c52a832ee4255dff120cc80321ab3e826e3b37b5c702d45902999598413bf811244922f5f874ac15e3b6857aae4e7478f4e3b78f4547097174e3e3b0acfd9e1a23292766ab9dffacc3f7551871cfcce079956779ca0dcaa62d7ce1b1596b96beec8cbb348121ef7b246432137d2a996cfa7a8f52d4811fa263dacea86f7ea78dc1fb92932b7e057817b81aef60f0f8300bf99e0b776c15d9fea7bfcd6f229e3e1782e5204a69eacb9f1004685b145d04cf8114209b767ce35e0d03a78641148a8d044ab03bd6d97c78531182bd4467927c7bcce29d24238ccbeedb0cb815fe6b5ed0b9654093073b6dd40514caf6e6ba9ecc9fc78cbaf7698a2e35dd7878964bee34913fbefe417bd4b61931dc6c94e67592c133c800b56e06cb3eec01fb8c0f9f5e56ae8a23608365b2539abe33420d501b84578d327d6479abc144f10d7232022f78ec419981d60ac26bbd5d23e70a38719e7a0b1a89fedeff14157b6e558c76055056d62e7e38d2bb4977a87d8d81b219aee7dfdde6f70dd8a4dc92d4028ef5d3825bafe71a8373274055e4f8830df0b6fa88d0aa2165299a3ce4a6f47f6adcc97c38a8ef55fab84bc3af10c93e6069567a55295eb6cb296b2dddba0fff7392abdeabe8090c79d15e7119c6d1a0d0d63e315df090d635e68d27e4a7fc671075fc46c8b019be4ea8b618195fda4eb8b31a2796f95feb9317070f893c63156a27107cbadc9f2f415917c87b603398425179efe7ae16e0032e15dcf4d88ffe1794c56365199d7541b7942772319333f4beeaea812da65f0f8d2aaeafbf8edd175bcceeee866034fcf3f1e4aa1f5441d8b6801b40ac696b62e201bbee75db73ad34bca0829f68199c0ba60335c1b9f1c4c7aebb1858ab8881d268548ab3a08fb1cad40ea75b8cf3c9ae9252532b074df772ad63c8a3b8598f6656d8ec528212a737171da525cf56e55c7fb2adb472d5f9ff44434645729582769afc1c1aa7882bed248afc7619d9db305c7eab07537cf9ee22feb32c08ab7054a007e0986d5f62cb68d15ddbf608eeee007d87d49f2c720a1407bd34c6f3bdf56784883cfd19653b983b7100e42a8ba41c706a9d9a67e4ec3b31183158838e4f5dbe4ebd74bd26469c2a2abd879258563f9899383f227a9260a8018a3d2a402f92a1e08730fe91c5774f2a1434e1cde4923f78a5a5487be3fb947ba87ec9be2a29ce5d23b5a0300c48c0d93feee54019fb33975a09c2e940f6ef688355d62067499305304ec991231d5c453bb82fee34250212bdf5aedfcd4f2b9cdad9f06c756fd744609d394f26eb99a461248f6352d21336103a8c4b19d69128c0afce34e470952d1c0afe4cff509a1a75c4ab683ec012a599a8293a449c0c69d95d10e6b3d538107f0ae272cc707dad9b478b1f9794f5ebd81c7b4f19c6f1a207fd5b32882be5237c5409093c874cb0ad8ac0ac08b81795527a5e82bcb5ed65cfb7b054f6d1fa2a7a9c0efa90cbe619223dd254edc07785205d45936578f91abb94bd78e67d234096a0509777d928591a488cd2f748ac00bbd5e8b1acec0e498a00c8f9d4f41c7cdcbb0f708b60b5701ad8c023d5f2a42e90bcf7f2a9fc2f6ff01ff11356f5ef0b27592156aea45b0906f8968db58fbbc5986442887b0d9e8aeb9bc8bc19e2d4c1a09a0c0aacbb3db2fc0ed5e45d591af799a275efd0422b460dcd8771650dc0891284e8c107ba583191d94bd9dbe8a657e70ecec6faba68f3c5fe457dd0924ac5452859f30f534367f6cc27be7905286317cd02541f2f382066f4d6f2756f81486eebc4b266366c16715ee2b8b13ad99996514d094e80cd9223420c374705d5323cdaa64ba746b1647ea992e0b0747d027ef796fc1c8e7e1322ceae26f5f4a00ff27fc011fc36d5d511c383ab796304f8dfc3135aab7f965d1f0e06823a7bd0e9fed43b244ae85e0e2db58c6c15455eba1643a0fbabbc79e6c89e670f81944161a34ee33e8ed327edf683774752ee8f284b49d4b4b756a5e6463039c520567042f697f608ffcb38b3becd69ac4f585a7a66e915f0054037e631c6cd000d2cb73dac39d28137911c6a35f30da06d98a41b93d46e28b7f723dc8768fab3236fedd7a5b19ff1e35700a4acf5ec79a3d2a407bbf40827433bef1d40e6389c2d514a8900511c283fb9d49945f65728c589a59183fa37dd88f85f2cc64092c7284668f5a4959d4c59e89a4356ceab4bf759aa6eda6515eae7b3b08bc28f9045b6e885fc0c606a636c9a3c195baded45bbeae0792c6ecfd9d7edd8ddd26cf50bd65e87814de9cd50e1f83044e7e0ba0e3b511023635d57f7da384e2dc6dd09823e1070d956253d30c692d59b249bf254d0f91961bfe8e248b787eee281b3fc5ec5762e26c89be04c8de0afc02fd303300ecd572b18df49a2f40d14c2b387c63ea06bd436367659a151bbb052bff1eaa3f2b15b48faa42b7c7e66000c89270663965ca4cc75b52b1dcd130029d51df6af43de34863be8391bff82e1ec4075b1055c779445a2c8feb4e381eeec2c16cb96f64748e32b7540ec6b6bffe266cd67bd358513b8166cbb3e98e12af106111a6eafcf9e4f04725b9807c2dc60419c4c7cdd411ef0973459253e2b1ba657e94d094bdf4b9dca0eb48992a4bba20d31a063b53c334e64f020361043044a3bb524a746b0f81dd29af31bd0af8a5387f418011410844dfe09a8ff3e8b9dccd758beb9f7bb12eed1ed215abe45a6f769d2c2e84970090ce17ffadf7e8d5cffa6045f75c1ca6f0ee9dcf68ccc243dcfce35553eacdfb655005303948b521c41773ff4dc83ff25eb7ad672055dcaa179f026016b373413ff96dde3b950a554f78f016f59522685ef154969e37472f9465a0ee31705b3212a1d31f039e63735a0b9a921005db6f2fa2fb8b803f51a671fb3f916d8c3ad85f51dfef7787d88d535d5746dd455daa1a78c84957335bbbeb15900c53edd9ca64301a3643fef076788552e16ef4f8149dae4a05b9c612e495b8d90857b5b95684ceee637f443673e0098655a65ed5bceb7499ccda92f6f6fcb8bce7c4deeafa69cb370e74c046bf3e122323f0f5abe7f5eb313f490b2ef175f5c679e74a17db81f4e3b508df4fb5f01a557187dd329ea357ab159d1cd576a2f6c9c1036d4494bbcf8b62cd884fc6825b08843908fbc021ab3584bddcdd980e21f81c232ecf3d97c10b80639973365c614e37ad1655196d2e779259a413f88d5aa8c5f34cf804c4e8bf696f6c32433281a5d3ff1e45cdf390a67d4e446fafae92780e7c26b32ed2971895909bea66c27119d9c09891ef57f99497b75df7e945f5cdbd80431f9a7165cb8a1628635e493cf4faf081c1223e22b3abe63c1d1f3a7fd06337267e3c7eca2e2553e1d4f1a757258277bc2a37994c12ed3a35f4349a5cd002290eb0013e52305da668b596176dda63c2b1c8cffaa0f0e08ee0fe0cb357e6eae1c5179af16920c3932bccd956e48a971ea54ed1a822e03c5e232af9d6d3345bacdba06784f259be76915d2a2a6e4914357e6cc671e57ebd2fc880f4fef1ac88a57a1130a00245b5789696aa6573bdd3abaeefee2ab693113c57e3d2bcf99d6cbc4426e5e7752e258a4279e3f2eda0a0121fe3f8e362a8182621b01f3015e6f9bebd09bb2e08d0dfc5f37633c71291b5c6bc2911e68ffe38eb7d4601f5c4e1209d43d9d1d8c5c7d03cb1a33752460cb342a2ab7e9bc60c59b15d5807c3fa2b266b5bc3e3d41131b73a59bf771ad511f07912959def6a45be64a59856fcd6e8830eb2848989693b8a6512b35781e1a3bd5786b8ca7a069b8781021490bba76a2e41ac8c3d0004d744ef8f676692163955dfd9e9b5393b7eea99a60052923ffce24cc7fbc39086965f7094a71b036d28daba72989bdc2ebf34416d9859d2d7461de32068c691a8e3e38d6687bf1712259d8e4162072bd1419ec0a7880c902bfda52dc38a71d31e7b9bf07c1dd3ed126b1549eed2ca3d828acb326fb92ceabcaeb40d56a4afc87ed575a075e8327a48aa2002ba8d3b66538d8ebc939b8455bf2ec4e495e9c0d2e21061c26ea39263440c9e46e25d37005058218440ba30820b1bfff04aa760574b3f6bc5f3908a9969ce2a34b129b7747a8e800ba9f95e1992d38e273c417834f7ffe64a5f0c5ad806a0b91ba091ec732e00e2d85cfc094d4faf23f077112a204580b1aff4606ddda0a26aa002deca5fb3b0cd70fc9e91e66279708c4e16588f5760c2dc7ea7b7a9b7b2749e770f951", 0x1000, 0x4080, &(0x7f0000001300)={0x23, 0x0, 0x40, 0x20}, 0x10)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)={0x188, r2, 0x400, 0x70bd26, 0x25dfdbfb, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x7fff}, {0x8, 0x13, 0x41c1}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x400}, {0x6, 0x11, 0x1}, {0x8, 0x13, 0x3ff}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0xffffff80}, {0x6, 0x11, 0xffff}, {0x8, 0x13, 0x401}, {0x5}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3ff}, {0x6, 0x11, 0x800}, {0x8, 0x13, 0x7f}, {0x5, 0x14, 0x1}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0x6, 0x11, 0x28}, {0x8, 0x13, 0x6}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x100}, {0x6, 0x11, 0xd785}, {0x8, 0x13, 0xaa3}, {0x5}}]}, 0x188}, 0x1, 0x0, 0x0, 0x8886}, 0x15)
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:45:09 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:09 executing program 3:
select(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:45:09 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7ff, '\x00', 0xff, 0x4})
write$bt_hci(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="010104d06aab90e203f3008a630b0f744949c0581dd66a29e1127c232f52aafafa171d429cf7ffa94b46af0891131f0e280d8460e334a194449e166b206ec021b2644068fbb1b347bfbff9d8ebcd7078f6eb1b0e5068fa61158a7c2fd6c13015c2580fd6266b40772beae91002950ff6d4d6841e71096b01a39fd2733d8b4699312b79502791a44c47eafe4058ebf1c1ead40f53adb513180a8e2d603039809fb4d41cd2b8e6510fdf664096de0849a0f1b965010b59ac366a4fc10d49569c0705ca5bfb19604142422bbb45446bb7eec1abaa29c05e2de9cd83bb0918af5f8fe1a84f0f7a6720d2daa661802e30ef62c97f086ee4fe8d5495618b2a82d02f6a20fe93dc215de41a5d127f1c884a4cc0dbbc5b7952c9a1cb696e9e41c177a20738486d1eb82017b8afa762f5b6d01a6042d9a9af9f22f3047078cc613b72bff09d434948a65445128d60ef270c1b8d88d27ff39e3b665f21dcbb5c964962f524af005c9b267e6c7abb"], 0x9)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
socket(0xf, 0x1, 0x2)
sendto$phonet(r1, &(0x7f0000000180)="cd80ef4e60c56b48a4899afb9248794007596c1c02f7d8e1b07d182a2dd4ce4ab89cb6f797866e96e0d1fd06f276518961400ffbd6fc7d5ed913e88b19a28d0dc6894226e24babd8d75c62daabd1db588ce165151be26c91f5d2e1035fea289ccec80687c3e36a0e5f3539d4f09ef9b24dbd0bc27e3e8896d4adf6ef4f27cd1d5c73109b0ef333370277db4d42b8e7de5f849593b1f51e974b2f31c55f1585f46ca1de563c2aa88a579ef20a7f81078355fef9fb33e654ad476888f835483fb646f820f4ede2dddc4ef70f8ad10df75727fe4536c35201305ad4a947578864f24bc7392fce11aaac8fd5a2b9a710979f2b4e7225ed79a9d702fcc25ed5762201e3540b7d88db2d447d5b656b254df20125901e461ba8a8232247a5e24413897eaf72e09a4c133403fbfefef04130a525fec5d42d098a2cd14475d6f246710fbcf5b589cf1ba53b7480bd4b5a6ee6d03b88d75dc1f8f9c5bb22aa5d0607a3ee378451f86b2c12bdda56714aa1b99f1496f294250b56a5ef1f39ac415e159b99f92b6b8bbf9feb5e367d546ceb46f29e955238ffbfdb5c71d63d7254d1e815c98439c674655693b53b311c3899fbd01cf1854b3b0b729baaefb454712650af631e86792bb10e307a4cbb07eca85c1b5671179ce95b3adf484d6c62c3639cadbbad094eba11a196364ba1ea4036a97d0a2c0fdff18026bb18ff7170a0d5b4d8196e41606f6210f0f2c3a392960b379bc756fa25b7d7a0c80198f5b98583378a9da63445742b5e0aa2f11b65f66a711a558a7cf6c93538f41a5c49239ee7c4b94901f9e2a9cdd4323f2a44c92f4728fe1a93106e0c679f32484fefc0118d3853589dbc7825bd8664416a44bca6ef4e81e3f690f16dfb6204f46d586f9b777587eacc32a88bbc92c53bd0f036b233d56724fb3a3a6662bc1d4a374a65e0858ed3ff641e945ee20a86354833a04d00a2c46d56659fdc8f47c325aa0e131f9884246ceaba8bd3feefddaa0924ed2962c44a61b1dc913baaf096c64ff9b1f73ccf2a39b2e42838f74f6d174bc448af051b838c1a329fe16c07c02e827ad3b09f4c2f7277ceed362eaace466f9d637b2056bc5b6f6c3a5ca349659d3a2c2b8acc5377510d4e1b1aa5b97ea45090054457912fe2c4a47a7b377e5f3afdc5c4ad4df2d60da052b6269847e2a0aa32ecdd45f85b5974506b0796467e094227062805be4bfffde81ceb9442cc77c6aa542c37da2a557d2ddabf41652f8763b1e99fea03d7ff9369718cba0e9708ef6c5660dca81bade99106d59547be978045c729f9a4e42319b0c30a8207f791cbf496c04f6c5e0f883c7b5557dbcf4157f390a654a391fbf2a75d0a08a2059e7c1b58b4d93898ba5f7fe0972aa3defde3b6654c3ffd5e438c1c6850db964ecd44a3659d3e2e6ec08bebe4e71354c04454bd191a971be507c5e1a70438ffbcfb609eb36cac6f6820f7c209f8a9c955befac40f89cccfb9dbe1e898ec6bd3c3b1594119d3e7e7a9e968aa3777558402cb11b25368e0044cddec135e8c1dceb4abdce805fb56cbfd021c8043364c535fe2111bd2c1911d12c99ad5bfce18873942acd5bd1160a085a2fa239ff48c5d44656d7f30d864c278d08ac2a2061d4c0820a3c8a853110558627c8a32a6c4ae29f351130a3e2496f11da6cb3ad4aac786e9db4a750f52f7bf783488bc2aa9b54f46808b0623f8a3c4fbcb006139dcbc1d3986149a7ff4d687888be415586c0d9673f6ebb7d02a602264ed070b9d29efdfafed1a699921a6215a7ec783ca0cf8e08517a983eb2b122dd3de204ac6f19a890977f40a19bd5b893b6d64bd364cfb25670973be4bf1d0dc53da829607e886745fe2e7ed714e16306ab7732442dc029a13aa0a3855a312205cce90e32fc6c39b4e905a6159846491670f8bf4ca94ddfc3626af98a447853e75d10ab672e11b99ce807596f3174e798136d53262177e24736ed7608965d7f193f0163d44ad0a0194f572c3886993a53d75053ed9847d8605e56876f546e712f9b532b0caeda74fd3263df04f3780ef666d11d3d11b28d0c910e2727acd9ef7bc605174516d762c16f1d5b83efe23f84229a6bfa39f0b4480eb70b48483ccd61af1fc70cf67041586df4d4c9379460d0bf6f4dca1e4e88760f4b543623e06ca3b0a41d205d10389ac7aad6ad3588a21b50f5a76a1a2c1dce0fd079b5fbd4e577be2ca6ec6d85199a18262289784898b3bd3ba19c0abc683581548342c6ead5abd871fc3ffd92bcfdeb610a8768311d2ac47b277f6838707f00ba975f9746a6c5648b6902cca51d85dd5da1c4414b0a63537da03603c37d993938ffe62c2d1295b69cfc29e36db2f7db588ab47710ec05a3e288d92c8b0d5134649daa48db6709150d4925ba7392863edea63ccc144ea2f79f869fd1e4c8961eff9ff826d494a8a3c2de0ec58556b7d9fcef4d21a5340f2e0ff4500aeb2db999622ad1c0077f38305cbacdcefa72be74993c3c58adc2e52a523a3357d90f7679ae98c712a6b64b4d731c987696bd162aa6ac4965afd7effc3c76c7cbb214a0a3880d063761c86edb67194525dbffb62f597878f3644d6e25ff723dbd36fc4908d3a3353f8a6ee7843df5743b08a7671727fe255d38f07d8850aead0f8bab0e6883afcd388b1e5b0cc917969900c917fe516c23255fea5d9ba06eddd28f0b8e2d193260d15f00480b8cee2ebe6b096bc7b80004c79f33be1ce8e129fa0d1eeda88eedd4e5a926a8eea2157545564fe656ea8a25f091e1d801d459f2638a4704f12868faa52ffb9bb3a306b4a19b71b09d685ec16d1e6ca805f6f90f76a7dc9da55ff5859aa0be630081d44f30bb047d10b59aa17afa5b4698843a5315976ad104fbf890aac9dd5e38555ee90dccd641ea58b39c3f119d1d1c5ab02e4af3a34e2451ce4913452bade503818daf2e7383bdff0becf866e5faf937514335da140e7d2a91b0b5b0c5fc7dfd0c78adfe9f6a4ded9ceac9a06b2e56d20803c2b37ea6b26b6e1205b9dcb111a570fbbd482662b93f30d545eaa67f40b43321c2b6ced8e8780767f80ac7988a429cdc62fc2913b45f92baa97a02cd73bd28e8db26a08ac05afad6ef9d3b0c201928eebca6fb0a5eb306561602c3eb1416217dadc5d540a0fe3a217c976756637ae726977110245292ecba35bf835f1963e90a782f24bae99d4e8aee7fa42344f210dc6d39afb7e620047c9676b66245996b00da3e0c38e1ae6fe37ce2036053d1a9e4d6b82d99bfbb28c4a4e97cd4fdcee530cdd662e5417a40da70d3ba30effa6975b3a1bb7d4b139effee474449ade9539c68cce80ce5d8d0cbf467af1647b405203db88888a7b966fa6e78a5f04eb8205451bd751908e6a4af817feba8a1636a7e9a7fd9995d5eb4c3c1eda9c8ed986d4cadd1e8d9eab64568371e4971d659f9590dc27cfe2250f0facc4578fd980c705a036f4521f75794d245186196fb693163e1828dc7b2be70480fe01ab35cdeb6387a57b5538dfe704ed1245dd0b42bacca8e76ddc3920d115f7156f50306d258b9a5930f4d3d94f3ce1945f79eebf7929775718afc72f992162a123db10c362c0ae97c174836d3f4fa15bd2f95045b0ea0672a1463236bc460856eca1544adc41d7f1dbd1eb228a5dde4a0852077f47396cc4f87004da03bbde8dd7bc037e8f9d02d903f50dd30992990acba44cb823894477d39f8c2807a5bc64fbe37aa72072ab798999d74a04a11c43bd6de55ad913e21280f5f71bc82e3c12e9d08035191b5724dcdfdeb1b97c808ed9b8edc7f160c6b215596c8e6a34dcf2d0942a9279d3f3321c0ea18c411a6ab9231f6fa94752e58a2c9831f94325e72a036b878f37cf4175039402310d08601dc912c58ddca737090ba6e92ced3c6398793ae94e75d7f815d4fb63b9975196a48ff7f4593aebba5ceb6c3acc04fad381c036b4c04e07dce25fc4b477dc071b3552e6dca3514d8b1d486660b4d2a1b0ce9a833bb35d8bc763c6ac5515d9d40f7ecb52d802bc46b9e9f320fb1aed2db8d67ff9e94510eebb5f0fa709d8c2b1a2d9cf0c0c258b55719cd482570e1bd2fa0471f0fee369312c243a61b973263f73dd9b002194466ddd2e5224948ad64fefb3100c4ad4ade6f14840d40c9b296f3b77b6f8cf26cd745572dbb09118a0b861f5d274978300b8ed9533e3b6fa9b297b57e4350f6ae47dae7bbba78a38fbe701f419280af1ae8c6dbcdbbd279b443c3de6e48e81bd3621763e0f9869ee7e49273aba58ec4c61a7855596a9514e8270ad472f96a088e406b31fe4b72073c84416ed336877bb5fdb21aeaf0be1b31a294b599b30ed48d68c1f05bedaf09c7c5c051ce188b3c806d8f20673814647b9c0b3f6aba5c6f6800672344000cc272bd0e97fcefbbffd8d57a0e9dec6fa4a57cfc1174f6db8626f8846d40ed7d6a2fa2553c6b5e0cf6ee63aed321158ef975dbd2eccfec135aece70a3ce6b6d9876b92f965f7eef4bfdd51e5fb8ff3e471ee7b59af806188b920e1aaaeab945ae105708fd1334b9765ec4cf4e5967e9849aaa3ac32d9a1f2dbb0c442fc035bf0bbe9f588e763a5edc30dd90f6371593f18fd9172bbe62ff82e405919feeb2d3d8efca804e27b665c49ad98d45521eee4a236affd801f3a81fddad285a9aaf0338bc825f637edb5a29195bd738d02e8643628d33fe3a0ca212bf0d44654e47e10425d902534fc522bf251818022399c10cfda5dc7ace2ea715906f3de2feac5dad33841c582d3094f33ccd781b472fa4b96479c1757876c355fae948b48c551893ff442b50824e042e07694c6aa699c34eb2aa155aa5ac928321bb71573599710dc2380e8bc8503975933a95d3697ac182714ac9ae61b257f108448e0752d9fa59354ca08b19f1ef5e9c81ca79ba91c31e71c2fae1cc1f40df02b4356c22dbbff79f6da53e341d980296ec38696a22ef3332fe12362a775cf3239dbabe495ca91dc8dec9ca3bcbadd330caf6d9dfc2bf6e025e05f8041f858b910f2eff2103af06ebdcccf4aa758a2b1f969abe8d7e66fdd3e6feb747b3eac50d970a52f377b8be3f498f2818621794c14b7b01410b6e7d486116e838dd46e0f6468e5612bc03af8b47cc1734271bf37737f49378a7feab30a4316387c4d01dd743809800fe501782a88faea8e1ee7fb4d50bf6649737ccae288f84ecb23c4c059389512881895fca0eb0313c2e605a8af9ae77cbb7dfb9c682ec04376e172ff59aadc9146947e9ad4234487d5d72557f5fe478e619d345b0040db7db87aa51cd24c79e87916865189615c097adeeaec53ca2687d7bcb56545c9b723cf65347d0068f07d5d7ba65ec629471b419c359c841fd73be88a3c7057d79c1d054573fe14a74e1932571cfc60a5b182cbe96e450615d87670a8749b125a0f98fcaa3453764c55bf34d8a259c2c7474f2a6901ba29e8e42678769479757744e8b17e5fc9a52ea69b414e45d47c8b03d9e9da1e0b9848ce1750106261a8a1fcd0adc46f8a19f928f437be0ba2e9007b03fe1edea79af7c50c68742b2a5b6a6c9bb4bf3ad8cf93b593e459b5da5b07bde4a0e7261641d96acebe98d8704a7897f60e344f0cac8dbac242864133de3da1935cc6254fd6db5f4f9b923ab626fb7acbf40b26c3ec71370cefeadd38adc549006dfb5b1bb198e6d374be01a102df1bb6d29310f6a3794d801ef888d8e63e864c2766be68166daf881965a2cb0b610f6230c0bcb9d5749504db8e2d813a50992b2c0b2f3c0abc42f725643e292c0ec28376d9d9898", 0x1000, 0x4010, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000001840)={0x2020}, 0x2020)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
ioctl$NBD_SET_TIMEOUT(r2, 0xab09, 0x1e0)

15:45:09 executing program 4:
geteuid()
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:09 executing program 3:
select(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:45:09 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:09 executing program 3:
select(0x40, &(0x7f0000000000), 0x0, 0x0, 0x0)

15:45:09 executing program 1:
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:09 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:10 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000002, 0x10, r1, 0x0)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/renderD128\x00', 0x10000, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, 0x0)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
read$hidraw(r3, &(0x7f0000002280)=""/102400, 0x19000)
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r4, &(0x7f00000000c0)={0x8})
ioctl$sock_rose_SIOCRSCLRRT(0xffffffffffffffff, 0x89e4)
read$FUSE(r3, &(0x7f0000000240)={0x2020, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
rt_tgsigqueueinfo(0x0, r5, 0x3d, &(0x7f000001d300)={0x26, 0x1, 0x8})
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r6, 0xc028aa03, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r6, 0x28, 0x6, &(0x7f000001b280)={0x0, 0x2710}, 0x10)
ptrace$getregs(0x9bc548cd961b170e, r5, 0x9, &(0x7f0000000100)=""/145)
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r2, 0xc00464be, &(0x7f0000000080)={0x1})
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f00000001c0)={0xa3, [0xbd3, 0x40], 0xf93c}, 0x10)

15:45:10 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:10 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080), 0x0)

15:45:10 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7ff, '\x00', 0xff, 0x4})
write$bt_hci(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="010104d06aab90e203f3008a630b0f744949c0581dd66a29e1127c232f52aafafa171d429cf7ffa94b46af0891131f0e280d8460e334a194449e166b206ec021b2644068fbb1b347bfbff9d8ebcd7078f6eb1b0e5068fa61158a7c2fd6c13015c2580fd6266b40772beae91002950ff6d4d6841e71096b01a39fd2733d8b4699312b79502791a44c47eafe4058ebf1c1ead40f53adb513180a8e2d603039809fb4d41cd2b8e6510fdf664096de0849a0f1b965010b59ac366a4fc10d49569c0705ca5bfb19604142422bbb45446bb7eec1abaa29c05e2de9cd83bb0918af5f8fe1a84f0f7a6720d2daa661802e30ef62c97f086ee4fe8d5495618b2a82d02f6a20fe93dc215de41a5d127f1c884a4cc0dbbc5b7952c9a1cb696e9e41c177a20738486d1eb82017b8afa762f5b6d01a6042d9a9af9f22f3047078cc613b72bff09d434948a65445128d60ef270c1b8d88d27ff39e3b665f21dcbb5c964962f524af005c9b267e6c7abb"], 0x9)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
socket(0xf, 0x1, 0x2)
sendto$phonet(r1, &(0x7f0000000180)="cd80ef4e60c56b48a4899afb9248794007596c1c02f7d8e1b07d182a2dd4ce4ab89cb6f797866e96e0d1fd06f276518961400ffbd6fc7d5ed913e88b19a28d0dc6894226e24babd8d75c62daabd1db588ce165151be26c91f5d2e1035fea289ccec80687c3e36a0e5f3539d4f09ef9b24dbd0bc27e3e8896d4adf6ef4f27cd1d5c73109b0ef333370277db4d42b8e7de5f849593b1f51e974b2f31c55f1585f46ca1de563c2aa88a579ef20a7f81078355fef9fb33e654ad476888f835483fb646f820f4ede2dddc4ef70f8ad10df75727fe4536c35201305ad4a947578864f24bc7392fce11aaac8fd5a2b9a710979f2b4e7225ed79a9d702fcc25ed5762201e3540b7d88db2d447d5b656b254df20125901e461ba8a8232247a5e24413897eaf72e09a4c133403fbfefef04130a525fec5d42d098a2cd14475d6f246710fbcf5b589cf1ba53b7480bd4b5a6ee6d03b88d75dc1f8f9c5bb22aa5d0607a3ee378451f86b2c12bdda56714aa1b99f1496f294250b56a5ef1f39ac415e159b99f92b6b8bbf9feb5e367d546ceb46f29e955238ffbfdb5c71d63d7254d1e815c98439c674655693b53b311c3899fbd01cf1854b3b0b729baaefb454712650af631e86792bb10e307a4cbb07eca85c1b5671179ce95b3adf484d6c62c3639cadbbad094eba11a196364ba1ea4036a97d0a2c0fdff18026bb18ff7170a0d5b4d8196e41606f6210f0f2c3a392960b379bc756fa25b7d7a0c80198f5b98583378a9da63445742b5e0aa2f11b65f66a711a558a7cf6c93538f41a5c49239ee7c4b94901f9e2a9cdd4323f2a44c92f4728fe1a93106e0c679f32484fefc0118d3853589dbc7825bd8664416a44bca6ef4e81e3f690f16dfb6204f46d586f9b777587eacc32a88bbc92c53bd0f036b233d56724fb3a3a6662bc1d4a374a65e0858ed3ff641e945ee20a86354833a04d00a2c46d56659fdc8f47c325aa0e131f9884246ceaba8bd3feefddaa0924ed2962c44a61b1dc913baaf096c64ff9b1f73ccf2a39b2e42838f74f6d174bc448af051b838c1a329fe16c07c02e827ad3b09f4c2f7277ceed362eaace466f9d637b2056bc5b6f6c3a5ca349659d3a2c2b8acc5377510d4e1b1aa5b97ea45090054457912fe2c4a47a7b377e5f3afdc5c4ad4df2d60da052b6269847e2a0aa32ecdd45f85b5974506b0796467e094227062805be4bfffde81ceb9442cc77c6aa542c37da2a557d2ddabf41652f8763b1e99fea03d7ff9369718cba0e9708ef6c5660dca81bade99106d59547be978045c729f9a4e42319b0c30a8207f791cbf496c04f6c5e0f883c7b5557dbcf4157f390a654a391fbf2a75d0a08a2059e7c1b58b4d93898ba5f7fe0972aa3defde3b6654c3ffd5e438c1c6850db964ecd44a3659d3e2e6ec08bebe4e71354c04454bd191a971be507c5e1a70438ffbcfb609eb36cac6f6820f7c209f8a9c955befac40f89cccfb9dbe1e898ec6bd3c3b1594119d3e7e7a9e968aa3777558402cb11b25368e0044cddec135e8c1dceb4abdce805fb56cbfd021c8043364c535fe2111bd2c1911d12c99ad5bfce18873942acd5bd1160a085a2fa239ff48c5d44656d7f30d864c278d08ac2a2061d4c0820a3c8a853110558627c8a32a6c4ae29f351130a3e2496f11da6cb3ad4aac786e9db4a750f52f7bf783488bc2aa9b54f46808b0623f8a3c4fbcb006139dcbc1d3986149a7ff4d687888be415586c0d9673f6ebb7d02a602264ed070b9d29efdfafed1a699921a6215a7ec783ca0cf8e08517a983eb2b122dd3de204ac6f19a890977f40a19bd5b893b6d64bd364cfb25670973be4bf1d0dc53da829607e886745fe2e7ed714e16306ab7732442dc029a13aa0a3855a312205cce90e32fc6c39b4e905a6159846491670f8bf4ca94ddfc3626af98a447853e75d10ab672e11b99ce807596f3174e798136d53262177e24736ed7608965d7f193f0163d44ad0a0194f572c3886993a53d75053ed9847d8605e56876f546e712f9b532b0caeda74fd3263df04f3780ef666d11d3d11b28d0c910e2727acd9ef7bc605174516d762c16f1d5b83efe23f84229a6bfa39f0b4480eb70b48483ccd61af1fc70cf67041586df4d4c9379460d0bf6f4dca1e4e88760f4b543623e06ca3b0a41d205d10389ac7aad6ad3588a21b50f5a76a1a2c1dce0fd079b5fbd4e577be2ca6ec6d85199a18262289784898b3bd3ba19c0abc683581548342c6ead5abd871fc3ffd92bcfdeb610a8768311d2ac47b277f6838707f00ba975f9746a6c5648b6902cca51d85dd5da1c4414b0a63537da03603c37d993938ffe62c2d1295b69cfc29e36db2f7db588ab47710ec05a3e288d92c8b0d5134649daa48db6709150d4925ba7392863edea63ccc144ea2f79f869fd1e4c8961eff9ff826d494a8a3c2de0ec58556b7d9fcef4d21a5340f2e0ff4500aeb2db999622ad1c0077f38305cbacdcefa72be74993c3c58adc2e52a523a3357d90f7679ae98c712a6b64b4d731c987696bd162aa6ac4965afd7effc3c76c7cbb214a0a3880d063761c86edb67194525dbffb62f597878f3644d6e25ff723dbd36fc4908d3a3353f8a6ee7843df5743b08a7671727fe255d38f07d8850aead0f8bab0e6883afcd388b1e5b0cc917969900c917fe516c23255fea5d9ba06eddd28f0b8e2d193260d15f00480b8cee2ebe6b096bc7b80004c79f33be1ce8e129fa0d1eeda88eedd4e5a926a8eea2157545564fe656ea8a25f091e1d801d459f2638a4704f12868faa52ffb9bb3a306b4a19b71b09d685ec16d1e6ca805f6f90f76a7dc9da55ff5859aa0be630081d44f30bb047d10b59aa17afa5b4698843a5315976ad104fbf890aac9dd5e38555ee90dccd641ea58b39c3f119d1d1c5ab02e4af3a34e2451ce4913452bade503818daf2e7383bdff0becf866e5faf937514335da140e7d2a91b0b5b0c5fc7dfd0c78adfe9f6a4ded9ceac9a06b2e56d20803c2b37ea6b26b6e1205b9dcb111a570fbbd482662b93f30d545eaa67f40b43321c2b6ced8e8780767f80ac7988a429cdc62fc2913b45f92baa97a02cd73bd28e8db26a08ac05afad6ef9d3b0c201928eebca6fb0a5eb306561602c3eb1416217dadc5d540a0fe3a217c976756637ae726977110245292ecba35bf835f1963e90a782f24bae99d4e8aee7fa42344f210dc6d39afb7e620047c9676b66245996b00da3e0c38e1ae6fe37ce2036053d1a9e4d6b82d99bfbb28c4a4e97cd4fdcee530cdd662e5417a40da70d3ba30effa6975b3a1bb7d4b139effee474449ade9539c68cce80ce5d8d0cbf467af1647b405203db88888a7b966fa6e78a5f04eb8205451bd751908e6a4af817feba8a1636a7e9a7fd9995d5eb4c3c1eda9c8ed986d4cadd1e8d9eab64568371e4971d659f9590dc27cfe2250f0facc4578fd980c705a036f4521f75794d245186196fb693163e1828dc7b2be70480fe01ab35cdeb6387a57b5538dfe704ed1245dd0b42bacca8e76ddc3920d115f7156f50306d258b9a5930f4d3d94f3ce1945f79eebf7929775718afc72f992162a123db10c362c0ae97c174836d3f4fa15bd2f95045b0ea0672a1463236bc460856eca1544adc41d7f1dbd1eb228a5dde4a0852077f47396cc4f87004da03bbde8dd7bc037e8f9d02d903f50dd30992990acba44cb823894477d39f8c2807a5bc64fbe37aa72072ab798999d74a04a11c43bd6de55ad913e21280f5f71bc82e3c12e9d08035191b5724dcdfdeb1b97c808ed9b8edc7f160c6b215596c8e6a34dcf2d0942a9279d3f3321c0ea18c411a6ab9231f6fa94752e58a2c9831f94325e72a036b878f37cf4175039402310d08601dc912c58ddca737090ba6e92ced3c6398793ae94e75d7f815d4fb63b9975196a48ff7f4593aebba5ceb6c3acc04fad381c036b4c04e07dce25fc4b477dc071b3552e6dca3514d8b1d486660b4d2a1b0ce9a833bb35d8bc763c6ac5515d9d40f7ecb52d802bc46b9e9f320fb1aed2db8d67ff9e94510eebb5f0fa709d8c2b1a2d9cf0c0c258b55719cd482570e1bd2fa0471f0fee369312c243a61b973263f73dd9b002194466ddd2e5224948ad64fefb3100c4ad4ade6f14840d40c9b296f3b77b6f8cf26cd745572dbb09118a0b861f5d274978300b8ed9533e3b6fa9b297b57e4350f6ae47dae7bbba78a38fbe701f419280af1ae8c6dbcdbbd279b443c3de6e48e81bd3621763e0f9869ee7e49273aba58ec4c61a7855596a9514e8270ad472f96a088e406b31fe4b72073c84416ed336877bb5fdb21aeaf0be1b31a294b599b30ed48d68c1f05bedaf09c7c5c051ce188b3c806d8f20673814647b9c0b3f6aba5c6f6800672344000cc272bd0e97fcefbbffd8d57a0e9dec6fa4a57cfc1174f6db8626f8846d40ed7d6a2fa2553c6b5e0cf6ee63aed321158ef975dbd2eccfec135aece70a3ce6b6d9876b92f965f7eef4bfdd51e5fb8ff3e471ee7b59af806188b920e1aaaeab945ae105708fd1334b9765ec4cf4e5967e9849aaa3ac32d9a1f2dbb0c442fc035bf0bbe9f588e763a5edc30dd90f6371593f18fd9172bbe62ff82e405919feeb2d3d8efca804e27b665c49ad98d45521eee4a236affd801f3a81fddad285a9aaf0338bc825f637edb5a29195bd738d02e8643628d33fe3a0ca212bf0d44654e47e10425d902534fc522bf251818022399c10cfda5dc7ace2ea715906f3de2feac5dad33841c582d3094f33ccd781b472fa4b96479c1757876c355fae948b48c551893ff442b50824e042e07694c6aa699c34eb2aa155aa5ac928321bb71573599710dc2380e8bc8503975933a95d3697ac182714ac9ae61b257f108448e0752d9fa59354ca08b19f1ef5e9c81ca79ba91c31e71c2fae1cc1f40df02b4356c22dbbff79f6da53e341d980296ec38696a22ef3332fe12362a775cf3239dbabe495ca91dc8dec9ca3bcbadd330caf6d9dfc2bf6e025e05f8041f858b910f2eff2103af06ebdcccf4aa758a2b1f969abe8d7e66fdd3e6feb747b3eac50d970a52f377b8be3f498f2818621794c14b7b01410b6e7d486116e838dd46e0f6468e5612bc03af8b47cc1734271bf37737f49378a7feab30a4316387c4d01dd743809800fe501782a88faea8e1ee7fb4d50bf6649737ccae288f84ecb23c4c059389512881895fca0eb0313c2e605a8af9ae77cbb7dfb9c682ec04376e172ff59aadc9146947e9ad4234487d5d72557f5fe478e619d345b0040db7db87aa51cd24c79e87916865189615c097adeeaec53ca2687d7bcb56545c9b723cf65347d0068f07d5d7ba65ec629471b419c359c841fd73be88a3c7057d79c1d054573fe14a74e1932571cfc60a5b182cbe96e450615d87670a8749b125a0f98fcaa3453764c55bf34d8a259c2c7474f2a6901ba29e8e42678769479757744e8b17e5fc9a52ea69b414e45d47c8b03d9e9da1e0b9848ce1750106261a8a1fcd0adc46f8a19f928f437be0ba2e9007b03fe1edea79af7c50c68742b2a5b6a6c9bb4bf3ad8cf93b593e459b5da5b07bde4a0e7261641d96acebe98d8704a7897f60e344f0cac8dbac242864133de3da1935cc6254fd6db5f4f9b923ab626fb7acbf40b26c3ec71370cefeadd38adc549006dfb5b1bb198e6d374be01a102df1bb6d29310f6a3794d801ef888d8e63e864c2766be68166daf881965a2cb0b610f6230c0bcb9d5749504db8e2d813a50992b2c0b2f3c0abc42f725643e292c0ec28376d9d9898", 0x1000, 0x4010, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000001840)={0x2020}, 0x2020)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)

15:45:10 executing program 4:
select(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:45:10 executing program 4:
select(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2710})

15:45:10 executing program 1:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:10 executing program 3:
select(0x40, &(0x7f0000000000), 0x0, 0x0, 0x0)

15:45:10 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448e4, 0x0)

15:45:10 executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:10 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448e4, 0x0)

15:45:10 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448e4, 0x0)

[  752.339254][    T5] Bluetooth: hci0: command 0x0401 tx timeout
15:45:11 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x9}}, 0x18)
write$bt_hci(r0, &(0x7f0000000080)={0x1, @accept_sync_conn_req={{0x429, 0x15}, {@any, 0x9, 0x7, 0xffff, 0x5, 0x6, 0x8}}}, 0x19)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x2, '\x00\x00\v', 0xff, 0xfd})

15:45:11 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448e4, 0x0)

15:45:11 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x8001, "5bf90b", 0xff})
socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000000), 0x4)

15:45:11 executing program 2:
select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080), 0x0)

15:45:11 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7ff, '\x00', 0xff, 0x4})
write$bt_hci(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="010104d06aab90e203f3008a630b0f744949c0581dd66a29e1127c232f52aafafa171d429cf7ffa94b46af0891131f0e280d8460e334a194449e166b206ec021b2644068fbb1b347bfbff9d8ebcd7078f6eb1b0e5068fa61158a7c2fd6c13015c2580fd6266b40772beae91002950ff6d4d6841e71096b01a39fd2733d8b4699312b79502791a44c47eafe4058ebf1c1ead40f53adb513180a8e2d603039809fb4d41cd2b8e6510fdf664096de0849a0f1b965010b59ac366a4fc10d49569c0705ca5bfb19604142422bbb45446bb7eec1abaa29c05e2de9cd83bb0918af5f8fe1a84f0f7a6720d2daa661802e30ef62c97f086ee4fe8d5495618b2a82d02f6a20fe93dc215de41a5d127f1c884a4cc0dbbc5b7952c9a1cb696e9e41c177a20738486d1eb82017b8afa762f5b6d01a6042d9a9af9f22f3047078cc613b72bff09d434948a65445128d60ef270c1b8d88d27ff39e3b665f21dcbb5c964962f524af005c9b267e6c7abb"], 0x9)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
socket(0xf, 0x1, 0x2)
sendto$phonet(r1, &(0x7f0000000180)="cd80ef4e60c56b48a4899afb9248794007596c1c02f7d8e1b07d182a2dd4ce4ab89cb6f797866e96e0d1fd06f276518961400ffbd6fc7d5ed913e88b19a28d0dc6894226e24babd8d75c62daabd1db588ce165151be26c91f5d2e1035fea289ccec80687c3e36a0e5f3539d4f09ef9b24dbd0bc27e3e8896d4adf6ef4f27cd1d5c73109b0ef333370277db4d42b8e7de5f849593b1f51e974b2f31c55f1585f46ca1de563c2aa88a579ef20a7f81078355fef9fb33e654ad476888f835483fb646f820f4ede2dddc4ef70f8ad10df75727fe4536c35201305ad4a947578864f24bc7392fce11aaac8fd5a2b9a710979f2b4e7225ed79a9d702fcc25ed5762201e3540b7d88db2d447d5b656b254df20125901e461ba8a8232247a5e24413897eaf72e09a4c133403fbfefef04130a525fec5d42d098a2cd14475d6f246710fbcf5b589cf1ba53b7480bd4b5a6ee6d03b88d75dc1f8f9c5bb22aa5d0607a3ee378451f86b2c12bdda56714aa1b99f1496f294250b56a5ef1f39ac415e159b99f92b6b8bbf9feb5e367d546ceb46f29e955238ffbfdb5c71d63d7254d1e815c98439c674655693b53b311c3899fbd01cf1854b3b0b729baaefb454712650af631e86792bb10e307a4cbb07eca85c1b5671179ce95b3adf484d6c62c3639cadbbad094eba11a196364ba1ea4036a97d0a2c0fdff18026bb18ff7170a0d5b4d8196e41606f6210f0f2c3a392960b379bc756fa25b7d7a0c80198f5b98583378a9da63445742b5e0aa2f11b65f66a711a558a7cf6c93538f41a5c49239ee7c4b94901f9e2a9cdd4323f2a44c92f4728fe1a93106e0c679f32484fefc0118d3853589dbc7825bd8664416a44bca6ef4e81e3f690f16dfb6204f46d586f9b777587eacc32a88bbc92c53bd0f036b233d56724fb3a3a6662bc1d4a374a65e0858ed3ff641e945ee20a86354833a04d00a2c46d56659fdc8f47c325aa0e131f9884246ceaba8bd3feefddaa0924ed2962c44a61b1dc913baaf096c64ff9b1f73ccf2a39b2e42838f74f6d174bc448af051b838c1a329fe16c07c02e827ad3b09f4c2f7277ceed362eaace466f9d637b2056bc5b6f6c3a5ca349659d3a2c2b8acc5377510d4e1b1aa5b97ea45090054457912fe2c4a47a7b377e5f3afdc5c4ad4df2d60da052b6269847e2a0aa32ecdd45f85b5974506b0796467e094227062805be4bfffde81ceb9442cc77c6aa542c37da2a557d2ddabf41652f8763b1e99fea03d7ff9369718cba0e9708ef6c5660dca81bade99106d59547be978045c729f9a4e42319b0c30a8207f791cbf496c04f6c5e0f883c7b5557dbcf4157f390a654a391fbf2a75d0a08a2059e7c1b58b4d93898ba5f7fe0972aa3defde3b6654c3ffd5e438c1c6850db964ecd44a3659d3e2e6ec08bebe4e71354c04454bd191a971be507c5e1a70438ffbcfb609eb36cac6f6820f7c209f8a9c955befac40f89cccfb9dbe1e898ec6bd3c3b1594119d3e7e7a9e968aa3777558402cb11b25368e0044cddec135e8c1dceb4abdce805fb56cbfd021c8043364c535fe2111bd2c1911d12c99ad5bfce18873942acd5bd1160a085a2fa239ff48c5d44656d7f30d864c278d08ac2a2061d4c0820a3c8a853110558627c8a32a6c4ae29f351130a3e2496f11da6cb3ad4aac786e9db4a750f52f7bf783488bc2aa9b54f46808b0623f8a3c4fbcb006139dcbc1d3986149a7ff4d687888be415586c0d9673f6ebb7d02a602264ed070b9d29efdfafed1a699921a6215a7ec783ca0cf8e08517a983eb2b122dd3de204ac6f19a890977f40a19bd5b893b6d64bd364cfb25670973be4bf1d0dc53da829607e886745fe2e7ed714e16306ab7732442dc029a13aa0a3855a312205cce90e32fc6c39b4e905a6159846491670f8bf4ca94ddfc3626af98a447853e75d10ab672e11b99ce807596f3174e798136d53262177e24736ed7608965d7f193f0163d44ad0a0194f572c3886993a53d75053ed9847d8605e56876f546e712f9b532b0caeda74fd3263df04f3780ef666d11d3d11b28d0c910e2727acd9ef7bc605174516d762c16f1d5b83efe23f84229a6bfa39f0b4480eb70b48483ccd61af1fc70cf67041586df4d4c9379460d0bf6f4dca1e4e88760f4b543623e06ca3b0a41d205d10389ac7aad6ad3588a21b50f5a76a1a2c1dce0fd079b5fbd4e577be2ca6ec6d85199a18262289784898b3bd3ba19c0abc683581548342c6ead5abd871fc3ffd92bcfdeb610a8768311d2ac47b277f6838707f00ba975f9746a6c5648b6902cca51d85dd5da1c4414b0a63537da03603c37d993938ffe62c2d1295b69cfc29e36db2f7db588ab47710ec05a3e288d92c8b0d5134649daa48db6709150d4925ba7392863edea63ccc144ea2f79f869fd1e4c8961eff9ff826d494a8a3c2de0ec58556b7d9fcef4d21a5340f2e0ff4500aeb2db999622ad1c0077f38305cbacdcefa72be74993c3c58adc2e52a523a3357d90f7679ae98c712a6b64b4d731c987696bd162aa6ac4965afd7effc3c76c7cbb214a0a3880d063761c86edb67194525dbffb62f597878f3644d6e25ff723dbd36fc4908d3a3353f8a6ee7843df5743b08a7671727fe255d38f07d8850aead0f8bab0e6883afcd388b1e5b0cc917969900c917fe516c23255fea5d9ba06eddd28f0b8e2d193260d15f00480b8cee2ebe6b096bc7b80004c79f33be1ce8e129fa0d1eeda88eedd4e5a926a8eea2157545564fe656ea8a25f091e1d801d459f2638a4704f12868faa52ffb9bb3a306b4a19b71b09d685ec16d1e6ca805f6f90f76a7dc9da55ff5859aa0be630081d44f30bb047d10b59aa17afa5b4698843a5315976ad104fbf890aac9dd5e38555ee90dccd641ea58b39c3f119d1d1c5ab02e4af3a34e2451ce4913452bade503818daf2e7383bdff0becf866e5faf937514335da140e7d2a91b0b5b0c5fc7dfd0c78adfe9f6a4ded9ceac9a06b2e56d20803c2b37ea6b26b6e1205b9dcb111a570fbbd482662b93f30d545eaa67f40b43321c2b6ced8e8780767f80ac7988a429cdc62fc2913b45f92baa97a02cd73bd28e8db26a08ac05afad6ef9d3b0c201928eebca6fb0a5eb306561602c3eb1416217dadc5d540a0fe3a217c976756637ae726977110245292ecba35bf835f1963e90a782f24bae99d4e8aee7fa42344f210dc6d39afb7e620047c9676b66245996b00da3e0c38e1ae6fe37ce2036053d1a9e4d6b82d99bfbb28c4a4e97cd4fdcee530cdd662e5417a40da70d3ba30effa6975b3a1bb7d4b139effee474449ade9539c68cce80ce5d8d0cbf467af1647b405203db88888a7b966fa6e78a5f04eb8205451bd751908e6a4af817feba8a1636a7e9a7fd9995d5eb4c3c1eda9c8ed986d4cadd1e8d9eab64568371e4971d659f9590dc27cfe2250f0facc4578fd980c705a036f4521f75794d245186196fb693163e1828dc7b2be70480fe01ab35cdeb6387a57b5538dfe704ed1245dd0b42bacca8e76ddc3920d115f7156f50306d258b9a5930f4d3d94f3ce1945f79eebf7929775718afc72f992162a123db10c362c0ae97c174836d3f4fa15bd2f95045b0ea0672a1463236bc460856eca1544adc41d7f1dbd1eb228a5dde4a0852077f47396cc4f87004da03bbde8dd7bc037e8f9d02d903f50dd30992990acba44cb823894477d39f8c2807a5bc64fbe37aa72072ab798999d74a04a11c43bd6de55ad913e21280f5f71bc82e3c12e9d08035191b5724dcdfdeb1b97c808ed9b8edc7f160c6b215596c8e6a34dcf2d0942a9279d3f3321c0ea18c411a6ab9231f6fa94752e58a2c9831f94325e72a036b878f37cf4175039402310d08601dc912c58ddca737090ba6e92ced3c6398793ae94e75d7f815d4fb63b9975196a48ff7f4593aebba5ceb6c3acc04fad381c036b4c04e07dce25fc4b477dc071b3552e6dca3514d8b1d486660b4d2a1b0ce9a833bb35d8bc763c6ac5515d9d40f7ecb52d802bc46b9e9f320fb1aed2db8d67ff9e94510eebb5f0fa709d8c2b1a2d9cf0c0c258b55719cd482570e1bd2fa0471f0fee369312c243a61b973263f73dd9b002194466ddd2e5224948ad64fefb3100c4ad4ade6f14840d40c9b296f3b77b6f8cf26cd745572dbb09118a0b861f5d274978300b8ed9533e3b6fa9b297b57e4350f6ae47dae7bbba78a38fbe701f419280af1ae8c6dbcdbbd279b443c3de6e48e81bd3621763e0f9869ee7e49273aba58ec4c61a7855596a9514e8270ad472f96a088e406b31fe4b72073c84416ed336877bb5fdb21aeaf0be1b31a294b599b30ed48d68c1f05bedaf09c7c5c051ce188b3c806d8f20673814647b9c0b3f6aba5c6f6800672344000cc272bd0e97fcefbbffd8d57a0e9dec6fa4a57cfc1174f6db8626f8846d40ed7d6a2fa2553c6b5e0cf6ee63aed321158ef975dbd2eccfec135aece70a3ce6b6d9876b92f965f7eef4bfdd51e5fb8ff3e471ee7b59af806188b920e1aaaeab945ae105708fd1334b9765ec4cf4e5967e9849aaa3ac32d9a1f2dbb0c442fc035bf0bbe9f588e763a5edc30dd90f6371593f18fd9172bbe62ff82e405919feeb2d3d8efca804e27b665c49ad98d45521eee4a236affd801f3a81fddad285a9aaf0338bc825f637edb5a29195bd738d02e8643628d33fe3a0ca212bf0d44654e47e10425d902534fc522bf251818022399c10cfda5dc7ace2ea715906f3de2feac5dad33841c582d3094f33ccd781b472fa4b96479c1757876c355fae948b48c551893ff442b50824e042e07694c6aa699c34eb2aa155aa5ac928321bb71573599710dc2380e8bc8503975933a95d3697ac182714ac9ae61b257f108448e0752d9fa59354ca08b19f1ef5e9c81ca79ba91c31e71c2fae1cc1f40df02b4356c22dbbff79f6da53e341d980296ec38696a22ef3332fe12362a775cf3239dbabe495ca91dc8dec9ca3bcbadd330caf6d9dfc2bf6e025e05f8041f858b910f2eff2103af06ebdcccf4aa758a2b1f969abe8d7e66fdd3e6feb747b3eac50d970a52f377b8be3f498f2818621794c14b7b01410b6e7d486116e838dd46e0f6468e5612bc03af8b47cc1734271bf37737f49378a7feab30a4316387c4d01dd743809800fe501782a88faea8e1ee7fb4d50bf6649737ccae288f84ecb23c4c059389512881895fca0eb0313c2e605a8af9ae77cbb7dfb9c682ec04376e172ff59aadc9146947e9ad4234487d5d72557f5fe478e619d345b0040db7db87aa51cd24c79e87916865189615c097adeeaec53ca2687d7bcb56545c9b723cf65347d0068f07d5d7ba65ec629471b419c359c841fd73be88a3c7057d79c1d054573fe14a74e1932571cfc60a5b182cbe96e450615d87670a8749b125a0f98fcaa3453764c55bf34d8a259c2c7474f2a6901ba29e8e42678769479757744e8b17e5fc9a52ea69b414e45d47c8b03d9e9da1e0b9848ce1750106261a8a1fcd0adc46f8a19f928f437be0ba2e9007b03fe1edea79af7c50c68742b2a5b6a6c9bb4bf3ad8cf93b593e459b5da5b07bde4a0e7261641d96acebe98d8704a7897f60e344f0cac8dbac242864133de3da1935cc6254fd6db5f4f9b923ab626fb7acbf40b26c3ec71370cefeadd38adc549006dfb5b1bb198e6d374be01a102df1bb6d29310f6a3794d801ef888d8e63e864c2766be68166daf881965a2cb0b610f6230c0bcb9d5749504db8e2d813a50992b2c0b2f3c0abc42f725643e292c0ec28376d9d9898", 0x1000, 0x4010, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000001840)={0x2020}, 0x2020)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)

15:45:11 executing program 3:
select(0x40, &(0x7f0000000000), 0x0, 0x0, 0x0)

15:45:11 executing program 1:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448e4, &(0x7f0000000040)={0x0, 0x0, "5bf90b"})

15:45:11 executing program 1:
socketpair(0x6, 0x800, 0x6, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00')
sendto$phonet(r1, &(0x7f0000000300)="696b5d4aa9ef482d67b8f3d8930dae4b8f3f4c7d38775786c830cc05b9df42577f696509085ca02c3a25313491a078c342ba14025c7253dd6726559439bd9eed520102459c5210404fda6ac872067cff665af8b8de9846c6e02eee19587fd74fd4a29683f9a1403c2b170fdf20cd5dbf3acf4fcdb09ffce48b48cc2104f7de822dd0db3aeefd974cf1d84bb8adbd587692248d36d5f4f598069fd4aa4e4b36161e8e9c1a7d601251f5dc06ce62c1b5a8aa5accb0f07ec8681fa606fa15bd213a7307c8c03072098c2eb08e32c2453d031b851bcd1080a949a09734a11cfd41fe49339291e7a6978f5b579bb5d012202bdcbbd537f887add0c9a4c9e79baf0a9cf689a5927d9cde1f92bfaf5a7f379a8d6b2819db07719ebcd732dd13cb779c81e79f4d611438770d5f2ed1a420c089b2839ab182945be0232c5ff018813a951c179f02055e632a7c42d4ce19d47ff2447d4173e3a8bae90397d3dc3aaf19ed6394c7abd3c558006d97eed27869f003bd691687d8ca83c2817db7cac75825815805ea9e1e7b90f01dd0ec47ad85aa3f5e3f51cc6dcfa8a74429030d363b57fc3886a40220935f87dc2c9b0f0847e1515ab94ba11faab7cd393cda2ffa3ac874d71571df1bebd542c5f5b0328a757fa73d5ea9faded1d9dbbe64e06fd2b890260d96c704ebdb84e97ba2290c1278f5912b680a74a602ed025e2dc9d64801ba1daff2c66ea5f5201bee2eb63d7cac5edb8011ec467762911ec3c471aca6c22e2097a495ec05154ceb23babb47732c2e449802653d7a5364d0ca90f58ab2e666d784d4475f5147b80f63017577e95834cddce1a80b688742623f46e3fe6bc523175bb0da8c1dd3f0e750bc8aac70475d647ca3e145e44b1ddec99e64f38c57ac478327ce1f90356ab0fda7afec5b68d1e9c41319ecfb91cf6d58442680806a2497925f419669bfdfe9f71e93cc803db75662927f5ce1b9da25680a1bb568881e3025fc4fce9bc1eaf4f8504cba4fc89787afa6643f8fbbe8bace0ec1d237815401d50e39e3e9db6825cd96af991c8f1007b83124fed9e0d11def1b76d45b5eae0bb0b90425f206143ef73a34983909b763c80abf775e23bd893b9435b15339cd984e87daac76ea6c1e4d7453a46eecff313b1cc063fd85bf958bbbef5c64716e2c8dcc95f62421eaf42c212bab5bc50792b33fa97f57d8f588d808cb5d129963d1c465863b88056662f4fff63d7ea25fb18284cab6948e72acbe82999d77e8e4df4c1cf0435a1cc22a3ef76f08144ce05ecb1dd951b4eb168edc5d97c76d96fded0063151f4a5fbb4cb02c123f54005c6914d4d2243f23a9e280cbfbcd7c992a1beb2a3e522139b947bc56dd931e588cdc9a3b8328991e846c71af1b14127549f08d9a4583ba20ab068aba556e57e1c1b24126daa7b39283ad4fd1a4e6d5748b498d5c3445913868ae4a8b2a7e1c3caf09c5fb5b24cfa9d44e7bd26a2fd2027e8e7839e9db633466837eebc7c027d2e10bf7f882b87e50c52a832ee4255dff120cc80321ab3e826e3b37b5c702d45902999598413bf811244922f5f874ac15e3b6857aae4e7478f4e3b78f4547097174e3e3b0acfd9e1a23292766ab9dffacc3f7551871cfcce079956779ca0dcaa62d7ce1b1596b96beec8cbb348121ef7b246432137d2a996cfa7a8f52d4811fa263dacea86f7ea78dc1fb92932b7e057817b81aef60f0f8300bf99e0b776c15d9fea7bfcd6f229e3e1782e5204a69eacb9f1004685b145d04cf8114209b767ce35e0d03a78641148a8d044ab03bd6d97c78531182bd4467927c7bcce29d24238ccbeedb0cb815fe6b5ed0b9654093073b6dd40514caf6e6ba9ecc9fc78cbaf7698a2e35dd7878964bee34913fbefe417bd4b61931dc6c94e67592c133c800b56e06cb3eec01fb8c0f9f5e56ae8a23608365b2539abe33420d501b84578d327d6479abc144f10d7232022f78ec419981d60ac26bbd5d23e70a38719e7a0b1a89fedeff14157b6e558c76055056d62e7e38d2bb4977a87d8d81b219aee7dfdde6f70dd8a4dc92d4028ef5d3825bafe71a8373274055e4f8830df0b6fa88d0aa2165299a3ce4a6f47f6adcc97c38a8ef55fab84bc3af10c93e6069567a55295eb6cb296b2dddba0fff7392abdeabe8090c79d15e7119c6d1a0d0d63e315df090d635e68d27e4a7fc671075fc46c8b019be4ea8b618195fda4eb8b31a2796f95feb9317070f893c63156a27107cbadc9f2f415917c87b603398425179efe7ae16e0032e15dcf4d88ffe1794c56365199d7541b7942772319333f4beeaea812da65f0f8d2aaeafbf8edd175bcceeee866034fcf3f1e4aa1f5441d8b6801b40ac696b62e201bbee75db73ad34bca0829f68199c0ba60335c1b9f1c4c7aebb1858ab8881d268548ab3a08fb1cad40ea75b8cf3c9ae9252532b074df772ad63c8a3b8598f6656d8ec528212a737171da525cf56e55c7fb2adb472d5f9ff44434645729582769afc1c1aa7882bed248afc7619d9db305c7eab07537cf9ee22feb32c08ab7054a007e0986d5f62cb68d15ddbf608eeee007d87d49f2c720a1407bd34c6f3bdf56784883cfd19653b983b7100e42a8ba41c706a9d9a67e4ec3b31183158838e4f5dbe4ebd74bd26469c2a2abd879258563f9899383f227a9260a8018a3d2a402f92a1e08730fe91c5774f2a1434e1cde4923f78a5a5487be3fb947ba87ec9be2a29ce5d23b5a0300c48c0d93feee54019fb33975a09c2e940f6ef688355d62067499305304ec991231d5c453bb82fee34250212bdf5aedfcd4f2b9cdad9f06c756fd744609d394f26eb99a461248f6352d21336103a8c4b19d69128c0afce34e470952d1c0afe4cff509a1a75c4ab683ec012a599a8293a449c0c69d95d10e6b3d538107f0ae272cc707dad9b478b1f9794f5ebd81c7b4f19c6f1a207fd5b32882be5237c5409093c874cb0ad8ac0ac08b81795527a5e82bcb5ed65cfb7b054f6d1fa2a7a9c0efa90cbe619223dd254edc07785205d45936578f91abb94bd78e67d234096a0509777d928591a488cd2f748ac00bbd5e8b1acec0e498a00c8f9d4f41c7cdcbb0f708b60b5701ad8c023d5f2a42e90bcf7f2a9fc2f6ff01ff11356f5ef0b27592156aea45b0906f8968db58fbbc5986442887b0d9e8aeb9bc8bc19e2d4c1a09a0c0aacbb3db2fc0ed5e45d591af799a275efd0422b460dcd8771650dc0891284e8c107ba583191d94bd9dbe8a657e70ecec6faba68f3c5fe457dd0924ac5452859f30f534367f6cc27be7905286317cd02541f2f382066f4d6f2756f81486eebc4b266366c16715ee2b8b13ad99996514d094e80cd9223420c374705d5323cdaa64ba746b1647ea992e0b0747d027ef796fc1c8e7e1322ceae26f5f4a00ff27fc011fc36d5d511c383ab796304f8dfc3135aab7f965d1f0e06823a7bd0e9fed43b244ae85e0e2db58c6c15455eba1643a0fbabbc79e6c89e670f81944161a34ee33e8ed327edf683774752ee8f284b49d4b4b756a5e6463039c520567042f697f608ffcb38b3becd69ac4f585a7a66e915f0054037e631c6cd000d2cb73dac39d28137911c6a35f30da06d98a41b93d46e28b7f723dc8768fab3236fedd7a5b19ff1e35700a4acf5ec79a3d2a407bbf40827433bef1d40e6389c2d514a8900511c283fb9d49945f65728c589a59183fa37dd88f85f2cc64092c7284668f5a4959d4c59e89a4356ceab4bf759aa6eda6515eae7b3b08bc28f9045b6e885fc0c606a636c9a3c195baded45bbeae0792c6ecfd9d7edd8ddd26cf50bd65e87814de9cd50e1f83044e7e0ba0e3b511023635d57f7da384e2dc6dd09823e1070d956253d30c692d59b249bf254d0f91961bfe8e248b787eee281b3fc5ec5762e26c89be04c8de0afc02fd303300ecd572b18df49a2f40d14c2b387c63ea06bd436367659a151bbb052bff1eaa3f2b15b48faa42b7c7e66000c89270663965ca4cc75b52b1dcd130029d51df6af43de34863be8391bff82e1ec4075b1055c779445a2c8feb4e381eeec2c16cb96f64748e32b7540ec6b6bffe266cd67bd358513b8166cbb3e98e12af106111a6eafcf9e4f04725b9807c2dc60419c4c7cdd411ef0973459253e2b1ba657e94d094bdf4b9dca0eb48992a4bba20d31a063b53c334e64f020361043044a3bb524a746b0f81dd29af31bd0af8a5387f418011410844dfe09a8ff3e8b9dccd758beb9f7bb12eed1ed215abe45a6f769d2c2e84970090ce17ffadf7e8d5cffa6045f75c1ca6f0ee9dcf68ccc243dcfce35553eacdfb655005303948b521c41773ff4dc83ff25eb7ad672055dcaa179f026016b373413ff96dde3b950a554f78f016f59522685ef154969e37472f9465a0ee31705b3212a1d31f039e63735a0b9a921005db6f2fa2fb8b803f51a671fb3f916d8c3ad85f51dfef7787d88d535d5746dd455daa1a78c84957335bbbeb15900c53edd9ca64301a3643fef076788552e16ef4f8149dae4a05b9c612e495b8d90857b5b95684ceee637f443673e0098655a65ed5bceb7499ccda92f6f6fcb8bce7c4deeafa69cb370e74c046bf3e122323f0f5abe7f5eb313f490b2ef175f5c679e74a17db81f4e3b508df4fb5f01a557187dd329ea357ab159d1cd576a2f6c9c1036d4494bbcf8b62cd884fc6825b08843908fbc021ab3584bddcdd980e21f81c232ecf3d97c10b80639973365c614e37ad1655196d2e779259a413f88d5aa8c5f34cf804c4e8bf696f6c32433281a5d3ff1e45cdf390a67d4e446fafae92780e7c26b32ed2971895909bea66c27119d9c09891ef57f99497b75df7e945f5cdbd80431f9a7165cb8a1628635e493cf4faf081c1223e22b3abe63c1d1f3a7fd06337267e3c7eca2e2553e1d4f1a757258277bc2a37994c12ed3a35f4349a5cd002290eb0013e52305da668b596176dda63c2b1c8cffaa0f0e08ee0fe0cb357e6eae1c5179af16920c3932bccd956e48a971ea54ed1a822e03c5e232af9d6d3345bacdba06784f259be76915d2a2a6e4914357e6cc671e57ebd2fc880f4fef1ac88a57a1130a00245b5789696aa6573bdd3abaeefee2ab693113c57e3d2bcf99d6cbc4426e5e7752e258a4279e3f2eda0a0121fe3f8e362a8182621b01f3015e6f9bebd09bb2e08d0dfc5f37633c71291b5c6bc2911e68ffe38eb7d4601f5c4e1209d43d9d1d8c5c7d03cb1a33752460cb342a2ab7e9bc60c59b15d5807c3fa2b266b5bc3e3d41131b73a59bf771ad511f07912959def6a45be64a59856fcd6e8830eb2848989693b8a6512b35781e1a3bd5786b8ca7a069b8781021490bba76a2e41ac8c3d0004d744ef8f676692163955dfd9e9b5393b7eea99a60052923ffce24cc7fbc39086965f7094a71b036d28daba72989bdc2ebf34416d9859d2d7461de32068c691a8e3e38d6687bf1712259d8e4162072bd1419ec0a7880c902bfda52dc38a71d31e7b9bf07c1dd3ed126b1549eed2ca3d828acb326fb92ceabcaeb40d56a4afc87ed575a075e8327a48aa2002ba8d3b66538d8ebc939b8455bf2ec4e495e9c0d2e21061c26ea39263440c9e46e25d37005058218440ba30820b1bfff04aa760574b3f6bc5f3908a9969ce2a34b129b7747a8e800ba9f95e1992d38e273c417834f7ffe64a5f0c5ad806a0b91ba091ec732e00e2d85cfc094d4faf23f077112a204580b1aff4606ddda0a26aa002deca5fb3b0cd70fc9e91e66279708c4e16588f5760c2dc7ea7b7a9b7b2749e770f951", 0x1000, 0x4080, &(0x7f0000001300)={0x23, 0x0, 0x40, 0x20}, 0x10)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)={0x188, r2, 0x400, 0x70bd26, 0x25dfdbfb, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x7fff}, {0x8, 0x13, 0x41c1}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x400}, {0x6, 0x11, 0x1}, {0x8, 0x13, 0x3ff}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0xffffff80}, {0x6, 0x11, 0xffff}, {0x8, 0x13, 0x401}, {0x5}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3ff}, {0x6, 0x11, 0x800}, {0x8, 0x13, 0x7f}, {0x5, 0x14, 0x1}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0x6, 0x11, 0x28}, {0x8, 0x13, 0x6}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x100}, {0x6, 0x11, 0xd785}, {0x8, 0x13, 0xaa3}, {0x5}}]}, 0x188}, 0x1, 0x0, 0x0, 0x8886}, 0x15)
prctl$PR_CAPBSET_DROP(0x17, 0x700)

15:45:11 executing program 1:
socket(0x23, 0x0, 0x0)

15:45:11 executing program 1:
socket(0x23, 0x0, 0x0)

15:45:11 executing program 1:
socket(0x23, 0x0, 0x0)

15:45:11 executing program 1:
socket(0x0, 0x0, 0x0)

15:45:12 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000080)={0xa, 0x2, "33fc00", 0xfb, 0x4b})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r0, &(0x7f0000000000)={0x20002000})

15:45:12 executing program 1:
socket(0x0, 0x0, 0x0)

15:45:12 executing program 4:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

15:45:12 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x9}}, 0x18)
write$bt_hci(r0, &(0x7f0000000080)={0x1, @accept_sync_conn_req={{0x429, 0x15}, {@any, 0x9, 0x7, 0xffff, 0x5, 0x6, 0x8}}}, 0x19)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x2, '\x00\x00\v', 0xff, 0xfd})

15:45:12 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7ff, '\x00', 0xff, 0x4})
write$bt_hci(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="010104d06aab90e203f3008a630b0f744949c0581dd66a29e1127c232f52aafafa171d429cf7ffa94b46af0891131f0e280d8460e334a194449e166b206ec021b2644068fbb1b347bfbff9d8ebcd7078f6eb1b0e5068fa61158a7c2fd6c13015c2580fd6266b40772beae91002950ff6d4d6841e71096b01a39fd2733d8b4699312b79502791a44c47eafe4058ebf1c1ead40f53adb513180a8e2d603039809fb4d41cd2b8e6510fdf664096de0849a0f1b965010b59ac366a4fc10d49569c0705ca5bfb19604142422bbb45446bb7eec1abaa29c05e2de9cd83bb0918af5f8fe1a84f0f7a6720d2daa661802e30ef62c97f086ee4fe8d5495618b2a82d02f6a20fe93dc215de41a5d127f1c884a4cc0dbbc5b7952c9a1cb696e9e41c177a20738486d1eb82017b8afa762f5b6d01a6042d9a9af9f22f3047078cc613b72bff09d434948a65445128d60ef270c1b8d88d27ff39e3b665f21dcbb5c964962f524af005c9b267e6c7abb"], 0x9)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
socket(0xf, 0x1, 0x2)
sendto$phonet(r1, &(0x7f0000000180)="cd80ef4e60c56b48a4899afb9248794007596c1c02f7d8e1b07d182a2dd4ce4ab89cb6f797866e96e0d1fd06f276518961400ffbd6fc7d5ed913e88b19a28d0dc6894226e24babd8d75c62daabd1db588ce165151be26c91f5d2e1035fea289ccec80687c3e36a0e5f3539d4f09ef9b24dbd0bc27e3e8896d4adf6ef4f27cd1d5c73109b0ef333370277db4d42b8e7de5f849593b1f51e974b2f31c55f1585f46ca1de563c2aa88a579ef20a7f81078355fef9fb33e654ad476888f835483fb646f820f4ede2dddc4ef70f8ad10df75727fe4536c35201305ad4a947578864f24bc7392fce11aaac8fd5a2b9a710979f2b4e7225ed79a9d702fcc25ed5762201e3540b7d88db2d447d5b656b254df20125901e461ba8a8232247a5e24413897eaf72e09a4c133403fbfefef04130a525fec5d42d098a2cd14475d6f246710fbcf5b589cf1ba53b7480bd4b5a6ee6d03b88d75dc1f8f9c5bb22aa5d0607a3ee378451f86b2c12bdda56714aa1b99f1496f294250b56a5ef1f39ac415e159b99f92b6b8bbf9feb5e367d546ceb46f29e955238ffbfdb5c71d63d7254d1e815c98439c674655693b53b311c3899fbd01cf1854b3b0b729baaefb454712650af631e86792bb10e307a4cbb07eca85c1b5671179ce95b3adf484d6c62c3639cadbbad094eba11a196364ba1ea4036a97d0a2c0fdff18026bb18ff7170a0d5b4d8196e41606f6210f0f2c3a392960b379bc756fa25b7d7a0c80198f5b98583378a9da63445742b5e0aa2f11b65f66a711a558a7cf6c93538f41a5c49239ee7c4b94901f9e2a9cdd4323f2a44c92f4728fe1a93106e0c679f32484fefc0118d3853589dbc7825bd8664416a44bca6ef4e81e3f690f16dfb6204f46d586f9b777587eacc32a88bbc92c53bd0f036b233d56724fb3a3a6662bc1d4a374a65e0858ed3ff641e945ee20a86354833a04d00a2c46d56659fdc8f47c325aa0e131f9884246ceaba8bd3feefddaa0924ed2962c44a61b1dc913baaf096c64ff9b1f73ccf2a39b2e42838f74f6d174bc448af051b838c1a329fe16c07c02e827ad3b09f4c2f7277ceed362eaace466f9d637b2056bc5b6f6c3a5ca349659d3a2c2b8acc5377510d4e1b1aa5b97ea45090054457912fe2c4a47a7b377e5f3afdc5c4ad4df2d60da052b6269847e2a0aa32ecdd45f85b5974506b0796467e094227062805be4bfffde81ceb9442cc77c6aa542c37da2a557d2ddabf41652f8763b1e99fea03d7ff9369718cba0e9708ef6c5660dca81bade99106d59547be978045c729f9a4e42319b0c30a8207f791cbf496c04f6c5e0f883c7b5557dbcf4157f390a654a391fbf2a75d0a08a2059e7c1b58b4d93898ba5f7fe0972aa3defde3b6654c3ffd5e438c1c6850db964ecd44a3659d3e2e6ec08bebe4e71354c04454bd191a971be507c5e1a70438ffbcfb609eb36cac6f6820f7c209f8a9c955befac40f89cccfb9dbe1e898ec6bd3c3b1594119d3e7e7a9e968aa3777558402cb11b25368e0044cddec135e8c1dceb4abdce805fb56cbfd021c8043364c535fe2111bd2c1911d12c99ad5bfce18873942acd5bd1160a085a2fa239ff48c5d44656d7f30d864c278d08ac2a2061d4c0820a3c8a853110558627c8a32a6c4ae29f351130a3e2496f11da6cb3ad4aac786e9db4a750f52f7bf783488bc2aa9b54f46808b0623f8a3c4fbcb006139dcbc1d3986149a7ff4d687888be415586c0d9673f6ebb7d02a602264ed070b9d29efdfafed1a699921a6215a7ec783ca0cf8e08517a983eb2b122dd3de204ac6f19a890977f40a19bd5b893b6d64bd364cfb25670973be4bf1d0dc53da829607e886745fe2e7ed714e16306ab7732442dc029a13aa0a3855a312205cce90e32fc6c39b4e905a6159846491670f8bf4ca94ddfc3626af98a447853e75d10ab672e11b99ce807596f3174e798136d53262177e24736ed7608965d7f193f0163d44ad0a0194f572c3886993a53d75053ed9847d8605e56876f546e712f9b532b0caeda74fd3263df04f3780ef666d11d3d11b28d0c910e2727acd9ef7bc605174516d762c16f1d5b83efe23f84229a6bfa39f0b4480eb70b48483ccd61af1fc70cf67041586df4d4c9379460d0bf6f4dca1e4e88760f4b543623e06ca3b0a41d205d10389ac7aad6ad3588a21b50f5a76a1a2c1dce0fd079b5fbd4e577be2ca6ec6d85199a18262289784898b3bd3ba19c0abc683581548342c6ead5abd871fc3ffd92bcfdeb610a8768311d2ac47b277f6838707f00ba975f9746a6c5648b6902cca51d85dd5da1c4414b0a63537da03603c37d993938ffe62c2d1295b69cfc29e36db2f7db588ab47710ec05a3e288d92c8b0d5134649daa48db6709150d4925ba7392863edea63ccc144ea2f79f869fd1e4c8961eff9ff826d494a8a3c2de0ec58556b7d9fcef4d21a5340f2e0ff4500aeb2db999622ad1c0077f38305cbacdcefa72be74993c3c58adc2e52a523a3357d90f7679ae98c712a6b64b4d731c987696bd162aa6ac4965afd7effc3c76c7cbb214a0a3880d063761c86edb67194525dbffb62f597878f3644d6e25ff723dbd36fc4908d3a3353f8a6ee7843df5743b08a7671727fe255d38f07d8850aead0f8bab0e6883afcd388b1e5b0cc917969900c917fe516c23255fea5d9ba06eddd28f0b8e2d193260d15f00480b8cee2ebe6b096bc7b80004c79f33be1ce8e129fa0d1eeda88eedd4e5a926a8eea2157545564fe656ea8a25f091e1d801d459f2638a4704f12868faa52ffb9bb3a306b4a19b71b09d685ec16d1e6ca805f6f90f76a7dc9da55ff5859aa0be630081d44f30bb047d10b59aa17afa5b4698843a5315976ad104fbf890aac9dd5e38555ee90dccd641ea58b39c3f119d1d1c5ab02e4af3a34e2451ce4913452bade503818daf2e7383bdff0becf866e5faf937514335da140e7d2a91b0b5b0c5fc7dfd0c78adfe9f6a4ded9ceac9a06b2e56d20803c2b37ea6b26b6e1205b9dcb111a570fbbd482662b93f30d545eaa67f40b43321c2b6ced8e8780767f80ac7988a429cdc62fc2913b45f92baa97a02cd73bd28e8db26a08ac05afad6ef9d3b0c201928eebca6fb0a5eb306561602c3eb1416217dadc5d540a0fe3a217c976756637ae726977110245292ecba35bf835f1963e90a782f24bae99d4e8aee7fa42344f210dc6d39afb7e620047c9676b66245996b00da3e0c38e1ae6fe37ce2036053d1a9e4d6b82d99bfbb28c4a4e97cd4fdcee530cdd662e5417a40da70d3ba30effa6975b3a1bb7d4b139effee474449ade9539c68cce80ce5d8d0cbf467af1647b405203db88888a7b966fa6e78a5f04eb8205451bd751908e6a4af817feba8a1636a7e9a7fd9995d5eb4c3c1eda9c8ed986d4cadd1e8d9eab64568371e4971d659f9590dc27cfe2250f0facc4578fd980c705a036f4521f75794d245186196fb693163e1828dc7b2be70480fe01ab35cdeb6387a57b5538dfe704ed1245dd0b42bacca8e76ddc3920d115f7156f50306d258b9a5930f4d3d94f3ce1945f79eebf7929775718afc72f992162a123db10c362c0ae97c174836d3f4fa15bd2f95045b0ea0672a1463236bc460856eca1544adc41d7f1dbd1eb228a5dde4a0852077f47396cc4f87004da03bbde8dd7bc037e8f9d02d903f50dd30992990acba44cb823894477d39f8c2807a5bc64fbe37aa72072ab798999d74a04a11c43bd6de55ad913e21280f5f71bc82e3c12e9d08035191b5724dcdfdeb1b97c808ed9b8edc7f160c6b215596c8e6a34dcf2d0942a9279d3f3321c0ea18c411a6ab9231f6fa94752e58a2c9831f94325e72a036b878f37cf4175039402310d08601dc912c58ddca737090ba6e92ced3c6398793ae94e75d7f815d4fb63b9975196a48ff7f4593aebba5ceb6c3acc04fad381c036b4c04e07dce25fc4b477dc071b3552e6dca3514d8b1d486660b4d2a1b0ce9a833bb35d8bc763c6ac5515d9d40f7ecb52d802bc46b9e9f320fb1aed2db8d67ff9e94510eebb5f0fa709d8c2b1a2d9cf0c0c258b55719cd482570e1bd2fa0471f0fee369312c243a61b973263f73dd9b002194466ddd2e5224948ad64fefb3100c4ad4ade6f14840d40c9b296f3b77b6f8cf26cd745572dbb09118a0b861f5d274978300b8ed9533e3b6fa9b297b57e4350f6ae47dae7bbba78a38fbe701f419280af1ae8c6dbcdbbd279b443c3de6e48e81bd3621763e0f9869ee7e49273aba58ec4c61a7855596a9514e8270ad472f96a088e406b31fe4b72073c84416ed336877bb5fdb21aeaf0be1b31a294b599b30ed48d68c1f05bedaf09c7c5c051ce188b3c806d8f20673814647b9c0b3f6aba5c6f6800672344000cc272bd0e97fcefbbffd8d57a0e9dec6fa4a57cfc1174f6db8626f8846d40ed7d6a2fa2553c6b5e0cf6ee63aed321158ef975dbd2eccfec135aece70a3ce6b6d9876b92f965f7eef4bfdd51e5fb8ff3e471ee7b59af806188b920e1aaaeab945ae105708fd1334b9765ec4cf4e5967e9849aaa3ac32d9a1f2dbb0c442fc035bf0bbe9f588e763a5edc30dd90f6371593f18fd9172bbe62ff82e405919feeb2d3d8efca804e27b665c49ad98d45521eee4a236affd801f3a81fddad285a9aaf0338bc825f637edb5a29195bd738d02e8643628d33fe3a0ca212bf0d44654e47e10425d902534fc522bf251818022399c10cfda5dc7ace2ea715906f3de2feac5dad33841c582d3094f33ccd781b472fa4b96479c1757876c355fae948b48c551893ff442b50824e042e07694c6aa699c34eb2aa155aa5ac928321bb71573599710dc2380e8bc8503975933a95d3697ac182714ac9ae61b257f108448e0752d9fa59354ca08b19f1ef5e9c81ca79ba91c31e71c2fae1cc1f40df02b4356c22dbbff79f6da53e341d980296ec38696a22ef3332fe12362a775cf3239dbabe495ca91dc8dec9ca3bcbadd330caf6d9dfc2bf6e025e05f8041f858b910f2eff2103af06ebdcccf4aa758a2b1f969abe8d7e66fdd3e6feb747b3eac50d970a52f377b8be3f498f2818621794c14b7b01410b6e7d486116e838dd46e0f6468e5612bc03af8b47cc1734271bf37737f49378a7feab30a4316387c4d01dd743809800fe501782a88faea8e1ee7fb4d50bf6649737ccae288f84ecb23c4c059389512881895fca0eb0313c2e605a8af9ae77cbb7dfb9c682ec04376e172ff59aadc9146947e9ad4234487d5d72557f5fe478e619d345b0040db7db87aa51cd24c79e87916865189615c097adeeaec53ca2687d7bcb56545c9b723cf65347d0068f07d5d7ba65ec629471b419c359c841fd73be88a3c7057d79c1d054573fe14a74e1932571cfc60a5b182cbe96e450615d87670a8749b125a0f98fcaa3453764c55bf34d8a259c2c7474f2a6901ba29e8e42678769479757744e8b17e5fc9a52ea69b414e45d47c8b03d9e9da1e0b9848ce1750106261a8a1fcd0adc46f8a19f928f437be0ba2e9007b03fe1edea79af7c50c68742b2a5b6a6c9bb4bf3ad8cf93b593e459b5da5b07bde4a0e7261641d96acebe98d8704a7897f60e344f0cac8dbac242864133de3da1935cc6254fd6db5f4f9b923ab626fb7acbf40b26c3ec71370cefeadd38adc549006dfb5b1bb198e6d374be01a102df1bb6d29310f6a3794d801ef888d8e63e864c2766be68166daf881965a2cb0b610f6230c0bcb9d5749504db8e2d813a50992b2c0b2f3c0abc42f725643e292c0ec28376d9d9898", 0x1000, 0x4010, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000001840)={0x2020}, 0x2020)

15:45:12 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$FUSE_WRITE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x9}}, 0x18)
write$bt_hci(r0, &(0x7f0000000080)={0x1, @accept_sync_conn_req={{0x429, 0x15}, {@any, 0x9, 0x7, 0xffff, 0x5, 0x6, 0x8}}}, 0x19)
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000440)=0x6, 0x4)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x2, '\x00\x00\v', 0xff, 0xfd})

15:45:12 executing program 1:
socket(0x0, 0x0, 0x0)

15:45:12 executing program 4:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={<r3=>0xffffffffffffffff}, 0x0, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000300)={0x16, 0x98, 0xfa00, {&(0x7f0000000240), 0x2, r3, 0x10, 0x0, @in6={0xa, 0x4e23, 0x800, @private0={0xfc, 0x0, [], 0x1}, 0x3}}}, 0xa0)
accept4$rose(0xffffffffffffffff, &(0x7f00000000c0)=@full={0xb, @dev, @rose, 0x0, [@default, @netrom, @default, @null, @netrom, @netrom]}, &(0x7f0000000100)=0x40, 0x800)

15:45:12 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x12, 're]', 0x9, 0x80})
r1 = socket(0xf, 0x3, 0x15d1)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000100)={0x188, r2, 0x10, 0x70bd29, 0x25dfdbfb, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x100000001}, {0xc, 0x90, 0x8000}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x1}, {0xc}, {0xc, 0x90, 0x8001}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x7}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x40}, {0xc, 0x90, 0x2}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x8}, {0xc, 0x90, 0xac68}}]}, 0x188}, 0x1, 0x0, 0x0, 0x404c085}, 0x4048091)

15:45:12 executing program 1:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={<r3=>0xffffffffffffffff}, 0x0, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000300)={0x16, 0x98, 0xfa00, {&(0x7f0000000240), 0x2, r3, 0x10, 0x0, @in6={0xa, 0x4e23, 0x800, @private0={0xfc, 0x0, [], 0x1}, 0x3}}}, 0xa0)
accept4$rose(0xffffffffffffffff, &(0x7f00000000c0)=@full={0xb, @dev, @rose, 0x0, [@default, @netrom, @default, @null, @netrom, @netrom]}, &(0x7f0000000100)=0x40, 0x800)

15:45:12 executing program 4:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={<r3=>0xffffffffffffffff}, 0x0, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000300)={0x16, 0x98, 0xfa00, {&(0x7f0000000240), 0x2, r3, 0x10, 0x0, @in6={0xa, 0x4e23, 0x800, @private0={0xfc, 0x0, [], 0x1}, 0x3}}}, 0xa0)
accept4$rose(0xffffffffffffffff, &(0x7f00000000c0)=@full={0xb, @dev, @rose, 0x0, [@default, @netrom, @default, @null, @netrom, @netrom]}, &(0x7f0000000100)=0x40, 0x800)

15:45:12 executing program 1:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={<r3=>0xffffffffffffffff}, 0x0, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000300)={0x16, 0x98, 0xfa00, {&(0x7f0000000240), 0x2, r3, 0x10, 0x0, @in6={0xa, 0x4e23, 0x800, @private0={0xfc, 0x0, [], 0x1}, 0x3}}}, 0xa0)
accept4$rose(0xffffffffffffffff, &(0x7f00000000c0)=@full={0xb, @dev, @rose, 0x0, [@default, @netrom, @default, @null, @netrom, @netrom]}, &(0x7f0000000100)=0x40, 0x800)

15:45:12 executing program 4:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={<r3=>0xffffffffffffffff}, 0x0, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000300)={0x16, 0x98, 0xfa00, {&(0x7f0000000240), 0x2, r3, 0x10, 0x0, @in6={0xa, 0x4e23, 0x800, @private0={0xfc, 0x0, [], 0x1}, 0x3}}}, 0xa0)
accept4$rose(0xffffffffffffffff, &(0x7f00000000c0)=@full={0xb, @dev, @rose, 0x0, [@default, @netrom, @default, @null, @netrom, @netrom]}, &(0x7f0000000100)=0x40, 0x800)

15:45:12 executing program 1:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={<r3=>0xffffffffffffffff}, 0x0, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000300)={0x16, 0x98, 0xfa00, {&(0x7f0000000240), 0x2, r3, 0x10, 0x0, @in6={0xa, 0x4e23, 0x800, @private0={0xfc, 0x0, [], 0x1}, 0x3}}}, 0xa0)
accept4$rose(0xffffffffffffffff, &(0x7f00000000c0)=@full={0xb, @dev, @rose, 0x0, [@default, @netrom, @default, @null, @netrom, @netrom]}, &(0x7f0000000100)=0x40, 0x800)

15:45:12 executing program 4:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={<r3=>0xffffffffffffffff}, 0x0, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000300)={0x16, 0x98, 0xfa00, {&(0x7f0000000240), 0x2, r3, 0x10, 0x0, @in6={0xa, 0x4e23, 0x800, @private0={0xfc, 0x0, [], 0x1}, 0x3}}}, 0xa0)

[  754.419233][    T5] Bluetooth: hci0: command 0x0401 tx timeout
15:45:13 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7ff, '\x00', 0xff, 0x4})
write$bt_hci(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="010104d06aab90e203f3008a630b0f744949c0581dd66a29e1127c232f52aafafa171d429cf7ffa94b46af0891131f0e280d8460e334a194449e166b206ec021b2644068fbb1b347bfbff9d8ebcd7078f6eb1b0e5068fa61158a7c2fd6c13015c2580fd6266b40772beae91002950ff6d4d6841e71096b01a39fd2733d8b4699312b79502791a44c47eafe4058ebf1c1ead40f53adb513180a8e2d603039809fb4d41cd2b8e6510fdf664096de0849a0f1b965010b59ac366a4fc10d49569c0705ca5bfb19604142422bbb45446bb7eec1abaa29c05e2de9cd83bb0918af5f8fe1a84f0f7a6720d2daa661802e30ef62c97f086ee4fe8d5495618b2a82d02f6a20fe93dc215de41a5d127f1c884a4cc0dbbc5b7952c9a1cb696e9e41c177a20738486d1eb82017b8afa762f5b6d01a6042d9a9af9f22f3047078cc613b72bff09d434948a65445128d60ef270c1b8d88d27ff39e3b665f21dcbb5c964962f524af005c9b267e6c7abb"], 0x9)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
socket(0xf, 0x1, 0x2)
sendto$phonet(r1, &(0x7f0000000180)="cd80ef4e60c56b48a4899afb9248794007596c1c02f7d8e1b07d182a2dd4ce4ab89cb6f797866e96e0d1fd06f276518961400ffbd6fc7d5ed913e88b19a28d0dc6894226e24babd8d75c62daabd1db588ce165151be26c91f5d2e1035fea289ccec80687c3e36a0e5f3539d4f09ef9b24dbd0bc27e3e8896d4adf6ef4f27cd1d5c73109b0ef333370277db4d42b8e7de5f849593b1f51e974b2f31c55f1585f46ca1de563c2aa88a579ef20a7f81078355fef9fb33e654ad476888f835483fb646f820f4ede2dddc4ef70f8ad10df75727fe4536c35201305ad4a947578864f24bc7392fce11aaac8fd5a2b9a710979f2b4e7225ed79a9d702fcc25ed5762201e3540b7d88db2d447d5b656b254df20125901e461ba8a8232247a5e24413897eaf72e09a4c133403fbfefef04130a525fec5d42d098a2cd14475d6f246710fbcf5b589cf1ba53b7480bd4b5a6ee6d03b88d75dc1f8f9c5bb22aa5d0607a3ee378451f86b2c12bdda56714aa1b99f1496f294250b56a5ef1f39ac415e159b99f92b6b8bbf9feb5e367d546ceb46f29e955238ffbfdb5c71d63d7254d1e815c98439c674655693b53b311c3899fbd01cf1854b3b0b729baaefb454712650af631e86792bb10e307a4cbb07eca85c1b5671179ce95b3adf484d6c62c3639cadbbad094eba11a196364ba1ea4036a97d0a2c0fdff18026bb18ff7170a0d5b4d8196e41606f6210f0f2c3a392960b379bc756fa25b7d7a0c80198f5b98583378a9da63445742b5e0aa2f11b65f66a711a558a7cf6c93538f41a5c49239ee7c4b94901f9e2a9cdd4323f2a44c92f4728fe1a93106e0c679f32484fefc0118d3853589dbc7825bd8664416a44bca6ef4e81e3f690f16dfb6204f46d586f9b777587eacc32a88bbc92c53bd0f036b233d56724fb3a3a6662bc1d4a374a65e0858ed3ff641e945ee20a86354833a04d00a2c46d56659fdc8f47c325aa0e131f9884246ceaba8bd3feefddaa0924ed2962c44a61b1dc913baaf096c64ff9b1f73ccf2a39b2e42838f74f6d174bc448af051b838c1a329fe16c07c02e827ad3b09f4c2f7277ceed362eaace466f9d637b2056bc5b6f6c3a5ca349659d3a2c2b8acc5377510d4e1b1aa5b97ea45090054457912fe2c4a47a7b377e5f3afdc5c4ad4df2d60da052b6269847e2a0aa32ecdd45f85b5974506b0796467e094227062805be4bfffde81ceb9442cc77c6aa542c37da2a557d2ddabf41652f8763b1e99fea03d7ff9369718cba0e9708ef6c5660dca81bade99106d59547be978045c729f9a4e42319b0c30a8207f791cbf496c04f6c5e0f883c7b5557dbcf4157f390a654a391fbf2a75d0a08a2059e7c1b58b4d93898ba5f7fe0972aa3defde3b6654c3ffd5e438c1c6850db964ecd44a3659d3e2e6ec08bebe4e71354c04454bd191a971be507c5e1a70438ffbcfb609eb36cac6f6820f7c209f8a9c955befac40f89cccfb9dbe1e898ec6bd3c3b1594119d3e7e7a9e968aa3777558402cb11b25368e0044cddec135e8c1dceb4abdce805fb56cbfd021c8043364c535fe2111bd2c1911d12c99ad5bfce18873942acd5bd1160a085a2fa239ff48c5d44656d7f30d864c278d08ac2a2061d4c0820a3c8a853110558627c8a32a6c4ae29f351130a3e2496f11da6cb3ad4aac786e9db4a750f52f7bf783488bc2aa9b54f46808b0623f8a3c4fbcb006139dcbc1d3986149a7ff4d687888be415586c0d9673f6ebb7d02a602264ed070b9d29efdfafed1a699921a6215a7ec783ca0cf8e08517a983eb2b122dd3de204ac6f19a890977f40a19bd5b893b6d64bd364cfb25670973be4bf1d0dc53da829607e886745fe2e7ed714e16306ab7732442dc029a13aa0a3855a312205cce90e32fc6c39b4e905a6159846491670f8bf4ca94ddfc3626af98a447853e75d10ab672e11b99ce807596f3174e798136d53262177e24736ed7608965d7f193f0163d44ad0a0194f572c3886993a53d75053ed9847d8605e56876f546e712f9b532b0caeda74fd3263df04f3780ef666d11d3d11b28d0c910e2727acd9ef7bc605174516d762c16f1d5b83efe23f84229a6bfa39f0b4480eb70b48483ccd61af1fc70cf67041586df4d4c9379460d0bf6f4dca1e4e88760f4b543623e06ca3b0a41d205d10389ac7aad6ad3588a21b50f5a76a1a2c1dce0fd079b5fbd4e577be2ca6ec6d85199a18262289784898b3bd3ba19c0abc683581548342c6ead5abd871fc3ffd92bcfdeb610a8768311d2ac47b277f6838707f00ba975f9746a6c5648b6902cca51d85dd5da1c4414b0a63537da03603c37d993938ffe62c2d1295b69cfc29e36db2f7db588ab47710ec05a3e288d92c8b0d5134649daa48db6709150d4925ba7392863edea63ccc144ea2f79f869fd1e4c8961eff9ff826d494a8a3c2de0ec58556b7d9fcef4d21a5340f2e0ff4500aeb2db999622ad1c0077f38305cbacdcefa72be74993c3c58adc2e52a523a3357d90f7679ae98c712a6b64b4d731c987696bd162aa6ac4965afd7effc3c76c7cbb214a0a3880d063761c86edb67194525dbffb62f597878f3644d6e25ff723dbd36fc4908d3a3353f8a6ee7843df5743b08a7671727fe255d38f07d8850aead0f8bab0e6883afcd388b1e5b0cc917969900c917fe516c23255fea5d9ba06eddd28f0b8e2d193260d15f00480b8cee2ebe6b096bc7b80004c79f33be1ce8e129fa0d1eeda88eedd4e5a926a8eea2157545564fe656ea8a25f091e1d801d459f2638a4704f12868faa52ffb9bb3a306b4a19b71b09d685ec16d1e6ca805f6f90f76a7dc9da55ff5859aa0be630081d44f30bb047d10b59aa17afa5b4698843a5315976ad104fbf890aac9dd5e38555ee90dccd641ea58b39c3f119d1d1c5ab02e4af3a34e2451ce4913452bade503818daf2e7383bdff0becf866e5faf937514335da140e7d2a91b0b5b0c5fc7dfd0c78adfe9f6a4ded9ceac9a06b2e56d20803c2b37ea6b26b6e1205b9dcb111a570fbbd482662b93f30d545eaa67f40b43321c2b6ced8e8780767f80ac7988a429cdc62fc2913b45f92baa97a02cd73bd28e8db26a08ac05afad6ef9d3b0c201928eebca6fb0a5eb306561602c3eb1416217dadc5d540a0fe3a217c976756637ae726977110245292ecba35bf835f1963e90a782f24bae99d4e8aee7fa42344f210dc6d39afb7e620047c9676b66245996b00da3e0c38e1ae6fe37ce2036053d1a9e4d6b82d99bfbb28c4a4e97cd4fdcee530cdd662e5417a40da70d3ba30effa6975b3a1bb7d4b139effee474449ade9539c68cce80ce5d8d0cbf467af1647b405203db88888a7b966fa6e78a5f04eb8205451bd751908e6a4af817feba8a1636a7e9a7fd9995d5eb4c3c1eda9c8ed986d4cadd1e8d9eab64568371e4971d659f9590dc27cfe2250f0facc4578fd980c705a036f4521f75794d245186196fb693163e1828dc7b2be70480fe01ab35cdeb6387a57b5538dfe704ed1245dd0b42bacca8e76ddc3920d115f7156f50306d258b9a5930f4d3d94f3ce1945f79eebf7929775718afc72f992162a123db10c362c0ae97c174836d3f4fa15bd2f95045b0ea0672a1463236bc460856eca1544adc41d7f1dbd1eb228a5dde4a0852077f47396cc4f87004da03bbde8dd7bc037e8f9d02d903f50dd30992990acba44cb823894477d39f8c2807a5bc64fbe37aa72072ab798999d74a04a11c43bd6de55ad913e21280f5f71bc82e3c12e9d08035191b5724dcdfdeb1b97c808ed9b8edc7f160c6b215596c8e6a34dcf2d0942a9279d3f3321c0ea18c411a6ab9231f6fa94752e58a2c9831f94325e72a036b878f37cf4175039402310d08601dc912c58ddca737090ba6e92ced3c6398793ae94e75d7f815d4fb63b9975196a48ff7f4593aebba5ceb6c3acc04fad381c036b4c04e07dce25fc4b477dc071b3552e6dca3514d8b1d486660b4d2a1b0ce9a833bb35d8bc763c6ac5515d9d40f7ecb52d802bc46b9e9f320fb1aed2db8d67ff9e94510eebb5f0fa709d8c2b1a2d9cf0c0c258b55719cd482570e1bd2fa0471f0fee369312c243a61b973263f73dd9b002194466ddd2e5224948ad64fefb3100c4ad4ade6f14840d40c9b296f3b77b6f8cf26cd745572dbb09118a0b861f5d274978300b8ed9533e3b6fa9b297b57e4350f6ae47dae7bbba78a38fbe701f419280af1ae8c6dbcdbbd279b443c3de6e48e81bd3621763e0f9869ee7e49273aba58ec4c61a7855596a9514e8270ad472f96a088e406b31fe4b72073c84416ed336877bb5fdb21aeaf0be1b31a294b599b30ed48d68c1f05bedaf09c7c5c051ce188b3c806d8f20673814647b9c0b3f6aba5c6f6800672344000cc272bd0e97fcefbbffd8d57a0e9dec6fa4a57cfc1174f6db8626f8846d40ed7d6a2fa2553c6b5e0cf6ee63aed321158ef975dbd2eccfec135aece70a3ce6b6d9876b92f965f7eef4bfdd51e5fb8ff3e471ee7b59af806188b920e1aaaeab945ae105708fd1334b9765ec4cf4e5967e9849aaa3ac32d9a1f2dbb0c442fc035bf0bbe9f588e763a5edc30dd90f6371593f18fd9172bbe62ff82e405919feeb2d3d8efca804e27b665c49ad98d45521eee4a236affd801f3a81fddad285a9aaf0338bc825f637edb5a29195bd738d02e8643628d33fe3a0ca212bf0d44654e47e10425d902534fc522bf251818022399c10cfda5dc7ace2ea715906f3de2feac5dad33841c582d3094f33ccd781b472fa4b96479c1757876c355fae948b48c551893ff442b50824e042e07694c6aa699c34eb2aa155aa5ac928321bb71573599710dc2380e8bc8503975933a95d3697ac182714ac9ae61b257f108448e0752d9fa59354ca08b19f1ef5e9c81ca79ba91c31e71c2fae1cc1f40df02b4356c22dbbff79f6da53e341d980296ec38696a22ef3332fe12362a775cf3239dbabe495ca91dc8dec9ca3bcbadd330caf6d9dfc2bf6e025e05f8041f858b910f2eff2103af06ebdcccf4aa758a2b1f969abe8d7e66fdd3e6feb747b3eac50d970a52f377b8be3f498f2818621794c14b7b01410b6e7d486116e838dd46e0f6468e5612bc03af8b47cc1734271bf37737f49378a7feab30a4316387c4d01dd743809800fe501782a88faea8e1ee7fb4d50bf6649737ccae288f84ecb23c4c059389512881895fca0eb0313c2e605a8af9ae77cbb7dfb9c682ec04376e172ff59aadc9146947e9ad4234487d5d72557f5fe478e619d345b0040db7db87aa51cd24c79e87916865189615c097adeeaec53ca2687d7bcb56545c9b723cf65347d0068f07d5d7ba65ec629471b419c359c841fd73be88a3c7057d79c1d054573fe14a74e1932571cfc60a5b182cbe96e450615d87670a8749b125a0f98fcaa3453764c55bf34d8a259c2c7474f2a6901ba29e8e42678769479757744e8b17e5fc9a52ea69b414e45d47c8b03d9e9da1e0b9848ce1750106261a8a1fcd0adc46f8a19f928f437be0ba2e9007b03fe1edea79af7c50c68742b2a5b6a6c9bb4bf3ad8cf93b593e459b5da5b07bde4a0e7261641d96acebe98d8704a7897f60e344f0cac8dbac242864133de3da1935cc6254fd6db5f4f9b923ab626fb7acbf40b26c3ec71370cefeadd38adc549006dfb5b1bb198e6d374be01a102df1bb6d29310f6a3794d801ef888d8e63e864c2766be68166daf881965a2cb0b610f6230c0bcb9d5749504db8e2d813a50992b2c0b2f3c0abc42f725643e292c0ec28376d9d9898", 0x1000, 0x4010, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000001840)={0x2020}, 0x2020)

15:45:13 executing program 1:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={<r3=>0xffffffffffffffff}, 0x0, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000300)={0x16, 0x98, 0xfa00, {&(0x7f0000000240), 0x2, r3, 0x10, 0x0, @in6={0xa, 0x4e23, 0x800, @private0={0xfc, 0x0, [], 0x1}, 0x3}}}, 0xa0)

15:45:13 executing program 4:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280), 0x0, 0x1}}, 0x20)

15:45:13 executing program 2:
prctl$PR_CAPBSET_DROP(0x1c, 0x700)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x3, 0x0, &(0x7f0000000040)=""/181, &(0x7f0000000100)=""/141, &(0x7f00000001c0)=""/113, 0x4})
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bsg\x00', 0x620e00, 0x0)
ioctl$UFFDIO_COPY(r1, 0xc028aa03, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000280)=[@clear_death={0x400c630f, 0x1}, @increfs_done, @acquire_done, @increfs_done={0x40106308, 0x1}], 0x7f, 0x0, &(0x7f0000000300)="77cd9b6320c1401b4fc05ee1f32d03451fb06fc0bc51247ab0fb4c6ccbedbabec19123465eac487ab2cb2f2a28ace0bcb8600f9fdb79f4bbc1bebd93b032a11bb05ff0d45b50cf292759650014a513e1a276bb94e135074f3f8a9fda9f321e4abcef27e33030f7d68b207a121c9c5b072a3da81cf6d4129e9dd1d8d1272646"})

15:45:13 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7ff, '\x00', 0xff, 0x4})
write$bt_hci(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="010104d06aab90e203f3008a630b0f744949c0581dd66a29e1127c232f52aafafa171d429cf7ffa94b46af0891131f0e280d8460e334a194449e166b206ec021b2644068fbb1b347bfbff9d8ebcd7078f6eb1b0e5068fa61158a7c2fd6c13015c2580fd6266b40772beae91002950ff6d4d6841e71096b01a39fd2733d8b4699312b79502791a44c47eafe4058ebf1c1ead40f53adb513180a8e2d603039809fb4d41cd2b8e6510fdf664096de0849a0f1b965010b59ac366a4fc10d49569c0705ca5bfb19604142422bbb45446bb7eec1abaa29c05e2de9cd83bb0918af5f8fe1a84f0f7a6720d2daa661802e30ef62c97f086ee4fe8d5495618b2a82d02f6a20fe93dc215de41a5d127f1c884a4cc0dbbc5b7952c9a1cb696e9e41c177a20738486d1eb82017b8afa762f5b6d01a6042d9a9af9f22f3047078cc613b72bff09d434948a65445128d60ef270c1b8d88d27ff39e3b665f21dcbb5c964962f524af005c9b267e6c7abb"], 0x9)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
socket(0xf, 0x1, 0x2)
sendto$phonet(r1, &(0x7f0000000180)="cd80ef4e60c56b48a4899afb9248794007596c1c02f7d8e1b07d182a2dd4ce4ab89cb6f797866e96e0d1fd06f276518961400ffbd6fc7d5ed913e88b19a28d0dc6894226e24babd8d75c62daabd1db588ce165151be26c91f5d2e1035fea289ccec80687c3e36a0e5f3539d4f09ef9b24dbd0bc27e3e8896d4adf6ef4f27cd1d5c73109b0ef333370277db4d42b8e7de5f849593b1f51e974b2f31c55f1585f46ca1de563c2aa88a579ef20a7f81078355fef9fb33e654ad476888f835483fb646f820f4ede2dddc4ef70f8ad10df75727fe4536c35201305ad4a947578864f24bc7392fce11aaac8fd5a2b9a710979f2b4e7225ed79a9d702fcc25ed5762201e3540b7d88db2d447d5b656b254df20125901e461ba8a8232247a5e24413897eaf72e09a4c133403fbfefef04130a525fec5d42d098a2cd14475d6f246710fbcf5b589cf1ba53b7480bd4b5a6ee6d03b88d75dc1f8f9c5bb22aa5d0607a3ee378451f86b2c12bdda56714aa1b99f1496f294250b56a5ef1f39ac415e159b99f92b6b8bbf9feb5e367d546ceb46f29e955238ffbfdb5c71d63d7254d1e815c98439c674655693b53b311c3899fbd01cf1854b3b0b729baaefb454712650af631e86792bb10e307a4cbb07eca85c1b5671179ce95b3adf484d6c62c3639cadbbad094eba11a196364ba1ea4036a97d0a2c0fdff18026bb18ff7170a0d5b4d8196e41606f6210f0f2c3a392960b379bc756fa25b7d7a0c80198f5b98583378a9da63445742b5e0aa2f11b65f66a711a558a7cf6c93538f41a5c49239ee7c4b94901f9e2a9cdd4323f2a44c92f4728fe1a93106e0c679f32484fefc0118d3853589dbc7825bd8664416a44bca6ef4e81e3f690f16dfb6204f46d586f9b777587eacc32a88bbc92c53bd0f036b233d56724fb3a3a6662bc1d4a374a65e0858ed3ff641e945ee20a86354833a04d00a2c46d56659fdc8f47c325aa0e131f9884246ceaba8bd3feefddaa0924ed2962c44a61b1dc913baaf096c64ff9b1f73ccf2a39b2e42838f74f6d174bc448af051b838c1a329fe16c07c02e827ad3b09f4c2f7277ceed362eaace466f9d637b2056bc5b6f6c3a5ca349659d3a2c2b8acc5377510d4e1b1aa5b97ea45090054457912fe2c4a47a7b377e5f3afdc5c4ad4df2d60da052b6269847e2a0aa32ecdd45f85b5974506b0796467e094227062805be4bfffde81ceb9442cc77c6aa542c37da2a557d2ddabf41652f8763b1e99fea03d7ff9369718cba0e9708ef6c5660dca81bade99106d59547be978045c729f9a4e42319b0c30a8207f791cbf496c04f6c5e0f883c7b5557dbcf4157f390a654a391fbf2a75d0a08a2059e7c1b58b4d93898ba5f7fe0972aa3defde3b6654c3ffd5e438c1c6850db964ecd44a3659d3e2e6ec08bebe4e71354c04454bd191a971be507c5e1a70438ffbcfb609eb36cac6f6820f7c209f8a9c955befac40f89cccfb9dbe1e898ec6bd3c3b1594119d3e7e7a9e968aa3777558402cb11b25368e0044cddec135e8c1dceb4abdce805fb56cbfd021c8043364c535fe2111bd2c1911d12c99ad5bfce18873942acd5bd1160a085a2fa239ff48c5d44656d7f30d864c278d08ac2a2061d4c0820a3c8a853110558627c8a32a6c4ae29f351130a3e2496f11da6cb3ad4aac786e9db4a750f52f7bf783488bc2aa9b54f46808b0623f8a3c4fbcb006139dcbc1d3986149a7ff4d687888be415586c0d9673f6ebb7d02a602264ed070b9d29efdfafed1a699921a6215a7ec783ca0cf8e08517a983eb2b122dd3de204ac6f19a890977f40a19bd5b893b6d64bd364cfb25670973be4bf1d0dc53da829607e886745fe2e7ed714e16306ab7732442dc029a13aa0a3855a312205cce90e32fc6c39b4e905a6159846491670f8bf4ca94ddfc3626af98a447853e75d10ab672e11b99ce807596f3174e798136d53262177e24736ed7608965d7f193f0163d44ad0a0194f572c3886993a53d75053ed9847d8605e56876f546e712f9b532b0caeda74fd3263df04f3780ef666d11d3d11b28d0c910e2727acd9ef7bc605174516d762c16f1d5b83efe23f84229a6bfa39f0b4480eb70b48483ccd61af1fc70cf67041586df4d4c9379460d0bf6f4dca1e4e88760f4b543623e06ca3b0a41d205d10389ac7aad6ad3588a21b50f5a76a1a2c1dce0fd079b5fbd4e577be2ca6ec6d85199a18262289784898b3bd3ba19c0abc683581548342c6ead5abd871fc3ffd92bcfdeb610a8768311d2ac47b277f6838707f00ba975f9746a6c5648b6902cca51d85dd5da1c4414b0a63537da03603c37d993938ffe62c2d1295b69cfc29e36db2f7db588ab47710ec05a3e288d92c8b0d5134649daa48db6709150d4925ba7392863edea63ccc144ea2f79f869fd1e4c8961eff9ff826d494a8a3c2de0ec58556b7d9fcef4d21a5340f2e0ff4500aeb2db999622ad1c0077f38305cbacdcefa72be74993c3c58adc2e52a523a3357d90f7679ae98c712a6b64b4d731c987696bd162aa6ac4965afd7effc3c76c7cbb214a0a3880d063761c86edb67194525dbffb62f597878f3644d6e25ff723dbd36fc4908d3a3353f8a6ee7843df5743b08a7671727fe255d38f07d8850aead0f8bab0e6883afcd388b1e5b0cc917969900c917fe516c23255fea5d9ba06eddd28f0b8e2d193260d15f00480b8cee2ebe6b096bc7b80004c79f33be1ce8e129fa0d1eeda88eedd4e5a926a8eea2157545564fe656ea8a25f091e1d801d459f2638a4704f12868faa52ffb9bb3a306b4a19b71b09d685ec16d1e6ca805f6f90f76a7dc9da55ff5859aa0be630081d44f30bb047d10b59aa17afa5b4698843a5315976ad104fbf890aac9dd5e38555ee90dccd641ea58b39c3f119d1d1c5ab02e4af3a34e2451ce4913452bade503818daf2e7383bdff0becf866e5faf937514335da140e7d2a91b0b5b0c5fc7dfd0c78adfe9f6a4ded9ceac9a06b2e56d20803c2b37ea6b26b6e1205b9dcb111a570fbbd482662b93f30d545eaa67f40b43321c2b6ced8e8780767f80ac7988a429cdc62fc2913b45f92baa97a02cd73bd28e8db26a08ac05afad6ef9d3b0c201928eebca6fb0a5eb306561602c3eb1416217dadc5d540a0fe3a217c976756637ae726977110245292ecba35bf835f1963e90a782f24bae99d4e8aee7fa42344f210dc6d39afb7e620047c9676b66245996b00da3e0c38e1ae6fe37ce2036053d1a9e4d6b82d99bfbb28c4a4e97cd4fdcee530cdd662e5417a40da70d3ba30effa6975b3a1bb7d4b139effee474449ade9539c68cce80ce5d8d0cbf467af1647b405203db88888a7b966fa6e78a5f04eb8205451bd751908e6a4af817feba8a1636a7e9a7fd9995d5eb4c3c1eda9c8ed986d4cadd1e8d9eab64568371e4971d659f9590dc27cfe2250f0facc4578fd980c705a036f4521f75794d245186196fb693163e1828dc7b2be70480fe01ab35cdeb6387a57b5538dfe704ed1245dd0b42bacca8e76ddc3920d115f7156f50306d258b9a5930f4d3d94f3ce1945f79eebf7929775718afc72f992162a123db10c362c0ae97c174836d3f4fa15bd2f95045b0ea0672a1463236bc460856eca1544adc41d7f1dbd1eb228a5dde4a0852077f47396cc4f87004da03bbde8dd7bc037e8f9d02d903f50dd30992990acba44cb823894477d39f8c2807a5bc64fbe37aa72072ab798999d74a04a11c43bd6de55ad913e21280f5f71bc82e3c12e9d08035191b5724dcdfdeb1b97c808ed9b8edc7f160c6b215596c8e6a34dcf2d0942a9279d3f3321c0ea18c411a6ab9231f6fa94752e58a2c9831f94325e72a036b878f37cf4175039402310d08601dc912c58ddca737090ba6e92ced3c6398793ae94e75d7f815d4fb63b9975196a48ff7f4593aebba5ceb6c3acc04fad381c036b4c04e07dce25fc4b477dc071b3552e6dca3514d8b1d486660b4d2a1b0ce9a833bb35d8bc763c6ac5515d9d40f7ecb52d802bc46b9e9f320fb1aed2db8d67ff9e94510eebb5f0fa709d8c2b1a2d9cf0c0c258b55719cd482570e1bd2fa0471f0fee369312c243a61b973263f73dd9b002194466ddd2e5224948ad64fefb3100c4ad4ade6f14840d40c9b296f3b77b6f8cf26cd745572dbb09118a0b861f5d274978300b8ed9533e3b6fa9b297b57e4350f6ae47dae7bbba78a38fbe701f419280af1ae8c6dbcdbbd279b443c3de6e48e81bd3621763e0f9869ee7e49273aba58ec4c61a7855596a9514e8270ad472f96a088e406b31fe4b72073c84416ed336877bb5fdb21aeaf0be1b31a294b599b30ed48d68c1f05bedaf09c7c5c051ce188b3c806d8f20673814647b9c0b3f6aba5c6f6800672344000cc272bd0e97fcefbbffd8d57a0e9dec6fa4a57cfc1174f6db8626f8846d40ed7d6a2fa2553c6b5e0cf6ee63aed321158ef975dbd2eccfec135aece70a3ce6b6d9876b92f965f7eef4bfdd51e5fb8ff3e471ee7b59af806188b920e1aaaeab945ae105708fd1334b9765ec4cf4e5967e9849aaa3ac32d9a1f2dbb0c442fc035bf0bbe9f588e763a5edc30dd90f6371593f18fd9172bbe62ff82e405919feeb2d3d8efca804e27b665c49ad98d45521eee4a236affd801f3a81fddad285a9aaf0338bc825f637edb5a29195bd738d02e8643628d33fe3a0ca212bf0d44654e47e10425d902534fc522bf251818022399c10cfda5dc7ace2ea715906f3de2feac5dad33841c582d3094f33ccd781b472fa4b96479c1757876c355fae948b48c551893ff442b50824e042e07694c6aa699c34eb2aa155aa5ac928321bb71573599710dc2380e8bc8503975933a95d3697ac182714ac9ae61b257f108448e0752d9fa59354ca08b19f1ef5e9c81ca79ba91c31e71c2fae1cc1f40df02b4356c22dbbff79f6da53e341d980296ec38696a22ef3332fe12362a775cf3239dbabe495ca91dc8dec9ca3bcbadd330caf6d9dfc2bf6e025e05f8041f858b910f2eff2103af06ebdcccf4aa758a2b1f969abe8d7e66fdd3e6feb747b3eac50d970a52f377b8be3f498f2818621794c14b7b01410b6e7d486116e838dd46e0f6468e5612bc03af8b47cc1734271bf37737f49378a7feab30a4316387c4d01dd743809800fe501782a88faea8e1ee7fb4d50bf6649737ccae288f84ecb23c4c059389512881895fca0eb0313c2e605a8af9ae77cbb7dfb9c682ec04376e172ff59aadc9146947e9ad4234487d5d72557f5fe478e619d345b0040db7db87aa51cd24c79e87916865189615c097adeeaec53ca2687d7bcb56545c9b723cf65347d0068f07d5d7ba65ec629471b419c359c841fd73be88a3c7057d79c1d054573fe14a74e1932571cfc60a5b182cbe96e450615d87670a8749b125a0f98fcaa3453764c55bf34d8a259c2c7474f2a6901ba29e8e42678769479757744e8b17e5fc9a52ea69b414e45d47c8b03d9e9da1e0b9848ce1750106261a8a1fcd0adc46f8a19f928f437be0ba2e9007b03fe1edea79af7c50c68742b2a5b6a6c9bb4bf3ad8cf93b593e459b5da5b07bde4a0e7261641d96acebe98d8704a7897f60e344f0cac8dbac242864133de3da1935cc6254fd6db5f4f9b923ab626fb7acbf40b26c3ec71370cefeadd38adc549006dfb5b1bb198e6d374be01a102df1bb6d29310f6a3794d801ef888d8e63e864c2766be68166daf881965a2cb0b610f6230c0bcb9d5749504db8e2d813a50992b2c0b2f3c0abc42f725643e292c0ec28376d9d9898", 0x1000, 0x4010, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000001840)={0x2020}, 0x2020)

15:45:14 executing program 0:
write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x80}}, 0x18)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:14 executing program 4:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)

15:45:14 executing program 1:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280), 0x0, 0x1}}, 0x20)

15:45:14 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448cc, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:14 executing program 5:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x7ff, '\x00', 0xff, 0x4})
write$bt_hci(r0, &(0x7f0000001380)=ANY=[@ANYBLOB="010104d06aab90e203f3008a630b0f744949c0581dd66a29e1127c232f52aafafa171d429cf7ffa94b46af0891131f0e280d8460e334a194449e166b206ec021b2644068fbb1b347bfbff9d8ebcd7078f6eb1b0e5068fa61158a7c2fd6c13015c2580fd6266b40772beae91002950ff6d4d6841e71096b01a39fd2733d8b4699312b79502791a44c47eafe4058ebf1c1ead40f53adb513180a8e2d603039809fb4d41cd2b8e6510fdf664096de0849a0f1b965010b59ac366a4fc10d49569c0705ca5bfb19604142422bbb45446bb7eec1abaa29c05e2de9cd83bb0918af5f8fe1a84f0f7a6720d2daa661802e30ef62c97f086ee4fe8d5495618b2a82d02f6a20fe93dc215de41a5d127f1c884a4cc0dbbc5b7952c9a1cb696e9e41c177a20738486d1eb82017b8afa762f5b6d01a6042d9a9af9f22f3047078cc613b72bff09d434948a65445128d60ef270c1b8d88d27ff39e3b665f21dcbb5c964962f524af005c9b267e6c7abb"], 0x9)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f00000017c0), &(0x7f0000001800)=0x4)
socket(0xf, 0x1, 0x2)
read$FUSE(r0, &(0x7f0000001840)={0x2020}, 0x2020)

15:45:14 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x12, 're]', 0x9, 0x80})
r1 = socket(0xf, 0x3, 0x15d1)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000100)={0x188, r2, 0x10, 0x70bd29, 0x25dfdbfb, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x100000001}, {0xc, 0x90, 0x8000}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x1}, {0xc}, {0xc, 0x90, 0x8001}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x7}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x40}, {0xc, 0x90, 0x2}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x8}, {0xc, 0x90, 0xac68}}]}, 0x188}, 0x1, 0x0, 0x0, 0x404c085}, 0x4048091)

15:45:14 executing program 1:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)

15:45:14 executing program 4:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)

15:45:14 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448cc, &(0x7f0000000040)={0x0, 0x0, "5bf90b", 0xff})

15:45:14 executing program 4:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)

15:45:14 executing program 1:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)

15:45:14 executing program 1:
write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
recvfrom$phonet(0xffffffffffffffff, &(0x7f0000000000)=""/93, 0x5d, 0x0, &(0x7f0000000080)={0x23, 0x8, 0x5}, 0x10)
prctl$PR_CAPBSET_DROP(0x17, 0x13)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x38)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r1=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x44}}, r1}}, 0x38)

[  756.509322][T11942] Bluetooth: hci0: command 0x0401 tx timeout
[  756.723192][ T8477] ------------[ cut here ]------------
[  756.732186][ T8477] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90
[  756.746984][ T8477] WARNING: CPU: 0 PID: 8477 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250
[  756.764938][ T8477] Modules linked in:
[  756.768835][ T8477] CPU: 0 PID: 8477 Comm: syz-executor.0 Not tainted 5.11.0-rc1-syzkaller #0
[  756.778376][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  756.788901][ T8477] RIP: 0010:debug_print_object+0x16e/0x250
[  756.795290][ T8477] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd a0 83 9e 89 4c 89 ee 48 c7 c7 a0 77 9e 89 e8 89 f4 f2 04 <0f> 0b 83 05 95 93 2f 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
[  756.815175][ T8477] RSP: 0018:ffffc900016afb28 EFLAGS: 00010282
[  756.823785][ T8477] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[  756.832029][ T8477] RDX: ffff888011bf5340 RSI: ffffffff815b2a45 RDI: fffff520002d5f57
[  756.840303][ T8477] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  756.848659][ T8477] R10: ffffffff815abc1e R11: 0000000000000000 R12: ffffffff894d7f80
[  756.857191][ T8477] R13: ffffffff899e7de0 R14: ffffffff81617f90 R15: dffffc0000000000
[  756.865666][ T8477] FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
[  756.874668][ T8477] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  756.881757][ T8477] CR2: 00007f879aeeb0c8 CR3: 0000000020363000 CR4: 0000000000350ee0
[  756.889783][ T8477] Call Trace:
[  756.893060][ T8477]  ? lockdep_hardirqs_on+0x79/0x100
[  756.898245][ T8477]  debug_check_no_obj_freed+0x301/0x420
[  756.903845][ T8477]  ? slab_free_freelist_hook+0xb9/0x150
[  756.909514][ T8477]  slab_free_freelist_hook+0x107/0x150
[  756.914972][ T8477]  ? bt_host_release+0x15/0x20
[  756.919807][ T8477]  kfree+0xdb/0x360
[  756.923625][ T8477]  bt_host_release+0x15/0x20
[  756.928206][ T8477]  ? __match_tty+0x90/0x90
[  756.934016][ T8477]  device_release+0x9f/0x240
[  756.938821][ T8477]  kobject_put+0x1c8/0x540
[  756.943486][ T8477]  put_device+0x1b/0x30
[  756.947643][ T8477]  vhci_release+0x78/0xe0
[  756.952028][ T8477]  __fput+0x283/0x920
[  756.956184][ T8477]  ? vhci_close_dev+0x50/0x50
[  756.960920][ T8477]  task_work_run+0xdd/0x190
[  756.965434][ T8477]  do_exit+0xb89/0x29e0
[  756.969986][ T8477]  ? mm_update_next_owner+0x7a0/0x7a0
[  756.975357][ T8477]  ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[  756.986235][ T8477]  ? vfs_write+0x18e/0xa30
[  756.991151][ T8477]  do_group_exit+0x125/0x310
[  756.995749][ T8477]  __x64_sys_exit_group+0x3a/0x50
[  757.001499][ T8477]  do_syscall_64+0x2d/0x70
[  757.005913][ T8477]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  757.011867][ T8477] RIP: 0033:0x45e219
[  757.015757][ T8477] Code: Unable to access opcode bytes at RIP 0x45e1ef.
[  757.022672][ T8477] RSP: 002b:00007ffcb47b5588 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  757.031123][ T8477] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045e219
[  757.041186][ T8477] RDX: 0000000000417ab1 RSI: 00000000016b9df0 RDI: 0000000000000043
[  757.049203][ T8477] RBP: 00000000004c3d3e R08: 000000000000000b R09: 0000000000000000
[  757.057167][ T8477] R10: 0000000003204940 R11: 0000000000000246 R12: 0000000000001574
[  757.065612][ T8477] R13: 0000000000000003 R14: 0000000000000032 R15: 00000000000b883d
[  757.074228][ T8477] Kernel panic - not syncing: panic_on_warn set ...
[  757.080982][ T8477] CPU: 1 PID: 8477 Comm: syz-executor.0 Not tainted 5.11.0-rc1-syzkaller #0
[  757.089647][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  757.099779][ T8477] Call Trace:
[  757.103055][ T8477]  dump_stack+0x107/0x163
[  757.107383][ T8477]  panic+0x306/0x73d
[  757.111263][ T8477]  ? __warn_printk+0xf3/0xf3
[  757.115836][ T8477]  ? __warn.cold+0x1a/0x44
[  757.120233][ T8477]  ? debug_print_object+0x16e/0x250
[  757.125428][ T8477]  __warn.cold+0x35/0x44
[  757.129647][ T8477]  ? wake_up_klogd.part.0+0x8e/0xd0
[  757.134829][ T8477]  ? debug_print_object+0x16e/0x250
[  757.140022][ T8477]  report_bug+0x1bd/0x210
[  757.144351][ T8477]  handle_bug+0x3c/0x60
[  757.148657][ T8477]  exc_invalid_op+0x14/0x40
[  757.153136][ T8477]  asm_exc_invalid_op+0x12/0x20
[  757.157968][ T8477] RIP: 0010:debug_print_object+0x16e/0x250
[  757.163759][ T8477] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd a0 83 9e 89 4c 89 ee 48 c7 c7 a0 77 9e 89 e8 89 f4 f2 04 <0f> 0b 83 05 95 93 2f 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
[  757.184029][ T8477] RSP: 0018:ffffc900016afb28 EFLAGS: 00010282
[  757.190073][ T8477] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[  757.198022][ T8477] RDX: ffff888011bf5340 RSI: ffffffff815b2a45 RDI: fffff520002d5f57
[  757.205969][ T8477] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  757.213918][ T8477] R10: ffffffff815abc1e R11: 0000000000000000 R12: ffffffff894d7f80
[  757.221874][ T8477] R13: ffffffff899e7de0 R14: ffffffff81617f90 R15: dffffc0000000000
[  757.229836][ T8477]  ? calc_wheel_index+0x3f0/0x3f0
[  757.234843][ T8477]  ? wake_up_klogd.part.0+0x8e/0xd0
[  757.240023][ T8477]  ? vprintk_func+0x95/0x1e0
[  757.244608][ T8477]  ? debug_print_object+0x16e/0x250
[  757.249958][ T8477]  ? lockdep_hardirqs_on+0x79/0x100
[  757.255134][ T8477]  debug_check_no_obj_freed+0x301/0x420
[  757.260667][ T8477]  ? slab_free_freelist_hook+0xb9/0x150
[  757.266298][ T8477]  slab_free_freelist_hook+0x107/0x150
[  757.271740][ T8477]  ? bt_host_release+0x15/0x20
[  757.276485][ T8477]  kfree+0xdb/0x360
[  757.280278][ T8477]  bt_host_release+0x15/0x20
[  757.284880][ T8477]  ? __match_tty+0x90/0x90
[  757.289276][ T8477]  device_release+0x9f/0x240
[  757.293874][ T8477]  kobject_put+0x1c8/0x540
[  757.298293][ T8477]  put_device+0x1b/0x30
[  757.302430][ T8477]  vhci_release+0x78/0xe0
[  757.306952][ T8477]  __fput+0x283/0x920
[  757.310917][ T8477]  ? vhci_close_dev+0x50/0x50
[  757.316294][ T8477]  task_work_run+0xdd/0x190
[  757.320953][ T8477]  do_exit+0xb89/0x29e0
[  757.325104][ T8477]  ? mm_update_next_owner+0x7a0/0x7a0
[  757.330656][ T8477]  ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[  757.337058][ T8477]  ? vfs_write+0x18e/0xa30
[  757.341655][ T8477]  do_group_exit+0x125/0x310
[  757.346237][ T8477]  __x64_sys_exit_group+0x3a/0x50
[  757.351605][ T8477]  do_syscall_64+0x2d/0x70
[  757.356346][ T8477]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  757.362221][ T8477] RIP: 0033:0x45e219
[  757.366108][ T8477] Code: Unable to access opcode bytes at RIP 0x45e1ef.
[  757.372926][ T8477] RSP: 002b:00007ffcb47b5588 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  757.381320][ T8477] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045e219
[  757.389285][ T8477] RDX: 0000000000417ab1 RSI: 00000000016b9df0 RDI: 0000000000000043
[  757.397257][ T8477] RBP: 00000000004c3d3e R08: 000000000000000b R09: 0000000000000000
[  757.405206][ T8477] R10: 0000000003204940 R11: 0000000000000246 R12: 0000000000001574
[  757.413154][ T8477] R13: 0000000000000003 R14: 0000000000000032 R15: 00000000000b883d
[  757.425451][ T8477] Kernel Offset: disabled
[  757.429856][ T8477] Rebooting in 86400 seconds..