0x1263, &(0x7f0000000000)) (async)
ioctl$BLKRAGET(r0, 0x1263, &(0x7f0000000000))
ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000040)=0x7fff)
semget(0x0, 0x3, 0x110)

05:47:31 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

05:47:31 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000200), 0x4, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000100)=0x9)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
r3 = syz_open_dev$vcsa(&(0x7f0000000140), 0x73b, 0x2000)
ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f0000000180))
write$snapshot(r2, &(0x7f0000000040)="c66d103db97608549050f5aefa37946b71fd673eadbb7a6139e590c87293ee69ef63f8787278751dd562c7fb572707d7127d1c65d79cc5f8b837711803533481ca76ee0b5572d5eb3af9a46b0abf5881c235354de040488812916b56a5f4a6744273870b88232d70a089f8df4917baefe3862db101c7eadd8ed4d4a2ec889cfd648f53b3e42e7be36b5de8c466b5142373cb072098411bf080d5a4db5768959fcec50604c83565e38d8af28a8304dcf10fb4a5b13a67db7df2", 0xb9)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, 0x0, 0x0) (async)
syz_open_dev$vcsa(&(0x7f0000000200), 0x4, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000100)=0x9) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) (async)
syz_open_dev$vcsa(&(0x7f0000000140), 0x73b, 0x2000) (async)
ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f0000000180)) (async)
write$snapshot(r2, &(0x7f0000000040)="c66d103db97608549050f5aefa37946b71fd673eadbb7a6139e590c87293ee69ef63f8787278751dd562c7fb572707d7127d1c65d79cc5f8b837711803533481ca76ee0b5572d5eb3af9a46b0abf5881c235354de040488812916b56a5f4a6744273870b88232d70a089f8df4917baefe3862db101c7eadd8ed4d4a2ec889cfd648f53b3e42e7be36b5de8c466b5142373cb072098411bf080d5a4db5768959fcec50604c83565e38d8af28a8304dcf10fb4a5b13a67db7df2", 0xb9) (async)

05:47:31 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000000)={0x4400003e, 0x9, 0x2})

05:47:31 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

05:47:31 executing program 5:
ioctl$NBD_PRINT_DEBUG(0xffffffffffffffff, 0xab06)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r4=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r3, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r7, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r8}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r6, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r8, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x44000002}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x0, 0x20, 0x70bd2e, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20002050}, 0x4)

05:47:32 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000))

05:47:32 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000000)={0x4400003e, 0x9, 0x2})

05:47:32 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

05:47:32 executing program 1:
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000))
getresgid(&(0x7f0000002740), &(0x7f0000002780), 0x0)
r0 = syz_open_dev$audion(&(0x7f0000000140), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r2, 0x6430)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="476fbd786336ceed115385e0664f3089e9393b3379774122d25c25f62be651a7bc4f0e0d2f74dbaca2e7e2843483b1eaf85970c02cf67bc41c160de43ca82ff1ba4b6893cd14a1840863709f6e362baabbb264e01b6ff0b0d8d31a4aa1077328c25caab28c5a5c2b810ce326737a54acac322297b1e1643d65598da0b2fd9f65152d051ebf1aec506a846d69484b8bf5ef6e23b79c3d4d5bf48bed88ddc035a903c362ce3df65d819a23431967e6837aabeb8a084646cae4bd12f67e", 0xbc)

05:47:32 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4111, 0x100f) (async)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x5)

05:47:32 executing program 5:
ioctl$NBD_PRINT_DEBUG(0xffffffffffffffff, 0xab06)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3}, 0x14}}, 0x0) (async)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000007c0)={'wpan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r4=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r3, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r7, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r8}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r6, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r8, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x44000002}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x0, 0x20, 0x70bd2e, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20002050}, 0x4) (async)
sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x44000002}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x0, 0x20, 0x70bd2e, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20002050}, 0x4)

05:47:33 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0) (async)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000))

05:47:33 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302)
socket$nl_sock_diag(0x10, 0x3, 0x4)

05:47:33 executing program 4:
r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x480000, 0x0)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000040)=0x9)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:33 executing program 5:
ioctl$NBD_PRINT_DEBUG(0xffffffffffffffff, 0xab06)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r4=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r3, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r7, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r8}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r6, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r8, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x44000002}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x0, 0x20, 0x70bd2e, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20002050}, 0x4)
ioctl$NBD_PRINT_DEBUG(0xffffffffffffffff, 0xab06) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000007c0)={'wpan0\x00'}) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r3, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r7, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r8}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000007c0)={'wpan0\x00'}) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(r6, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r8, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x44000002}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x0, 0x20, 0x70bd2e, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20002050}, 0x4) (async)

05:47:33 executing program 4:
r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x480000, 0x0)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000040)=0x9)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:33 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0) (async)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000))

05:47:33 executing program 5:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000ca201196eb50198d24c0fe8f7ff8e21431dce707e15773", @ANYRES16=r0, @ANYBLOB="00032dbd7000fddbdf251700000008000300", @ANYRES32=0x0, @ANYBLOB="0c000600020000000000000008000300", @ANYRES32=0x0, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x24000001}, 0x4000001)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r1, 0xab06)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x761600, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000040)={0x100, 0x1, 0x3, 0x7df})

05:47:33 executing program 4:
r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x480000, 0x0)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000040)=0x9) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:33 executing program 5:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000ca201196eb50198d24c0fe8f7ff8e21431dce707e15773", @ANYRES16=r0, @ANYBLOB="00032dbd7000fddbdf251700000008000300", @ANYRES32=0x0, @ANYBLOB="0c000600020000000000000008000300", @ANYRES32=0x0, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x24000001}, 0x4000001)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r1, 0xab06) (async)
ioctl$NBD_PRINT_DEBUG(r1, 0xab06)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x761600, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000040)={0x100, 0x1, 0x3, 0x7df}) (async)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000040)={0x100, 0x1, 0x3, 0x7df})

05:47:33 executing program 1:
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) (async)
getresgid(&(0x7f0000002740), &(0x7f0000002780), 0x0) (async, rerun: 64)
r0 = syz_open_dev$audion(&(0x7f0000000140), 0x1, 0x0) (rerun: 64)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r2, 0x6430) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="476fbd786336ceed115385e0664f3089e9393b3379774122d25c25f62be651a7bc4f0e0d2f74dbaca2e7e2843483b1eaf85970c02cf67bc41c160de43ca82ff1ba4b6893cd14a1840863709f6e362baabbb264e01b6ff0b0d8d31a4aa1077328c25caab28c5a5c2b810ce326737a54acac322297b1e1643d65598da0b2fd9f65152d051ebf1aec506a846d69484b8bf5ef6e23b79c3d4d5bf48bed88ddc035a903c362ce3df65d819a23431967e6837aabeb8a084646cae4bd12f67e", 0xbc)

05:47:33 executing program 0:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "b3dc1d38870382b04e518578fc84b4f74ca529"})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, 0x0, 0x0)

05:47:33 executing program 5:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000ca201196eb50198d24c0fe8f7ff8e21431dce707e15773", @ANYRES16=r0, @ANYBLOB="00032dbd7000fddbdf251700000008000300", @ANYRES32=0x0, @ANYBLOB="0c000600020000000000000008000300", @ANYRES32=0x0, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x24000001}, 0x4000001) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r1, 0xab06) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x761600, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000040)={0x100, 0x1, 0x3, 0x7df})

05:47:33 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4110, 0x100e)

05:47:33 executing program 0:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "b3dc1d38870382b04e518578fc84b4f74ca529"})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, 0x0, 0x0)

05:47:33 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302) (async)
socket$nl_sock_diag(0x10, 0x3, 0x4)

05:47:33 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4110, 0x100e)

05:47:33 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)='<\'\\', 0x3})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000200)={&(0x7f00000000c0)="96eeba6c102bbc86de9bc50286ebe13c7629210f8cf26815fdfc4e0f18d73f9c53228d4df6ef99fca7b8c20d3d34af4737ea12ef15653d2d927bba492d81edff1f0283a00863d1d9de84dede1d85476316f6979732379055b160eb447c59e3cfe2bac014427ea7af1f126a4ebf785282860a9bf6a5d17e92ff36c4488680480881b4937c9daec0b7bba7e47d1e1d339a5e3efad37840c492d1465859c297dbbbfbc293b87a0e70388f29fe5437b3990b6ce038e7cb682c833ec57e6ec845252a9240fdfbeef1352461ad01a21215d6e92402d25a337f54796f3e91057472", 0xde, <r2=>0x0})
ioctl$DRM_IOCTL_DMA(r0, 0xc0406429, &(0x7f0000001340)={0x0, 0x6, &(0x7f0000000240)=[0x400, 0x1000, 0x1, 0x7, 0x6, 0x3], &(0x7f0000000280)=[0x4db11f46, 0x6, 0x8, 0x97], 0x5, 0x7, 0xfffffff9, &(0x7f00000002c0)=[0x400, 0x1000, 0x8c4, 0x5, 0x3, 0x9, 0x2], &(0x7f0000000300)=[0xbb2, 0x1, 0xa1, 0x8]})
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r1, 0xc01064ac, &(0x7f0000001380)={r2, 0xe2, &(0x7f00000013c0)=""/226})

05:47:33 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000000))
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)

05:47:33 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4110, 0x100e)

05:47:33 executing program 0:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "b3dc1d38870382b04e518578fc84b4f74ca529"}) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, 0x0, 0x0)

05:47:33 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000000)) (async)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)

05:47:34 executing program 1:
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000))
getresgid(&(0x7f0000002740), &(0x7f0000002780), 0x0)
r0 = syz_open_dev$audion(&(0x7f0000000140), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r2, 0x6430) (async)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r2, 0x6430)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="476fbd786336ceed115385e0664f3089e9393b3379774122d25c25f62be651a7bc4f0e0d2f74dbaca2e7e2843483b1eaf85970c02cf67bc41c160de43ca82ff1ba4b6893cd14a1840863709f6e362baabbb264e01b6ff0b0d8d31a4aa1077328c25caab28c5a5c2b810ce326737a54acac322297b1e1643d65598da0b2fd9f65152d051ebf1aec506a846d69484b8bf5ef6e23b79c3d4d5bf48bed88ddc035a903c362ce3df65d819a23431967e6837aabeb8a084646cae4bd12f67e", 0xbc)

05:47:34 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000080)=0x9)
r2 = syz_open_dev$dri(&(0x7f0000000280), 0x9, 0x424000)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f00000002c0)={0xffff8001, 0x8, 0x6, 0x0, 0x4})
syz_open_dev$audion(&(0x7f0000000000), 0x800, 0x101a00)
read$snapshot(r0, 0x0, 0x0)
ioctl$VT_WAITACTIVE(r0, 0x5607)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x4b, 0x200)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000200)={&(0x7f0000000100)="8460b9ad9ff13772f8b5e5ff13333c2019e56451035902e7b7b042dc7e6e019c73000413c13b9643445d91eba6d593159b9bc0af77007a6ef70445407b0bfa0efdce08a441b1724e721fc40331abf70a66fb7a4b83ef52ac0719b78063a923190426a307b6dbb8111347fe6604666694e44a7e2c77c5ce0553fa1d9345ca7f4c7e3af1257d07026d570b1b14777cf1780161e6c8a1281a841e07e28bcd38213d1cd7356ba7f9b66eb5fef3dbe3c8a029", 0xb0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r3, 0xc00464be, &(0x7f0000000240)={r4})

05:47:34 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000000)={0x0, 0x0, r0})
ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40086432, &(0x7f0000000040)=0x101)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000080))
read$snapshot(r1, &(0x7f0000001340)=""/4096, 0x1000)

05:47:34 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)='<\'\\', 0x3}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000200)={&(0x7f00000000c0)="96eeba6c102bbc86de9bc50286ebe13c7629210f8cf26815fdfc4e0f18d73f9c53228d4df6ef99fca7b8c20d3d34af4737ea12ef15653d2d927bba492d81edff1f0283a00863d1d9de84dede1d85476316f6979732379055b160eb447c59e3cfe2bac014427ea7af1f126a4ebf785282860a9bf6a5d17e92ff36c4488680480881b4937c9daec0b7bba7e47d1e1d339a5e3efad37840c492d1465859c297dbbbfbc293b87a0e70388f29fe5437b3990b6ce038e7cb682c833ec57e6ec845252a9240fdfbeef1352461ad01a21215d6e92402d25a337f54796f3e91057472", 0xde, <r2=>0x0}) (async)
ioctl$DRM_IOCTL_DMA(r0, 0xc0406429, &(0x7f0000001340)={0x0, 0x6, &(0x7f0000000240)=[0x400, 0x1000, 0x1, 0x7, 0x6, 0x3], &(0x7f0000000280)=[0x4db11f46, 0x6, 0x8, 0x97], 0x5, 0x7, 0xfffffff9, &(0x7f00000002c0)=[0x400, 0x1000, 0x8c4, 0x5, 0x3, 0x9, 0x2], &(0x7f0000000300)=[0xbb2, 0x1, 0xa1, 0x8]})
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r1, 0xc01064ac, &(0x7f0000001380)={r2, 0xe2, &(0x7f00000013c0)=""/226})

05:47:34 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000000)) (async)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)

05:47:34 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302)
socket$nl_sock_diag(0x10, 0x3, 0x4)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302) (async)
socket$nl_sock_diag(0x10, 0x3, 0x4) (async)

05:47:34 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000040)={0x1f, 0x6, 0x1})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000080)={0x27ff, 0x7, 0x10000, 0x7})

05:47:34 executing program 4:
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000000)={0x0, 0x0, r0})
ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40086432, &(0x7f0000000040)=0x101) (async)
ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40086432, &(0x7f0000000040)=0x101)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000080)) (async)
ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000080))
read$snapshot(r1, &(0x7f0000001340)=""/4096, 0x1000)

05:47:34 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000080)=0x9) (async)
r2 = syz_open_dev$dri(&(0x7f0000000280), 0x9, 0x424000)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f00000002c0)={0xffff8001, 0x8, 0x6, 0x0, 0x4})
syz_open_dev$audion(&(0x7f0000000000), 0x800, 0x101a00) (async)
read$snapshot(r0, 0x0, 0x0) (async)
ioctl$VT_WAITACTIVE(r0, 0x5607) (async)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x4b, 0x200)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000200)={&(0x7f0000000100)="8460b9ad9ff13772f8b5e5ff13333c2019e56451035902e7b7b042dc7e6e019c73000413c13b9643445d91eba6d593159b9bc0af77007a6ef70445407b0bfa0efdce08a441b1724e721fc40331abf70a66fb7a4b83ef52ac0719b78063a923190426a307b6dbb8111347fe6604666694e44a7e2c77c5ce0553fa1d9345ca7f4c7e3af1257d07026d570b1b14777cf1780161e6c8a1281a841e07e28bcd38213d1cd7356ba7f9b66eb5fef3dbe3c8a029", 0xb0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r3, 0xc00464be, &(0x7f0000000240)={r4})

05:47:34 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000040)={0x1f, 0x6, 0x1})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000080)={0x27ff, 0x7, 0x10000, 0x7})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) (async)
ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000040)={0x1f, 0x6, 0x1}) (async)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06) (async)
ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000080)={0x27ff, 0x7, 0x10000, 0x7}) (async)

05:47:34 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000000)={0x0, 0x0, r0})
ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40086432, &(0x7f0000000040)=0x101)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000080))
read$snapshot(r1, &(0x7f0000001340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000000)={0x0, 0x0, r0}) (async)
ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40086432, &(0x7f0000000040)=0x101) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000080)) (async)
read$snapshot(r1, &(0x7f0000001340)=""/4096, 0x1000) (async)

05:47:34 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000080)=0x9) (async)
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000080)=0x9)
r2 = syz_open_dev$dri(&(0x7f0000000280), 0x9, 0x424000)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f00000002c0)={0xffff8001, 0x8, 0x6, 0x0, 0x4})
syz_open_dev$audion(&(0x7f0000000000), 0x800, 0x101a00)
read$snapshot(r0, 0x0, 0x0)
ioctl$VT_WAITACTIVE(r0, 0x5607)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x4b, 0x200)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000200)={&(0x7f0000000100)="8460b9ad9ff13772f8b5e5ff13333c2019e56451035902e7b7b042dc7e6e019c73000413c13b9643445d91eba6d593159b9bc0af77007a6ef70445407b0bfa0efdce08a441b1724e721fc40331abf70a66fb7a4b83ef52ac0719b78063a923190426a307b6dbb8111347fe6604666694e44a7e2c77c5ce0553fa1d9345ca7f4c7e3af1257d07026d570b1b14777cf1780161e6c8a1281a841e07e28bcd38213d1cd7356ba7f9b66eb5fef3dbe3c8a029", 0xb0}) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000200)={&(0x7f0000000100)="8460b9ad9ff13772f8b5e5ff13333c2019e56451035902e7b7b042dc7e6e019c73000413c13b9643445d91eba6d593159b9bc0af77007a6ef70445407b0bfa0efdce08a441b1724e721fc40331abf70a66fb7a4b83ef52ac0719b78063a923190426a307b6dbb8111347fe6604666694e44a7e2c77c5ce0553fa1d9345ca7f4c7e3af1257d07026d570b1b14777cf1780161e6c8a1281a841e07e28bcd38213d1cd7356ba7f9b66eb5fef3dbe3c8a029", 0xb0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r3, 0xc00464be, &(0x7f0000000240)={r4})

05:47:34 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:34 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000040)={0x1f, 0x6, 0x1})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000080)={0x27ff, 0x7, 0x10000, 0x7}) (async)
ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000080)={0x27ff, 0x7, 0x10000, 0x7})

05:47:34 executing program 4:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$VT_WAITACTIVE(r1, 0x5607)

05:47:34 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r0, 0xc01064b3, &(0x7f0000000040))
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
syz_open_dev$audion(&(0x7f0000000200), 0xd3d7, 0x82)
mq_getsetattr(r2, &(0x7f0000000000)={0x5ed, 0x101, 0xfffffffffffffffb, 0xffffffffffffff80}, 0x0)
read$snapshot(r1, 0x0, 0x0)

05:47:34 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)='<\'\\', 0x3})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000200)={&(0x7f00000000c0)="96eeba6c102bbc86de9bc50286ebe13c7629210f8cf26815fdfc4e0f18d73f9c53228d4df6ef99fca7b8c20d3d34af4737ea12ef15653d2d927bba492d81edff1f0283a00863d1d9de84dede1d85476316f6979732379055b160eb447c59e3cfe2bac014427ea7af1f126a4ebf785282860a9bf6a5d17e92ff36c4488680480881b4937c9daec0b7bba7e47d1e1d339a5e3efad37840c492d1465859c297dbbbfbc293b87a0e70388f29fe5437b3990b6ce038e7cb682c833ec57e6ec845252a9240fdfbeef1352461ad01a21215d6e92402d25a337f54796f3e91057472", 0xde, <r2=>0x0})
ioctl$DRM_IOCTL_DMA(r0, 0xc0406429, &(0x7f0000001340)={0x0, 0x6, &(0x7f0000000240)=[0x400, 0x1000, 0x1, 0x7, 0x6, 0x3], &(0x7f0000000280)=[0x4db11f46, 0x6, 0x8, 0x97], 0x5, 0x7, 0xfffffff9, &(0x7f00000002c0)=[0x400, 0x1000, 0x8c4, 0x5, 0x3, 0x9, 0x2], &(0x7f0000000300)=[0xbb2, 0x1, 0xa1, 0x8]}) (async)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r1, 0xc01064ac, &(0x7f0000001380)={r2, 0xe2, &(0x7f00000013c0)=""/226})

05:47:35 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0)
ioctl$TCSBRK(r1, 0x5409, 0x9)

05:47:35 executing program 4:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$VT_WAITACTIVE(r1, 0x5607)

05:47:35 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x25e802, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{0x5, 0x8, 0x3, 0x6}, {0x8, 0x8, 0x4, 0xffff}, {0x9, 0x7f, 0x7, 0x4}, {0x4, 0x6, 0x3f, 0x18}, {0x4, 0x1, 0x0, 0x7f}, {0x2, 0x7f, 0x5, 0x7}]})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)

05:47:35 executing program 0:
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r0, 0xc01064b3, &(0x7f0000000040))
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
syz_open_dev$audion(&(0x7f0000000200), 0xd3d7, 0x82)
mq_getsetattr(r2, &(0x7f0000000000)={0x5ed, 0x101, 0xfffffffffffffffb, 0xffffffffffffff80}, 0x0)
read$snapshot(r1, 0x0, 0x0) (async)
read$snapshot(r1, 0x0, 0x0)

05:47:35 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x688740)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x1, "42c5d9039d3310496220ecc3f0e02179f410c1e82d666743059c1fb44b8cd456", <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000100)={0x0, 0x1, r2})
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000040))
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r3, 0xc01064bd, &(0x7f0000000000)={&(0x7f0000000200)="269d4f7efa66be4d05556894b69139a929789fd51890d7fcb90931dbdbdb9fd5c0a8e8321d8780ba5ff96718feb2833267ebdf7254fc1e2bc7660554f5fd8e58e336e2eb33330fb03bf48adc26bee33ebf35b3078082db6285f1d0cd7ed241bb000b5ef4b54f742da8ae6937b715cacaa68d3f407b3ffb111a0e1c084e51a5f8569a7427e72253885aa7f28f5ecfce8762e32cb9f224ac2fde8d42be261ea4af54ec600acaf9eebfd81c3513bb0fb640fd1a962244d13de2d25bb1ac19156963df4f2bc3c7692a18", 0xc8})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x10000, 0x0)
ioctl$TIOCL_UNBLANKSCREEN(r4, 0x541c, &(0x7f0000000180))

05:47:35 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:35 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x25e802, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{0x5, 0x8, 0x3, 0x6}, {0x8, 0x8, 0x4, 0xffff}, {0x9, 0x7f, 0x7, 0x4}, {0x4, 0x6, 0x3f, 0x18}, {0x4, 0x1, 0x0, 0x7f}, {0x2, 0x7f, 0x5, 0x7}]}) (async)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)

05:47:35 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x688740) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x1, "42c5d9039d3310496220ecc3f0e02179f410c1e82d666743059c1fb44b8cd456", <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000100)={0x0, 0x1, r2}) (async)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000040)) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r3, 0xc01064bd, &(0x7f0000000000)={&(0x7f0000000200)="269d4f7efa66be4d05556894b69139a929789fd51890d7fcb90931dbdbdb9fd5c0a8e8321d8780ba5ff96718feb2833267ebdf7254fc1e2bc7660554f5fd8e58e336e2eb33330fb03bf48adc26bee33ebf35b3078082db6285f1d0cd7ed241bb000b5ef4b54f742da8ae6937b715cacaa68d3f407b3ffb111a0e1c084e51a5f8569a7427e72253885aa7f28f5ecfce8762e32cb9f224ac2fde8d42be261ea4af54ec600acaf9eebfd81c3513bb0fb640fd1a962244d13de2d25bb1ac19156963df4f2bc3c7692a18", 0xc8}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x10000, 0x0)
ioctl$TIOCL_UNBLANKSCREEN(r4, 0x541c, &(0x7f0000000180))

05:47:35 executing program 4:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$VT_WAITACTIVE(r1, 0x5607)

05:47:35 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r0, 0xc01064b3, &(0x7f0000000040)) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
syz_open_dev$audion(&(0x7f0000000200), 0xd3d7, 0x82) (async, rerun: 32)
mq_getsetattr(r2, &(0x7f0000000000)={0x5ed, 0x101, 0xfffffffffffffffb, 0xffffffffffffff80}, 0x0) (async, rerun: 32)
read$snapshot(r1, 0x0, 0x0)

05:47:35 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x25e802, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{0x5, 0x8, 0x3, 0x6}, {0x8, 0x8, 0x4, 0xffff}, {0x9, 0x7f, 0x7, 0x4}, {0x4, 0x6, 0x3f, 0x18}, {0x4, 0x1, 0x0, 0x7f}, {0x2, 0x7f, 0x5, 0x7}]})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x25e802, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{0x5, 0x8, 0x3, 0x6}, {0x8, 0x8, 0x4, 0xffff}, {0x9, 0x7f, 0x7, 0x4}, {0x4, 0x6, 0x3f, 0x18}, {0x4, 0x1, 0x0, 0x7f}, {0x2, 0x7f, 0x5, 0x7}]}) (async)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06) (async)

05:47:35 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x688740)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x1, "42c5d9039d3310496220ecc3f0e02179f410c1e82d666743059c1fb44b8cd456", <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000100)={0x0, 0x1, r2}) (async)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000040)) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r3, 0xc01064bd, &(0x7f0000000000)={&(0x7f0000000200)="269d4f7efa66be4d05556894b69139a929789fd51890d7fcb90931dbdbdb9fd5c0a8e8321d8780ba5ff96718feb2833267ebdf7254fc1e2bc7660554f5fd8e58e336e2eb33330fb03bf48adc26bee33ebf35b3078082db6285f1d0cd7ed241bb000b5ef4b54f742da8ae6937b715cacaa68d3f407b3ffb111a0e1c084e51a5f8569a7427e72253885aa7f28f5ecfce8762e32cb9f224ac2fde8d42be261ea4af54ec600acaf9eebfd81c3513bb0fb640fd1a962244d13de2d25bb1ac19156963df4f2bc3c7692a18", 0xc8}) (async, rerun: 32)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 32)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x10000, 0x0)
ioctl$TIOCL_UNBLANKSCREEN(r4, 0x541c, &(0x7f0000000180))

05:47:35 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0)
ioctl$TCSBRK(r1, 0x5409, 0x9)

05:47:35 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
write$snapshot(r2, &(0x7f0000000180)="c95aa8e7ae439104c2d95cbd2c85540c619f9b942715c5f678fc49cca3a206991a4894712758d85fec5f437d139eb1a1f1b638f1f11de812fad6b60b700d26d093f16b06a9d0fa0ccb40858dc781788988e4e1b37bf2832f62d4eb4b8b424eb5a8290c9cca62987308d52f574ad3098390e3eb806745f7a3fdfec768cb1a7f954fa485392c8fa8eab7a4a42c0889e8b53819fd2e2ff58d42f7ede40525c279a0941170c8e2f3a1b9f45e184844e54aeb929bd4f4c20f98e6305aef78cb3fb249ca9fe05aaad1fbb508c336c3", 0xcc)

05:47:35 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(0xffffffffffffffff, 0x4010641a, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[0x800, 0x9, 0x6, 0x8, 0x3]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:35 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000240)={r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@generic={0x1, 0xa, 0x0, 0x4, 0x8001}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xb}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000040)='GPL\x00', 0x8, 0xdb, &(0x7f0000000080)=""/219, 0x41100, 0x6, '\x00', 0x0, 0x11, r1, 0x8, &(0x7f0000000180)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0xe, 0x7, 0x3}, 0x10, 0xffffffffffffffff, r2, 0x0, &(0x7f0000000340)=[r3, r4, r0]}, 0x80)
read$snapshot(r0, 0x0, 0x0)

05:47:35 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000000))

05:47:35 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:47:35 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06) (async)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
write$snapshot(r2, &(0x7f0000000180)="c95aa8e7ae439104c2d95cbd2c85540c619f9b942715c5f678fc49cca3a206991a4894712758d85fec5f437d139eb1a1f1b638f1f11de812fad6b60b700d26d093f16b06a9d0fa0ccb40858dc781788988e4e1b37bf2832f62d4eb4b8b424eb5a8290c9cca62987308d52f574ad3098390e3eb806745f7a3fdfec768cb1a7f954fa485392c8fa8eab7a4a42c0889e8b53819fd2e2ff58d42f7ede40525c279a0941170c8e2f3a1b9f45e184844e54aeb929bd4f4c20f98e6305aef78cb3fb249ca9fe05aaad1fbb508c336c3", 0xcc)

05:47:35 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(0xffffffffffffffff, 0x4010641a, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[0x800, 0x9, 0x6, 0x8, 0x3]}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:35 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000240)={r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@generic={0x1, 0xa, 0x0, 0x4, 0x8001}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xb}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000040)='GPL\x00', 0x8, 0xdb, &(0x7f0000000080)=""/219, 0x41100, 0x6, '\x00', 0x0, 0x11, r1, 0x8, &(0x7f0000000180)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0xe, 0x7, 0x3}, 0x10, 0xffffffffffffffff, r2, 0x0, &(0x7f0000000340)=[r3, r4, r0]}, 0x80)
read$snapshot(r0, 0x0, 0x0) (async)
read$snapshot(r0, 0x0, 0x0)

05:47:35 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(0xffffffffffffffff, 0x4010641a, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[0x800, 0x9, 0x6, 0x8, 0x3]}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:35 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f}) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
write$snapshot(r2, &(0x7f0000000180)="c95aa8e7ae439104c2d95cbd2c85540c619f9b942715c5f678fc49cca3a206991a4894712758d85fec5f437d139eb1a1f1b638f1f11de812fad6b60b700d26d093f16b06a9d0fa0ccb40858dc781788988e4e1b37bf2832f62d4eb4b8b424eb5a8290c9cca62987308d52f574ad3098390e3eb806745f7a3fdfec768cb1a7f954fa485392c8fa8eab7a4a42c0889e8b53819fd2e2ff58d42f7ede40525c279a0941170c8e2f3a1b9f45e184844e54aeb929bd4f4c20f98e6305aef78cb3fb249ca9fe05aaad1fbb508c336c3", 0xcc)

05:47:36 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000240)={r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@generic={0x1, 0xa, 0x0, 0x4, 0x8001}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xb}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000040)='GPL\x00', 0x8, 0xdb, &(0x7f0000000080)=""/219, 0x41100, 0x6, '\x00', 0x0, 0x11, r1, 0x8, &(0x7f0000000180)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0xe, 0x7, 0x3}, 0x10, 0xffffffffffffffff, r2, 0x0, &(0x7f0000000340)=[r3, r4, r0]}, 0x80)
read$snapshot(r0, 0x0, 0x0)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000240)={r0}, 0x8) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@generic={0x1, 0xa, 0x0, 0x4, 0x8001}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xb}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000040)='GPL\x00', 0x8, 0xdb, &(0x7f0000000080)=""/219, 0x41100, 0x6, '\x00', 0x0, 0x11, r1, 0x8, &(0x7f0000000180)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0xe, 0x7, 0x3}, 0x10, 0xffffffffffffffff, r2, 0x0, &(0x7f0000000340)=[r3, r4, r0]}, 0x80) (async)
read$snapshot(r0, 0x0, 0x0) (async)

05:47:36 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0)
ioctl$TCSBRK(r1, 0x5409, 0x9)

05:47:36 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)

05:47:36 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4074, 0xfea)

05:47:36 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000080)={&(0x7f0000000040), 0x0, 0x9, 0x4, 0x8, 0x121, 0x3, 0x1, {0x80000000, 0xcae9, 0x1, 0x8, 0x200, 0x7, 0x9, 0x1000, 0x8, 0x165c, 0x0, 0xb85, 0x7, 0x8, "69eb90894ebbacabf17d4405c9a1a0e2817ca9c4bcb0782ed70a41bc0a8dcfe3"}})
write$snapshot(r0, &(0x7f0000000000)="223d4a6c8b25b5ae64ff51767574bf9885a8d12444f31955836c2263073a07fc5736091104ed03c49b5e5d9a5e148eb7126528d91b2e1a602d80", 0x3a)
read$snapshot(r0, 0x0, 0x0)

05:47:36 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000000))

05:47:36 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x5, 0x12f042)
connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x6, @any, 0x4, 0x1}, 0xe)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:36 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)

05:47:36 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4074, 0xfea)

05:47:36 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000080)={&(0x7f0000000040), 0x0, 0x9, 0x4, 0x8, 0x121, 0x3, 0x1, {0x80000000, 0xcae9, 0x1, 0x8, 0x200, 0x7, 0x9, 0x1000, 0x8, 0x165c, 0x0, 0xb85, 0x7, 0x8, "69eb90894ebbacabf17d4405c9a1a0e2817ca9c4bcb0782ed70a41bc0a8dcfe3"}}) (async)
write$snapshot(r0, &(0x7f0000000000)="223d4a6c8b25b5ae64ff51767574bf9885a8d12444f31955836c2263073a07fc5736091104ed03c49b5e5d9a5e148eb7126528d91b2e1a602d80", 0x3a) (async)
read$snapshot(r0, 0x0, 0x0)

05:47:36 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x5, 0x12f042)
connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x6, @any, 0x4, 0x1}, 0xe)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f00000001c0), 0x5, 0x12f042) (async)
connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x6, @any, 0x4, 0x1}, 0xe) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:47:36 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) (async)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06) (async)

05:47:36 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4074, 0xfea)

05:47:37 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1000001, 0x8341)
read$snapshot(r0, &(0x7f0000000340)=""/4085, 0xff5)
mq_timedsend(r0, &(0x7f0000000000)="c0eee8d615389c31c640864a2255e4fd0c72692ea2757e0fa457fd3f5426fe1cf358ca1b443419e1d84241ada0aa013ebf385008b6c79ff6136f4608d090ab2c9488f5f96cc57361d9ebdc", 0x4b, 0x5, &(0x7f0000000080))

05:47:37 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000000))

05:47:37 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x5, 0x12f042)
connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x6, @any, 0x4, 0x1}, 0xe) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:37 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x8, 0x2000)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000040)={0x0, 0x1, r2})

05:47:37 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000080)={&(0x7f0000000040), 0x0, 0x9, 0x4, 0x8, 0x121, 0x3, 0x1, {0x80000000, 0xcae9, 0x1, 0x8, 0x200, 0x7, 0x9, 0x1000, 0x8, 0x165c, 0x0, 0xb85, 0x7, 0x8, "69eb90894ebbacabf17d4405c9a1a0e2817ca9c4bcb0782ed70a41bc0a8dcfe3"}})
write$snapshot(r0, &(0x7f0000000000)="223d4a6c8b25b5ae64ff51767574bf9885a8d12444f31955836c2263073a07fc5736091104ed03c49b5e5d9a5e148eb7126528d91b2e1a602d80", 0x3a)
read$snapshot(r0, 0x0, 0x0)

05:47:37 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000000))

05:47:37 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1000001, 0x8341)
read$snapshot(r0, &(0x7f0000000340)=""/4085, 0xff5)
mq_timedsend(r0, &(0x7f0000000000)="c0eee8d615389c31c640864a2255e4fd0c72692ea2757e0fa457fd3f5426fe1cf358ca1b443419e1d84241ada0aa013ebf385008b6c79ff6136f4608d090ab2c9488f5f96cc57361d9ebdc", 0x4b, 0x5, &(0x7f0000000080))

05:47:37 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2200, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000000)={0x1, 0x8, 0x6})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x80000)
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000080)=0xffffffff)
r2 = syz_open_dev$audion(&(0x7f0000000100), 0x4, 0x40)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000140)=[0x0], 0x1})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x2a, 0x6, 0x1, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r3, 0xc01064b3, &(0x7f0000000240)={r4})
ioctl$VT_WAITACTIVE(r1, 0x5607)

05:47:37 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000100))
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000000)=0x3)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x5c1302, 0x0)
ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000080))
read$snapshot(r0, 0x0, 0x0)

05:47:37 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x8, 0x2000) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000040)={0x0, 0x1, r2})

05:47:37 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000100))
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000000)=0x3) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x5c1302, 0x0)
ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000080))
read$snapshot(r0, 0x0, 0x0)

05:47:37 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1000001, 0x8341)
read$snapshot(r0, &(0x7f0000000340)=""/4085, 0xff5) (async)
mq_timedsend(r0, &(0x7f0000000000)="c0eee8d615389c31c640864a2255e4fd0c72692ea2757e0fa457fd3f5426fe1cf358ca1b443419e1d84241ada0aa013ebf385008b6c79ff6136f4608d090ab2c9488f5f96cc57361d9ebdc", 0x4b, 0x5, &(0x7f0000000080))

05:47:37 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x8, 0x2000)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000040)={0x0, 0x1, r2})

05:47:37 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000080)=0x9)
r2 = syz_open_dev$dri(&(0x7f0000000280), 0x9, 0x424000)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f00000002c0)={0xffff8001, 0x8, 0x6, 0x0, 0x4})
syz_open_dev$audion(&(0x7f0000000000), 0x800, 0x101a00)
read$snapshot(r0, 0x0, 0x0)
ioctl$VT_WAITACTIVE(r0, 0x5607)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x4b, 0x200)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000200)={&(0x7f0000000100)="8460b9ad9ff13772f8b5e5ff13333c2019e56451035902e7b7b042dc7e6e019c73000413c13b9643445d91eba6d593159b9bc0af77007a6ef70445407b0bfa0efdce08a441b1724e721fc40331abf70a66fb7a4b83ef52ac0719b78063a923190426a307b6dbb8111347fe6604666694e44a7e2c77c5ce0553fa1d9345ca7f4c7e3af1257d07026d570b1b14777cf1780161e6c8a1281a841e07e28bcd38213d1cd7356ba7f9b66eb5fef3dbe3c8a029", 0xb0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r3, 0xc00464be, &(0x7f0000000240)={r4})

05:47:37 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000100)) (async)
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000000)=0x3)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x5c1302, 0x0)
ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000080)) (async)
read$snapshot(r0, 0x0, 0x0)

05:47:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
write$snapshot(r2, &(0x7f0000000180)="c95aa8e7ae439104c2d95cbd2c85540c619f9b942715c5f678fc49cca3a206991a4894712758d85fec5f437d139eb1a1f1b638f1f11de812fad6b60b700d26d093f16b06a9d0fa0ccb40858dc781788988e4e1b37bf2832f62d4eb4b8b424eb5a8290c9cca62987308d52f574ad3098390e3eb806745f7a3fdfec768cb1a7f954fa485392c8fa8eab7a4a42c0889e8b53819fd2e2ff58d42f7ede40525c279a0941170c8e2f3a1b9f45e184844e54aeb929bd4f4c20f98e6305aef78cb3fb249ca9fe05aaad1fbb508c336c3", 0xcc)

05:47:37 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x5, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000000)={0x2})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:37 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x37, 0x9f380)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x10000, 0x34b000)
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f00000000c0)={0x1})

05:47:37 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x37, 0x9f380)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 64)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x10000, 0x34b000) (rerun: 64)
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f00000000c0)={0x1})

05:47:37 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2200, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000000)={0x1, 0x8, 0x6})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x80000)
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000080)=0xffffffff)
r2 = syz_open_dev$audion(&(0x7f0000000100), 0x4, 0x40)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000140)=[0x0], 0x1})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x2a, 0x6, 0x1, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r3, 0xc01064b3, &(0x7f0000000240)={r4})
ioctl$VT_WAITACTIVE(r1, 0x5607)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2200, 0x0) (async)
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000000)={0x1, 0x8, 0x6}) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x80000) (async)
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000080)=0xffffffff) (async)
syz_open_dev$audion(&(0x7f0000000100), 0x4, 0x40) (async)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000140)=[0x0], 0x1}) (async)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x2a, 0x6, 0x1}) (async)
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r3, 0xc01064b3, &(0x7f0000000240)={r4}) (async)
ioctl$VT_WAITACTIVE(r1, 0x5607) (async)

05:47:37 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000000)={0x7fffffffffffffff, 0x6, 0x0, [{0xffff, 0x6, 0xfffffffffffffffe, 0x51, 0x7f, 0x5, 0x1, '\x00', 0xdc}, {0x0, 0x3, 0x1ff, 0x2, 0x8, 0x3f, 0x90, '\x00', 0x24f}, {0x10001, 0x1, 0x81, 0x1, 0x9, 0x9, 0x2, '\x00', 0x1}, {0xaa, 0x16cb, 0xfffffffffffff957, 0x4, 0x80, 0x4, 0xf8, '\x00', 0x80}, {0x80000001, 0x1, 0x5, 0xa0, 0x8, 0x39, 0x20, '\x00', 0x401}, {0xaef9, 0x0, 0xfffffffffffffffe, 0x6f, 0x40, 0x5, 0x0, '\x00', 0xfffffffffffffffa}]})
read$snapshot(r0, 0x0, 0x0)

05:47:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
write$snapshot(r2, &(0x7f0000000180)="c95aa8e7ae439104c2d95cbd2c85540c619f9b942715c5f678fc49cca3a206991a4894712758d85fec5f437d139eb1a1f1b638f1f11de812fad6b60b700d26d093f16b06a9d0fa0ccb40858dc781788988e4e1b37bf2832f62d4eb4b8b424eb5a8290c9cca62987308d52f574ad3098390e3eb806745f7a3fdfec768cb1a7f954fa485392c8fa8eab7a4a42c0889e8b53819fd2e2ff58d42f7ede40525c279a0941170c8e2f3a1b9f45e184844e54aeb929bd4f4c20f98e6305aef78cb3fb249ca9fe05aaad1fbb508c336c3", 0xcc)

05:47:37 executing program 5:
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000))
getresgid(&(0x7f0000002740), &(0x7f0000002780), 0x0)
r0 = syz_open_dev$audion(&(0x7f0000000140), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r2, 0x6430)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="476fbd786336ceed115385e0664f3089e9393b3379774122d25c25f62be651a7bc4f0e0d2f74dbaca2e7e2843483b1eaf85970c02cf67bc41c160de43ca82ff1ba4b6893cd14a1840863709f6e362baabbb264e01b6ff0b0d8d31a4aa1077328c25caab28c5a5c2b810ce326737a54acac322297b1e1643d65598da0b2fd9f65152d051ebf1aec506a846d69484b8bf5ef6e23b79c3d4d5bf48bed88ddc035a903c362ce3df65d819a23431967e6837aabeb8a084646cae4bd12f67e", 0xbc)

05:47:37 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x5, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000000)={0x2}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:37 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x5, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000000)={0x2})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:37 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x37, 0x9f380)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x10000, 0x34b000)
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f00000000c0)={0x1})

05:47:37 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000000)={0x7fffffffffffffff, 0x6, 0x0, [{0xffff, 0x6, 0xfffffffffffffffe, 0x51, 0x7f, 0x5, 0x1, '\x00', 0xdc}, {0x0, 0x3, 0x1ff, 0x2, 0x8, 0x3f, 0x90, '\x00', 0x24f}, {0x10001, 0x1, 0x81, 0x1, 0x9, 0x9, 0x2, '\x00', 0x1}, {0xaa, 0x16cb, 0xfffffffffffff957, 0x4, 0x80, 0x4, 0xf8, '\x00', 0x80}, {0x80000001, 0x1, 0x5, 0xa0, 0x8, 0x39, 0x20, '\x00', 0x401}, {0xaef9, 0x0, 0xfffffffffffffffe, 0x6f, 0x40, 0x5, 0x0, '\x00', 0xfffffffffffffffa}]}) (async)
read$snapshot(r0, 0x0, 0x0)

05:47:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
write$snapshot(r2, &(0x7f0000000180)="c95aa8e7ae439104c2d95cbd2c85540c619f9b942715c5f678fc49cca3a206991a4894712758d85fec5f437d139eb1a1f1b638f1f11de812fad6b60b700d26d093f16b06a9d0fa0ccb40858dc781788988e4e1b37bf2832f62d4eb4b8b424eb5a8290c9cca62987308d52f574ad3098390e3eb806745f7a3fdfec768cb1a7f954fa485392c8fa8eab7a4a42c0889e8b53819fd2e2ff58d42f7ede40525c279a0941170c8e2f3a1b9f45e184844e54aeb929bd4f4c20f98e6305aef78cb3fb249ca9fe05aaad1fbb508c336c3", 0xcc)

05:47:37 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
write$snapshot(r1, &(0x7f0000000140)="59d21f8916bd741d4160dff12a4f44b9940dd9a079eeeb79081f2ddd8d589a9ae2512f9d5a914af7373cd67ac95c37add7b946f38688bdac7d5108ecece0c6eab5a85dfd966233ed", 0x48)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x123000, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r0, r2, 0x4, r3}, 0x10)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x6)

05:47:37 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async, rerun: 32)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2200, 0x0) (rerun: 32)
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000000)={0x1, 0x8, 0x6})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x80000)
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000080)=0xffffffff)
r2 = syz_open_dev$audion(&(0x7f0000000100), 0x4, 0x40)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000140)=[0x0], 0x1}) (async, rerun: 64)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 64)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x2a, 0x6, 0x1, 0x0, <r4=>0x0}) (rerun: 64)
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r3, 0xc01064b3, &(0x7f0000000240)={r4})
ioctl$VT_WAITACTIVE(r1, 0x5607)

05:47:37 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000000)={0x7fffffffffffffff, 0x6, 0x0, [{0xffff, 0x6, 0xfffffffffffffffe, 0x51, 0x7f, 0x5, 0x1, '\x00', 0xdc}, {0x0, 0x3, 0x1ff, 0x2, 0x8, 0x3f, 0x90, '\x00', 0x24f}, {0x10001, 0x1, 0x81, 0x1, 0x9, 0x9, 0x2, '\x00', 0x1}, {0xaa, 0x16cb, 0xfffffffffffff957, 0x4, 0x80, 0x4, 0xf8, '\x00', 0x80}, {0x80000001, 0x1, 0x5, 0xa0, 0x8, 0x39, 0x20, '\x00', 0x401}, {0xaef9, 0x0, 0xfffffffffffffffe, 0x6f, 0x40, 0x5, 0x0, '\x00', 0xfffffffffffffffa}]})
read$snapshot(r0, 0x0, 0x0)

05:47:37 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x9, 0x10000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$audion(&(0x7f0000000040), 0x0, 0x2804e0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x8, @none, 0x4}, 0xe)

05:47:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)

05:47:37 executing program 3:
syz_open_dev$audion(&(0x7f0000000000), 0x9, 0x10000) (async)
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x9, 0x10000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$audion(&(0x7f0000000040), 0x0, 0x2804e0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x8, @none, 0x4}, 0xe)

05:47:38 executing program 5:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

05:47:38 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x0)
read$snapshot(r0, 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000000)=0xff)

05:47:38 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:47:38 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x9, 0x10000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f0000000040), 0x0, 0x2804e0) (async)
r1 = syz_open_dev$audion(&(0x7f0000000040), 0x0, 0x2804e0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x8, @none, 0x4}, 0xe)

05:47:38 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:47:38 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x0)
read$snapshot(r0, 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000000)=0xff)
syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x0) (async)
read$snapshot(r0, 0x0, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000000)=0xff) (async)

05:47:38 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
write$snapshot(r1, &(0x7f0000000140)="59d21f8916bd741d4160dff12a4f44b9940dd9a079eeeb79081f2ddd8d589a9ae2512f9d5a914af7373cd67ac95c37add7b946f38688bdac7d5108ecece0c6eab5a85dfd966233ed", 0x48) (async)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x123000, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r0, r2, 0x4, r3}, 0x10) (async)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x6)

05:47:38 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000080), 0xd, 0xb2fdc2a0c631a850)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0xe12ec1, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x2)
ioctl$TCSBRK(r1, 0x5409, 0xc2de)

05:47:38 executing program 5:
migrate_pages(0x0, 0x82, &(0x7f0000000080)=0x1, &(0x7f0000000140)=0x2)
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xdbe2, 0x541202)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000040)={0xfffc, 0x1, 0x9})

05:47:38 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x0)
read$snapshot(r0, 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000000)=0xff)
syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x0) (async)
read$snapshot(r0, 0x0, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000000)=0xff) (async)

05:47:38 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:47:38 executing program 1:
ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40086409, &(0x7f0000000000))
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000040))

05:47:38 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000080), 0xd, 0xb2fdc2a0c631a850)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0xe12ec1, 0x0) (async)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0xe12ec1, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x2)
ioctl$TCSBRK(r1, 0x5409, 0xc2de)

05:47:38 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:38 executing program 1:
ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40086409, &(0x7f0000000000))
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000040))

05:47:38 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1002, 0x40102)
read$snapshot(r0, 0x0, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x400300, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000080))

05:47:38 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1002, 0x40102)
read$snapshot(r0, 0x0, 0x0) (async)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x400300, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000080))

05:47:38 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x400)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(0xffffffffffffffff, 0x3309)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0)
openat$cgroup_subtree(r1, &(0x7f0000000040), 0x2, 0x0)

05:47:39 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
write$snapshot(r1, &(0x7f0000000140)="59d21f8916bd741d4160dff12a4f44b9940dd9a079eeeb79081f2ddd8d589a9ae2512f9d5a914af7373cd67ac95c37add7b946f38688bdac7d5108ecece0c6eab5a85dfd966233ed", 0x48)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x123000, 0x0) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r0, r2, 0x4, r3}, 0x10) (async)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x6)

05:47:39 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:39 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000080), 0xd, 0xb2fdc2a0c631a850)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0xe12ec1, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x2) (async)
ioctl$TCSBRK(r1, 0x5409, 0xc2de)

05:47:39 executing program 1:
ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40086409, &(0x7f0000000000))
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000040))
ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40086409, &(0x7f0000000000)) (async)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000040)) (async)

05:47:39 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1002, 0x40102)
read$snapshot(r0, 0x0, 0x0) (async)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x400300, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000080))

05:47:39 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4096, 0x1000)

05:47:39 executing program 1:
sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000001580)={0xffffffffffffff64, 0x15, 0x1, 0x70bd27, 0x25dfdbfd, {0x22, 0x1f}, [@INET_DIAG_REQ_BYTECODE={0xd0, 0x1, "01be3434f02cd27a60b4b76c68c6ab0ead72447072ffe684ce4849868aa3d671a0d3e52af42e4495625f72e6a1ed42af43ddfe5105a78727381642d90adf5a2b23daeef59066ee7b72fec874fc44881d7d7376f4ae38d7b91ca0b6bb4df06d535fc5223feaec9256de8aa5b5f8d1a714d6689816fb594e1ae5852db3f12960b383b08f4e33d1375aa7582c239933747f40c1ca4a14049b0074974b40b511661c134e94742f9dc8c2a44ec79e3dd9bcecd542a1eb1ec8a03aae156fb642b357dbca98d27b5b4fadea75bda78c1ee0981f8b113b307c"}, @INET_DIAG_REQ_BYTECODE={0x60, 0x1, "b7337dc46753154ea4bcff944305b78558db3a46e89e1e159225f3dcaf6d9d1265ac67a6bfd0ee3be865dd84257c9e8517e81117522bd7aab56811d723409e397f079538dcf6910f6c09848b98ad74b7ec553ea8ab8ec5513f154fe4"}, @INET_DIAG_REQ_BYTECODE={0xb2, 0x1, "33d543c1ec3a3457054edc8217102fc6b4f46bdcba001cf50bb4984a0319d849da9259497f426e4772d2ef7669a22fa3ef14e3863d22a2234bb784366951a147ac13c97735648053197fcfbd8bfa0819b4ae1098fdb596418e90543ca4dc4e4d731df87c927dd711194c29e5cf93a4513166460d864719d61364f8d1d6394aaba98b07a28aac78c65f22d4a00948c4dd295ff32b738ac4a0e51b97c77fefcd6333b2b3a3a68ada1dfb520c8e31d5"}, @INET_DIAG_REQ_BYTECODE={0x13, 0x1, "398224b093360576f932914cee2ada"}]}, 0x20c}, 0x1, 0x0, 0x0, 0x2404c804}, 0x8814)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$VT_WAITACTIVE(r0, 0x5607)

05:47:39 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:39 executing program 3:
r0 = syz_open_dev$dri(&(0x7f00000015c0), 0x0, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(r0, 0x4010641a, &(0x7f0000000040)={0x0, 0x0})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x600040)
mq_notify(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000})

05:47:39 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:39 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:39 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0xe9, 0xd297, 0x58a632b5, 0x6})

05:47:39 executing program 2:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x80c0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0xfffffffffffffffc)
syz_open_dev$dri(&(0x7f0000000000), 0x1e, 0x181100)

05:47:39 executing program 4:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:39 executing program 2:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000) (async)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x80c0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0xfffffffffffffffc) (async)
syz_open_dev$dri(&(0x7f0000000000), 0x1e, 0x181100)

05:47:39 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:39 executing program 2:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x80c0, 0x0) (async, rerun: 64)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (rerun: 64)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0xfffffffffffffffc) (async)
syz_open_dev$dri(&(0x7f0000000000), 0x1e, 0x181100)

05:47:39 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4096, 0x1000)

05:47:39 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:39 executing program 1:
sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000001580)={0xffffffffffffff64, 0x15, 0x1, 0x70bd27, 0x25dfdbfd, {0x22, 0x1f}, [@INET_DIAG_REQ_BYTECODE={0xd0, 0x1, "01be3434f02cd27a60b4b76c68c6ab0ead72447072ffe684ce4849868aa3d671a0d3e52af42e4495625f72e6a1ed42af43ddfe5105a78727381642d90adf5a2b23daeef59066ee7b72fec874fc44881d7d7376f4ae38d7b91ca0b6bb4df06d535fc5223feaec9256de8aa5b5f8d1a714d6689816fb594e1ae5852db3f12960b383b08f4e33d1375aa7582c239933747f40c1ca4a14049b0074974b40b511661c134e94742f9dc8c2a44ec79e3dd9bcecd542a1eb1ec8a03aae156fb642b357dbca98d27b5b4fadea75bda78c1ee0981f8b113b307c"}, @INET_DIAG_REQ_BYTECODE={0x60, 0x1, "b7337dc46753154ea4bcff944305b78558db3a46e89e1e159225f3dcaf6d9d1265ac67a6bfd0ee3be865dd84257c9e8517e81117522bd7aab56811d723409e397f079538dcf6910f6c09848b98ad74b7ec553ea8ab8ec5513f154fe4"}, @INET_DIAG_REQ_BYTECODE={0xb2, 0x1, "33d543c1ec3a3457054edc8217102fc6b4f46bdcba001cf50bb4984a0319d849da9259497f426e4772d2ef7669a22fa3ef14e3863d22a2234bb784366951a147ac13c97735648053197fcfbd8bfa0819b4ae1098fdb596418e90543ca4dc4e4d731df87c927dd711194c29e5cf93a4513166460d864719d61364f8d1d6394aaba98b07a28aac78c65f22d4a00948c4dd295ff32b738ac4a0e51b97c77fefcd6333b2b3a3a68ada1dfb520c8e31d5"}, @INET_DIAG_REQ_BYTECODE={0x13, 0x1, "398224b093360576f932914cee2ada"}]}, 0x20c}, 0x1, 0x0, 0x0, 0x2404c804}, 0x8814) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$VT_WAITACTIVE(r0, 0x5607)

05:47:39 executing program 3:
r0 = syz_open_dev$dri(&(0x7f00000015c0), 0x0, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(r0, 0x4010641a, &(0x7f0000000040)={0x0, 0x0})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x600040)
mq_notify(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000})

05:47:39 executing program 2:
ioctl$DRM_IOCTL_VERSION(0xffffffffffffffff, 0xc0406400, &(0x7f0000000200)={0x8, 0xfff, 0x0, 0x17, &(0x7f0000000000)=""/23, 0xaf, &(0x7f0000000040)=""/175, 0xb6, &(0x7f0000000100)=""/182})
r0 = syz_open_dev$audion(&(0x7f0000000240), 0x3, 0x294c81)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:39 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:39 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x40000)
bpf$LINK_DETACH(0x22, &(0x7f0000000000)=r0, 0x4)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000040)={0xbd18, 0x200, 0x9, 0x3f})

05:47:39 executing program 2:
ioctl$DRM_IOCTL_VERSION(0xffffffffffffffff, 0xc0406400, &(0x7f0000000200)={0x8, 0xfff, 0x0, 0x17, &(0x7f0000000000)=""/23, 0xaf, &(0x7f0000000040)=""/175, 0xb6, &(0x7f0000000100)=""/182}) (async)
r0 = syz_open_dev$audion(&(0x7f0000000240), 0x3, 0x294c81)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:39 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:40 executing program 2:
ioctl$DRM_IOCTL_VERSION(0xffffffffffffffff, 0xc0406400, &(0x7f0000000200)={0x8, 0xfff, 0x0, 0x17, &(0x7f0000000000)=""/23, 0xaf, &(0x7f0000000040)=""/175, 0xb6, &(0x7f0000000100)=""/182}) (async)
r0 = syz_open_dev$audion(&(0x7f0000000240), 0x3, 0x294c81)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:40 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:40 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x2, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000000)={0x9, <r2=>0x0, 0x1})
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000040)={r2, 0x3e})

05:47:40 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000200)=""/4096, 0x1000)

05:47:40 executing program 4:
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:40 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x2, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000000)={0x9, <r2=>0x0, 0x1})
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000040)={r2, 0x3e})

05:47:40 executing program 3:
r0 = syz_open_dev$dri(&(0x7f00000015c0), 0x0, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(r0, 0x4010641a, &(0x7f0000000040)={0x0, 0x0})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r2 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x600040)
mq_notify(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000})

05:47:40 executing program 1:
sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000001580)={0xffffffffffffff64, 0x15, 0x1, 0x70bd27, 0x25dfdbfd, {0x22, 0x1f}, [@INET_DIAG_REQ_BYTECODE={0xd0, 0x1, "01be3434f02cd27a60b4b76c68c6ab0ead72447072ffe684ce4849868aa3d671a0d3e52af42e4495625f72e6a1ed42af43ddfe5105a78727381642d90adf5a2b23daeef59066ee7b72fec874fc44881d7d7376f4ae38d7b91ca0b6bb4df06d535fc5223feaec9256de8aa5b5f8d1a714d6689816fb594e1ae5852db3f12960b383b08f4e33d1375aa7582c239933747f40c1ca4a14049b0074974b40b511661c134e94742f9dc8c2a44ec79e3dd9bcecd542a1eb1ec8a03aae156fb642b357dbca98d27b5b4fadea75bda78c1ee0981f8b113b307c"}, @INET_DIAG_REQ_BYTECODE={0x60, 0x1, "b7337dc46753154ea4bcff944305b78558db3a46e89e1e159225f3dcaf6d9d1265ac67a6bfd0ee3be865dd84257c9e8517e81117522bd7aab56811d723409e397f079538dcf6910f6c09848b98ad74b7ec553ea8ab8ec5513f154fe4"}, @INET_DIAG_REQ_BYTECODE={0xb2, 0x1, "33d543c1ec3a3457054edc8217102fc6b4f46bdcba001cf50bb4984a0319d849da9259497f426e4772d2ef7669a22fa3ef14e3863d22a2234bb784366951a147ac13c97735648053197fcfbd8bfa0819b4ae1098fdb596418e90543ca4dc4e4d731df87c927dd711194c29e5cf93a4513166460d864719d61364f8d1d6394aaba98b07a28aac78c65f22d4a00948c4dd295ff32b738ac4a0e51b97c77fefcd6333b2b3a3a68ada1dfb520c8e31d5"}, @INET_DIAG_REQ_BYTECODE={0x13, 0x1, "398224b093360576f932914cee2ada"}]}, 0x20c}, 0x1, 0x0, 0x0, 0x2404c804}, 0x8814) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$VT_WAITACTIVE(r0, 0x5607)

05:47:40 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x2, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000000)={0x9, <r2=>0x0, 0x1})
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000040)={r2, 0x3e})

05:47:40 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:40 executing program 4:
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:40 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x80080)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:40 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x80080)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:40 executing program 4:
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:40 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x80080)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:41 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x22480)
read$snapshot(r0, 0x0, 0x0)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, &(0x7f00000000c0)={0xd2, 0x952c})
ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000080)={0x0, 0x2})
ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000040)=0x6a)

05:47:41 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:41 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000000)={0x6, 0xfff, 0x3ff, 0x1})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:41 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:41 executing program 3:
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000000)={0x0, 0x2, 0x2, 0x101, 0x400, 0x7fffffff, 0xffffff7f})
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:41 executing program 5:
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000040)={0x2, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:41 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x22480)
read$snapshot(r0, 0x0, 0x0) (async, rerun: 32)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) (rerun: 32)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, &(0x7f00000000c0)={0xd2, 0x952c}) (async)
ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000080)={0x0, 0x2})
ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000040)=0x6a)

05:47:41 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:41 executing program 5:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xeb, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:41 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:41 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x22480)
read$snapshot(r0, 0x0, 0x0) (async, rerun: 64)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) (async, rerun: 64)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, &(0x7f00000000c0)={0xd2, 0x952c}) (async)
ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000080)={0x0, 0x2}) (async, rerun: 32)
ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000040)=0x6a) (rerun: 32)

05:47:41 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0xfffffffffffffffe, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000200)={0x11, 0x10, 0xfa00, {&(0x7f0000000180)}}, 0x18)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f00000000c0)={&(0x7f0000000000)="7ca106d33c0eada51197f2feed20be2d1c7158e524e27b034ea31d86fd60bc028e72382b57f2e344be4e448108daf3e5bafede8e7a105d8c652ac8a27cf1ea5ae1d4d60bd5e29045021a2594cb5b5404de6b8c51fdce08e913a1503a723e573c791103247e131a9d275930fd2d38c7cc7fdf4795ff98a929384fadafaa6b9a4da0220b27e265b71c902507eec6c6fa74016f8f71fc339f824748ada72950d519e668a552d75a0be40958182ccc3350df88ba2d40d6f397fbd509", 0xba, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r0, 0xc01064ac, &(0x7f0000000240)={r2, 0x30, &(0x7f0000000100)=""/48})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r3, 0xc0186419, &(0x7f0000001500)={0x3, &(0x7f0000000140)=""/4, &(0x7f0000001480)=[{0x8, 0x9b, 0x5, &(0x7f0000000280)=""/155}, {0x5886, 0x9c, 0xffffffff, &(0x7f0000001340)=""/156}, {0x5, 0x6f, 0x3, &(0x7f0000001400)=""/111}]})

05:47:41 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x0, 0x6f})
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:41 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x8000000000000001, 0x8e6376685a5a94d5)
ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f0000000040)={0x0, 0x3})
read$snapshot(r0, 0x0, 0x0)

05:47:41 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000000)={0x6, 0xfff, 0x3ff, 0x1}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:41 executing program 1:
syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:41 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040))
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:41 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x8000000000000001, 0x8e6376685a5a94d5)
ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f0000000040)={0x0, 0x3}) (async)
read$snapshot(r0, 0x0, 0x0)

05:47:41 executing program 3:
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000000)={0x0, 0x2, 0x2, 0x101, 0x400, 0x7fffffff, 0xffffff7f}) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:41 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x8000000000000001, 0x8e6376685a5a94d5)
ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f0000000040)={0x0, 0x3})
read$snapshot(r0, 0x0, 0x0)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$dri(&(0x7f0000000000), 0x8000000000000001, 0x8e6376685a5a94d5) (async)
ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f0000000040)={0x0, 0x3}) (async)
read$snapshot(r0, 0x0, 0x0) (async)

05:47:41 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040))
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:41 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040))
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)

05:47:41 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$BLKROGET(r0, 0x125e, &(0x7f0000000080))
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x468003)
ioctl$DRM_IOCTL_AGP_FREE(r1, 0x40206435, &(0x7f0000000040))

05:47:41 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x7fffffff)
read$snapshot(r0, 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
openat$cgroup_subtree(r1, &(0x7f0000000000), 0x2, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x4, <r2=>0x0, 0x2})
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000080)={0x101, r2})

05:47:41 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x7fffffff) (async)
read$snapshot(r0, 0x0, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
openat$cgroup_subtree(r1, &(0x7f0000000000), 0x2, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x4, <r2=>0x0, 0x2})
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000080)={0x101, r2})

05:47:41 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x119001, 0x0)

05:47:42 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000000)={0x6, 0xfff, 0x3ff, 0x1})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000000)={0x6, 0xfff, 0x3ff, 0x1}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:47:42 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:47:42 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x7fffffff) (async)
read$snapshot(r0, 0x0, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
openat$cgroup_subtree(r1, &(0x7f0000000000), 0x2, 0x0) (async)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x4, <r2=>0x0, 0x2})
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000080)={0x101, r2})

05:47:42 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000000)={@host})

05:47:42 executing program 3:
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000000)={0x0, 0x2, 0x2, 0x101, 0x400, 0x7fffffff, 0xffffff7f}) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:42 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)

05:47:42 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)

05:47:42 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)

05:47:42 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4096, 0x1000)

05:47:42 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{<r1=>0x0}, {}]})
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000080)={r1, 0x1})
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0xb0880)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0)

05:47:42 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{<r1=>0x0}, {}]})
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000080)={r1, 0x1}) (async)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0xb0880)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0)

05:47:42 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{<r1=>0x0}, {}]})
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000080)={r1, 0x1}) (async)
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000080)={r1, 0x1})
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0xb0880)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0) (async)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x0)

05:47:43 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r2, 0xc01064c1, &(0x7f0000000040))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:43 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0xe0001)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:43 executing program 0:
r0 = semget(0x3, 0x107ef0819dea7d2f, 0x20)
semctl$GETNCNT(r0, 0x2, 0xe, &(0x7f0000000080)=""/11)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000040), 0x2, 0x200)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x1d, 0xd7, 0x2, 0xa7, 0xe00, r2, 0x5, '\x00', 0x0, r2, 0x5, 0x5, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x15, 0xd, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7}, [@func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xa}, @map_idx={0x18, 0xb, 0x5, 0x0, 0x2}, @ldst={0x0, 0x2, 0x2, 0x5, 0x6, 0xffffffffffffffe0}, @map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7fffffff}]}, &(0x7f0000000140)='syzkaller\x00', 0x8001, 0x1000, &(0x7f0000000200)=""/4096, 0x41100, 0xa, '\x00', 0x0, 0x1a, r1, 0x8, &(0x7f0000000180)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000001200)={0x1, 0x7, 0x6}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000012c0)=[r3, r2]}, 0x80)
read$snapshot(r1, 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x600cc2, 0x0)

05:47:43 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f00000000c0)={0x8000000000000001, <r1=>0x0, 0x1})
ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f0000000100)={r1, 0x401})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x288001, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r0}, 0x8)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000180))
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x3)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x501000, 0x0)

05:47:43 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$audion(&(0x7f0000000280), 0x7, 0x82000)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x6, 0x402)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000040)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000080)={<r3=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f00000000c0)={<r4=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000100)={<r5=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r1, 0xc01064c5, &(0x7f0000000180)={&(0x7f0000000140)=[r2, r3, 0x0, 0x0, r4, 0x0, 0x0, 0x0, r5, 0x0], 0xa})
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000240)={0x0, &(0x7f0000001340)})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:43 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r9, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r11=>0x0})
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r14, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r15}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r12, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r16=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r13, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r15, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r16}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_NEW_INTERFACE(r8, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x24, r10, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r16}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x6}]}, 0x2c}}, 0x90)
r17 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r17, &(0x7f0000000340)=""/4096, 0x1000)

05:47:43 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0xe0001)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:43 executing program 0:
r0 = semget(0x3, 0x107ef0819dea7d2f, 0x20)
semctl$GETNCNT(r0, 0x2, 0xe, &(0x7f0000000080)=""/11) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000040), 0x2, 0x200)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x1d, 0xd7, 0x2, 0xa7, 0xe00, r2, 0x5, '\x00', 0x0, r2, 0x5, 0x5, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x15, 0xd, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7}, [@func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xa}, @map_idx={0x18, 0xb, 0x5, 0x0, 0x2}, @ldst={0x0, 0x2, 0x2, 0x5, 0x6, 0xffffffffffffffe0}, @map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7fffffff}]}, &(0x7f0000000140)='syzkaller\x00', 0x8001, 0x1000, &(0x7f0000000200)=""/4096, 0x41100, 0xa, '\x00', 0x0, 0x1a, r1, 0x8, &(0x7f0000000180)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000001200)={0x1, 0x7, 0x6}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000012c0)=[r3, r2]}, 0x80)
read$snapshot(r1, 0x0, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x600cc2, 0x0)

05:47:43 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0xe0001)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:43 executing program 0:
r0 = semget(0x3, 0x107ef0819dea7d2f, 0x20)
semctl$GETNCNT(r0, 0x2, 0xe, &(0x7f0000000080)=""/11) (async, rerun: 32)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async, rerun: 32)
r2 = syz_open_dev$audion(&(0x7f0000000040), 0x2, 0x200)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x1d, 0xd7, 0x2, 0xa7, 0xe00, r2, 0x5, '\x00', 0x0, r2, 0x5, 0x5, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x15, 0xd, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7}, [@func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @map_idx={0x18, 0xb, 0x5, 0x0, 0xa}, @map_idx={0x18, 0xb, 0x5, 0x0, 0x2}, @ldst={0x0, 0x2, 0x2, 0x5, 0x6, 0xffffffffffffffe0}, @map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7fffffff}]}, &(0x7f0000000140)='syzkaller\x00', 0x8001, 0x1000, &(0x7f0000000200)=""/4096, 0x41100, 0xa, '\x00', 0x0, 0x1a, r1, 0x8, &(0x7f0000000180)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000001200)={0x1, 0x7, 0x6}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000012c0)=[r3, r2]}, 0x80) (async)
read$snapshot(r1, 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x600cc2, 0x0)

05:47:43 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000040)={0x8, &(0x7f0000000000)=[{0xfffe, 0x80, 0x9, 0x8001}, {0x8000, 0x9, 0x3, 0xce}, {0x4, 0x20, 0x8, 0x6b}, {0x400, 0xbe, 0x1, 0x80000001}, {0x2, 0x81, 0xfa, 0x81}, {0x7f, 0x8f, 0x35, 0x8}, {0xaa6, 0x2, 0x1, 0x9a75}, {0xfff, 0x57, 0xa1, 0x1}]})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x511041, 0x0)
ioctl$TIOCCONS(r0, 0x541d)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302)
ioctl$DRM_IOCTL_NEW_CTX(0xffffffffffffffff, 0x40086425, &(0x7f00000000c0)={0x0, 0x2})

05:47:43 executing program 0:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x2bb, 0x7ff})
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
sendmsg$DCCPDIAG_GETSOCK(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000001340)={0x11a0, 0x13, 0x100, 0x70bd2c, 0x25dfdbfc, {0x15, 0x7, 0xd7, 0x8, {0x4e21, 0x4e23, [0xff, 0x8, 0xa08, 0xfffffffe], [0x9161, 0xfffffbff, 0x6, 0x777], 0x0, [0x7f, 0x7]}, 0x800, 0x6}, [@INET_DIAG_REQ_BYTECODE={0xba, 0x1, "826caa35c7b07dc7ef203bf90dfd40e36217e801a134f86c73287ececbf261af09ff328a5afc5963cb8cc6f3cc3b12960c2044f6f991ec719c7f077baaccc7b0480c934a6a13ea95e9cc5684bec76b0a1cba6be01d82f7065324b5ef03a2a934dfd39ed029c68830731c17a56f9a889e9694787b7d74f03056c1e75fedf0ecd4eef3addb4ea0065fd822bf0bca010f7875085c86d02fd6f662ca21b531f2d2b5febb19e0be10c17b56758122e778f4801835468f1c50"}, @INET_DIAG_REQ_BYTECODE={0x94, 0x1, "c4b32dfec31d13aec749fcbddc08dfa0574a472596dcee745ffda0a4871de4ac7105a74c1c050740c1fbbf532d853c1ef1f947c550e5bdf02badb80e7e25ef3d7ef29c4af5b84e730b947c30366a4ba4bd04ab7d5db9aa102154ada44fe3b2f20a0713456058124036b1a887bc633c2f1b3ef910dfcb269c7f57429dab967277e17b8c387df449172236392b9b0f824a"}, @INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "eabad852c26135ca8924fc54a61e64d9d11c712eee7247644f5dde3026596e445942d0878aba809eba84cb4b151f5e9f59ab74780c2cc6597b30efe73de4f9ea8349cb7dd63ed5d98a69d5bff37bf75d6c0de155d8d1688ddb13681a19689a4bb8c31691a0c9ae07bff5fd0abd34e8b1f2135d868f321ccbf15fc5435be9ae89b017a434bab28cb522322a90809a36744b06add270c60c5a40839439a87b7e780f6ecef93cb870f60f7a13cdf65090cf975ec1e6de3c14f46b6981213e21ad27f448bc6a0944fbd22fa2103978ec25b863827ce51024c4cf80c2aaef99405d3a2ca93bde6ab082dddc1e7aacad066c9eb2ac100e1bf4a64a20d3317493e0955ee90dbf4c631aa66e34bc2ac66609ac365db26b561ab18171c396223c3808354ddb73506a9b629bc5321b503fe03058a0cfb43e29ea5647469287c0dee22140a295523c60eaa8abced526fcb69786f08d34ee5db613bf0a2c5d493141c90f35623e898fd95c2bf61e7ddeb6114ff93b381ce2899ec113e6c5ad2e8f85a854c9612d6f884db7e5f3042bde4fb1174adc5c65feb7ab9392d44bc1ec333908f5a393fa1b3583c9d2912e0f717567eea6369859ce7e8f75922df218f6f3084d0e85d65fb3af723a6ff8a084301cae1f023fc1d6bc92b927e54cdb7286ec585f0ec9132dc2801c899741a97bf2c8513cb546657aeda4fa319835bffbce18c172feec298fde5ac81c991a95879fc6cebe8898e3d2f5a23b7c9a85f113f1c0d543c4c256467e0618fa69953463ce9d35819960488d1124f8f157c5d7f54e594950bffc7f3d4e0b80c796ecb9bd73024c165f1689bab789758c85b72e1802d783f623addb480c401f18488993505a9dd75f2ee9077eafb87e4ca38f457b5b0edd6bbe3e957bec69145942b2a04a797aa5a406f3220ca1e8947a7d3f6f341ac58c96103460a5317c8de9696c5fb597ab27b5ff5310a1dc710d5532606c42788c8fcf89f2ef5b6f5f1e59249aede71601b13c36c077eabc3a3ea4573be9ff4a737898ce8cefd87af04c6bb49b6f0d9d166df39682141ada95f0e396f2812c102b70cdba2e56d348e7e1b2a28e45390f9b0e1202ce848850c43804318e85fe09c004ef6cb08d2b8f5fab80786cb493232b38c1697c25d9c364163cbf3916f60ebe3776dfd38df1c8ef8fa97434a2f66ffb0750bd5eae2c4d5c26756de00d8defe8952cabbeff977a03ed9032f4ecea43c83e8ca2590b8db3625bd199ba4d2a7296d6df947bc47acf1953e0e769c260cb9bef0dc45e0d49b916536ba08845270a575dc6e4a989744902d23d254b149530d15d13879e694e03e88f4df495caa8e6d87537eb62919930b6cd394b50dd4af98adc890ac10ed1e50e21323fea481c779ba9050597ede7730af124975b66c84ffc8ac3742af1ee902584df40ff5d5c41d71f6396297d304f5e5fc374c501f3a2771a170452882451d75d74e094a73c2c17e91d97d92d3837c2ffa8fdd112b61bb7e0072e2d8749bd488691cc54df3b807c8a478b7daae859e0edae7e68b408be60faedbd444d7a96c22127df3330700f306d053de7ed8c861679c08f0268ac53bda61ec58e90f43ab58087152308deaa190c024ff99f8994cb5dc567ce1d1bc7a8186f40dd08d69fc70baba6bf5e11ba15ebaf09449c5b553adde9575a46b829576ebcdc6e6440febe8e58f55364166db4c780c062e6768f2300d8d687e62446be37a320f2e14152af0271c991cc3859d6f59ac7a03dfa3afa6763e5df35c2961c40b0f927a48fcf07846f63078f818ddc929bf8d5d0236a1e0fed4c9fb5f407698c1fb7a6ca5aa15db39123e107797f3247a309f3aef8837030810fcd7cbd3dde531fdd0fc4ea72766656e3e6d15c299450ae931e05023a0ab43a2c3c617c51ed6f20ca9f97857e49c383a00095c5342f2db41b131895627874c3b6246d3f0c1e4270d3c16f3d51bf1bab4e1501716c58ac13cf53ba1f53e535f8f3cab72b09e3db757f74d263edaa081cfe7dc42bdafe1ff842cecfd0c62e717fe048b5cd0cc166a90db870eab77cb04bca65e835a0bf83197bdc06de44eb4fc04de13ea7dfab406ad9ccef99d9eaf49a9224b259bb1c9dcc1ee46db05aa58fe9da8bf298d349e4b9f9d4e9f7118e6508ec2a063f1af3e32559839ced91a245aaba779cc053eaef19396124d30bfa6b038316489ccd7da078814940fb106f97ffe2002c00045bbb516517c59306a4a3706c57e9f359e6e459b7cbf737f4649afeb14aaf2058b357c5d8850c9527bee9f43a8998a3547150054a48d0e7e3dd0d3848a2f3383c4f463107a4386a6dbfec55585e609a56f53bda4901faa7ff5068187c61cb1c294c5fdb40569c7868da77024cd30537a8942b66f2295d2b43db598685b386838bd4ebdc3c90486593e75650b210b9c4fe7ac6a390fa45f700313c404d32113cf347de49a80cd14094c47265e355c0e8c0ebae8f637955846536b05b68af3f7902d38bdea926ba0c78665135a9389dacaebff8eefd952f3f31ef77bd6232e3309688b0c094bec39aac1ffa3afe1f8e0a741a6bb07b20d8b3f60bd2428b6a3b8e5a0520c06b628a92aa13e06090af3986d7f9f582f2a212ff8e6d07884fa11a800f9996de815b5ac73f78d3fd0541cc3cfceb4f4f9aa8a877b437ab3594ef7e9f0ce19008ab15a27244966f311a501c726a83f34f25b59cbbda9e41fb22d41b9d78aa1519ea0deb6d1e66a64cff4ebef5b079faf3f94658d7821d15a33eae50572517b5f50689aedb75075ef9861a78bab2b98907f05425aadd08ab0c741f4fc5e340ea9964003797b71bdc8b554ea47e94a05aad9c632c2526c9bc662f9b81c9cc9b612d0435dc432f6d52aed92cdb1a7722cbceac79f7803be9e5317e5f06a96d146805a66e7fe7bbe23a41224a6884ef1aa22c9c9b9c0886fbe0471c3cc66db5b484447c6bbab19eeba664663dc3f6aaf8d13fa5d813e5383afdbaec82470dcfbbb3ef56dc9a238df376f4b355e13473f2bff0611d49ec6984228e75a2011f27ec0488b1be7bb3711f3a2f4cdd8b4b1cac591151ec11b3e1dc965132465120ce26d55967ea49a2607e0ead530cc775845c04cde4e244dfd1b8645896ae6e17a8073ed37805dc80966b114f2dd652a4c8761cff3dd67192b98240a79c7a53b40af8ea90ab28bf936aca5d036ad5b9a6bb1e1b349a5fa837e71f3459ed216acdcaf47b9b0339db94ff9dcc093a35d2295ef70153576260201e88f4d8615fb067ee63fe085ef5de8a68923998413724042433b7f9ffec668018f822887433865bcccd644b386edb30ccf960c49cdc2487596344e8bed2ef1fe74e470e13a6b6c6ca36d67b6560e58b4b896fa6f3892ef6cdc7a9b184861bcc1305b1d826968678bd24b253ae25b8f50c64bf20ad04ac753a929c80a9897272bf4361c699876be6513d6dc574db7ebcc6c23c26006bcd2819c4a8c7fc79e9d81068075d4f6d8cd70f1a3a85293ea98457a5b6699963eb6b02f857d97b207d90b741a1a63fac765e85587ec815e048b62928b45af8b8ecbd38fe48104648e49931abc580d786723151d137064185ccc69d8e6b33a8ab161b47c5e774e15c105eb115410bb88a8df84013ed08dd063ed5287d827bf2d91a6220776bef5d84a0bc92139faeb891fc07450ecd1cf937831d9cf58478d618b11bfc277b01ae649302fa895f905f1da6f123ba91491d9a151e8d3afd203befc02ee8950483f45de1217531baed05f9339c0a35cc501f046dd6ae4d47d3238f1b759360504fee4a2d3ff0ecabdc5c7472612abfd718ec633a115e65a7c8035c7e16de237c129d87c0b6f6c47d28a948799ce4cdb3ffa3969d77cc875cbab330a200c9ce0b9ba3722b13097a332c0b9a83135706800998f7d4eeaff271ed84cbf8930bdf6acfb426932a92bf7ae6a149d8bbe30e57b0fa90eb44184058188d9ffcf78e569e1be886659d7f01e602e216c2bf228698607abddda6c9c3656fe20a2f556e5d122bde4e98f75869251ef5458e245b0b0816171c170a86f01609837138b7256042687ba26e6a3dd04f719a41e67c1077c27e3a8af993a0c6939ac5324705e8250ee8ac7dbb34a782125e7feb56af92e79e6279d3e749b3afc9fc2529fd57d0c22fcc3c868486cfd0d5bb07aaebe743f7ab89bdca7af93851b148b981fccbc56fa795eadb822260a674bb6fba23484cb59ee27383130b40656a70b1d83f46648d7e3886bf62b17d7d60835139a95f257c22b9c05c673777c89ae130b710bda6f38729920a69943111b90a75efb149d179a4deaa33e25aedcee67b526f72f27f8cd55329e468fcac1f9ea88619760b11c8dcc75a920abc42366a7f65ce82c4b77a5f1381f74d95e86b6aa41b5869b4aeec26280b2704c11f0dc41dd7e203c622a41b4f5ffbb649b64c70ee90f6a38a895d6784ee47680cf9a904f71cb05c2d42f8eca3db4be8aaa8e2d24b24522a8718d52deceeea53e4b229fe05379a4e7727fdd6fbe61a907a5d525d818d213043669ede2904c0a4207b5349acd4b9c6e70ebef95aed51cd748298e110665f721f8657b9c53000fa105c5dc6b0aa2fe90bde5038933f54a4883cfa53706ae574497c31de9e3cf39611ffc45084126caf3cbf76cc1104ed9b582423a4f755a2193b7d7d0c738dcd1bc8fad9dabc67f305906c4d8c42666bead91e6af78fc3cb0b57bf338c79eac75b348309d951d8281a3fd91d647f3985a514377662751ae8e1d9cb3883f70a55e6fd875959ee7013ec759418bcdb4f9f5296809af36567b09de7d47a5415df4a40ce890f65fd8d8ced32e027794f0b53e5e70ddfabe70edf707fb3da586761b8f2b26e0d51b45553a899e42b000c3a86e1ac4dd748f44ac6bea9832f14ed18fe24176a735ce1f3c6d956a4a9065acb722be1f1cbc4e3eeba35d65fd13d33e4e6e46e3b1532a643ad655b44943f6543ec35a1936ebb469b01de7cf27cb2b267279d583706f67999683c450cabfd1b24c17965e1d480582efe54f3346bff89dc7fe7d3a9d56b5d79516edfaa2513f74f10ef7b6e6e9449778a3b52450b30ffc679772a3f89dba86703116fe53e6b12384c78d9b2e38c2b8b818840bcfcd624dca1bd1ddcd257932d2ba687cd5262160274ea170f4164cede225dbdee39f7670e31f93f65661545d5daa21d74aacd7efa4846eded28b7eb170397fffabceed3e11610281e785f11b590a428f913eed95faf4ddb1dd9b26d0dbf0856850b530c333f4801b911f51fd74e8de14e9e7f73e9ce47da63da61edd7975062b30b2df5a2337e248bf5c2e1944be877cf4b75187fcc918c500d6156f96d347d3172812e5097d0e7cb9173f3e1ea790579c97899ccf7a2faaa9588849acaaba3e3ebd401dbc8e2f5b82b815411f5e563b22dc5ecdaa9f46a6c8ae5d1bdec71f43664ea43f749204bd9351e3f78619519a27e9f6f536a02b42592f9458edc4c8da0c3dca806ce5d779d02679f983bbe47b6880edb1277f9e14081c9ad3546662404d9c6efe31d3ce4f0e9fecbc2e4b2c90b7b7c5ed2f80b18a95cf6d911e03162500024b746557dcaf6c7798f133243711c5f3c2859872a489e80ee79fa966a6f617d0af92f45acd53577c72281f9349d6f42e6a2ab85d6c99cad775ccf7535625ba2b45fbd299dd1eac8d8ef79c5c9318a2c5b3849871b8c0437dcd1c104ca9c5227b2d6d1717eff9aa2c1b7aaa20619a8317ebcb431431ebf1385beb99f93fc358db79197f10f0c6e06767b4a74214f4ce945a07406aa"}]}, 0x11a0}, 0x1, 0x0, 0x0, 0x4}, 0x88c0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:43 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
r8 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fffffffffffffff)
ioctl$KIOCSOUND(r7, 0x4b2f, 0x6)
ioctl$VT_WAITACTIVE(r8, 0x5607)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x700, 0x0)
r9 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r9, 0x4b72, 0x0)
ioctl$TIOCMBIS(r9, 0x5416, &(0x7f0000000380)=0x141)

05:47:43 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f00000000c0)={0x8000000000000001, <r1=>0x0, 0x1})
ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f0000000100)={r1, 0x401})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x288001, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r0}, 0x8)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000180))
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x3)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x501000, 0x0)

05:47:43 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$audion(&(0x7f0000000280), 0x7, 0x82000)
syz_open_dev$dri(&(0x7f0000000000), 0x6, 0x402) (async)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x6, 0x402)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000040)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000080)={<r3=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f00000000c0)={<r4=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000100)={<r5=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r1, 0xc01064c5, &(0x7f0000000180)={&(0x7f0000000140)=[r2, r3, 0x0, 0x0, r4, 0x0, 0x0, 0x0, r5, 0x0], 0xa}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r1, 0xc01064c5, &(0x7f0000000180)={&(0x7f0000000140)=[r2, r3, 0x0, 0x0, r4, 0x0, 0x0, 0x0, r5, 0x0], 0xa})
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000240)={0x0, &(0x7f0000001340)}) (async)
ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000240)={0x0, &(0x7f0000001340)})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:43 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000540)={'wpan4\x00'}) (async)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r9, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r11=>0x0}) (async)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r15 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r14, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r15}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r12, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r16=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r13, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r15, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r16}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(r8, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x24, r10, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r16}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x6}]}, 0x2c}}, 0x90)
r17 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r17, &(0x7f0000000340)=""/4096, 0x1000)

05:47:43 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000040)={0x8, &(0x7f0000000000)=[{0xfffe, 0x80, 0x9, 0x8001}, {0x8000, 0x9, 0x3, 0xce}, {0x4, 0x20, 0x8, 0x6b}, {0x400, 0xbe, 0x1, 0x80000001}, {0x2, 0x81, 0xfa, 0x81}, {0x7f, 0x8f, 0x35, 0x8}, {0xaa6, 0x2, 0x1, 0x9a75}, {0xfff, 0x57, 0xa1, 0x1}]}) (async, rerun: 32)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x511041, 0x0) (async, rerun: 32)
ioctl$TIOCCONS(r0, 0x541d)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06) (async)
ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302) (async)
ioctl$DRM_IOCTL_NEW_CTX(0xffffffffffffffff, 0x40086425, &(0x7f00000000c0)={0x0, 0x2})

05:47:43 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r9, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r11=>0x0})
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r14, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r15}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r12, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r16=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r13, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r15, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r16}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_NEW_INTERFACE(r8, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x24, r10, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r16}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x6}]}, 0x2c}}, 0x90)
r17 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r17, &(0x7f0000000340)=""/4096, 0x1000)

05:47:44 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
r8 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fffffffffffffff)
ioctl$KIOCSOUND(r7, 0x4b2f, 0x6)
ioctl$VT_WAITACTIVE(r8, 0x5607)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x700, 0x0)
r9 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r9, 0x4b72, 0x0)
ioctl$TIOCMBIS(r9, 0x5416, &(0x7f0000000380)=0x141)

05:47:44 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r2=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x12000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x4008000)
r3 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r3, &(0x7f0000000340)=""/4096, 0x1000)

05:47:44 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$audion(&(0x7f0000000280), 0x7, 0x82000) (async, rerun: 32)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x6, 0x402) (async, rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000040)={<r2=>0x0, 0x0, r0}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000080)={<r3=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f00000000c0)={<r4=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000100)={<r5=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r1, 0xc01064c5, &(0x7f0000000180)={&(0x7f0000000140)=[r2, r3, 0x0, 0x0, r4, 0x0, 0x0, 0x0, r5, 0x0], 0xa}) (async)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000240)={0x0, &(0x7f0000001340)}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:44 executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r9, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r11=>0x0})
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) (async)
r15 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r14, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r15}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r12, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r16=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r13, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r15, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r16}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_NEW_INTERFACE(r8, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x24, r10, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r16}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x6}]}, 0x2c}}, 0x90)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r17 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r17, &(0x7f0000000340)=""/4096, 0x1000)

05:47:44 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000040)={0x8, &(0x7f0000000000)=[{0xfffe, 0x80, 0x9, 0x8001}, {0x8000, 0x9, 0x3, 0xce}, {0x4, 0x20, 0x8, 0x6b}, {0x400, 0xbe, 0x1, 0x80000001}, {0x2, 0x81, 0xfa, 0x81}, {0x7f, 0x8f, 0x35, 0x8}, {0xaa6, 0x2, 0x1, 0x9a75}, {0xfff, 0x57, 0xa1, 0x1}]})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x511041, 0x0) (async)
ioctl$TIOCCONS(r0, 0x541d) (async)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06) (async)
ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302) (async, rerun: 32)
ioctl$DRM_IOCTL_NEW_CTX(0xffffffffffffffff, 0x40086425, &(0x7f00000000c0)={0x0, 0x2}) (rerun: 32)

05:47:44 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r2=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x12000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x4008000)
r3 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r3, &(0x7f0000000340)=""/4096, 0x1000)

05:47:44 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
r8 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fffffffffffffff)
ioctl$KIOCSOUND(r7, 0x4b2f, 0x6)
ioctl$VT_WAITACTIVE(r8, 0x5607)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x700, 0x0)
r9 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r9, 0x4b72, 0x0)
ioctl$TIOCMBIS(r9, 0x5416, &(0x7f0000000380)=0x141)

05:47:44 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xff3, 0x20000)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000040)={0x10001, 0x80, 0xe, 0x3, 0xc7})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:44 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000000)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, 0x0, r2, 0x0], &(0x7f0000000080)=[0xffffffff00000001, 0x89], 0x4})
ioctl$KIOCSOUND(r1, 0x4b2f, 0x10001)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000140)={0x7, &(0x7f0000000100)=[{<r3=>0x0}, {}, {}, {}, {}, {}, {}]})
ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000180)={r3, 0x3})

05:47:45 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x280, 0x140)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000040)={0x56a3, 0x35815fe1, 0x1, 0xcb, 0x6, 0x5})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:45 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000080), 0x400, 0x80000)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, &(0x7f00000000c0)={0x100000001, 0xfdde})
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x64000000)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000040)={0x4, 0x7, 0xfffff293, 0x86c, 0x1, 0xf37f})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:45 executing program 0:
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, &(0x7f0000000040)={0x2, 0x8, 0x0, 0x1ff, 0x6})
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x8a800, 0x0)
ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000100)={0x9, 0x1f})
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000000)={0x5, 0x3})

05:47:45 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
r8 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fffffffffffffff)
ioctl$KIOCSOUND(r7, 0x4b2f, 0x6)
ioctl$VT_WAITACTIVE(r8, 0x5607)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x700, 0x0)
r9 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r9, 0x4b72, 0x0)

05:47:45 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xff3, 0x20000)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000040)={0x10001, 0x80, 0xe, 0x3, 0xc7}) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:45 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x8080)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:45 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000040))
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:45 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x280, 0x140)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000040)={0x56a3, 0x35815fe1, 0x1, 0xcb, 0x6, 0x5})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:45 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000080), 0x400, 0x80000)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, &(0x7f00000000c0)={0x100000001, 0xfdde}) (async)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x64000000) (async)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000040)={0x4, 0x7, 0xfffff293, 0x86c, 0x1, 0xf37f}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:45 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000080), 0x400, 0x80000)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, &(0x7f00000000c0)={0x100000001, 0xfdde})
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x64000000)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000040)={0x4, 0x7, 0xfffff293, 0x86c, 0x1, 0xf37f})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:45 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
r8 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fffffffffffffff)
ioctl$KIOCSOUND(r7, 0x4b2f, 0x6)
ioctl$VT_WAITACTIVE(r8, 0x5607)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x700, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:47:46 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0xff3, 0x20000)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000040)={0x10001, 0x80, 0xe, 0x3, 0xc7})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f0000000000), 0xff3, 0x20000) (async)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000040)={0x10001, 0x80, 0xe, 0x3, 0xc7}) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:47:46 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x280, 0x140)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000040)={0x56a3, 0x35815fe1, 0x1, 0xcb, 0x6, 0x5})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f0000000000), 0x280, 0x140) (async)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000040)={0x56a3, 0x35815fe1, 0x1, 0xcb, 0x6, 0x5}) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:47:46 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async, rerun: 32)
r2 = syz_open_dev$vcsa(&(0x7f0000000080), 0x400, 0x80000) (rerun: 32)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, &(0x7f00000000c0)={0x100000001, 0xfdde})
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x64000000) (async, rerun: 32)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000040)={0x4, 0x7, 0xfffff293, 0x86c, 0x1, 0xf37f}) (rerun: 32)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:46 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x100)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000000)={0x1f, <r2=>0x0, 0x2})
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0xfffffffffffffe01, 0x4280)
ioctl$TIOCCONS(r3, 0x541d)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$VT_GETSTATE(r3, 0x5603, &(0x7f0000000080)={0x200, 0x1, 0x401})
ioctl$DRM_IOCTL_AGP_FREE(r1, 0x40206435, &(0x7f0000000040)={0x0, r2})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:46 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000040))
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:46 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
r8 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fffffffffffffff)
ioctl$KIOCSOUND(r7, 0x4b2f, 0x6)
ioctl$VT_WAITACTIVE(r8, 0x5607)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x700, 0x0)

05:47:46 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f0000000000), 0x80000000, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x3f)

05:47:46 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x40000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:46 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x96b)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0xac6, 0x803)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x8, 0x76})

05:47:47 executing program 1:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x7, 0x2b4000)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000040)="2d9982f3ed6064b40099405a58149a10fb3eb0ea1dd383a7eb8b42076aec3ee21e79f204b08d06895bd670b08329f7a3e5c66acff10e79b581759b48f4fb08153fa6c29d956e142021603b58ac5bca96871902d1e9067e351bb7f783c85ac2d3d7aeb7c922ac960a723048d70cb3d641ed80f09af553ffee4b07457ec462ee2069c737a503", 0x85})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:47 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
r8 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fffffffffffffff)
ioctl$KIOCSOUND(r7, 0x4b2f, 0x6)
ioctl$VT_WAITACTIVE(r8, 0x5607)

05:47:47 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f0000000000), 0x80000000, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x3f)

05:47:47 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000040))
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:47 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x6, 0x432000)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r1, 0x80083313, &(0x7f0000000040))

05:47:47 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x96b)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0xac6, 0x803)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x8, 0x76})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x96b) (async)
syz_open_dev$audion(&(0x7f0000000000), 0xac6, 0x803) (async)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x8, 0x76}) (async)

05:47:47 executing program 1:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x7, 0x2b4000)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000040)="2d9982f3ed6064b40099405a58149a10fb3eb0ea1dd383a7eb8b42076aec3ee21e79f204b08d06895bd670b08329f7a3e5c66acff10e79b581759b48f4fb08153fa6c29d956e142021603b58ac5bca96871902d1e9067e351bb7f783c85ac2d3d7aeb7c922ac960a723048d70cb3d641ed80f09af553ffee4b07457ec462ee2069c737a503", 0x85}) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:47 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fffffffffffffff)
ioctl$KIOCSOUND(r7, 0x4b2f, 0x6)

05:47:47 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f0000000000), 0x80000000, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x3f)

05:47:47 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
r8 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fffffffffffffff)
ioctl$KIOCSOUND(r7, 0x4b2f, 0x6)
ioctl$VT_WAITACTIVE(r8, 0x5607)

05:47:48 executing program 1:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x7, 0x2b4000)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000040)="2d9982f3ed6064b40099405a58149a10fb3eb0ea1dd383a7eb8b42076aec3ee21e79f204b08d06895bd670b08329f7a3e5c66acff10e79b581759b48f4fb08153fa6c29d956e142021603b58ac5bca96871902d1e9067e351bb7f783c85ac2d3d7aeb7c922ac960a723048d70cb3d641ed80f09af553ffee4b07457ec462ee2069c737a503", 0x85}) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000040)="2d9982f3ed6064b40099405a58149a10fb3eb0ea1dd383a7eb8b42076aec3ee21e79f204b08d06895bd670b08329f7a3e5c66acff10e79b581759b48f4fb08153fa6c29d956e142021603b58ac5bca96871902d1e9067e351bb7f783c85ac2d3d7aeb7c922ac960a723048d70cb3d641ed80f09af553ffee4b07457ec462ee2069c737a503", 0x85})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:48 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x7fffffffffffffff)

05:47:48 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000040))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:48 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x96b) (async)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0xac6, 0x803)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x8, 0x76})

05:47:48 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:48 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x10001, 0x208040)
syz_open_pts(r1, 0x200)

05:47:48 executing program 1:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan0\x00'})
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4081, 0xff1)

05:47:48 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)

05:47:48 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x139080)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:48 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x139080)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:48 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x139080)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:49 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:49 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x884c0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000000))

05:47:49 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:49 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000040))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:49 executing program 1:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan0\x00'})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4081, 0xff1)

05:47:49 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)

05:47:49 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:49 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x884c0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async, rerun: 64)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000000)) (rerun: 64)

05:47:49 executing program 1:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan0\x00'})
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4081, 0xff1) (async)
read$snapshot(r0, &(0x7f0000001340)=""/4081, 0xff1)

05:47:49 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)

05:47:49 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:49 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000040))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:50 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0xdb0d, 0x4000)
read$snapshot(r0, &(0x7f0000000340)=""/4086, 0xff6)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x1, 0x2040)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_INFO_BUFS(r1, 0xc0106418, &(0x7f0000000080)={0x48000000, 0x3, 0x2, 0x0, 0x10})
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000040))

05:47:50 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0xdb0d, 0x4000)
read$snapshot(r0, &(0x7f0000000340)=""/4086, 0xff6) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x1, 0x2040)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_INFO_BUFS(r1, 0xc0106418, &(0x7f0000000080)={0x48000000, 0x3, 0x2, 0x0, 0x10})
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000040))

05:47:50 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x884c0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000000))
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x884c0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000000)) (async)

05:47:50 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0xdb0d, 0x4000)
read$snapshot(r0, &(0x7f0000000340)=""/4086, 0xff6) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x1, 0x2040)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_INFO_BUFS(r1, 0xc0106418, &(0x7f0000000080)={0x48000000, 0x3, 0x2, 0x0, 0x10}) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000040))

05:47:50 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4087, 0xff7)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f0000000000))

05:47:50 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4087, 0xff7)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f0000000000))

05:47:50 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4087, 0xff7) (async)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f0000000000))

05:47:50 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="af2fb1e0b68d5a06761b4243e20c11700334a0daf5b8ce04f162bd76b58d094c9affcd82de6913037d3bba6b8da6f705e70abc592d65bfad98c27758932c4ac7d55f582e4cece91a887ba31633721fc91284489568a5d636ed28b5435375ee0a", 0x60)

05:47:50 executing program 1:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan1\x00', <r0=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan3\x00', <r1=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x90, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x9}]}, @NL802154_ATTR_SEC_LEVEL={0x14, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000003}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x90}, 0x1, 0x0, 0x0, 0x1000f0d0}, 0x4042808)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)

05:47:50 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:47:50 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:50 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000040))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:50 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="af2fb1e0b68d5a06761b4243e20c11700334a0daf5b8ce04f162bd76b58d094c9affcd82de6913037d3bba6b8da6f705e70abc592d65bfad98c27758932c4ac7d55f582e4cece91a887ba31633721fc91284489568a5d636ed28b5435375ee0a", 0x60)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
write$snapshot(r1, &(0x7f0000000000)="af2fb1e0b68d5a06761b4243e20c11700334a0daf5b8ce04f162bd76b58d094c9affcd82de6913037d3bba6b8da6f705e70abc592d65bfad98c27758932c4ac7d55f582e4cece91a887ba31633721fc91284489568a5d636ed28b5435375ee0a", 0x60) (async)

05:47:51 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={<r1=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000080)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000140)={&(0x7f00000000c0)=[0x0, 0x0, r1, r2, 0x0], &(0x7f0000000100)=[0x1, 0x1fe0], 0x5})
openat$cgroup_subtree(r0, &(0x7f0000000000), 0x2, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4117, 0x1015)

05:47:51 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)

05:47:51 executing program 1:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan1\x00', <r0=>0x0}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan3\x00', <r1=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x90, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x9}]}, @NL802154_ATTR_SEC_LEVEL={0x14, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000003}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x90}, 0x1, 0x0, 0x0, 0x1000f0d0}, 0x4042808) (async)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)

05:47:51 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:51 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:51 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
write$snapshot(r1, &(0x7f0000000000)="af2fb1e0b68d5a06761b4243e20c11700334a0daf5b8ce04f162bd76b58d094c9affcd82de6913037d3bba6b8da6f705e70abc592d65bfad98c27758932c4ac7d55f582e4cece91a887ba31633721fc91284489568a5d636ed28b5435375ee0a", 0x60)

05:47:51 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)

05:47:51 executing program 1:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan1\x00', <r0=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan3\x00', <r1=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x90, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x9}]}, @NL802154_ATTR_SEC_LEVEL={0x14, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000003}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x90}, 0x1, 0x0, 0x0, 0x1000f0d0}, 0x4042808)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)

05:47:51 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={<r1=>0x0, 0x0, r0}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000080)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000140)={&(0x7f00000000c0)=[0x0, 0x0, r1, r2, 0x0], &(0x7f0000000100)=[0x1, 0x1fe0], 0x5}) (async)
openat$cgroup_subtree(r0, &(0x7f0000000000), 0x2, 0x0) (async)
read$snapshot(r0, &(0x7f0000000200)=""/4117, 0x1015)

05:47:52 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x418002)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4100, 0x1004)

05:47:52 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x418002) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
read$snapshot(r0, &(0x7f0000001340)=""/4100, 0x1004)

05:47:52 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x418002) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4100, 0x1004)

05:47:52 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:47:52 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x80, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x86500, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
socket$nl_sock_diag(0x10, 0x3, 0x4)

05:47:52 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x42340)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:52 executing program 5:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:52 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:52 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x80, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x86500, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x86500, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
socket$nl_sock_diag(0x10, 0x3, 0x4)

05:47:52 executing program 5:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:52 executing program 5:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:52 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={<r1=>0x0, 0x0, r0}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000080)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000140)={&(0x7f00000000c0)=[0x0, 0x0, r1, r2, 0x0], &(0x7f0000000100)=[0x1, 0x1fe0], 0x5}) (async)
openat$cgroup_subtree(r0, &(0x7f0000000000), 0x2, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4117, 0x1015)

05:47:52 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x80, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x86500, 0x0) (async)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000) (async)
socket$nl_sock_diag(0x10, 0x3, 0x4)

05:47:52 executing program 5:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:52 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r2})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:52 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)

05:47:52 executing program 5:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:52 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x42340)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:52 executing program 5:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:53 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:53 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:53 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r2}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:53 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:53 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000))
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$VT_DISALLOCATE(r2, 0x5608)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
r4 = syz_open_dev$vcsa(&(0x7f0000000100), 0x6, 0x8002)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r3, r4, 0x4, r1}, 0x10)

05:47:53 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:53 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:47:53 executing program 5:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:53 executing program 5:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:53 executing program 5:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:53 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x42340)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:53 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:47:54 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:54 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:47:54 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r2}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:54 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))

05:47:54 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000))
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$VT_DISALLOCATE(r2, 0x5608)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
r4 = syz_open_dev$vcsa(&(0x7f0000000100), 0x6, 0x8002)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r3, r4, 0x4, r1}, 0x10)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)) (async)
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
ioctl$VT_DISALLOCATE(r2, 0x5608) (async)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
syz_open_dev$vcsa(&(0x7f0000000100), 0x6, 0x8002) (async)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r3, r4, 0x4, r1}, 0x10) (async)

05:47:54 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:47:54 executing program 3:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)

05:47:54 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:47:54 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:54 executing program 3:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)

05:47:54 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000))
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$VT_DISALLOCATE(r2, 0x5608)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
r4 = syz_open_dev$vcsa(&(0x7f0000000100), 0x6, 0x8002)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r3, r4, 0x4, r1}, 0x10)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)) (async)
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
ioctl$VT_DISALLOCATE(r2, 0x5608) (async)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
syz_open_dev$vcsa(&(0x7f0000000100), 0x6, 0x8002) (async)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r3, r4, 0x4, r1}, 0x10) (async)

05:47:54 executing program 3:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)

05:47:55 executing program 0:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:55 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f0000000000), 0x6, 0x408200)
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x2, 0x0)
ioctl$TIOCSIG(r0, 0x40045436, 0x36)
syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x32501)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)

05:47:55 executing program 2:
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000)={0x400000000003, 0xffffffffffffffff, 0x6, 0x9}, &(0x7f0000000100))
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x40)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0x0, 0x10000})
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000200)={r2, 0x7})
mq_getsetattr(r0, &(0x7f0000000080)={0x1, 0x2, 0x6, 0x1}, &(0x7f00000000c0))
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)

05:47:55 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:55 executing program 1:
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000000))
ioctl$TIOCCONS(r0, 0x541d)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:55 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async, rerun: 64)
syz_open_dev$vcsa(&(0x7f0000000000), 0x6, 0x408200) (async, rerun: 64)
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x2, 0x0)
ioctl$TIOCSIG(r0, 0x40045436, 0x36) (async, rerun: 64)
syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x32501) (async, rerun: 64)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)

05:47:55 executing program 2:
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000)={0x400000000003, 0xffffffffffffffff, 0x6, 0x9}, &(0x7f0000000100))
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x40)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x10000}) (async)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0x0, 0x10000})
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000200)={r2, 0x7}) (async)
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000200)={r2, 0x7})
mq_getsetattr(r0, &(0x7f0000000080)={0x1, 0x2, 0x6, 0x1}, &(0x7f00000000c0))
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)

05:47:55 executing program 0:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:55 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))

05:47:55 executing program 2:
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000)={0x400000000003, 0xffffffffffffffff, 0x6, 0x9}, &(0x7f0000000100))
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x40)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0x0, 0x10000})
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000200)={r2, 0x7})
mq_getsetattr(r0, &(0x7f0000000080)={0x1, 0x2, 0x6, 0x1}, &(0x7f00000000c0))
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000)={0x400000000003, 0xffffffffffffffff, 0x6, 0x9}, &(0x7f0000000100)) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x40) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) (async)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) (async)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x10000}) (async)
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000200)={r2, 0x7}) (async)
mq_getsetattr(r0, &(0x7f0000000080)={0x1, 0x2, 0x6, 0x1}, &(0x7f00000000c0)) (async)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:47:55 executing program 0:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:55 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f0000000000), 0x6, 0x408200) (async, rerun: 64)
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x2, 0x0) (rerun: 64)
ioctl$TIOCSIG(r0, 0x40045436, 0x36) (async, rerun: 64)
syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x32501) (async, rerun: 64)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)

05:47:55 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:55 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_pts(r0, 0x185700)
ioctl$TCSBRK(r1, 0x5409, 0x3)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4080, 0xff0)

05:47:55 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:55 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000))
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:55 executing program 1:
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000000)) (async)
ioctl$TIOCCONS(r0, 0x541d) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:55 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:55 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_pts(r0, 0x185700)
ioctl$TCSBRK(r1, 0x5409, 0x3)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4080, 0xff0) (async)
read$snapshot(r2, &(0x7f0000000340)=""/4080, 0xff0)

05:47:55 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:55 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:55 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:55 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_pts(r0, 0x185700)
ioctl$TCSBRK(r1, 0x5409, 0x3) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4080, 0xff0)

05:47:55 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:55 executing program 2:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0x20000000000007e9, 0x3ff, 0x3, 0x7599})

05:47:55 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:55 executing program 2:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0x20000000000007e9, 0x3ff, 0x3, 0x7599})

05:47:56 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000))
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:56 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:56 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async, rerun: 64)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:56 executing program 2:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0x20000000000007e9, 0x3ff, 0x3, 0x7599})

05:47:56 executing program 1:
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000000))
ioctl$TIOCCONS(r0, 0x541d) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:47:56 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:47:56 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:56 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:56 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4075, 0xfeb)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101100, 0x0)

05:47:56 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:47:56 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4075, 0xfeb) (async, rerun: 64)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101100, 0x0) (rerun: 64)

05:47:56 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:47:56 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:56 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:47:57 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:47:57 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:47:57 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4075, 0xfeb)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101100, 0x0)

05:47:57 executing program 1:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x1)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000200)=""/4107, 0x100b)

05:47:57 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:47:57 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x80000001, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4095, 0xfff)

05:47:57 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x80000001, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4095, 0xfff)

05:47:57 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:57 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:57 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x80000001, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4095, 0xfff)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x80000001, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4095, 0xfff) (async)

05:47:57 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:57 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:57 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000100)={&(0x7f0000000000)=[0x0, 0x7, 0x6, 0x4], 0x4, 0x40, 0x7fffffff, 0x1f, 0x1f, 0xef, 0x0, {0x800, 0x4, 0x1000, 0x8, 0x8492, 0x9bdb, 0x5, 0x6d, 0x8000, 0x0, 0x100, 0x4, 0xb010, 0x3, "14af26698bdb46cdab0c22757683d489fad8fe938c970727a995a07ef668cf8e"}})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x8, 0xe000})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f)

05:47:57 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:47:57 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x40, 0x40000)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f00000000c0)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000280)={0x0, 0x3, 0x8, 0x7, 0xdf, 0x8057, 0x1, 0x40, 0x0, 0x9, 0x8, 0x6})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000100)={<r3=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000140)={<r4=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000180)={<r5=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r0, 0xc01064c5, &(0x7f0000000240)={&(0x7f0000000200)=[r2, 0x0, r3, 0x0, 0x0, r4, r5], 0x7})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r6 = syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x70581)
ioctl$IOC_PR_PREEMPT(r6, 0x401870cb, &(0x7f0000000040)={0x0, 0x0, 0xd4, 0x80})

05:47:57 executing program 1:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x1)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000200)=""/4107, 0x100b)

05:47:58 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:58 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:58 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000100)={&(0x7f0000000000)=[0x0, 0x7, 0x6, 0x4], 0x4, 0x40, 0x7fffffff, 0x1f, 0x1f, 0xef, 0x0, {0x800, 0x4, 0x1000, 0x8, 0x8492, 0x9bdb, 0x5, 0x6d, 0x8000, 0x0, 0x100, 0x4, 0xb010, 0x3, "14af26698bdb46cdab0c22757683d489fad8fe938c970727a995a07ef668cf8e"}})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x8, 0xe000})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000100)={&(0x7f0000000000)=[0x0, 0x7, 0x6, 0x4], 0x4, 0x40, 0x7fffffff, 0x1f, 0x1f, 0xef, 0x0, {0x800, 0x4, 0x1000, 0x8, 0x8492, 0x9bdb, 0x5, 0x6d, 0x8000, 0x0, 0x100, 0x4, 0xb010, 0x3, "14af26698bdb46cdab0c22757683d489fad8fe938c970727a995a07ef668cf8e"}}) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x8, 0xe000}) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) (async)

05:47:58 executing program 0:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x1)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000200)=""/4107, 0x100b)

05:47:58 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x40, 0x40000)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f00000000c0)={0x0, 0x0, r0}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f00000000c0)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000280)={0x0, 0x3, 0x8, 0x7, 0xdf, 0x8057, 0x1, 0x40, 0x0, 0x9, 0x8, 0x6}) (async)
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000280)={0x0, 0x3, 0x8, 0x7, 0xdf, 0x8057, 0x1, 0x40, 0x0, 0x9, 0x8, 0x6})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000100)={<r3=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000140)={<r4=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000180)={<r5=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r0, 0xc01064c5, &(0x7f0000000240)={&(0x7f0000000200)=[r2, 0x0, r3, 0x0, 0x0, r4, r5], 0x7})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x70581) (async)
r6 = syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x70581)
ioctl$IOC_PR_PREEMPT(r6, 0x401870cb, &(0x7f0000000040)={0x0, 0x0, 0xd4, 0x80})

05:47:58 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:58 executing program 1:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x1)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000200)=""/4107, 0x100b)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x1) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r1, &(0x7f0000000200)=""/4107, 0x100b) (async)

05:47:58 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:47:59 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async, rerun: 32)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x40, 0x40000) (rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f00000000c0)={<r2=>0x0, 0x0, r0}) (async)
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000280)={0x0, 0x3, 0x8, 0x7, 0xdf, 0x8057, 0x1, 0x40, 0x0, 0x9, 0x8, 0x6}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000100)={<r3=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000140)={<r4=>0x0, 0x1, r0}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000180)={<r5=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r0, 0xc01064c5, &(0x7f0000000240)={&(0x7f0000000200)=[r2, 0x0, r3, 0x0, 0x0, r4, r5], 0x7})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 32)
r6 = syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x70581) (rerun: 32)
ioctl$IOC_PR_PREEMPT(r6, 0x401870cb, &(0x7f0000000040)={0x0, 0x0, 0xd4, 0x80})

05:47:59 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:59 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000100)={&(0x7f0000000000)=[0x0, 0x7, 0x6, 0x4], 0x4, 0x40, 0x7fffffff, 0x1f, 0x1f, 0xef, 0x0, {0x800, 0x4, 0x1000, 0x8, 0x8492, 0x9bdb, 0x5, 0x6d, 0x8000, 0x0, 0x100, 0x4, 0xb010, 0x3, "14af26698bdb46cdab0c22757683d489fad8fe938c970727a995a07ef668cf8e"}})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x8, 0xe000}) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f)

05:47:59 executing program 0:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x1)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000200)=""/4107, 0x100b)

05:47:59 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x355b81)
r1 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x0, 0x101040)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000040)={0x9, 0x8})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000001340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="0000ff7b0000000000100000000033725b9b5d9848db467d396564f0b5de9faa6328c8fa0bcbc01ed00856410525fea4e4c61b3635f2873cc23326ad09cbb1425e169a16ddfac81e3e43d029c007e024910923f35069120f3636f6dcc5f66ceaaa1c78c7c526305eace5c0cfb8713c73563e4f"], 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_GET_INTERFACE(r2, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x48, 0x0, 0x202, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000880}, 0x20000040)
r8 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
ioctl$VT_GETMODE(r8, 0x5601, &(0x7f0000000100))
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r1, 0x80083313, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:59 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x355b81)
r1 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x0, 0x101040)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000040)={0x9, 0x8})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000540)={'wpan4\x00'}) (async)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000001340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="0000ff7b0000000000100000000033725b9b5d9848db467d396564f0b5de9faa6328c8fa0bcbc01ed00856410525fea4e4c61b3635f2873cc23326ad09cbb1425e169a16ddfac81e3e43d029c007e024910923f35069120f3636f6dcc5f66ceaaa1c78c7c526305eace5c0cfb8713c73563e4f"], 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_GET_INTERFACE(r2, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x48, 0x0, 0x202, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000880}, 0x20000040) (async)
r8 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
ioctl$VT_GETMODE(r8, 0x5601, &(0x7f0000000100)) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r1, 0x80083313, &(0x7f0000000000)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:59 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x355b81) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x0, 0x101040)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000040)={0x9, 0x8}) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000540)={'wpan4\x00'}) (async)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000001340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="0000ff7b0000000000100000000033725b9b5d9848db467d396564f0b5de9faa6328c8fa0bcbc01ed00856410525fea4e4c61b3635f2873cc23326ad09cbb1425e169a16ddfac81e3e43d029c007e024910923f35069120f3636f6dcc5f66ceaaa1c78c7c526305eace5c0cfb8713c73563e4f"], 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_GET_INTERFACE(r2, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x48, 0x0, 0x202, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000880}, 0x20000040) (async)
r8 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
ioctl$VT_GETMODE(r8, 0x5601, &(0x7f0000000100)) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r1, 0x80083313, &(0x7f0000000000)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:47:59 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0x5)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000000)=0x8)

05:47:59 executing program 4:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:59 executing program 4:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:59 executing program 4:
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x4000, 0x0)

05:47:59 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)

05:47:59 executing program 2:
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)=[0x7, 0x8])
r0 = semget$private(0x0, 0x2, 0x178)
semctl$GETPID(r0, 0x0, 0xb, 0x0)
semctl$SEM_STAT_ANY(r0, 0x0, 0x14, &(0x7f0000000200)=""/224)
r1 = semget$private(0x0, 0x2, 0x178)
semctl$GETPID(r1, 0x0, 0xb, 0x0)
semctl$IPC_INFO(0xffffffffffffffff, 0x2, 0x3, &(0x7f0000000040)=""/143)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000001340)=""/4105, 0xfffffea1)

05:47:59 executing program 4:
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x4000, 0x0)

05:47:59 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x73, 0x8000)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000040)=0xcf)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x210000, 0x0)

05:48:00 executing program 0:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x1)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000200)=""/4107, 0x100b)

05:48:00 executing program 4:
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x4000, 0x0)

05:48:00 executing program 4:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)

05:48:00 executing program 4:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)

05:48:00 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async, rerun: 32)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0x5) (async, rerun: 32)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000000)=0x8)

05:48:00 executing program 4:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)

05:48:00 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0x5)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000000)=0x8)

05:48:00 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)

05:48:00 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x73, 0x8000)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000040)=0xcf)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x210000, 0x0)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x73, 0x8000) (async)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000040)=0xcf) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x210000, 0x0) (async)

05:48:00 executing program 2:
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)=[0x7, 0x8])
r0 = semget$private(0x0, 0x2, 0x178)
semctl$GETPID(r0, 0x0, 0xb, 0x0) (async)
semctl$GETPID(r0, 0x0, 0xb, 0x0)
semctl$SEM_STAT_ANY(r0, 0x0, 0x14, &(0x7f0000000200)=""/224) (async)
semctl$SEM_STAT_ANY(r0, 0x0, 0x14, &(0x7f0000000200)=""/224)
r1 = semget$private(0x0, 0x2, 0x178)
semctl$GETPID(r1, 0x0, 0xb, 0x0)
semctl$IPC_INFO(0xffffffffffffffff, 0x2, 0x3, &(0x7f0000000040)=""/143)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000001340)=""/4105, 0xfffffea1) (async)
read$snapshot(r2, &(0x7f0000001340)=""/4105, 0xfffffea1)

05:48:00 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0x5)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000000)=0x8)

05:48:00 executing program 4:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan1\x00', <r0=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan3\x00', <r1=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x90, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x9}]}, @NL802154_ATTR_SEC_LEVEL={0x14, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000003}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x90}, 0x1, 0x0, 0x0, 0x1000f0d0}, 0x4042808)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)

05:48:01 executing program 0:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x1)
read$snapshot(0xffffffffffffffff, &(0x7f0000000200)=""/4107, 0x100b)

05:48:01 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:48:01 executing program 0:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x1)
read$snapshot(0xffffffffffffffff, &(0x7f0000000200)=""/4107, 0x100b)

05:48:01 executing program 0:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x1)
read$snapshot(0xffffffffffffffff, &(0x7f0000000200)=""/4107, 0x100b)

05:48:01 executing program 0:
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4107, 0x100b)

05:48:01 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x73, 0x8000)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000040)=0xcf)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x210000, 0x0)

05:48:01 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000100)={&(0x7f00000000c0)=[0x4, 0x6], 0x2, 0x9c, 0xc3, 0x1, 0x7f000000, 0x3, 0x200, {0xa0, 0x19, 0x5, 0x7b58, 0xe73, 0x4ca9, 0x3, 0x7, 0x7f, 0x7, 0x9c7, 0x7, 0x1c7b, 0x8, "c6786ca1216e3a8752b6a35cf4dc8372fc7f8e1f4b98325e75f7529fa308714a"}})
r2 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x2002)
ioctl$DRM_IOCTL_LOCK(r2, 0x4008642a, &(0x7f0000000040)={0x0, 0x2})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:01 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:48:01 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:48:01 executing program 2:
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)=[0x7, 0x8])
semget$private(0x0, 0x2, 0x178) (async)
r0 = semget$private(0x0, 0x2, 0x178)
semctl$GETPID(r0, 0x0, 0xb, 0x0) (async)
semctl$GETPID(r0, 0x0, 0xb, 0x0)
semctl$SEM_STAT_ANY(r0, 0x0, 0x14, &(0x7f0000000200)=""/224)
semget$private(0x0, 0x2, 0x178) (async)
r1 = semget$private(0x0, 0x2, 0x178)
semctl$GETPID(r1, 0x0, 0xb, 0x0)
semctl$IPC_INFO(0xffffffffffffffff, 0x2, 0x3, &(0x7f0000000040)=""/143)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000001340)=""/4105, 0xfffffea1)

05:48:01 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x440942, 0x0)
ioctl$VT_DISALLOCATE(r1, 0x5608)

05:48:01 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000100)={&(0x7f00000000c0)=[0x4, 0x6], 0x2, 0x9c, 0xc3, 0x1, 0x7f000000, 0x3, 0x200, {0xa0, 0x19, 0x5, 0x7b58, 0xe73, 0x4ca9, 0x3, 0x7, 0x7f, 0x7, 0x9c7, 0x7, 0x1c7b, 0x8, "c6786ca1216e3a8752b6a35cf4dc8372fc7f8e1f4b98325e75f7529fa308714a"}})
r2 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x2002)
ioctl$DRM_IOCTL_LOCK(r2, 0x4008642a, &(0x7f0000000040)={0x0, 0x2}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:01 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:48:01 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4107, 0x100b)

05:48:02 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="af2fb1e0b68d5a06761b4243e20c11700334a0daf5b8ce04f162bd76b58d094c9affcd82de6913037d3bba6b8da6f705e70abc592d65bfad98c27758932c4ac7d55f582e4cece91a887ba31633721fc91284489568a5d636ed28b5435375ee0a", 0x60)

05:48:02 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x440942, 0x0)
ioctl$VT_DISALLOCATE(r1, 0x5608)

05:48:02 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000100)={&(0x7f00000000c0)=[0x4, 0x6], 0x2, 0x9c, 0xc3, 0x1, 0x7f000000, 0x3, 0x200, {0xa0, 0x19, 0x5, 0x7b58, 0xe73, 0x4ca9, 0x3, 0x7, 0x7f, 0x7, 0x9c7, 0x7, 0x1c7b, 0x8, "c6786ca1216e3a8752b6a35cf4dc8372fc7f8e1f4b98325e75f7529fa308714a"}})
r2 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x2002)
ioctl$DRM_IOCTL_LOCK(r2, 0x4008642a, &(0x7f0000000040)={0x0, 0x2})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:02 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:48:02 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000100), 0xd2c0, 0x228583)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r2})
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x2)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000180)={0x20000000, 0x80000000, 0x1b4})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000040)={<r4=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r0, 0xc01064c5, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, r3, 0x0, r4], 0x5})

05:48:02 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)

05:48:02 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4107, 0x100b)

05:48:02 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4107, 0x100b)

05:48:02 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4107, 0x100b)

05:48:02 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4107, 0x100b)

05:48:02 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4107, 0x100b)

05:48:02 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4107, 0x100b)

05:48:02 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000200)=""/4107, 0x100b)

05:48:02 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x440942, 0x0)
ioctl$VT_DISALLOCATE(r1, 0x5608)

05:48:03 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r1, 0x80083313, &(0x7f0000000000))

05:48:03 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:48:03 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000200)=""/4107, 0x100b)

05:48:03 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000100), 0xd2c0, 0x228583)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r2})
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x2)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000180)={0x20000000, 0x80000000, 0x1b4})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000040)={<r4=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r0, 0xc01064c5, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, r3, 0x0, r4], 0x5})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f0000000100), 0xd2c0, 0x228583) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r2}) (async)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x2) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000000)={0x0, 0x0, r0}) (async)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000180)={0x20000000, 0x80000000, 0x1b4}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000040)={0x0, 0x0, r0}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r0, 0xc01064c5, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, r3, 0x0, r4], 0x5}) (async)

05:48:03 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000100), 0xd2c0, 0x228583)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r2})
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x2)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000180)={0x20000000, 0x80000000, 0x1b4})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000040)={<r4=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r0, 0xc01064c5, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, r3, 0x0, r4], 0x5})

05:48:03 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000200)=""/4107, 0x100b)

05:48:03 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:48:03 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:48:03 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:48:03 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f0000000100), 0xd2c0, 0x228583) (async)
r1 = syz_open_dev$vcsa(&(0x7f0000000100), 0xd2c0, 0x228583)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r2})
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x2)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000000)={0x0, 0x0, r0}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000180)={0x20000000, 0x80000000, 0x1b4})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000040)={0x0, 0x0, r0}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000040)={<r4=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r0, 0xc01064c5, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, r3, 0x0, r4], 0x5})

05:48:03 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4107, 0x100b)

05:48:03 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:03 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r1, 0x80083313, &(0x7f0000000000))

05:48:04 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0xffffff67)

05:48:04 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4107, 0x100b)

05:48:04 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4107, 0x100b)

05:48:04 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x2040)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000080)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f00000000c0)={r2})
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x3, <r3=>0x0}, 0x8)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r3}, 0x4)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000100))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:04 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000) (async)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r0}) (async)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2}) (async)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf) (async)

05:48:04 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r1, 0x80083313, &(0x7f0000000000))

05:48:04 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:04 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async, rerun: 64)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000) (rerun: 64)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:04 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000000))

05:48:04 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x2040)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000080)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f00000000c0)={r2})
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x3, <r3=>0x0}, 0x8)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r3}, 0x4) (async)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r3}, 0x4)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000100)) (async)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000100))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:04 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="ac4e6a5fd6182e247640288915b8eb88d2709bd243de5d5c95b331d16216588be94e123fc890af0af66200d18ac70e3857adae4cc68cea4f21a8b34f", 0x3c)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:04 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:05 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)

05:48:05 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000000))

05:48:05 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000000))

05:48:05 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x2040)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000080)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f00000000c0)={r2})
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x3, <r3=>0x0}, 0x8)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r3}, 0x4) (async)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r3}, 0x4)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000100))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:05 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:05 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000000))
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000000)) (async)

05:48:05 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x884c0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000000))

05:48:05 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="ac4e6a5fd6182e247640288915b8eb88d2709bd243de5d5c95b331d16216588be94e123fc890af0af66200d18ac70e3857adae4cc68cea4f21a8b34f", 0x3c)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
write$snapshot(r1, &(0x7f0000000000)="ac4e6a5fd6182e247640288915b8eb88d2709bd243de5d5c95b331d16216588be94e123fc890af0af66200d18ac70e3857adae4cc68cea4f21a8b34f", 0x3c) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)

05:48:05 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="ac4e6a5fd6182e247640288915b8eb88d2709bd243de5d5c95b331d16216588be94e123fc890af0af66200d18ac70e3857adae4cc68cea4f21a8b34f", 0x3c)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:05 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
write$snapshot(r1, &(0x7f0000000000)="ac4e6a5fd6182e247640288915b8eb88d2709bd243de5d5c95b331d16216588be94e123fc890af0af66200d18ac70e3857adae4cc68cea4f21a8b34f", 0x3c) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:05 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:06 executing program 2:
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000))
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x4952, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$VT_DISALLOCATE(r0, 0x5608)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:06 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x884c0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000000))

05:48:06 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r0})
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:06 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000001380)=0x1)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x4c77b9ffdab34f1e})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000001340), 0x4)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000180)={0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_VERSION(r2, 0xc0406400, &(0x7f0000000300)={0x4, 0x29edc, 0xfff, 0x1a, &(0x7f0000000200)=""/26, 0x10, &(0x7f0000000240)=""/16, 0x44, &(0x7f0000000280)=""/68})
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_DMA(r3, 0xc0406429, &(0x7f0000000140)={0x0, 0x5, &(0x7f0000000040)=[0x2, 0x8, 0x6, 0x4, 0x80000001], &(0x7f0000000080)=[0x200, 0x6, 0x8], 0x47, 0x7, 0x81, &(0x7f00000000c0)=[0x1f800000, 0x81, 0x7, 0x4, 0x9, 0x300, 0x200], &(0x7f0000000100)=[0x92cb, 0xa62, 0xfff, 0x22772989, 0x610a3556, 0x8]})
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000001400)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000013c0), 0x106, 0x4}}, 0x20)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000001440)={r1}, 0x8)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r4, 0x6430)

05:48:06 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="ac4e6a5fd6182e247640288915b8eb88d2709bd243de5d5c95b331d16216588be94e123fc890af0af66200d18ac70e3857adae4cc68cea4f21a8b34f", 0x3c)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:06 executing program 1:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x496081, 0x0)
read$snapshot(r0, &(0x7f0000001200)=""/4095, 0x1025)

05:48:06 executing program 1:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x496081, 0x0)
read$snapshot(r0, &(0x7f0000001200)=""/4095, 0x1025)

05:48:06 executing program 1:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x496081, 0x0)
read$snapshot(r0, &(0x7f0000001200)=""/4095, 0x1025)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x496081, 0x0) (async)
read$snapshot(r0, &(0x7f0000001200)=""/4095, 0x1025) (async)

05:48:06 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x2, 0x80080)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:06 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x2, 0x80080)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f0000000000), 0x2, 0x80080) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:06 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x2, 0x80080)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:06 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4084, 0xff4)
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000040)={0x0, 0x1})
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x488083)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000000c0)={&(0x7f0000000080)=[0x3, 0x650, 0x1f, 0x42e4, 0x6], 0x5, 0xff, 0x4, 0x3, 0x5, 0xca7a, 0x1ff, {0x6, 0x91d0, 0x2, 0x3f, 0x4, 0x0, 0x1000, 0x100, 0x9, 0x7, 0x20, 0x7fff, 0x40, 0x7fff, "dbd7f197bb8dfa381e6e8cabf5c85d0dee1e0f5d5be9e70d8e7d6468aab0cab2"}})

05:48:06 executing program 4:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x496081, 0x0)
read$snapshot(r0, &(0x7f0000001200)=""/4095, 0x1025)

05:48:06 executing program 2:
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000))
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x4952, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$VT_DISALLOCATE(r0, 0x5608) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:06 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:07 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000001380)=0x1) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x4c77b9ffdab34f1e}) (async)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000001340), 0x4)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000180)={0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_VERSION(r2, 0xc0406400, &(0x7f0000000300)={0x4, 0x29edc, 0xfff, 0x1a, &(0x7f0000000200)=""/26, 0x10, &(0x7f0000000240)=""/16, 0x44, &(0x7f0000000280)=""/68}) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_DMA(r3, 0xc0406429, &(0x7f0000000140)={0x0, 0x5, &(0x7f0000000040)=[0x2, 0x8, 0x6, 0x4, 0x80000001], &(0x7f0000000080)=[0x200, 0x6, 0x8], 0x47, 0x7, 0x81, &(0x7f00000000c0)=[0x1f800000, 0x81, 0x7, 0x4, 0x9, 0x300, 0x200], &(0x7f0000000100)=[0x92cb, 0xa62, 0xfff, 0x22772989, 0x610a3556, 0x8]}) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000001400)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000013c0), 0x106, 0x4}}, 0x20) (async)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000001440)={r1}, 0x8)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r4, 0x6430)

05:48:07 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="ac4e6a5fd6182e247640288915b8eb88d2709bd243de5d5c95b331d16216588be94e123fc890af0af66200d18ac70e3857adae4cc68cea4f21a8b34f", 0x3c)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:07 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:07 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4084, 0xff4)
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000040)={0x0, 0x1}) (async)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x488083)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000000c0)={&(0x7f0000000080)=[0x3, 0x650, 0x1f, 0x42e4, 0x6], 0x5, 0xff, 0x4, 0x3, 0x5, 0xca7a, 0x1ff, {0x6, 0x91d0, 0x2, 0x3f, 0x4, 0x0, 0x1000, 0x100, 0x9, 0x7, 0x20, 0x7fff, 0x40, 0x7fff, "dbd7f197bb8dfa381e6e8cabf5c85d0dee1e0f5d5be9e70d8e7d6468aab0cab2"}})

05:48:07 executing program 2:
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000))
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x4952, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$VT_DISALLOCATE(r0, 0x5608)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x4952, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$VT_DISALLOCATE(r0, 0x5608) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:07 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:07 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000001380)=0x1) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x4c77b9ffdab34f1e})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000001340), 0x4) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000180)={0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_VERSION(r2, 0xc0406400, &(0x7f0000000300)={0x4, 0x29edc, 0xfff, 0x1a, &(0x7f0000000200)=""/26, 0x10, &(0x7f0000000240)=""/16, 0x44, &(0x7f0000000280)=""/68}) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_DMA(r3, 0xc0406429, &(0x7f0000000140)={0x0, 0x5, &(0x7f0000000040)=[0x2, 0x8, 0x6, 0x4, 0x80000001], &(0x7f0000000080)=[0x200, 0x6, 0x8], 0x47, 0x7, 0x81, &(0x7f00000000c0)=[0x1f800000, 0x81, 0x7, 0x4, 0x9, 0x300, 0x200], &(0x7f0000000100)=[0x92cb, 0xa62, 0xfff, 0x22772989, 0x610a3556, 0x8]}) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000001400)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000013c0), 0x106, 0x4}}, 0x20) (async)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000001440)={r1}, 0x8)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r4, 0x6430)

05:48:07 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x88000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000040))

05:48:07 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:07 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4084, 0xff4)
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000040)={0x0, 0x1})
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x488083)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000000c0)={&(0x7f0000000080)=[0x3, 0x650, 0x1f, 0x42e4, 0x6], 0x5, 0xff, 0x4, 0x3, 0x5, 0xca7a, 0x1ff, {0x6, 0x91d0, 0x2, 0x3f, 0x4, 0x0, 0x1000, 0x100, 0x9, 0x7, 0x20, 0x7fff, 0x40, 0x7fff, "dbd7f197bb8dfa381e6e8cabf5c85d0dee1e0f5d5be9e70d8e7d6468aab0cab2"}})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4084, 0xff4) (async)
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000040)={0x0, 0x1}) (async)
syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x488083) (async)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000000c0)={&(0x7f0000000080)=[0x3, 0x650, 0x1f, 0x42e4, 0x6], 0x5, 0xff, 0x4, 0x3, 0x5, 0xca7a, 0x1ff, {0x6, 0x91d0, 0x2, 0x3f, 0x4, 0x0, 0x1000, 0x100, 0x9, 0x7, 0x20, 0x7fff, 0x40, 0x7fff, "dbd7f197bb8dfa381e6e8cabf5c85d0dee1e0f5d5be9e70d8e7d6468aab0cab2"}}) (async)

05:48:08 executing program 0:
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:08 executing program 0:
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:08 executing program 0:
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:08 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:08 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:08 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x88000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000040))

05:48:08 executing program 2:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r0, 0x100, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x1)
r6 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0)
read$snapshot(r6, &(0x7f0000000340)=""/4096, 0x1000)

05:48:08 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:08 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:08 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:08 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={<r2=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:08 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x301000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:08 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:08 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x88000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000040))

05:48:08 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:09 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:09 executing program 2:
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r0, 0x100, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x1)
r6 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0)
read$snapshot(r6, &(0x7f0000000340)=""/4096, 0x1000)

05:48:09 executing program 1:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x301000) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x301000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:09 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:09 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r0})
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:09 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x301000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:09 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001240)=""/4122, 0x101a)

05:48:09 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:09 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:09 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:48:09 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000000))

05:48:09 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:48:09 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:09 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:48:09 executing program 2:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r0, 0x100, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) (async)
r6 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x0)
read$snapshot(r6, &(0x7f0000000340)=""/4096, 0x1000)

05:48:09 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:09 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000000))
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000000)) (async)

05:48:09 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001240)=""/4122, 0x101a)

05:48:09 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001240)=""/4122, 0x101a)

05:48:10 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:10 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x10000000009, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
syz_open_pts(r2, 0x422040)
ioctl$TCSBRK(r1, 0x5409, 0x4)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:10 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x10000000009, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) (async, rerun: 32)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) (rerun: 32)
syz_open_pts(r2, 0x422040) (async)
ioctl$TCSBRK(r1, 0x5409, 0x4)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:10 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x10000000009, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
syz_open_pts(r2, 0x422040)
ioctl$TCSBRK(r1, 0x5409, 0x4)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f00000001c0), 0x10000000009, 0x0) (async)
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) (async)
syz_open_pts(r2, 0x422040) (async)
ioctl$TCSBRK(r1, 0x5409, 0x4) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:10 executing program 2:
syz_open_dev$dri(&(0x7f0000000000), 0xa206, 0x189081)
migrate_pages(0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:10 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:10 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000000))

05:48:10 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001240)=""/4122, 0x101a)

05:48:10 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:11 executing program 4:
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 4:
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 4:
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 4:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 4:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 4:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 2:
syz_open_dev$dri(&(0x7f0000000000), 0xa206, 0x189081) (async)
migrate_pages(0x0, 0x0, 0x0, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:11 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:11 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000)=<r1=>0x0)
ptrace$pokeuser(0x6, r1, 0x1, 0x5)

05:48:11 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:11 executing program 3:
ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000000)={0x2, 0x80})
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000080), 0x4, {0xa, 0x4e22, 0x0, @local, 0xfff}}}, 0x38)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
write$cgroup_subtree(r1, &(0x7f0000000100)={[{0x0, 'io'}, {0x2d, 'devices'}, {0x2d, 'net'}, {0x2d, 'net_cls'}, {0x2d, 'cpuset'}, {0x2b, 'net_cls'}, {0x2b, 'cpu'}, {0x2b, 'io'}]}, 0x35)

05:48:11 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 2:
syz_open_dev$dri(&(0x7f0000000000), 0xa206, 0x189081)
migrate_pages(0x0, 0x0, 0x0, 0x0)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:11 executing program 4:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 4:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 4:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:11 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:48:11 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:48:11 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:11 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:48:12 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000)=<r1=>0x0)
ptrace$pokeuser(0x6, r1, 0x1, 0x5)

05:48:12 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:12 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:12 executing program 3:
ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000000)={0x2, 0x80})
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000080), 0x4, {0xa, 0x4e22, 0x0, @local, 0xfff}}}, 0x38) (async)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000080), 0x4, {0xa, 0x4e22, 0x0, @local, 0xfff}}}, 0x38)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
write$cgroup_subtree(r1, &(0x7f0000000100)={[{0x0, 'io'}, {0x2d, 'devices'}, {0x2d, 'net'}, {0x2d, 'net_cls'}, {0x2d, 'cpuset'}, {0x2b, 'net_cls'}, {0x2b, 'cpu'}, {0x2b, 'io'}]}, 0x35)

05:48:12 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000000000)={0x5, &(0x7f00000023c0)=""/124, &(0x7f0000002340)=[{0x10000, 0xffa, 0x1, &(0x7f0000001340)=""/4090}, {0x40, 0x3e, 0x8, &(0x7f0000000080)=""/62}, {0x2, 0xac, 0x2, &(0x7f00000000c0)=""/172}, {0xc0000000, 0x0, 0xffffffff, &(0x7f0000000180)}, {0x4, 0xe4, 0xffff8001, &(0x7f0000000200)=""/228}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:12 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:12 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000)=<r1=>0x0)
ptrace$pokeuser(0x6, r1, 0x1, 0x5)

05:48:13 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000000000)={0x5, &(0x7f00000023c0)=""/124, &(0x7f0000002340)=[{0x10000, 0xffa, 0x1, &(0x7f0000001340)=""/4090}, {0x40, 0x3e, 0x8, &(0x7f0000000080)=""/62}, {0x2, 0xac, 0x2, &(0x7f00000000c0)=""/172}, {0xc0000000, 0x0, 0xffffffff, &(0x7f0000000180)}, {0x4, 0xe4, 0xffff8001, &(0x7f0000000200)=""/228}]}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:13 executing program 3:
ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000000)={0x2, 0x80})
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000080), 0x4, {0xa, 0x4e22, 0x0, @local, 0xfff}}}, 0x38)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
write$cgroup_subtree(r1, &(0x7f0000000100)={[{0x0, 'io'}, {0x2d, 'devices'}, {0x2d, 'net'}, {0x2d, 'net_cls'}, {0x2d, 'cpuset'}, {0x2b, 'net_cls'}, {0x2b, 'cpu'}, {0x2b, 'io'}]}, 0x35)
ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000000)={0x2, 0x80}) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000080), 0x4, {0xa, 0x4e22, 0x0, @local, 0xfff}}}, 0x38) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
write$cgroup_subtree(r1, &(0x7f0000000100)={[{0x0, 'io'}, {0x2d, 'devices'}, {0x2d, 'net'}, {0x2d, 'net_cls'}, {0x2d, 'cpuset'}, {0x2b, 'net_cls'}, {0x2b, 'cpu'}, {0x2b, 'io'}]}, 0x35) (async)

05:48:13 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:13 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x802)
ioctl$BLKROGET(r0, 0x125e, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$ttys(0xc, 0x2, 0x0)

05:48:13 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x802)
ioctl$BLKROGET(r0, 0x125e, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x802) (async)
ioctl$BLKROGET(r0, 0x125e, &(0x7f0000000000)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)

05:48:13 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x802)
ioctl$BLKROGET(r0, 0x125e, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$ttys(0xc, 0x2, 0x0)

05:48:13 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:13 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:13 executing program 5:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:13 executing program 5:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:13 executing program 5:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:13 executing program 5:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:13 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000000000)={0x5, &(0x7f00000023c0)=""/124, &(0x7f0000002340)=[{0x10000, 0xffa, 0x1, &(0x7f0000001340)=""/4090}, {0x40, 0x3e, 0x8, &(0x7f0000000080)=""/62}, {0x2, 0xac, 0x2, &(0x7f00000000c0)=""/172}, {0xc0000000, 0x0, 0xffffffff, &(0x7f0000000180)}, {0x4, 0xe4, 0xffff8001, &(0x7f0000000200)=""/228}]}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:14 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:14 executing program 5:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:14 executing program 4:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:14 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000000)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:14 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:14 executing program 5:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:14 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000)=<r1=>0x0)
ptrace$pokeuser(0x6, r1, 0x1, 0x5)

05:48:14 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:14 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:14 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:14 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:14 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0xfffffd3a)
read$snapshot(r2, &(0x7f0000000200)=""/4073, 0xfe9)

05:48:14 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000000)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:14 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async, rerun: 64)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (rerun: 64)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0xfffffd3a)
read$snapshot(r2, &(0x7f0000000200)=""/4073, 0xfe9)

05:48:14 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000000)) (async)
ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:14 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:14 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000300), 0x3, 0xa6000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x5, 0x13, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4}, [@ldst={0x2, 0x3, 0x2, 0x0, 0xa, 0x0, 0x1}, @generic={0x80, 0x9, 0xf, 0x6, 0x44b}, @alu={0x4, 0x0, 0x4, 0x9, 0x9, 0xc, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffa}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x1}, @map_fd={0x18, 0x3, 0x1, 0x0, r0}, @map_fd={0x18, 0x6}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_fd={0x18, 0xb}]}, &(0x7f0000000100)='syzkaller\x00', 0x8, 0xaf, &(0x7f0000000200)=""/175, 0x41100, 0x10, '\x00', 0x0, 0x3, r1, 0x8, &(0x7f0000000140)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x0, 0x7f, 0x81}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[r2, 0x1]}, 0x80)
r3 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r3, &(0x7f0000000340)=""/4096, 0x1000)

05:48:14 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:14 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0xfffffd3a)
read$snapshot(r2, &(0x7f0000000200)=""/4073, 0xfe9)

05:48:14 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:14 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4080, 0xff0)

05:48:14 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async, rerun: 64)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (rerun: 64)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4080, 0xff0)

05:48:14 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4080, 0xff0)

05:48:14 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x7, 0x26400)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:15 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:15 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x7, 0x26400)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:15 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x7, 0x26400)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:15 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:15 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000300), 0x3, 0xa6000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x5, 0x13, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4}, [@ldst={0x2, 0x3, 0x2, 0x0, 0xa, 0x0, 0x1}, @generic={0x80, 0x9, 0xf, 0x6, 0x44b}, @alu={0x4, 0x0, 0x4, 0x9, 0x9, 0xc, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffa}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x1}, @map_fd={0x18, 0x3, 0x1, 0x0, r0}, @map_fd={0x18, 0x6}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_fd={0x18, 0xb}]}, &(0x7f0000000100)='syzkaller\x00', 0x8, 0xaf, &(0x7f0000000200)=""/175, 0x41100, 0x10, '\x00', 0x0, 0x3, r1, 0x8, &(0x7f0000000140)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x0, 0x7f, 0x81}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[r2, 0x1]}, 0x80)
r3 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r3, &(0x7f0000000340)=""/4096, 0x1000)

05:48:15 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:15 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$VT_GETSTATE(r1, 0x5603, &(0x7f0000000000)={0x8001, 0x3, 0x3ff})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:15 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:15 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:15 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:15 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:15 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)="c89bef5f2b07bb16cd9a50487f8cc6c846f1eeff896d4ee8dec1874f09d5b9bb5500e895b2da954f0de1a23b6a2c466b7d9c8a", 0x33})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:15 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$VT_GETSTATE(r1, 0x5603, &(0x7f0000000000)={0x8001, 0x3, 0x3ff}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:15 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:15 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000300), 0x3, 0xa6000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x5, 0x13, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4}, [@ldst={0x2, 0x3, 0x2, 0x0, 0xa, 0x0, 0x1}, @generic={0x80, 0x9, 0xf, 0x6, 0x44b}, @alu={0x4, 0x0, 0x4, 0x9, 0x9, 0xc, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffa}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x1}, @map_fd={0x18, 0x3, 0x1, 0x0, r0}, @map_fd={0x18, 0x6}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_fd={0x18, 0xb}]}, &(0x7f0000000100)='syzkaller\x00', 0x8, 0xaf, &(0x7f0000000200)=""/175, 0x41100, 0x10, '\x00', 0x0, 0x3, r1, 0x8, &(0x7f0000000140)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x0, 0x7f, 0x81}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[r2, 0x1]}, 0x80) (async)
r3 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r3, &(0x7f0000000340)=""/4096, 0x1000)

05:48:16 executing program 0:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 0:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 0:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 0:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)="c89bef5f2b07bb16cd9a50487f8cc6c846f1eeff896d4ee8dec1874f09d5b9bb5500e895b2da954f0de1a23b6a2c466b7d9c8a", 0x33}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:16 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$VT_GETSTATE(r1, 0x5603, &(0x7f0000000000)={0x8001, 0x3, 0x3ff})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
ioctl$VT_GETSTATE(r1, 0x5603, &(0x7f0000000000)={0x8001, 0x3, 0x3ff}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:16 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x50, 0x0, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_MAX_BE={0x5, 0x10, 0x4}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0xbf}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x2}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x6a}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0xb60c1f9460724a5)
r6 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f0000000100), 0xfffffffffffffffd, 0x604201)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
r8 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x200420)
ioctl$KDFONTOP_SET_DEF(r8, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r7, r8, 0x4}, 0x10)
ioctl$TIOCSIG(r7, 0x40045436, 0x35)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x2)
read$snapshot(r6, &(0x7f0000000340)=""/4096, 0x1000)
r9 = syz_open_dev$vcsa(&(0x7f0000000000), 0x8, 0x800)
r10 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r10, 0x4b72, 0x0)
ioctl$IOC_PR_PREEMPT(r10, 0x401870cb, &(0x7f0000000080)={0x5186, 0x5, 0x80000000, 0x80000001})
ioctl$TIOCCONS(r9, 0x541d)

05:48:16 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)="c89bef5f2b07bb16cd9a50487f8cc6c846f1eeff896d4ee8dec1874f09d5b9bb5500e895b2da954f0de1a23b6a2c466b7d9c8a", 0x33})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:16 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:16 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)="c89bef5f2b07bb16cd9a50487f8cc6c846f1eeff896d4ee8dec1874f09d5b9bb5500e895b2da954f0de1a23b6a2c466b7d9c8a", 0x33}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:16 executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x50, 0x0, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_MAX_BE={0x5, 0x10, 0x4}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0xbf}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x2}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x6a}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0xb60c1f9460724a5)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r6 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)
syz_open_dev$vcsa(&(0x7f0000000100), 0xfffffffffffffffd, 0x604201) (async)
r7 = syz_open_dev$vcsa(&(0x7f0000000100), 0xfffffffffffffffd, 0x604201)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x200420) (async)
r8 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x200420)
ioctl$KDFONTOP_SET_DEF(r8, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r8, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r7, r8, 0x4}, 0x10)
ioctl$TIOCSIG(r7, 0x40045436, 0x35)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x2) (async)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x2)
read$snapshot(r6, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r6, &(0x7f0000000340)=""/4096, 0x1000)
r9 = syz_open_dev$vcsa(&(0x7f0000000000), 0x8, 0x800)
r10 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r10, 0x4b72, 0x0)
ioctl$IOC_PR_PREEMPT(r10, 0x401870cb, &(0x7f0000000080)={0x5186, 0x5, 0x80000000, 0x80000001}) (async)
ioctl$IOC_PR_PREEMPT(r10, 0x401870cb, &(0x7f0000000080)={0x5186, 0x5, 0x80000000, 0x80000001})
ioctl$TIOCCONS(r9, 0x541d)

05:48:16 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:17 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:17 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:17 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x4229c3)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:17 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:17 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x4229c3) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x4229c3)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:17 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x4229c3)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:17 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)

05:48:17 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)

05:48:17 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)

05:48:17 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000000))
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x6, 0x1, 0x6})
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0xf2e)

05:48:17 executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x50, 0x0, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_MAX_BE={0x5, 0x10, 0x4}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0xbf}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x2}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x6a}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0xb60c1f9460724a5) (async)
r6 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0) (async)
r7 = syz_open_dev$vcsa(&(0x7f0000000100), 0xfffffffffffffffd, 0x604201)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
r8 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x200420)
ioctl$KDFONTOP_SET_DEF(r8, 0x4b72, 0x0) (async, rerun: 32)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r7, r8, 0x4}, 0x10) (async, rerun: 32)
ioctl$TIOCSIG(r7, 0x40045436, 0x35)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x2) (async)
read$snapshot(r6, &(0x7f0000000340)=""/4096, 0x1000)
r9 = syz_open_dev$vcsa(&(0x7f0000000000), 0x8, 0x800) (async)
r10 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r10, 0x4b72, 0x0) (async)
ioctl$IOC_PR_PREEMPT(r10, 0x401870cb, &(0x7f0000000080)={0x5186, 0x5, 0x80000000, 0x80000001}) (async)
ioctl$TIOCCONS(r9, 0x541d)

05:48:17 executing program 3:
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000000)={<r0=>0x0})
ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40086409, &(0x7f0000000040)={r0})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:17 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:17 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:17 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000000)) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x6, 0x1, 0x6}) (async)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0xf2e)

05:48:18 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:18 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:18 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:18 executing program 3:
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000000)={<r0=>0x0})
ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40086409, &(0x7f0000000040)={r0}) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:18 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000100)={0x5, &(0x7f00000000c0)=[{}, {}, {}, {<r1=>0x0}, {}]})
ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000140)={r1, 0x1})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000180)={0x7f, 0x8, 0x100})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000000080)={0x1, &(0x7f0000001340)=""/4096, &(0x7f0000000040)=[{0x7, 0x23, 0x0, &(0x7f0000000000)=""/35}]})

05:48:18 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000000))
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x6, 0x1, 0x6}) (async)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0xf2e)

05:48:18 executing program 3:
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000000)={<r0=>0x0})
ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40086409, &(0x7f0000000040)={r0}) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:18 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:18 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:18 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:18 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000100)={0x5, &(0x7f00000000c0)=[{}, {}, {}, {<r1=>0x0}, {}]})
ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000140)={r1, 0x1}) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000180)={0x7f, 0x8, 0x100}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000000080)={0x1, &(0x7f0000001340)=""/4096, &(0x7f0000000040)=[{0x7, 0x23, 0x0, &(0x7f0000000000)=""/35}]})

05:48:19 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0xfffffffffffff801)

05:48:19 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0xd1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:19 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, 0x0, 0x0)

05:48:19 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:19 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000100)={0x5, &(0x7f00000000c0)=[{}, {}, {}, {<r1=>0x0}, {}]})
ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000140)={r1, 0x1})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000180)={0x7f, 0x8, 0x100})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000000080)={0x1, &(0x7f0000001340)=""/4096, &(0x7f0000000040)=[{0x7, 0x23, 0x0, &(0x7f0000000000)=""/35}]})

05:48:19 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0xd1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:19 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0xfffffffffffff801)

05:48:19 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0xd1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:19 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:19 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x185501)
openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000080)={0x1, 0xd1e, 0x10001, 0xff, 0x81, 0x3f, 0x3})

05:48:20 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:20 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, 0x0, 0x0)

05:48:20 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r0}, 0x8)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r2, 0x80083314, &(0x7f0000000040))
r3 = syz_open_dev$audion(&(0x7f0000000080), 0xfff, 0x2000)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r3, 0x3312, 0x3)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, &(0x7f0000000100))
ioctl$SNAPSHOT_FREE(r3, 0x3305)
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_UNBIND(r5, 0x40106437, &(0x7f00000000c0)={0x0, 0xffff})

05:48:20 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0xfffffffffffff801)

05:48:20 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r0}, 0x8)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r2, 0x80083314, &(0x7f0000000040))
r3 = syz_open_dev$audion(&(0x7f0000000080), 0xfff, 0x2000)
ioctl$SNAPSHOT_FREE(r2, 0x3305) (async)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r3, 0x3312, 0x3) (async)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, &(0x7f0000000100)) (async)
ioctl$SNAPSHOT_FREE(r3, 0x3305)
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_UNBIND(r5, 0x40106437, &(0x7f00000000c0)={0x0, 0xffff})

[ 2490.516462] Restarting kernel threads ... done.
05:48:20 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r0}, 0x8)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r2, 0x80083314, &(0x7f0000000040))
r3 = syz_open_dev$audion(&(0x7f0000000080), 0xfff, 0x2000)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r3, 0x3312, 0x3)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, &(0x7f0000000100))
ioctl$SNAPSHOT_FREE(r3, 0x3305)
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_UNBIND(r5, 0x40106437, &(0x7f00000000c0)={0x0, 0xffff})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r0}, 0x8) (async)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0) (async)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r2, 0x80083314, &(0x7f0000000040)) (async)
syz_open_dev$audion(&(0x7f0000000080), 0xfff, 0x2000) (async)
ioctl$SNAPSHOT_FREE(r2, 0x3305) (async)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r3, 0x3312, 0x3) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, &(0x7f0000000100)) (async)
ioctl$SNAPSHOT_FREE(r3, 0x3305) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_AGP_UNBIND(r5, 0x40106437, &(0x7f00000000c0)={0x0, 0xffff}) (async)

[ 2490.542865] Restarting kernel threads ... done.
05:48:20 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

[ 2490.569112] Restarting kernel threads ... done.
[ 2490.575955] Restarting kernel threads ... done.
05:48:20 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:20 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x185501)
openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000080)={0x1, 0xd1e, 0x10001, 0xff, 0x81, 0x3f, 0x3})

05:48:20 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x185501)
openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000080)={0x1, 0xd1e, 0x10001, 0xff, 0x81, 0x3f, 0x3})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x185501) (async)
openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000080)={0x1, 0xd1e, 0x10001, 0xff, 0x81, 0x3f, 0x3}) (async)

05:48:20 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:20 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, 0x0, 0x0)

05:48:20 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000000))

05:48:20 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:20 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, &(0x7f0000000000)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:20 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:21 executing program 3:
ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x3f)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:21 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:21 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, 0x0, 0x0)

05:48:21 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000000))

05:48:21 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x94401, 0x0)
read$snapshot(r1, &(0x7f0000000040)=""/252, 0xfc)

05:48:21 executing program 4:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:21 executing program 4:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:21 executing program 4:
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:21 executing program 4:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:21 executing program 4:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:21 executing program 4:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:21 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:21 executing program 3:
ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x3f) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:21 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, 0x0, 0x0)

05:48:21 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:21 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:21 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x94401, 0x0)
read$snapshot(r1, &(0x7f0000000040)=""/252, 0xfc) (async)
read$snapshot(r1, &(0x7f0000000040)=""/252, 0xfc)

05:48:21 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 64)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000000)) (rerun: 64)

05:48:21 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:21 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:22 executing program 3:
ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x3f) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:22 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, 0x0, 0x0)

05:48:22 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x94401, 0x0)
read$snapshot(r1, &(0x7f0000000040)=""/252, 0xfc)

05:48:22 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x94401, 0x0) (async)
read$snapshot(r1, &(0x7f0000000040)=""/252, 0xfc)

05:48:22 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:22 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f00000000c0), 0x80000001, 0x20680)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_VERSION(r2, 0xc0406400, &(0x7f0000000040)={0x4, 0x1, 0x4, 0xb4, &(0x7f0000000200)=""/180, 0xc7, &(0x7f0000001340)=""/199, 0x1000, &(0x7f0000001440)=""/4096})
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000080))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f0000000000), 0xfffffffffffffffa, 0x200800)
r3 = openat$md(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0)
ioctl$IOC_PR_CLEAR(r3, 0x401070cd, &(0x7f0000000140)={0x2})

05:48:22 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x2, 0x200)
r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0x9, 0x400)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000080)={0x0, <r3=>0x0, 0x2})
ioctl$DRM_IOCTL_AGP_FREE(r2, 0x40206435, &(0x7f00000000c0)={0x0, r3})

05:48:22 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, 0x0, 0x0)

05:48:22 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x94401, 0x0)
read$snapshot(r1, &(0x7f0000000040)=""/252, 0xfc)

05:48:23 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{<r2=>0x0}, {}, {}]})
ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f00000000c0)={r2, 0x2})

05:48:23 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:23 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f00000000c0), 0x80000001, 0x20680) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_VERSION(r2, 0xc0406400, &(0x7f0000000040)={0x4, 0x1, 0x4, 0xb4, &(0x7f0000000200)=""/180, 0xc7, &(0x7f0000001340)=""/199, 0x1000, &(0x7f0000001440)=""/4096})
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000080)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f0000000000), 0xfffffffffffffffa, 0x200800)
r3 = openat$md(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0)
ioctl$IOC_PR_CLEAR(r3, 0x401070cd, &(0x7f0000000140)={0x2})

05:48:23 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f0000000000), 0x2, 0x200) (async)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x2, 0x200)
r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0x9, 0x400)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000080)={0x0, <r3=>0x0, 0x2})
ioctl$DRM_IOCTL_AGP_FREE(r2, 0x40206435, &(0x7f00000000c0)={0x0, r3})

05:48:23 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:23 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x94401, 0x0)
read$snapshot(r1, &(0x7f0000000040)=""/252, 0xfc)

05:48:23 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:23 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r1=>0xffffffffffffffff}) (async)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{<r2=>0x0}, {}, {}]})
ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f00000000c0)={r2, 0x2})

05:48:23 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f00000000c0), 0x80000001, 0x20680)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_VERSION(r2, 0xc0406400, &(0x7f0000000040)={0x4, 0x1, 0x4, 0xb4, &(0x7f0000000200)=""/180, 0xc7, &(0x7f0000001340)=""/199, 0x1000, &(0x7f0000001440)=""/4096}) (async)
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000080)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f0000000000), 0xfffffffffffffffa, 0x200800)
r3 = openat$md(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0)
ioctl$IOC_PR_CLEAR(r3, 0x401070cd, &(0x7f0000000140)={0x2})

05:48:23 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x94401, 0x0)
read$snapshot(r1, &(0x7f0000000040)=""/252, 0xfc)

05:48:24 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000100)={0x5, &(0x7f00000000c0)=[{}, {}, {}, {<r1=>0x0}, {}]})
ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000140)={r1, 0x1})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000180)={0x7f, 0x8, 0x100})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000000080)={0x1, &(0x7f0000001340)=""/4096, &(0x7f0000000040)=[{0x7, 0x23, 0x0, &(0x7f0000000000)=""/35}]})

05:48:24 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:24 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{<r2=>0x0}, {}, {}]})
ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f00000000c0)={r2, 0x2})

05:48:24 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x2, 0x200)
r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0x9, 0x400)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000080)={0x0, <r3=>0x0, 0x2})
ioctl$DRM_IOCTL_AGP_FREE(r2, 0x40206435, &(0x7f00000000c0)={0x0, r3})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f0000000000), 0x2, 0x200) (async)
syz_open_dev$vcsa(&(0x7f0000000040), 0x9, 0x400) (async)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000080)={0x0, 0x0, 0x2}) (async)
ioctl$DRM_IOCTL_AGP_FREE(r2, 0x40206435, &(0x7f00000000c0)={0x0, r3}) (async)

05:48:24 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:24 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:24 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:24 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:24 executing program 1:
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000040)={0x80, 0x5, 0x8, 0x7})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4086, 0xff6)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)

05:48:24 executing program 1:
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000040)={0x80, 0x5, 0x8, 0x7})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4086, 0xff6)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000040)={0x80, 0x5, 0x8, 0x7}) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
read$snapshot(r0, &(0x7f0000000200)=""/4086, 0xff6) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async)

05:48:24 executing program 1:
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000040)={0x80, 0x5, 0x8, 0x7})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
read$snapshot(r0, &(0x7f0000000200)=""/4086, 0xff6)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)

05:48:24 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f0000000000)={0x0, 0x101})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:24 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:25 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:25 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x400000)
read$snapshot(r0, &(0x7f0000000340)=""/4089, 0xff9)

05:48:25 executing program 5:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:25 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x400000)
read$snapshot(r0, &(0x7f0000000340)=""/4089, 0xff9)

05:48:25 executing program 5:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:25 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x400000)
read$snapshot(r0, &(0x7f0000000340)=""/4089, 0xff9)

05:48:25 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:25 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:25 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x105, 0x240500)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000140)={0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$VT_DISALLOCATE(r0, 0x5608)
ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000000)={0xfffffffffffffff7, 0x10001, 0x1})
read$snapshot(r0, &(0x7f0000000040)=""/217, 0xd9)

05:48:25 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x105, 0x240500) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x105, 0x240500)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000140)={0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$VT_DISALLOCATE(r0, 0x5608)
ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000000)={0xfffffffffffffff7, 0x10001, 0x1})
read$snapshot(r0, &(0x7f0000000040)=""/217, 0xd9) (async)
read$snapshot(r0, &(0x7f0000000040)=""/217, 0xd9)

05:48:25 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f0000000000)={0x0, 0x101})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:25 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:25 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:25 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x105, 0x240500)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000140)={0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$VT_DISALLOCATE(r0, 0x5608)
ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000000)={0xfffffffffffffff7, 0x10001, 0x1})
read$snapshot(r0, &(0x7f0000000040)=""/217, 0xd9)
syz_open_dev$audion(&(0x7f00000001c0), 0x105, 0x240500) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000140)) (async)
ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$VT_DISALLOCATE(r0, 0x5608) (async)
ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000000)={0xfffffffffffffff7, 0x10001, 0x1}) (async)
read$snapshot(r0, &(0x7f0000000040)=""/217, 0xd9) (async)

05:48:25 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x30, 0xfa00, {&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x3, {0xa, 0x4e24, 0x10000, @private1, 0xe0000}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f00000000c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000000), r1}}, 0x18)

05:48:25 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x10000000009, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
syz_open_pts(r2, 0x422040)
ioctl$TCSBRK(r1, 0x5409, 0x4)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:25 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:25 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001240)=""/4122, 0x101a)

05:48:25 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f0000000000)={0x0, 0x101}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:26 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000040)={<r4=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000080)={<r5=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[r3, r4, 0x0, 0x0, 0x0, r5, 0x0], &(0x7f0000000140)=[0x30d31157, 0x1, 0x27f7, 0x3, 0xfffffffffffffffe, 0x7fff, 0x7fffffffffffffff], 0x7, 0x1})
read$snapshot(r1, &(0x7f0000001200)=""/4096, 0x1000)

05:48:26 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000040)={<r4=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000080)={0x0, 0x1, r0}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000080)={<r5=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[r3, r4, 0x0, 0x0, 0x0, r5, 0x0], &(0x7f0000000140)=[0x30d31157, 0x1, 0x27f7, 0x3, 0xfffffffffffffffe, 0x7fff, 0x7fffffffffffffff], 0x7, 0x1})
read$snapshot(r1, &(0x7f0000001200)=""/4096, 0x1000) (async)
read$snapshot(r1, &(0x7f0000001200)=""/4096, 0x1000)

05:48:26 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0, 0x1, r0}) (async, rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000040)={<r4=>0x0, 0x0, r1}) (async, rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000080)={<r5=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[r3, r4, 0x0, 0x0, 0x0, r5, 0x0], &(0x7f0000000140)=[0x30d31157, 0x1, 0x27f7, 0x3, 0xfffffffffffffffe, 0x7fff, 0x7fffffffffffffff], 0x7, 0x1})
read$snapshot(r1, &(0x7f0000001200)=""/4096, 0x1000)

05:48:26 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0xd2000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:26 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0xd2000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:26 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000040)={<r4=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000080)={<r5=>0x0, 0x1, r0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[r3, r4, 0x0, 0x0, 0x0, r5, 0x0], &(0x7f0000000140)=[0x30d31157, 0x1, 0x27f7, 0x3, 0xfffffffffffffffe, 0x7fff, 0x7fffffffffffffff], 0x7, 0x1})
read$snapshot(r1, &(0x7f0000001200)=""/4096, 0x1000)

05:48:26 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0xd2000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:26 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x30, 0xfa00, {&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x3, {0xa, 0x4e24, 0x10000, @private1, 0xe0000}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f00000000c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000000), r1}}, 0x18)

05:48:26 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4075, 0xfeb)

05:48:26 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5)

05:48:26 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001240)=""/4122, 0x101a)

05:48:26 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x30, 0xfa00, {&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x3, {0xa, 0x4e24, 0x10000, @private1, 0xe0000}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f00000000c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000000), r1}}, 0x18)

05:48:26 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x201)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000001340)={0x122c, 0x12, 0x200, 0x70bd2b, 0x25dfdbff, {0x29, 0x9, 0xe1, 0x6, {0x4e22, 0x4e24, [0x4, 0x4, 0x7, 0x21], [0xfff, 0x734, 0x9, 0x1], 0x0, [0x3, 0xfff]}, 0x3ff, 0x3}, [@INET_DIAG_REQ_BYTECODE={0xf7, 0x1, "ed28be7d3f1a8eec10f1530f84dcff085b172a7eda28b7834b556ec9c35b44e4da0adb4eabdd36bc298c4215d49d811f145199a9802731b18ffffaef5ce7e67a41ec25c96db9ba88843ccd7f00b95447dc8d73065e3ae07fcfa29118ecfc5cb37c0185b72b537e3c7e0a2decce746cea7947c8dd4e228556986cbe4c639fb9458ab3da00a7de201178b4cf908adddde84b5e2033d536a344ff653a6553bddd36596771fd2146e3665275914e2ee8ae9402e0736eba6efefbab76465139a828c9ee71312f1824a7b72ae28d34029cddf824267a67107add1c58f45b4ce2c163b44a7c5aee80c0eafe4a768baa3241a03d347090"}, @INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "64a75c641f9ce6c0d72290d0ed628959f47ca81041c2dd0116b1f19a1ba16697dde5ad07ac6c4c256e20ce9550dd7914fa78cd1d50c5e32172619661bd68de6ea02c0a55e88c3290836cfa577bf5649eaa112396e5608b193312791349105c5a0fe0f7215a9bbbc973fe7624d484e0d4a1462f9a859439cbd589c190e214b69154cd0bfd077ce1be350031e880d8aa337030aa2d64a385c30ac9422a0610b78ea55136a898c8e4ceb60f3fd836248285833e6d76d5494ede20d26b380e9e51de84e800a21521acfba5384042b34126c1371e2174c74811580ba94b2042e27a9258b1112f7091b99b369a7d2f6559cab8b5b1dc7747be8bf12000d05f5edab618a14dec8eb70bf948f274e1e03b8c4ffe71849d72a1cb03eb84018214d98f949f6816d901f9a336844ad7643c9efdc0821401530f48439b4e69758e934f56b383f18a4660188445b4eaacce67b49797176feca520055dcfd1dd21eee58a68873fc8a8219b7ed84eb3d7b05194a235214eae1f65d32063f7d3f4f1d99fdb58cf35426a0a8bde696f44a723359ec69e3e43d46aa2a87e27903358de80591a3168a92e608c9214dee571e9d337fbe58e94f45b2552f0fddfa57242bd6d79b8b5f425169c2b6ad388c54f63d7febeb74a1d5c0c70b7740f009af4c4828762c80ada937f8482c12d0dd3c4330b512a40545b2e61e93bef0c58dc17bc696fb3d2aa5930f31a049a557e17f2631d221743c52d2caaf07cd53d4c0ddabb602e4fde3637c544c3bd469b6bb9741db419a7bc90ba762d9c1976dff2c75cfeb1e7df19bb55b5dd61e41572fd8e17a958f64f7d4da12a0f9cbc870155b9b64554e0e2d0884dfcbfcc50c4bceb1ea6f46df1dc4714c17cbb71b8635d5bda6564c94b6d3508cdfe335b26123f6c8965f3c287297c556cc9ae0f885a50c28be2a53d85f307a50dde6fdebf8a35b1b8149f5236fb4e7ed013ba51f671f39ff7188462e7800c41e9a4d45246ad8bb8a91871b8e142fd998a956c4637b0ff0d549ad92467e0d36ddc7129176dbff1f1bed0f4f56a073b723d4ac32ab2e664b3d1de8d7636573bf8e201809892d3b8f1279326fb41a6d8542fdd6f6191d9e4a45c38c5ce5530b595a4b114aa9291f7ea48b212fca3e19105f76fe46537858facc4c51e69d45c89362312273fcc8908988efef67ce14c39e4740a66bad82bd3feefae187ab7552a34664277fb2b7492fb9dac2a26341b6f1f86be805d3ff28fc0d6a2a77782cb6cdbb429929573b20694df253cc805ea6af58ae200866a6f55dbbbf2db8255d68030d95e54f570a0df9577758f74a4398a9fbc7ccb14fec4e7048295358e37c163d5be99bbdced744a4153cfc9d6f68ab62d9097c43a266610828b9d0a4a57bd9acdcecc0076d1161a6f51fbbe0fc32d7f12b0b0dbcbc0ece6822417ae754f8539a41b6caa50bcc7c44a25bab2c4721ce6d0ec3e26d3888fb35d6369509475fa5bcc7a46799acb6462a9f4bf0fc38d0c7bd2f1b021cb1fa29191de0c35995f6ceb6b9977f4662665936271f7d1709415b0e46585fc632ed8e2e5af4a68662fb4f7921467256a542eaaebf052cc3a91fb1a57601033f3d168c1a0d5590d59761352a7e5cb813ea3da5d4835f457c01e3e5c2652e1c6ac0c52a4cef0ded723a81fa5bfab6743e49cdd6de3f3654ad2d1d324215ae8fa117c71f5984cbcca6f5675c1d89b7b481bd8bbaf05aa7703276a7ed525527a0b733f4bcf24a7b79915432c92832cc3f3eb4c66d399e87f609274d41207977ddb88d021d9a551f6394302cad38cf0208f9b56f59d9f96c469e5709d030ab7d6bda1c1af67bc63a91c99457e5dcf75c1906c8013475d76d52232d67393e661e68db14acb71b744cee377a3607a58441ac88f8a10935062d302a0a19bde29b65da1a74d8b186440ff6e08c7cf0d93e5e51d8e37e6c90978d546a90c0809276f84c8b74438d20623b620216b4690be0874bac585c8520a52e855b03a07184a17c931b9c43287210e545d2b1da7747f397920923514ea32cce75bb870e10319ca11221c106fdc5c920bdf0227fb078a64d2e425860f6d934577e3ff8bc59448961cd9880d687b86a852ee86f2d65a894ee40f7e2646dfaf4ae3809f00ad211d652d4a5e5ba2418e8cc401b669f404ec65ec724b28b0b7501be06ade7c8d6a8f09bb348e5f3dfa2035cb52a0a6d473c2a372b2aa160bf1ba8b2d7f1323fbaced6739fcb6d39196d3fa81207aef704161b2615c5fc7643ac2b302dda6a523722b091fe6887c7192b86711485125da3ff99661ad5e6f12d63e1ef2c4e024ae9ffad10cb8a51dea442d73c969bca368d4836ee91e941ba7e2c7c53379ae2ee619816f2940da68175a31178781b51c2673b2c10c30581f5795f819dfc4f241cd8cd90536dd4f6a17f99a7d344d8b6c68741881ef7c774aba5bcdae5e4670fd4152679a97c6b58e48af43ec52d05912dd6d7a14185b7c626bb1b07aff130cc44ffdac6b14911cd1cb14cf8e210728bea56dcc85a911e63cc88534f3d696d3898d155fd560fdefbd1e49040de550c1533e65060b52d70d490f43a49738f3bc1f7cf9c53cafe6f2f5e63098712543c33fb67ed8b15b25481ca62b7f535a13944e0278d8df8eea2d81a10a8bb9ec46e07178af634b98bb3c7e1910297cd1f6b8ef28e5f6cf53026f0dd6ce3ae83b8c095f817d14bc617939b96547ba0395fb402f374e3669fb9b695f8d5e2795a9aa1d0ea93e5d9c37b9caeafb67bc041a272350fb50290f63b37ee438bbd5f788e78bc14f6072bf22c414353421716fc3de5a93758fe49c49a7c1af1dc17e83cf80b1b78d005adb555c4b7de152022b42020a602b27844345d120afe98dbf04d82b30b439cf36268ba6c630bcfee1b7e9da780ac2bf37dea7c5225618251840d3d9bece90177931b98584ff2bb28e7bf0e4db86e887fc23e5dae575c595ebf685bfe593790548aa4c2e0d38d5967a7cf2c4437161d3e405fcb980ea5e35b74454107d8853eeddc451da12dd38f1256c24cbc36ddb08b91f7f271a7a783a45f4cf719d8d62eb896982fe187bfe915a67684eb0040b6fe54eb8184ccb5039423c2310eab170990098c55a63cd9950112a72504f4081d4487d83c0353b7db4cfcd4c6c4dfe8ff4e68abcc12290ba76dac8bc680b3a6149317e78c8e2ff7a62943ad97f82c268f9fdcebbddc26892e486b1fd7dae97d00f6f841b2fc562d7126989adf71f31d4dde990749df17744e2a69fc9ca6cfd4113d46c03db11dd29567b16057546e07edb40275a1e10ddb1e5d4768643d60021f7b210f76e13ccae6e9fe04b49f6b8f3629b147e613d50267610eb099283349025715c3b68ffd84ca5249c831a82e9de2e588e17e2f5497093298edb289a0a9eb2c33ec2409731263dff0abde51f02d3e2130cf68c712abd1dd27ee88c9019872727385074f4ffab96037faa2b8e6683e42140730035f3f6d08c9d50b75eec2949788e82f2db04d82509fe7053c1c7f0e51fe038c03f4f4ca731a0c3055b76e386c43a8d2bcff95ff55e1555c5c88db7760693f7b2814847356529361aafb9109e62f969243c4fc7b97a305b1b8c57d62eaca73de61ac1ca941683b1d0471b81fdec4d44f28229331ada2e86558cbc5eb3d2f631171046fe9bc63ff45f08bc6f63778ace1bce2e9e2f69a3f637fa64007cd3076d42ecf51eb199e1e356aa22e078a6e1e69e1127dee67be9173947bc03c74cfd030198bcd62e5c0e76fb2545a9150c00533a390e6e88d3fc6899f62a2217e47dc3463fc2e3b4b8efef986c0889cf05f8e6dc0236c0a913583dcd1f0a1ecfd273665dacc9952612f543ee9cef3a68ea1dfaf4eb9328ae14e1adcd40b2db070dc96895d014f6fd922dca33c09dcfaa049f08533bb889929b00126093bd616cef4638a6a6cd8aba5cc66405cad3fd9dc5beac447dd2818971893920cb205211372854ccf2d6a0d9e4ec80ab5c0e2c1eab2f6872229775996163effecfd70f6888a80e67833da00ee39697928fed0590314bbf14168ba893d6a0bf762170b56d3133689184601325e16621a5cfcb747000ef3632a5c407883b47d903877effc9081b7fd7165609858544b3843788cfd8344fd814dfc21252446184bddba420e93d661e6417eaf342ff59403f991822d428dbebd712ee3182940438e651606b25e4835a242d28add1951deac102b030902b0ddb6636f96ebac29610c6d77a1d93f60100f03d5c26523def0948d7de659f45cf0a00c7f652f5084f13ea35947fe3b6fb2c797ef9d55b10838ca2791ae588a53fba2ca552638e3907f2f26c4eb71ede39bfe13774a20e26c140980df469caa0b91a30d0cafba9d8543f42724cf34bffe4f0a7c26e3ea73a25694b74b25dd4a216d4dd60e232fe24385c5f2047640c2329fd415c5ec00ebd0cba6e30310f18679a57a4e14b1a8d553d81aefca5f921183ed550f36f581e0cec17211e097beb164c0e01014a71e4b40b993f40963ba2cf6567e85ade5dd99138c08c794b0798740b82ec92b61a5ce6f5913ba39a94f6dc961ed8cc319fca64785be30832d81206ca226c4b0b0e28baac57327e06787c8d2e0f74230c27cac83892350b80902a934a3c39feace4fa4fa5880072faf5491c09154ac3abab0be4f7e87ff3bf6485dc9dd72eaf3ea2e9b34e51acac98eab7fb0c9d66f63a7876837df58ee2a7b6a13cd82dab756022b6efd48e804be9fc7694084feb44c6c78dd7a28800e042f7f8eb07382b604b01daa74c86fc09d51f4c1adabc7babeb9c8fc5883e26331de429cacf6d7b13dde73197f72c858f82434640bb674a7b8125fe79d6e8debc28c4a55080b1f8e86909b982fcebe7f82d71049425b3923ea159547a4b9e282d45266dee8e797d740371337950afe1fd2fb938cbdc9c064da5dbfbc3089a6006180b95e513c9c39dd4b9da113e7be36107fbe02e85a239c25490946c6d308fba4ddeaccb6543ee36365e6b2c4cf56dd92c6acd91b1ae5424f2efe4548fe4221895cf1e2408e12838f42e400f1ddd3adf5ee4480837c104575d0f38069e0f545ddd2815c5d773d36064f43b0d9344cc09003aada33cc96b079cb25fa6f91c665eb08842469e0916e297bccfddea8dbe956025adf31880b62435a7115e34ef0017ee5ec58cd40762cd0f79d696b77baa74eb3cc3628ab1a4efb5ec0ef3d88f3a7af84ce3005beb3714762afd53b9185a2bb074c38941287367271043dfeb4760995501141a6903147471a07d8cd6abbe6f92514a96ebcfd6db34122e3f33bfdf130c4720d323817d526832313845b79706003923d3bb63bd33f5f2c5c7295f99ecddf3122d3c87a384333944a006ad7025f5f0ae12324e9ecd930ff0a4ecd96fb9e1c4ded9139e410a3e4fd6d9e5cb88bdac8babb442e0ae59d8bf92b86a00e56cb771eb122ba30c0f6685c9e45ed08d5bd559b544d44b96e0872fbd739fc9504d992acdf8e076c717ec9601052ff98f6154f9a44b5ce8cdc18da2a0c7c569807df9e5024aca4630f4c71e5a60b0e19c9801a659d1293bfd9c4686fd548b465e512b8c799b90352605116cdce28258db23766ee1ec4f4630fedc0402a0dcbaf99d22a860cac16c88bf6802b88f65e75036b9a21ceed6e4ae0011006606cafddedc54bb1c1a0366e2b3c366aa256cb94e62565387dc3a6dfcfe7766ac07212373c0caa58aa385b34c263caf75c2b31057c75ee18737e1cec645dd88b3903e2edbb64c63de3c8bb0c2a13ec7884154ced69f731a90bb751a"}, @INET_DIAG_REQ_BYTECODE={0xe2, 0x1, "7446d1a0c84171be7d067e8213b3d0d0334d61ec67989f71b5656661a0faf23715ee8adb3a81251b88c382cc3ef35c0a690da37cb766bc7fa6349aba06d0ea91e951122430721eac2c8421c1efcdb1bda40049de6241ee390ccf9e8d04ff25f970053e79c1166b3144fd9c629181939199584f5e8cd930b665fb3cc2b87112d5ffe9b78babb8b57ff56528c7bbace1ec2d9a4f59c2cf9b784b7891bd667a61ed7f65fe3f947e2ef1f639b1be7ae8971d827572c918171ea6cba85698a0d15982b5a63347af3953e3c77282732975ba66207b4e24358d2fcbccf91a74377f"}]}, 0x122c}, 0x1, 0x0, 0x0, 0x20000000}, 0x2)

05:48:26 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x201)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000001340)={0x122c, 0x12, 0x200, 0x70bd2b, 0x25dfdbff, {0x29, 0x9, 0xe1, 0x6, {0x4e22, 0x4e24, [0x4, 0x4, 0x7, 0x21], [0xfff, 0x734, 0x9, 0x1], 0x0, [0x3, 0xfff]}, 0x3ff, 0x3}, [@INET_DIAG_REQ_BYTECODE={0xf7, 0x1, "ed28be7d3f1a8eec10f1530f84dcff085b172a7eda28b7834b556ec9c35b44e4da0adb4eabdd36bc298c4215d49d811f145199a9802731b18ffffaef5ce7e67a41ec25c96db9ba88843ccd7f00b95447dc8d73065e3ae07fcfa29118ecfc5cb37c0185b72b537e3c7e0a2decce746cea7947c8dd4e228556986cbe4c639fb9458ab3da00a7de201178b4cf908adddde84b5e2033d536a344ff653a6553bddd36596771fd2146e3665275914e2ee8ae9402e0736eba6efefbab76465139a828c9ee71312f1824a7b72ae28d34029cddf824267a67107add1c58f45b4ce2c163b44a7c5aee80c0eafe4a768baa3241a03d347090"}, @INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "64a75c641f9ce6c0d72290d0ed628959f47ca81041c2dd0116b1f19a1ba16697dde5ad07ac6c4c256e20ce9550dd7914fa78cd1d50c5e32172619661bd68de6ea02c0a55e88c3290836cfa577bf5649eaa112396e5608b193312791349105c5a0fe0f7215a9bbbc973fe7624d484e0d4a1462f9a859439cbd589c190e214b69154cd0bfd077ce1be350031e880d8aa337030aa2d64a385c30ac9422a0610b78ea55136a898c8e4ceb60f3fd836248285833e6d76d5494ede20d26b380e9e51de84e800a21521acfba5384042b34126c1371e2174c74811580ba94b2042e27a9258b1112f7091b99b369a7d2f6559cab8b5b1dc7747be8bf12000d05f5edab618a14dec8eb70bf948f274e1e03b8c4ffe71849d72a1cb03eb84018214d98f949f6816d901f9a336844ad7643c9efdc0821401530f48439b4e69758e934f56b383f18a4660188445b4eaacce67b49797176feca520055dcfd1dd21eee58a68873fc8a8219b7ed84eb3d7b05194a235214eae1f65d32063f7d3f4f1d99fdb58cf35426a0a8bde696f44a723359ec69e3e43d46aa2a87e27903358de80591a3168a92e608c9214dee571e9d337fbe58e94f45b2552f0fddfa57242bd6d79b8b5f425169c2b6ad388c54f63d7febeb74a1d5c0c70b7740f009af4c4828762c80ada937f8482c12d0dd3c4330b512a40545b2e61e93bef0c58dc17bc696fb3d2aa5930f31a049a557e17f2631d221743c52d2caaf07cd53d4c0ddabb602e4fde3637c544c3bd469b6bb9741db419a7bc90ba762d9c1976dff2c75cfeb1e7df19bb55b5dd61e41572fd8e17a958f64f7d4da12a0f9cbc870155b9b64554e0e2d0884dfcbfcc50c4bceb1ea6f46df1dc4714c17cbb71b8635d5bda6564c94b6d3508cdfe335b26123f6c8965f3c287297c556cc9ae0f885a50c28be2a53d85f307a50dde6fdebf8a35b1b8149f5236fb4e7ed013ba51f671f39ff7188462e7800c41e9a4d45246ad8bb8a91871b8e142fd998a956c4637b0ff0d549ad92467e0d36ddc7129176dbff1f1bed0f4f56a073b723d4ac32ab2e664b3d1de8d7636573bf8e201809892d3b8f1279326fb41a6d8542fdd6f6191d9e4a45c38c5ce5530b595a4b114aa9291f7ea48b212fca3e19105f76fe46537858facc4c51e69d45c89362312273fcc8908988efef67ce14c39e4740a66bad82bd3feefae187ab7552a34664277fb2b7492fb9dac2a26341b6f1f86be805d3ff28fc0d6a2a77782cb6cdbb429929573b20694df253cc805ea6af58ae200866a6f55dbbbf2db8255d68030d95e54f570a0df9577758f74a4398a9fbc7ccb14fec4e7048295358e37c163d5be99bbdced744a4153cfc9d6f68ab62d9097c43a266610828b9d0a4a57bd9acdcecc0076d1161a6f51fbbe0fc32d7f12b0b0dbcbc0ece6822417ae754f8539a41b6caa50bcc7c44a25bab2c4721ce6d0ec3e26d3888fb35d6369509475fa5bcc7a46799acb6462a9f4bf0fc38d0c7bd2f1b021cb1fa29191de0c35995f6ceb6b9977f4662665936271f7d1709415b0e46585fc632ed8e2e5af4a68662fb4f7921467256a542eaaebf052cc3a91fb1a57601033f3d168c1a0d5590d59761352a7e5cb813ea3da5d4835f457c01e3e5c2652e1c6ac0c52a4cef0ded723a81fa5bfab6743e49cdd6de3f3654ad2d1d324215ae8fa117c71f5984cbcca6f5675c1d89b7b481bd8bbaf05aa7703276a7ed525527a0b733f4bcf24a7b79915432c92832cc3f3eb4c66d399e87f609274d41207977ddb88d021d9a551f6394302cad38cf0208f9b56f59d9f96c469e5709d030ab7d6bda1c1af67bc63a91c99457e5dcf75c1906c8013475d76d52232d67393e661e68db14acb71b744cee377a3607a58441ac88f8a10935062d302a0a19bde29b65da1a74d8b186440ff6e08c7cf0d93e5e51d8e37e6c90978d546a90c0809276f84c8b74438d20623b620216b4690be0874bac585c8520a52e855b03a07184a17c931b9c43287210e545d2b1da7747f397920923514ea32cce75bb870e10319ca11221c106fdc5c920bdf0227fb078a64d2e425860f6d934577e3ff8bc59448961cd9880d687b86a852ee86f2d65a894ee40f7e2646dfaf4ae3809f00ad211d652d4a5e5ba2418e8cc401b669f404ec65ec724b28b0b7501be06ade7c8d6a8f09bb348e5f3dfa2035cb52a0a6d473c2a372b2aa160bf1ba8b2d7f1323fbaced6739fcb6d39196d3fa81207aef704161b2615c5fc7643ac2b302dda6a523722b091fe6887c7192b86711485125da3ff99661ad5e6f12d63e1ef2c4e024ae9ffad10cb8a51dea442d73c969bca368d4836ee91e941ba7e2c7c53379ae2ee619816f2940da68175a31178781b51c2673b2c10c30581f5795f819dfc4f241cd8cd90536dd4f6a17f99a7d344d8b6c68741881ef7c774aba5bcdae5e4670fd4152679a97c6b58e48af43ec52d05912dd6d7a14185b7c626bb1b07aff130cc44ffdac6b14911cd1cb14cf8e210728bea56dcc85a911e63cc88534f3d696d3898d155fd560fdefbd1e49040de550c1533e65060b52d70d490f43a49738f3bc1f7cf9c53cafe6f2f5e63098712543c33fb67ed8b15b25481ca62b7f535a13944e0278d8df8eea2d81a10a8bb9ec46e07178af634b98bb3c7e1910297cd1f6b8ef28e5f6cf53026f0dd6ce3ae83b8c095f817d14bc617939b96547ba0395fb402f374e3669fb9b695f8d5e2795a9aa1d0ea93e5d9c37b9caeafb67bc041a272350fb50290f63b37ee438bbd5f788e78bc14f6072bf22c414353421716fc3de5a93758fe49c49a7c1af1dc17e83cf80b1b78d005adb555c4b7de152022b42020a602b27844345d120afe98dbf04d82b30b439cf36268ba6c630bcfee1b7e9da780ac2bf37dea7c5225618251840d3d9bece90177931b98584ff2bb28e7bf0e4db86e887fc23e5dae575c595ebf685bfe593790548aa4c2e0d38d5967a7cf2c4437161d3e405fcb980ea5e35b74454107d8853eeddc451da12dd38f1256c24cbc36ddb08b91f7f271a7a783a45f4cf719d8d62eb896982fe187bfe915a67684eb0040b6fe54eb8184ccb5039423c2310eab170990098c55a63cd9950112a72504f4081d4487d83c0353b7db4cfcd4c6c4dfe8ff4e68abcc12290ba76dac8bc680b3a6149317e78c8e2ff7a62943ad97f82c268f9fdcebbddc26892e486b1fd7dae97d00f6f841b2fc562d7126989adf71f31d4dde990749df17744e2a69fc9ca6cfd4113d46c03db11dd29567b16057546e07edb40275a1e10ddb1e5d4768643d60021f7b210f76e13ccae6e9fe04b49f6b8f3629b147e613d50267610eb099283349025715c3b68ffd84ca5249c831a82e9de2e588e17e2f5497093298edb289a0a9eb2c33ec2409731263dff0abde51f02d3e2130cf68c712abd1dd27ee88c9019872727385074f4ffab96037faa2b8e6683e42140730035f3f6d08c9d50b75eec2949788e82f2db04d82509fe7053c1c7f0e51fe038c03f4f4ca731a0c3055b76e386c43a8d2bcff95ff55e1555c5c88db7760693f7b2814847356529361aafb9109e62f969243c4fc7b97a305b1b8c57d62eaca73de61ac1ca941683b1d0471b81fdec4d44f28229331ada2e86558cbc5eb3d2f631171046fe9bc63ff45f08bc6f63778ace1bce2e9e2f69a3f637fa64007cd3076d42ecf51eb199e1e356aa22e078a6e1e69e1127dee67be9173947bc03c74cfd030198bcd62e5c0e76fb2545a9150c00533a390e6e88d3fc6899f62a2217e47dc3463fc2e3b4b8efef986c0889cf05f8e6dc0236c0a913583dcd1f0a1ecfd273665dacc9952612f543ee9cef3a68ea1dfaf4eb9328ae14e1adcd40b2db070dc96895d014f6fd922dca33c09dcfaa049f08533bb889929b00126093bd616cef4638a6a6cd8aba5cc66405cad3fd9dc5beac447dd2818971893920cb205211372854ccf2d6a0d9e4ec80ab5c0e2c1eab2f6872229775996163effecfd70f6888a80e67833da00ee39697928fed0590314bbf14168ba893d6a0bf762170b56d3133689184601325e16621a5cfcb747000ef3632a5c407883b47d903877effc9081b7fd7165609858544b3843788cfd8344fd814dfc21252446184bddba420e93d661e6417eaf342ff59403f991822d428dbebd712ee3182940438e651606b25e4835a242d28add1951deac102b030902b0ddb6636f96ebac29610c6d77a1d93f60100f03d5c26523def0948d7de659f45cf0a00c7f652f5084f13ea35947fe3b6fb2c797ef9d55b10838ca2791ae588a53fba2ca552638e3907f2f26c4eb71ede39bfe13774a20e26c140980df469caa0b91a30d0cafba9d8543f42724cf34bffe4f0a7c26e3ea73a25694b74b25dd4a216d4dd60e232fe24385c5f2047640c2329fd415c5ec00ebd0cba6e30310f18679a57a4e14b1a8d553d81aefca5f921183ed550f36f581e0cec17211e097beb164c0e01014a71e4b40b993f40963ba2cf6567e85ade5dd99138c08c794b0798740b82ec92b61a5ce6f5913ba39a94f6dc961ed8cc319fca64785be30832d81206ca226c4b0b0e28baac57327e06787c8d2e0f74230c27cac83892350b80902a934a3c39feace4fa4fa5880072faf5491c09154ac3abab0be4f7e87ff3bf6485dc9dd72eaf3ea2e9b34e51acac98eab7fb0c9d66f63a7876837df58ee2a7b6a13cd82dab756022b6efd48e804be9fc7694084feb44c6c78dd7a28800e042f7f8eb07382b604b01daa74c86fc09d51f4c1adabc7babeb9c8fc5883e26331de429cacf6d7b13dde73197f72c858f82434640bb674a7b8125fe79d6e8debc28c4a55080b1f8e86909b982fcebe7f82d71049425b3923ea159547a4b9e282d45266dee8e797d740371337950afe1fd2fb938cbdc9c064da5dbfbc3089a6006180b95e513c9c39dd4b9da113e7be36107fbe02e85a239c25490946c6d308fba4ddeaccb6543ee36365e6b2c4cf56dd92c6acd91b1ae5424f2efe4548fe4221895cf1e2408e12838f42e400f1ddd3adf5ee4480837c104575d0f38069e0f545ddd2815c5d773d36064f43b0d9344cc09003aada33cc96b079cb25fa6f91c665eb08842469e0916e297bccfddea8dbe956025adf31880b62435a7115e34ef0017ee5ec58cd40762cd0f79d696b77baa74eb3cc3628ab1a4efb5ec0ef3d88f3a7af84ce3005beb3714762afd53b9185a2bb074c38941287367271043dfeb4760995501141a6903147471a07d8cd6abbe6f92514a96ebcfd6db34122e3f33bfdf130c4720d323817d526832313845b79706003923d3bb63bd33f5f2c5c7295f99ecddf3122d3c87a384333944a006ad7025f5f0ae12324e9ecd930ff0a4ecd96fb9e1c4ded9139e410a3e4fd6d9e5cb88bdac8babb442e0ae59d8bf92b86a00e56cb771eb122ba30c0f6685c9e45ed08d5bd559b544d44b96e0872fbd739fc9504d992acdf8e076c717ec9601052ff98f6154f9a44b5ce8cdc18da2a0c7c569807df9e5024aca4630f4c71e5a60b0e19c9801a659d1293bfd9c4686fd548b465e512b8c799b90352605116cdce28258db23766ee1ec4f4630fedc0402a0dcbaf99d22a860cac16c88bf6802b88f65e75036b9a21ceed6e4ae0011006606cafddedc54bb1c1a0366e2b3c366aa256cb94e62565387dc3a6dfcfe7766ac07212373c0caa58aa385b34c263caf75c2b31057c75ee18737e1cec645dd88b3903e2edbb64c63de3c8bb0c2a13ec7884154ced69f731a90bb751a"}, @INET_DIAG_REQ_BYTECODE={0xe2, 0x1, "7446d1a0c84171be7d067e8213b3d0d0334d61ec67989f71b5656661a0faf23715ee8adb3a81251b88c382cc3ef35c0a690da37cb766bc7fa6349aba06d0ea91e951122430721eac2c8421c1efcdb1bda40049de6241ee390ccf9e8d04ff25f970053e79c1166b3144fd9c629181939199584f5e8cd930b665fb3cc2b87112d5ffe9b78babb8b57ff56528c7bbace1ec2d9a4f59c2cf9b784b7891bd667a61ed7f65fe3f947e2ef1f639b1be7ae8971d827572c918171ea6cba85698a0d15982b5a63347af3953e3c77282732975ba66207b4e24358d2fcbccf91a74377f"}]}, 0x122c}, 0x1, 0x0, 0x0, 0x20000000}, 0x2) (async)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000001340)={0x122c, 0x12, 0x200, 0x70bd2b, 0x25dfdbff, {0x29, 0x9, 0xe1, 0x6, {0x4e22, 0x4e24, [0x4, 0x4, 0x7, 0x21], [0xfff, 0x734, 0x9, 0x1], 0x0, [0x3, 0xfff]}, 0x3ff, 0x3}, [@INET_DIAG_REQ_BYTECODE={0xf7, 0x1, "ed28be7d3f1a8eec10f1530f84dcff085b172a7eda28b7834b556ec9c35b44e4da0adb4eabdd36bc298c4215d49d811f145199a9802731b18ffffaef5ce7e67a41ec25c96db9ba88843ccd7f00b95447dc8d73065e3ae07fcfa29118ecfc5cb37c0185b72b537e3c7e0a2decce746cea7947c8dd4e228556986cbe4c639fb9458ab3da00a7de201178b4cf908adddde84b5e2033d536a344ff653a6553bddd36596771fd2146e3665275914e2ee8ae9402e0736eba6efefbab76465139a828c9ee71312f1824a7b72ae28d34029cddf824267a67107add1c58f45b4ce2c163b44a7c5aee80c0eafe4a768baa3241a03d347090"}, @INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "64a75c641f9ce6c0d72290d0ed628959f47ca81041c2dd0116b1f19a1ba16697dde5ad07ac6c4c256e20ce9550dd7914fa78cd1d50c5e32172619661bd68de6ea02c0a55e88c3290836cfa577bf5649eaa112396e5608b193312791349105c5a0fe0f7215a9bbbc973fe7624d484e0d4a1462f9a859439cbd589c190e214b69154cd0bfd077ce1be350031e880d8aa337030aa2d64a385c30ac9422a0610b78ea55136a898c8e4ceb60f3fd836248285833e6d76d5494ede20d26b380e9e51de84e800a21521acfba5384042b34126c1371e2174c74811580ba94b2042e27a9258b1112f7091b99b369a7d2f6559cab8b5b1dc7747be8bf12000d05f5edab618a14dec8eb70bf948f274e1e03b8c4ffe71849d72a1cb03eb84018214d98f949f6816d901f9a336844ad7643c9efdc0821401530f48439b4e69758e934f56b383f18a4660188445b4eaacce67b49797176feca520055dcfd1dd21eee58a68873fc8a8219b7ed84eb3d7b05194a235214eae1f65d32063f7d3f4f1d99fdb58cf35426a0a8bde696f44a723359ec69e3e43d46aa2a87e27903358de80591a3168a92e608c9214dee571e9d337fbe58e94f45b2552f0fddfa57242bd6d79b8b5f425169c2b6ad388c54f63d7febeb74a1d5c0c70b7740f009af4c4828762c80ada937f8482c12d0dd3c4330b512a40545b2e61e93bef0c58dc17bc696fb3d2aa5930f31a049a557e17f2631d221743c52d2caaf07cd53d4c0ddabb602e4fde3637c544c3bd469b6bb9741db419a7bc90ba762d9c1976dff2c75cfeb1e7df19bb55b5dd61e41572fd8e17a958f64f7d4da12a0f9cbc870155b9b64554e0e2d0884dfcbfcc50c4bceb1ea6f46df1dc4714c17cbb71b8635d5bda6564c94b6d3508cdfe335b26123f6c8965f3c287297c556cc9ae0f885a50c28be2a53d85f307a50dde6fdebf8a35b1b8149f5236fb4e7ed013ba51f671f39ff7188462e7800c41e9a4d45246ad8bb8a91871b8e142fd998a956c4637b0ff0d549ad92467e0d36ddc7129176dbff1f1bed0f4f56a073b723d4ac32ab2e664b3d1de8d7636573bf8e201809892d3b8f1279326fb41a6d8542fdd6f6191d9e4a45c38c5ce5530b595a4b114aa9291f7ea48b212fca3e19105f76fe46537858facc4c51e69d45c89362312273fcc8908988efef67ce14c39e4740a66bad82bd3feefae187ab7552a34664277fb2b7492fb9dac2a26341b6f1f86be805d3ff28fc0d6a2a77782cb6cdbb429929573b20694df253cc805ea6af58ae200866a6f55dbbbf2db8255d68030d95e54f570a0df9577758f74a4398a9fbc7ccb14fec4e7048295358e37c163d5be99bbdced744a4153cfc9d6f68ab62d9097c43a266610828b9d0a4a57bd9acdcecc0076d1161a6f51fbbe0fc32d7f12b0b0dbcbc0ece6822417ae754f8539a41b6caa50bcc7c44a25bab2c4721ce6d0ec3e26d3888fb35d6369509475fa5bcc7a46799acb6462a9f4bf0fc38d0c7bd2f1b021cb1fa29191de0c35995f6ceb6b9977f4662665936271f7d1709415b0e46585fc632ed8e2e5af4a68662fb4f7921467256a542eaaebf052cc3a91fb1a57601033f3d168c1a0d5590d59761352a7e5cb813ea3da5d4835f457c01e3e5c2652e1c6ac0c52a4cef0ded723a81fa5bfab6743e49cdd6de3f3654ad2d1d324215ae8fa117c71f5984cbcca6f5675c1d89b7b481bd8bbaf05aa7703276a7ed525527a0b733f4bcf24a7b79915432c92832cc3f3eb4c66d399e87f609274d41207977ddb88d021d9a551f6394302cad38cf0208f9b56f59d9f96c469e5709d030ab7d6bda1c1af67bc63a91c99457e5dcf75c1906c8013475d76d52232d67393e661e68db14acb71b744cee377a3607a58441ac88f8a10935062d302a0a19bde29b65da1a74d8b186440ff6e08c7cf0d93e5e51d8e37e6c90978d546a90c0809276f84c8b74438d20623b620216b4690be0874bac585c8520a52e855b03a07184a17c931b9c43287210e545d2b1da7747f397920923514ea32cce75bb870e10319ca11221c106fdc5c920bdf0227fb078a64d2e425860f6d934577e3ff8bc59448961cd9880d687b86a852ee86f2d65a894ee40f7e2646dfaf4ae3809f00ad211d652d4a5e5ba2418e8cc401b669f404ec65ec724b28b0b7501be06ade7c8d6a8f09bb348e5f3dfa2035cb52a0a6d473c2a372b2aa160bf1ba8b2d7f1323fbaced6739fcb6d39196d3fa81207aef704161b2615c5fc7643ac2b302dda6a523722b091fe6887c7192b86711485125da3ff99661ad5e6f12d63e1ef2c4e024ae9ffad10cb8a51dea442d73c969bca368d4836ee91e941ba7e2c7c53379ae2ee619816f2940da68175a31178781b51c2673b2c10c30581f5795f819dfc4f241cd8cd90536dd4f6a17f99a7d344d8b6c68741881ef7c774aba5bcdae5e4670fd4152679a97c6b58e48af43ec52d05912dd6d7a14185b7c626bb1b07aff130cc44ffdac6b14911cd1cb14cf8e210728bea56dcc85a911e63cc88534f3d696d3898d155fd560fdefbd1e49040de550c1533e65060b52d70d490f43a49738f3bc1f7cf9c53cafe6f2f5e63098712543c33fb67ed8b15b25481ca62b7f535a13944e0278d8df8eea2d81a10a8bb9ec46e07178af634b98bb3c7e1910297cd1f6b8ef28e5f6cf53026f0dd6ce3ae83b8c095f817d14bc617939b96547ba0395fb402f374e3669fb9b695f8d5e2795a9aa1d0ea93e5d9c37b9caeafb67bc041a272350fb50290f63b37ee438bbd5f788e78bc14f6072bf22c414353421716fc3de5a93758fe49c49a7c1af1dc17e83cf80b1b78d005adb555c4b7de152022b42020a602b27844345d120afe98dbf04d82b30b439cf36268ba6c630bcfee1b7e9da780ac2bf37dea7c5225618251840d3d9bece90177931b98584ff2bb28e7bf0e4db86e887fc23e5dae575c595ebf685bfe593790548aa4c2e0d38d5967a7cf2c4437161d3e405fcb980ea5e35b74454107d8853eeddc451da12dd38f1256c24cbc36ddb08b91f7f271a7a783a45f4cf719d8d62eb896982fe187bfe915a67684eb0040b6fe54eb8184ccb5039423c2310eab170990098c55a63cd9950112a72504f4081d4487d83c0353b7db4cfcd4c6c4dfe8ff4e68abcc12290ba76dac8bc680b3a6149317e78c8e2ff7a62943ad97f82c268f9fdcebbddc26892e486b1fd7dae97d00f6f841b2fc562d7126989adf71f31d4dde990749df17744e2a69fc9ca6cfd4113d46c03db11dd29567b16057546e07edb40275a1e10ddb1e5d4768643d60021f7b210f76e13ccae6e9fe04b49f6b8f3629b147e613d50267610eb099283349025715c3b68ffd84ca5249c831a82e9de2e588e17e2f5497093298edb289a0a9eb2c33ec2409731263dff0abde51f02d3e2130cf68c712abd1dd27ee88c9019872727385074f4ffab96037faa2b8e6683e42140730035f3f6d08c9d50b75eec2949788e82f2db04d82509fe7053c1c7f0e51fe038c03f4f4ca731a0c3055b76e386c43a8d2bcff95ff55e1555c5c88db7760693f7b2814847356529361aafb9109e62f969243c4fc7b97a305b1b8c57d62eaca73de61ac1ca941683b1d0471b81fdec4d44f28229331ada2e86558cbc5eb3d2f631171046fe9bc63ff45f08bc6f63778ace1bce2e9e2f69a3f637fa64007cd3076d42ecf51eb199e1e356aa22e078a6e1e69e1127dee67be9173947bc03c74cfd030198bcd62e5c0e76fb2545a9150c00533a390e6e88d3fc6899f62a2217e47dc3463fc2e3b4b8efef986c0889cf05f8e6dc0236c0a913583dcd1f0a1ecfd273665dacc9952612f543ee9cef3a68ea1dfaf4eb9328ae14e1adcd40b2db070dc96895d014f6fd922dca33c09dcfaa049f08533bb889929b00126093bd616cef4638a6a6cd8aba5cc66405cad3fd9dc5beac447dd2818971893920cb205211372854ccf2d6a0d9e4ec80ab5c0e2c1eab2f6872229775996163effecfd70f6888a80e67833da00ee39697928fed0590314bbf14168ba893d6a0bf762170b56d3133689184601325e16621a5cfcb747000ef3632a5c407883b47d903877effc9081b7fd7165609858544b3843788cfd8344fd814dfc21252446184bddba420e93d661e6417eaf342ff59403f991822d428dbebd712ee3182940438e651606b25e4835a242d28add1951deac102b030902b0ddb6636f96ebac29610c6d77a1d93f60100f03d5c26523def0948d7de659f45cf0a00c7f652f5084f13ea35947fe3b6fb2c797ef9d55b10838ca2791ae588a53fba2ca552638e3907f2f26c4eb71ede39bfe13774a20e26c140980df469caa0b91a30d0cafba9d8543f42724cf34bffe4f0a7c26e3ea73a25694b74b25dd4a216d4dd60e232fe24385c5f2047640c2329fd415c5ec00ebd0cba6e30310f18679a57a4e14b1a8d553d81aefca5f921183ed550f36f581e0cec17211e097beb164c0e01014a71e4b40b993f40963ba2cf6567e85ade5dd99138c08c794b0798740b82ec92b61a5ce6f5913ba39a94f6dc961ed8cc319fca64785be30832d81206ca226c4b0b0e28baac57327e06787c8d2e0f74230c27cac83892350b80902a934a3c39feace4fa4fa5880072faf5491c09154ac3abab0be4f7e87ff3bf6485dc9dd72eaf3ea2e9b34e51acac98eab7fb0c9d66f63a7876837df58ee2a7b6a13cd82dab756022b6efd48e804be9fc7694084feb44c6c78dd7a28800e042f7f8eb07382b604b01daa74c86fc09d51f4c1adabc7babeb9c8fc5883e26331de429cacf6d7b13dde73197f72c858f82434640bb674a7b8125fe79d6e8debc28c4a55080b1f8e86909b982fcebe7f82d71049425b3923ea159547a4b9e282d45266dee8e797d740371337950afe1fd2fb938cbdc9c064da5dbfbc3089a6006180b95e513c9c39dd4b9da113e7be36107fbe02e85a239c25490946c6d308fba4ddeaccb6543ee36365e6b2c4cf56dd92c6acd91b1ae5424f2efe4548fe4221895cf1e2408e12838f42e400f1ddd3adf5ee4480837c104575d0f38069e0f545ddd2815c5d773d36064f43b0d9344cc09003aada33cc96b079cb25fa6f91c665eb08842469e0916e297bccfddea8dbe956025adf31880b62435a7115e34ef0017ee5ec58cd40762cd0f79d696b77baa74eb3cc3628ab1a4efb5ec0ef3d88f3a7af84ce3005beb3714762afd53b9185a2bb074c38941287367271043dfeb4760995501141a6903147471a07d8cd6abbe6f92514a96ebcfd6db34122e3f33bfdf130c4720d323817d526832313845b79706003923d3bb63bd33f5f2c5c7295f99ecddf3122d3c87a384333944a006ad7025f5f0ae12324e9ecd930ff0a4ecd96fb9e1c4ded9139e410a3e4fd6d9e5cb88bdac8babb442e0ae59d8bf92b86a00e56cb771eb122ba30c0f6685c9e45ed08d5bd559b544d44b96e0872fbd739fc9504d992acdf8e076c717ec9601052ff98f6154f9a44b5ce8cdc18da2a0c7c569807df9e5024aca4630f4c71e5a60b0e19c9801a659d1293bfd9c4686fd548b465e512b8c799b90352605116cdce28258db23766ee1ec4f4630fedc0402a0dcbaf99d22a860cac16c88bf6802b88f65e75036b9a21ceed6e4ae0011006606cafddedc54bb1c1a0366e2b3c366aa256cb94e62565387dc3a6dfcfe7766ac07212373c0caa58aa385b34c263caf75c2b31057c75ee18737e1cec645dd88b3903e2edbb64c63de3c8bb0c2a13ec7884154ced69f731a90bb751a"}, @INET_DIAG_REQ_BYTECODE={0xe2, 0x1, "7446d1a0c84171be7d067e8213b3d0d0334d61ec67989f71b5656661a0faf23715ee8adb3a81251b88c382cc3ef35c0a690da37cb766bc7fa6349aba06d0ea91e951122430721eac2c8421c1efcdb1bda40049de6241ee390ccf9e8d04ff25f970053e79c1166b3144fd9c629181939199584f5e8cd930b665fb3cc2b87112d5ffe9b78babb8b57ff56528c7bbace1ec2d9a4f59c2cf9b784b7891bd667a61ed7f65fe3f947e2ef1f639b1be7ae8971d827572c918171ea6cba85698a0d15982b5a63347af3953e3c77282732975ba66207b4e24358d2fcbccf91a74377f"}]}, 0x122c}, 0x1, 0x0, 0x0, 0x20000000}, 0x2)

05:48:26 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x201)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000001340)={0x122c, 0x12, 0x200, 0x70bd2b, 0x25dfdbff, {0x29, 0x9, 0xe1, 0x6, {0x4e22, 0x4e24, [0x4, 0x4, 0x7, 0x21], [0xfff, 0x734, 0x9, 0x1], 0x0, [0x3, 0xfff]}, 0x3ff, 0x3}, [@INET_DIAG_REQ_BYTECODE={0xf7, 0x1, "ed28be7d3f1a8eec10f1530f84dcff085b172a7eda28b7834b556ec9c35b44e4da0adb4eabdd36bc298c4215d49d811f145199a9802731b18ffffaef5ce7e67a41ec25c96db9ba88843ccd7f00b95447dc8d73065e3ae07fcfa29118ecfc5cb37c0185b72b537e3c7e0a2decce746cea7947c8dd4e228556986cbe4c639fb9458ab3da00a7de201178b4cf908adddde84b5e2033d536a344ff653a6553bddd36596771fd2146e3665275914e2ee8ae9402e0736eba6efefbab76465139a828c9ee71312f1824a7b72ae28d34029cddf824267a67107add1c58f45b4ce2c163b44a7c5aee80c0eafe4a768baa3241a03d347090"}, @INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "64a75c641f9ce6c0d72290d0ed628959f47ca81041c2dd0116b1f19a1ba16697dde5ad07ac6c4c256e20ce9550dd7914fa78cd1d50c5e32172619661bd68de6ea02c0a55e88c3290836cfa577bf5649eaa112396e5608b193312791349105c5a0fe0f7215a9bbbc973fe7624d484e0d4a1462f9a859439cbd589c190e214b69154cd0bfd077ce1be350031e880d8aa337030aa2d64a385c30ac9422a0610b78ea55136a898c8e4ceb60f3fd836248285833e6d76d5494ede20d26b380e9e51de84e800a21521acfba5384042b34126c1371e2174c74811580ba94b2042e27a9258b1112f7091b99b369a7d2f6559cab8b5b1dc7747be8bf12000d05f5edab618a14dec8eb70bf948f274e1e03b8c4ffe71849d72a1cb03eb84018214d98f949f6816d901f9a336844ad7643c9efdc0821401530f48439b4e69758e934f56b383f18a4660188445b4eaacce67b49797176feca520055dcfd1dd21eee58a68873fc8a8219b7ed84eb3d7b05194a235214eae1f65d32063f7d3f4f1d99fdb58cf35426a0a8bde696f44a723359ec69e3e43d46aa2a87e27903358de80591a3168a92e608c9214dee571e9d337fbe58e94f45b2552f0fddfa57242bd6d79b8b5f425169c2b6ad388c54f63d7febeb74a1d5c0c70b7740f009af4c4828762c80ada937f8482c12d0dd3c4330b512a40545b2e61e93bef0c58dc17bc696fb3d2aa5930f31a049a557e17f2631d221743c52d2caaf07cd53d4c0ddabb602e4fde3637c544c3bd469b6bb9741db419a7bc90ba762d9c1976dff2c75cfeb1e7df19bb55b5dd61e41572fd8e17a958f64f7d4da12a0f9cbc870155b9b64554e0e2d0884dfcbfcc50c4bceb1ea6f46df1dc4714c17cbb71b8635d5bda6564c94b6d3508cdfe335b26123f6c8965f3c287297c556cc9ae0f885a50c28be2a53d85f307a50dde6fdebf8a35b1b8149f5236fb4e7ed013ba51f671f39ff7188462e7800c41e9a4d45246ad8bb8a91871b8e142fd998a956c4637b0ff0d549ad92467e0d36ddc7129176dbff1f1bed0f4f56a073b723d4ac32ab2e664b3d1de8d7636573bf8e201809892d3b8f1279326fb41a6d8542fdd6f6191d9e4a45c38c5ce5530b595a4b114aa9291f7ea48b212fca3e19105f76fe46537858facc4c51e69d45c89362312273fcc8908988efef67ce14c39e4740a66bad82bd3feefae187ab7552a34664277fb2b7492fb9dac2a26341b6f1f86be805d3ff28fc0d6a2a77782cb6cdbb429929573b20694df253cc805ea6af58ae200866a6f55dbbbf2db8255d68030d95e54f570a0df9577758f74a4398a9fbc7ccb14fec4e7048295358e37c163d5be99bbdced744a4153cfc9d6f68ab62d9097c43a266610828b9d0a4a57bd9acdcecc0076d1161a6f51fbbe0fc32d7f12b0b0dbcbc0ece6822417ae754f8539a41b6caa50bcc7c44a25bab2c4721ce6d0ec3e26d3888fb35d6369509475fa5bcc7a46799acb6462a9f4bf0fc38d0c7bd2f1b021cb1fa29191de0c35995f6ceb6b9977f4662665936271f7d1709415b0e46585fc632ed8e2e5af4a68662fb4f7921467256a542eaaebf052cc3a91fb1a57601033f3d168c1a0d5590d59761352a7e5cb813ea3da5d4835f457c01e3e5c2652e1c6ac0c52a4cef0ded723a81fa5bfab6743e49cdd6de3f3654ad2d1d324215ae8fa117c71f5984cbcca6f5675c1d89b7b481bd8bbaf05aa7703276a7ed525527a0b733f4bcf24a7b79915432c92832cc3f3eb4c66d399e87f609274d41207977ddb88d021d9a551f6394302cad38cf0208f9b56f59d9f96c469e5709d030ab7d6bda1c1af67bc63a91c99457e5dcf75c1906c8013475d76d52232d67393e661e68db14acb71b744cee377a3607a58441ac88f8a10935062d302a0a19bde29b65da1a74d8b186440ff6e08c7cf0d93e5e51d8e37e6c90978d546a90c0809276f84c8b74438d20623b620216b4690be0874bac585c8520a52e855b03a07184a17c931b9c43287210e545d2b1da7747f397920923514ea32cce75bb870e10319ca11221c106fdc5c920bdf0227fb078a64d2e425860f6d934577e3ff8bc59448961cd9880d687b86a852ee86f2d65a894ee40f7e2646dfaf4ae3809f00ad211d652d4a5e5ba2418e8cc401b669f404ec65ec724b28b0b7501be06ade7c8d6a8f09bb348e5f3dfa2035cb52a0a6d473c2a372b2aa160bf1ba8b2d7f1323fbaced6739fcb6d39196d3fa81207aef704161b2615c5fc7643ac2b302dda6a523722b091fe6887c7192b86711485125da3ff99661ad5e6f12d63e1ef2c4e024ae9ffad10cb8a51dea442d73c969bca368d4836ee91e941ba7e2c7c53379ae2ee619816f2940da68175a31178781b51c2673b2c10c30581f5795f819dfc4f241cd8cd90536dd4f6a17f99a7d344d8b6c68741881ef7c774aba5bcdae5e4670fd4152679a97c6b58e48af43ec52d05912dd6d7a14185b7c626bb1b07aff130cc44ffdac6b14911cd1cb14cf8e210728bea56dcc85a911e63cc88534f3d696d3898d155fd560fdefbd1e49040de550c1533e65060b52d70d490f43a49738f3bc1f7cf9c53cafe6f2f5e63098712543c33fb67ed8b15b25481ca62b7f535a13944e0278d8df8eea2d81a10a8bb9ec46e07178af634b98bb3c7e1910297cd1f6b8ef28e5f6cf53026f0dd6ce3ae83b8c095f817d14bc617939b96547ba0395fb402f374e3669fb9b695f8d5e2795a9aa1d0ea93e5d9c37b9caeafb67bc041a272350fb50290f63b37ee438bbd5f788e78bc14f6072bf22c414353421716fc3de5a93758fe49c49a7c1af1dc17e83cf80b1b78d005adb555c4b7de152022b42020a602b27844345d120afe98dbf04d82b30b439cf36268ba6c630bcfee1b7e9da780ac2bf37dea7c5225618251840d3d9bece90177931b98584ff2bb28e7bf0e4db86e887fc23e5dae575c595ebf685bfe593790548aa4c2e0d38d5967a7cf2c4437161d3e405fcb980ea5e35b74454107d8853eeddc451da12dd38f1256c24cbc36ddb08b91f7f271a7a783a45f4cf719d8d62eb896982fe187bfe915a67684eb0040b6fe54eb8184ccb5039423c2310eab170990098c55a63cd9950112a72504f4081d4487d83c0353b7db4cfcd4c6c4dfe8ff4e68abcc12290ba76dac8bc680b3a6149317e78c8e2ff7a62943ad97f82c268f9fdcebbddc26892e486b1fd7dae97d00f6f841b2fc562d7126989adf71f31d4dde990749df17744e2a69fc9ca6cfd4113d46c03db11dd29567b16057546e07edb40275a1e10ddb1e5d4768643d60021f7b210f76e13ccae6e9fe04b49f6b8f3629b147e613d50267610eb099283349025715c3b68ffd84ca5249c831a82e9de2e588e17e2f5497093298edb289a0a9eb2c33ec2409731263dff0abde51f02d3e2130cf68c712abd1dd27ee88c9019872727385074f4ffab96037faa2b8e6683e42140730035f3f6d08c9d50b75eec2949788e82f2db04d82509fe7053c1c7f0e51fe038c03f4f4ca731a0c3055b76e386c43a8d2bcff95ff55e1555c5c88db7760693f7b2814847356529361aafb9109e62f969243c4fc7b97a305b1b8c57d62eaca73de61ac1ca941683b1d0471b81fdec4d44f28229331ada2e86558cbc5eb3d2f631171046fe9bc63ff45f08bc6f63778ace1bce2e9e2f69a3f637fa64007cd3076d42ecf51eb199e1e356aa22e078a6e1e69e1127dee67be9173947bc03c74cfd030198bcd62e5c0e76fb2545a9150c00533a390e6e88d3fc6899f62a2217e47dc3463fc2e3b4b8efef986c0889cf05f8e6dc0236c0a913583dcd1f0a1ecfd273665dacc9952612f543ee9cef3a68ea1dfaf4eb9328ae14e1adcd40b2db070dc96895d014f6fd922dca33c09dcfaa049f08533bb889929b00126093bd616cef4638a6a6cd8aba5cc66405cad3fd9dc5beac447dd2818971893920cb205211372854ccf2d6a0d9e4ec80ab5c0e2c1eab2f6872229775996163effecfd70f6888a80e67833da00ee39697928fed0590314bbf14168ba893d6a0bf762170b56d3133689184601325e16621a5cfcb747000ef3632a5c407883b47d903877effc9081b7fd7165609858544b3843788cfd8344fd814dfc21252446184bddba420e93d661e6417eaf342ff59403f991822d428dbebd712ee3182940438e651606b25e4835a242d28add1951deac102b030902b0ddb6636f96ebac29610c6d77a1d93f60100f03d5c26523def0948d7de659f45cf0a00c7f652f5084f13ea35947fe3b6fb2c797ef9d55b10838ca2791ae588a53fba2ca552638e3907f2f26c4eb71ede39bfe13774a20e26c140980df469caa0b91a30d0cafba9d8543f42724cf34bffe4f0a7c26e3ea73a25694b74b25dd4a216d4dd60e232fe24385c5f2047640c2329fd415c5ec00ebd0cba6e30310f18679a57a4e14b1a8d553d81aefca5f921183ed550f36f581e0cec17211e097beb164c0e01014a71e4b40b993f40963ba2cf6567e85ade5dd99138c08c794b0798740b82ec92b61a5ce6f5913ba39a94f6dc961ed8cc319fca64785be30832d81206ca226c4b0b0e28baac57327e06787c8d2e0f74230c27cac83892350b80902a934a3c39feace4fa4fa5880072faf5491c09154ac3abab0be4f7e87ff3bf6485dc9dd72eaf3ea2e9b34e51acac98eab7fb0c9d66f63a7876837df58ee2a7b6a13cd82dab756022b6efd48e804be9fc7694084feb44c6c78dd7a28800e042f7f8eb07382b604b01daa74c86fc09d51f4c1adabc7babeb9c8fc5883e26331de429cacf6d7b13dde73197f72c858f82434640bb674a7b8125fe79d6e8debc28c4a55080b1f8e86909b982fcebe7f82d71049425b3923ea159547a4b9e282d45266dee8e797d740371337950afe1fd2fb938cbdc9c064da5dbfbc3089a6006180b95e513c9c39dd4b9da113e7be36107fbe02e85a239c25490946c6d308fba4ddeaccb6543ee36365e6b2c4cf56dd92c6acd91b1ae5424f2efe4548fe4221895cf1e2408e12838f42e400f1ddd3adf5ee4480837c104575d0f38069e0f545ddd2815c5d773d36064f43b0d9344cc09003aada33cc96b079cb25fa6f91c665eb08842469e0916e297bccfddea8dbe956025adf31880b62435a7115e34ef0017ee5ec58cd40762cd0f79d696b77baa74eb3cc3628ab1a4efb5ec0ef3d88f3a7af84ce3005beb3714762afd53b9185a2bb074c38941287367271043dfeb4760995501141a6903147471a07d8cd6abbe6f92514a96ebcfd6db34122e3f33bfdf130c4720d323817d526832313845b79706003923d3bb63bd33f5f2c5c7295f99ecddf3122d3c87a384333944a006ad7025f5f0ae12324e9ecd930ff0a4ecd96fb9e1c4ded9139e410a3e4fd6d9e5cb88bdac8babb442e0ae59d8bf92b86a00e56cb771eb122ba30c0f6685c9e45ed08d5bd559b544d44b96e0872fbd739fc9504d992acdf8e076c717ec9601052ff98f6154f9a44b5ce8cdc18da2a0c7c569807df9e5024aca4630f4c71e5a60b0e19c9801a659d1293bfd9c4686fd548b465e512b8c799b90352605116cdce28258db23766ee1ec4f4630fedc0402a0dcbaf99d22a860cac16c88bf6802b88f65e75036b9a21ceed6e4ae0011006606cafddedc54bb1c1a0366e2b3c366aa256cb94e62565387dc3a6dfcfe7766ac07212373c0caa58aa385b34c263caf75c2b31057c75ee18737e1cec645dd88b3903e2edbb64c63de3c8bb0c2a13ec7884154ced69f731a90bb751a"}, @INET_DIAG_REQ_BYTECODE={0xe2, 0x1, "7446d1a0c84171be7d067e8213b3d0d0334d61ec67989f71b5656661a0faf23715ee8adb3a81251b88c382cc3ef35c0a690da37cb766bc7fa6349aba06d0ea91e951122430721eac2c8421c1efcdb1bda40049de6241ee390ccf9e8d04ff25f970053e79c1166b3144fd9c629181939199584f5e8cd930b665fb3cc2b87112d5ffe9b78babb8b57ff56528c7bbace1ec2d9a4f59c2cf9b784b7891bd667a61ed7f65fe3f947e2ef1f639b1be7ae8971d827572c918171ea6cba85698a0d15982b5a63347af3953e3c77282732975ba66207b4e24358d2fcbccf91a74377f"}]}, 0x122c}, 0x1, 0x0, 0x0, 0x20000000}, 0x2)
syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x201) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000001340)={0x122c, 0x12, 0x200, 0x70bd2b, 0x25dfdbff, {0x29, 0x9, 0xe1, 0x6, {0x4e22, 0x4e24, [0x4, 0x4, 0x7, 0x21], [0xfff, 0x734, 0x9, 0x1], 0x0, [0x3, 0xfff]}, 0x3ff, 0x3}, [@INET_DIAG_REQ_BYTECODE={0xf7, 0x1, "ed28be7d3f1a8eec10f1530f84dcff085b172a7eda28b7834b556ec9c35b44e4da0adb4eabdd36bc298c4215d49d811f145199a9802731b18ffffaef5ce7e67a41ec25c96db9ba88843ccd7f00b95447dc8d73065e3ae07fcfa29118ecfc5cb37c0185b72b537e3c7e0a2decce746cea7947c8dd4e228556986cbe4c639fb9458ab3da00a7de201178b4cf908adddde84b5e2033d536a344ff653a6553bddd36596771fd2146e3665275914e2ee8ae9402e0736eba6efefbab76465139a828c9ee71312f1824a7b72ae28d34029cddf824267a67107add1c58f45b4ce2c163b44a7c5aee80c0eafe4a768baa3241a03d347090"}, @INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "64a75c641f9ce6c0d72290d0ed628959f47ca81041c2dd0116b1f19a1ba16697dde5ad07ac6c4c256e20ce9550dd7914fa78cd1d50c5e32172619661bd68de6ea02c0a55e88c3290836cfa577bf5649eaa112396e5608b193312791349105c5a0fe0f7215a9bbbc973fe7624d484e0d4a1462f9a859439cbd589c190e214b69154cd0bfd077ce1be350031e880d8aa337030aa2d64a385c30ac9422a0610b78ea55136a898c8e4ceb60f3fd836248285833e6d76d5494ede20d26b380e9e51de84e800a21521acfba5384042b34126c1371e2174c74811580ba94b2042e27a9258b1112f7091b99b369a7d2f6559cab8b5b1dc7747be8bf12000d05f5edab618a14dec8eb70bf948f274e1e03b8c4ffe71849d72a1cb03eb84018214d98f949f6816d901f9a336844ad7643c9efdc0821401530f48439b4e69758e934f56b383f18a4660188445b4eaacce67b49797176feca520055dcfd1dd21eee58a68873fc8a8219b7ed84eb3d7b05194a235214eae1f65d32063f7d3f4f1d99fdb58cf35426a0a8bde696f44a723359ec69e3e43d46aa2a87e27903358de80591a3168a92e608c9214dee571e9d337fbe58e94f45b2552f0fddfa57242bd6d79b8b5f425169c2b6ad388c54f63d7febeb74a1d5c0c70b7740f009af4c4828762c80ada937f8482c12d0dd3c4330b512a40545b2e61e93bef0c58dc17bc696fb3d2aa5930f31a049a557e17f2631d221743c52d2caaf07cd53d4c0ddabb602e4fde3637c544c3bd469b6bb9741db419a7bc90ba762d9c1976dff2c75cfeb1e7df19bb55b5dd61e41572fd8e17a958f64f7d4da12a0f9cbc870155b9b64554e0e2d0884dfcbfcc50c4bceb1ea6f46df1dc4714c17cbb71b8635d5bda6564c94b6d3508cdfe335b26123f6c8965f3c287297c556cc9ae0f885a50c28be2a53d85f307a50dde6fdebf8a35b1b8149f5236fb4e7ed013ba51f671f39ff7188462e7800c41e9a4d45246ad8bb8a91871b8e142fd998a956c4637b0ff0d549ad92467e0d36ddc7129176dbff1f1bed0f4f56a073b723d4ac32ab2e664b3d1de8d7636573bf8e201809892d3b8f1279326fb41a6d8542fdd6f6191d9e4a45c38c5ce5530b595a4b114aa9291f7ea48b212fca3e19105f76fe46537858facc4c51e69d45c89362312273fcc8908988efef67ce14c39e4740a66bad82bd3feefae187ab7552a34664277fb2b7492fb9dac2a26341b6f1f86be805d3ff28fc0d6a2a77782cb6cdbb429929573b20694df253cc805ea6af58ae200866a6f55dbbbf2db8255d68030d95e54f570a0df9577758f74a4398a9fbc7ccb14fec4e7048295358e37c163d5be99bbdced744a4153cfc9d6f68ab62d9097c43a266610828b9d0a4a57bd9acdcecc0076d1161a6f51fbbe0fc32d7f12b0b0dbcbc0ece6822417ae754f8539a41b6caa50bcc7c44a25bab2c4721ce6d0ec3e26d3888fb35d6369509475fa5bcc7a46799acb6462a9f4bf0fc38d0c7bd2f1b021cb1fa29191de0c35995f6ceb6b9977f4662665936271f7d1709415b0e46585fc632ed8e2e5af4a68662fb4f7921467256a542eaaebf052cc3a91fb1a57601033f3d168c1a0d5590d59761352a7e5cb813ea3da5d4835f457c01e3e5c2652e1c6ac0c52a4cef0ded723a81fa5bfab6743e49cdd6de3f3654ad2d1d324215ae8fa117c71f5984cbcca6f5675c1d89b7b481bd8bbaf05aa7703276a7ed525527a0b733f4bcf24a7b79915432c92832cc3f3eb4c66d399e87f609274d41207977ddb88d021d9a551f6394302cad38cf0208f9b56f59d9f96c469e5709d030ab7d6bda1c1af67bc63a91c99457e5dcf75c1906c8013475d76d52232d67393e661e68db14acb71b744cee377a3607a58441ac88f8a10935062d302a0a19bde29b65da1a74d8b186440ff6e08c7cf0d93e5e51d8e37e6c90978d546a90c0809276f84c8b74438d20623b620216b4690be0874bac585c8520a52e855b03a07184a17c931b9c43287210e545d2b1da7747f397920923514ea32cce75bb870e10319ca11221c106fdc5c920bdf0227fb078a64d2e425860f6d934577e3ff8bc59448961cd9880d687b86a852ee86f2d65a894ee40f7e2646dfaf4ae3809f00ad211d652d4a5e5ba2418e8cc401b669f404ec65ec724b28b0b7501be06ade7c8d6a8f09bb348e5f3dfa2035cb52a0a6d473c2a372b2aa160bf1ba8b2d7f1323fbaced6739fcb6d39196d3fa81207aef704161b2615c5fc7643ac2b302dda6a523722b091fe6887c7192b86711485125da3ff99661ad5e6f12d63e1ef2c4e024ae9ffad10cb8a51dea442d73c969bca368d4836ee91e941ba7e2c7c53379ae2ee619816f2940da68175a31178781b51c2673b2c10c30581f5795f819dfc4f241cd8cd90536dd4f6a17f99a7d344d8b6c68741881ef7c774aba5bcdae5e4670fd4152679a97c6b58e48af43ec52d05912dd6d7a14185b7c626bb1b07aff130cc44ffdac6b14911cd1cb14cf8e210728bea56dcc85a911e63cc88534f3d696d3898d155fd560fdefbd1e49040de550c1533e65060b52d70d490f43a49738f3bc1f7cf9c53cafe6f2f5e63098712543c33fb67ed8b15b25481ca62b7f535a13944e0278d8df8eea2d81a10a8bb9ec46e07178af634b98bb3c7e1910297cd1f6b8ef28e5f6cf53026f0dd6ce3ae83b8c095f817d14bc617939b96547ba0395fb402f374e3669fb9b695f8d5e2795a9aa1d0ea93e5d9c37b9caeafb67bc041a272350fb50290f63b37ee438bbd5f788e78bc14f6072bf22c414353421716fc3de5a93758fe49c49a7c1af1dc17e83cf80b1b78d005adb555c4b7de152022b42020a602b27844345d120afe98dbf04d82b30b439cf36268ba6c630bcfee1b7e9da780ac2bf37dea7c5225618251840d3d9bece90177931b98584ff2bb28e7bf0e4db86e887fc23e5dae575c595ebf685bfe593790548aa4c2e0d38d5967a7cf2c4437161d3e405fcb980ea5e35b74454107d8853eeddc451da12dd38f1256c24cbc36ddb08b91f7f271a7a783a45f4cf719d8d62eb896982fe187bfe915a67684eb0040b6fe54eb8184ccb5039423c2310eab170990098c55a63cd9950112a72504f4081d4487d83c0353b7db4cfcd4c6c4dfe8ff4e68abcc12290ba76dac8bc680b3a6149317e78c8e2ff7a62943ad97f82c268f9fdcebbddc26892e486b1fd7dae97d00f6f841b2fc562d7126989adf71f31d4dde990749df17744e2a69fc9ca6cfd4113d46c03db11dd29567b16057546e07edb40275a1e10ddb1e5d4768643d60021f7b210f76e13ccae6e9fe04b49f6b8f3629b147e613d50267610eb099283349025715c3b68ffd84ca5249c831a82e9de2e588e17e2f5497093298edb289a0a9eb2c33ec2409731263dff0abde51f02d3e2130cf68c712abd1dd27ee88c9019872727385074f4ffab96037faa2b8e6683e42140730035f3f6d08c9d50b75eec2949788e82f2db04d82509fe7053c1c7f0e51fe038c03f4f4ca731a0c3055b76e386c43a8d2bcff95ff55e1555c5c88db7760693f7b2814847356529361aafb9109e62f969243c4fc7b97a305b1b8c57d62eaca73de61ac1ca941683b1d0471b81fdec4d44f28229331ada2e86558cbc5eb3d2f631171046fe9bc63ff45f08bc6f63778ace1bce2e9e2f69a3f637fa64007cd3076d42ecf51eb199e1e356aa22e078a6e1e69e1127dee67be9173947bc03c74cfd030198bcd62e5c0e76fb2545a9150c00533a390e6e88d3fc6899f62a2217e47dc3463fc2e3b4b8efef986c0889cf05f8e6dc0236c0a913583dcd1f0a1ecfd273665dacc9952612f543ee9cef3a68ea1dfaf4eb9328ae14e1adcd40b2db070dc96895d014f6fd922dca33c09dcfaa049f08533bb889929b00126093bd616cef4638a6a6cd8aba5cc66405cad3fd9dc5beac447dd2818971893920cb205211372854ccf2d6a0d9e4ec80ab5c0e2c1eab2f6872229775996163effecfd70f6888a80e67833da00ee39697928fed0590314bbf14168ba893d6a0bf762170b56d3133689184601325e16621a5cfcb747000ef3632a5c407883b47d903877effc9081b7fd7165609858544b3843788cfd8344fd814dfc21252446184bddba420e93d661e6417eaf342ff59403f991822d428dbebd712ee3182940438e651606b25e4835a242d28add1951deac102b030902b0ddb6636f96ebac29610c6d77a1d93f60100f03d5c26523def0948d7de659f45cf0a00c7f652f5084f13ea35947fe3b6fb2c797ef9d55b10838ca2791ae588a53fba2ca552638e3907f2f26c4eb71ede39bfe13774a20e26c140980df469caa0b91a30d0cafba9d8543f42724cf34bffe4f0a7c26e3ea73a25694b74b25dd4a216d4dd60e232fe24385c5f2047640c2329fd415c5ec00ebd0cba6e30310f18679a57a4e14b1a8d553d81aefca5f921183ed550f36f581e0cec17211e097beb164c0e01014a71e4b40b993f40963ba2cf6567e85ade5dd99138c08c794b0798740b82ec92b61a5ce6f5913ba39a94f6dc961ed8cc319fca64785be30832d81206ca226c4b0b0e28baac57327e06787c8d2e0f74230c27cac83892350b80902a934a3c39feace4fa4fa5880072faf5491c09154ac3abab0be4f7e87ff3bf6485dc9dd72eaf3ea2e9b34e51acac98eab7fb0c9d66f63a7876837df58ee2a7b6a13cd82dab756022b6efd48e804be9fc7694084feb44c6c78dd7a28800e042f7f8eb07382b604b01daa74c86fc09d51f4c1adabc7babeb9c8fc5883e26331de429cacf6d7b13dde73197f72c858f82434640bb674a7b8125fe79d6e8debc28c4a55080b1f8e86909b982fcebe7f82d71049425b3923ea159547a4b9e282d45266dee8e797d740371337950afe1fd2fb938cbdc9c064da5dbfbc3089a6006180b95e513c9c39dd4b9da113e7be36107fbe02e85a239c25490946c6d308fba4ddeaccb6543ee36365e6b2c4cf56dd92c6acd91b1ae5424f2efe4548fe4221895cf1e2408e12838f42e400f1ddd3adf5ee4480837c104575d0f38069e0f545ddd2815c5d773d36064f43b0d9344cc09003aada33cc96b079cb25fa6f91c665eb08842469e0916e297bccfddea8dbe956025adf31880b62435a7115e34ef0017ee5ec58cd40762cd0f79d696b77baa74eb3cc3628ab1a4efb5ec0ef3d88f3a7af84ce3005beb3714762afd53b9185a2bb074c38941287367271043dfeb4760995501141a6903147471a07d8cd6abbe6f92514a96ebcfd6db34122e3f33bfdf130c4720d323817d526832313845b79706003923d3bb63bd33f5f2c5c7295f99ecddf3122d3c87a384333944a006ad7025f5f0ae12324e9ecd930ff0a4ecd96fb9e1c4ded9139e410a3e4fd6d9e5cb88bdac8babb442e0ae59d8bf92b86a00e56cb771eb122ba30c0f6685c9e45ed08d5bd559b544d44b96e0872fbd739fc9504d992acdf8e076c717ec9601052ff98f6154f9a44b5ce8cdc18da2a0c7c569807df9e5024aca4630f4c71e5a60b0e19c9801a659d1293bfd9c4686fd548b465e512b8c799b90352605116cdce28258db23766ee1ec4f4630fedc0402a0dcbaf99d22a860cac16c88bf6802b88f65e75036b9a21ceed6e4ae0011006606cafddedc54bb1c1a0366e2b3c366aa256cb94e62565387dc3a6dfcfe7766ac07212373c0caa58aa385b34c263caf75c2b31057c75ee18737e1cec645dd88b3903e2edbb64c63de3c8bb0c2a13ec7884154ced69f731a90bb751a"}, @INET_DIAG_REQ_BYTECODE={0xe2, 0x1, "7446d1a0c84171be7d067e8213b3d0d0334d61ec67989f71b5656661a0faf23715ee8adb3a81251b88c382cc3ef35c0a690da37cb766bc7fa6349aba06d0ea91e951122430721eac2c8421c1efcdb1bda40049de6241ee390ccf9e8d04ff25f970053e79c1166b3144fd9c629181939199584f5e8cd930b665fb3cc2b87112d5ffe9b78babb8b57ff56528c7bbace1ec2d9a4f59c2cf9b784b7891bd667a61ed7f65fe3f947e2ef1f639b1be7ae8971d827572c918171ea6cba85698a0d15982b5a63347af3953e3c77282732975ba66207b4e24358d2fcbccf91a74377f"}]}, 0x122c}, 0x1, 0x0, 0x0, 0x20000000}, 0x2) (async)

05:48:26 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x579, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$BLKROSET(r1, 0x125d, &(0x7f00000000c0)=0x10000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r3 = syz_open_dev$audion(&(0x7f0000000100), 0xf3, 0x90400)
read$snapshot(r3, &(0x7f0000000140)=""/31, 0x1f)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)
ioctl$DRM_IOCTL_INFO_BUFS(0xffffffffffffffff, 0xc0106418, &(0x7f0000000040)={0x6, 0x7, 0x2, 0x0, 0x7, 0x3})

05:48:26 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 64)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x30, 0xfa00, {&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x3, {0xa, 0x4e24, 0x10000, @private1, 0xe0000}}}, 0x38) (rerun: 64)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f00000000c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000000), r1}}, 0x18)

05:48:26 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4075, 0xfeb)

05:48:26 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, 0x0, 0x0)

05:48:27 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4075, 0xfeb)

05:48:27 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x579, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$BLKROSET(r1, 0x125d, &(0x7f00000000c0)=0x10000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r3 = syz_open_dev$audion(&(0x7f0000000100), 0xf3, 0x90400)
read$snapshot(r3, &(0x7f0000000140)=""/31, 0x1f)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)
ioctl$DRM_IOCTL_INFO_BUFS(0xffffffffffffffff, 0xc0106418, &(0x7f0000000040)={0x6, 0x7, 0x2, 0x0, 0x7, 0x3})
syz_open_dev$audion(&(0x7f0000000000), 0x579, 0x0) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$BLKROSET(r1, 0x125d, &(0x7f00000000c0)=0x10000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$audion(&(0x7f0000000100), 0xf3, 0x90400) (async)
read$snapshot(r3, &(0x7f0000000140)=""/31, 0x1f) (async)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_INFO_BUFS(0xffffffffffffffff, 0xc0106418, &(0x7f0000000040)={0x6, 0x7, 0x2, 0x0, 0x7, 0x3}) (async)

05:48:27 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4075, 0xfeb)

05:48:27 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, 0x0, 0x0)

05:48:27 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x579, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8) (async, rerun: 64)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (rerun: 64)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$BLKROSET(r1, 0x125d, &(0x7f00000000c0)=0x10000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r3 = syz_open_dev$audion(&(0x7f0000000100), 0xf3, 0x90400)
read$snapshot(r3, &(0x7f0000000140)=""/31, 0x1f) (async)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)
ioctl$DRM_IOCTL_INFO_BUFS(0xffffffffffffffff, 0xc0106418, &(0x7f0000000040)={0x6, 0x7, 0x2, 0x0, 0x7, 0x3})

05:48:27 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, 0x0, 0x0)

05:48:27 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x40000)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000000)={0x10000000, 0x4, 0x5})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:27 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x3f, 0x14000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r0})
read$snapshot(r0, &(0x7f0000000040)=""/223, 0xdf)

05:48:27 executing program 2:
sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x54, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x4bdab92496b7d61c)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r0}, 0x8)
read$snapshot(r1, &(0x7f0000001340)=""/4106, 0x100a)
ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000000)={0xfffffffffffffffe})

05:48:27 executing program 2:
sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x54, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x4bdab92496b7d61c)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r0}, 0x8)
read$snapshot(r1, &(0x7f0000001340)=""/4106, 0x100a) (async)
ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000000)={0xfffffffffffffffe})

05:48:27 executing program 2:
sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x54, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x4bdab92496b7d61c)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r0}, 0x8)
read$snapshot(r1, &(0x7f0000001340)=""/4106, 0x100a)
ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000000)={0xfffffffffffffffe}) (async)
ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000000)={0xfffffffffffffffe})

05:48:27 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4089, 0xff9)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e23, 0x29612a13, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x800}}}, 0x38)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x3)

05:48:28 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x87, 0x84081)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:28 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, 0x0, 0x0)

05:48:28 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:48:28 executing program 5:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:28 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x87, 0x84081)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:28 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x87, 0x84081)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f0000000040), 0x87, 0x84081) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:28 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x40000)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000000)={0x10000000, 0x4, 0x5}) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:28 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x88000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000040))

05:48:28 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:28 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x6, 0x40182)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:28 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x6, 0x40182)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f00000001c0), 0x6, 0x40182) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:28 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4089, 0xff9)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e23, 0x29612a13, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x800}}}, 0x38)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x3)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4089, 0xff9) (async)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e23, 0x29612a13, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x800}}}, 0x38) (async)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x3) (async)

05:48:28 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x6, 0x40182)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:28 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000000)=0x90c)
ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000040))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:28 executing program 4:
read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/223, 0xdf)

05:48:28 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000001340)={0x400, 0x5, 0x0, [{0x2, 0x5, 0xfffffffffffffff8, 0x2, 0x0, 0xff, 0x96, '\x00', 0x8}, {0xffff, 0xff, 0x7, 0x5c, 0xfd, 0x8, 0x0, '\x00', 0x10000}, {0x5, 0x0, 0x9, 0xee, 0x5, 0x2, 0x3, '\x00', 0xffffffffffff7fff}, {0xe9a, 0xf, 0x79, 0x6, 0x8, 0x3, 0x80}, {0x5, 0xe00000, 0x7, 0x3, 0x8, 0x43, 0x9, '\x00', 0x5}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$snapshot(r1, &(0x7f0000000000)="ac4e6a5fd6182e247640288915b8eb88d2709bd243de5d5c95b331d16216588be94e123fc890af0af66200d18ac70e3857adae4cc68cea4f21a8b34f", 0x3c)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:28 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x40000)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000000)={0x10000000, 0x4, 0x5}) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:28 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={<r3=>0x0})
read$snapshot(r2, &(0x7f0000000200)=""/199, 0xc7)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, r3, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0xfffffffffffffffb, 0x3], 0x5, 0x1})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340))
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
r7 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r7, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000140)=0x7)
ioctl$SNAPSHOT_UNFREEZE(r5, 0x3302)

05:48:29 executing program 5:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan0\x00'})
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4081, 0xff1)

05:48:29 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000000)=0x90c)
ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000040))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000000)=0x90c) (async)
ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000040)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:29 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x1a900)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0xe, 0x2, 0x198, &(0x7f0000001340)="2a51c24ffd957a7df24bebdc895f336c55a73444123c679b36211d493ea649054a20b293ef00088a2298ed60bf743da01e6fe92052b01fa086f4fa6b44c20e4aaa8e3ccd5a08c6bce92ef097d665c7f7b148da6d279b4fcdfc1ae1a0b25edf56182e9bcc450eb6fa2cb69b35c0039014ce02e4cb359baeac2e84752103292efc16d44a5fa1bae95e7242d25d0fa354ebe5b174bf982a418a6e5b1c02009ee409dd834303c42d8d85424fa8e97f8b395e171e1d358eb66be80297d68e9191f22465136bd776c31104594c6e912107c6249b140dc3bf8871962dd148a79f2b59f067fbf12404db61ecfeacfb19cd104ba2c6ccc33b71c5f85fdc17a0a75de117e8462a3b23cd778e348b0e276f22d1608300eb5fb77f3beadecdf82e022787735dfea77883d331ba17df712353de0510a877721fb4167fb04f0f00524f685beae1c6604af82a8c889a5c23b3788c388e64ea370e5ea8175c72d10985c53a8592e5f6870f1fb3d0b3234c47c30046e5bc2ccc0862c8626791494669fb4f98abb29bdd9cec28a79a632e0bfdb37d3997ae73e68a22847344deb8b72d81ed2daba1ba4caaf36e1fb42d05ee1c4589908782ce8370a04cb1e6cea67999eec8dfe21ce71eed8864977d3a1c8aead329e9d2b99022a840c5f0d0d390f59980b583571a36d65ef91690b2530b1423d60e538354d8f637a547ec87a9fb0b159c2c92702763b5f9f838b7f88e1fde384972368f517bcc20fd3ebbb8d7e4fd641940aaf78697b77ffb58b170a4001e8b4fd0bd2f522ff0ca9d541cb82fb136483541d1931a6d294483d7dda4f324cc93cd3620e0b4aefdfebbfa7d176492a21327a7fa9a97b8b6ac870cf323954fbebce60f256df1e78c2acb225b1a6be945699102a790ea074c7f9bd63a4fbdb3e233cabac4d64bd00bc6bd3fd9c63bea220569f83f48e2590122577c8d3a00c7e7a8c45753f4a3520327181a0a6f822a1fcfbdf8e770de9afd1f3de55b68e1fb5d15ceaecb6ff6eae903b8be00462a69a1ff0bd75217cecf656d07e17fd92e46d3c8f69058d74300e84b1e9241d13cc1673126d7ac378c325b393a6a757a0ceb4ab3fe1cb8cccf3f82d22e87ef22e091b6b4c7da0429b3b78f38f87402cdbd31316bf63a47711b21acc543bae12306d1d26633eefb171fb92be1eea12f7da52e5d316102521c35e03aec80f49dd504cf3b6c3a2a1837c9fad9382188720b4cf0a1ca8349785a1e97a416630747de016347edbe0e9698cbf08f05ad9f5416324a5b68bd7007b838627a6c33b156ea9eccb434833215aeb7123156bfe7cc6261970ed67ef530cdaccc9010800094e9add1d16c6effdce5da99da1346cbeabd93ce72e3d003dda49caba25fe7a04decb227655865675a7e0bd387d62b605963743567547c456f018bb45987f27a255e92e67354b6243bfa928f"})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:29 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x1a900)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0xe, 0x2, 0x198, &(0x7f0000001340)="2a51c24ffd957a7df24bebdc895f336c55a73444123c679b36211d493ea649054a20b293ef00088a2298ed60bf743da01e6fe92052b01fa086f4fa6b44c20e4aaa8e3ccd5a08c6bce92ef097d665c7f7b148da6d279b4fcdfc1ae1a0b25edf56182e9bcc450eb6fa2cb69b35c0039014ce02e4cb359baeac2e84752103292efc16d44a5fa1bae95e7242d25d0fa354ebe5b174bf982a418a6e5b1c02009ee409dd834303c42d8d85424fa8e97f8b395e171e1d358eb66be80297d68e9191f22465136bd776c31104594c6e912107c6249b140dc3bf8871962dd148a79f2b59f067fbf12404db61ecfeacfb19cd104ba2c6ccc33b71c5f85fdc17a0a75de117e8462a3b23cd778e348b0e276f22d1608300eb5fb77f3beadecdf82e022787735dfea77883d331ba17df712353de0510a877721fb4167fb04f0f00524f685beae1c6604af82a8c889a5c23b3788c388e64ea370e5ea8175c72d10985c53a8592e5f6870f1fb3d0b3234c47c30046e5bc2ccc0862c8626791494669fb4f98abb29bdd9cec28a79a632e0bfdb37d3997ae73e68a22847344deb8b72d81ed2daba1ba4caaf36e1fb42d05ee1c4589908782ce8370a04cb1e6cea67999eec8dfe21ce71eed8864977d3a1c8aead329e9d2b99022a840c5f0d0d390f59980b583571a36d65ef91690b2530b1423d60e538354d8f637a547ec87a9fb0b159c2c92702763b5f9f838b7f88e1fde384972368f517bcc20fd3ebbb8d7e4fd641940aaf78697b77ffb58b170a4001e8b4fd0bd2f522ff0ca9d541cb82fb136483541d1931a6d294483d7dda4f324cc93cd3620e0b4aefdfebbfa7d176492a21327a7fa9a97b8b6ac870cf323954fbebce60f256df1e78c2acb225b1a6be945699102a790ea074c7f9bd63a4fbdb3e233cabac4d64bd00bc6bd3fd9c63bea220569f83f48e2590122577c8d3a00c7e7a8c45753f4a3520327181a0a6f822a1fcfbdf8e770de9afd1f3de55b68e1fb5d15ceaecb6ff6eae903b8be00462a69a1ff0bd75217cecf656d07e17fd92e46d3c8f69058d74300e84b1e9241d13cc1673126d7ac378c325b393a6a757a0ceb4ab3fe1cb8cccf3f82d22e87ef22e091b6b4c7da0429b3b78f38f87402cdbd31316bf63a47711b21acc543bae12306d1d26633eefb171fb92be1eea12f7da52e5d316102521c35e03aec80f49dd504cf3b6c3a2a1837c9fad9382188720b4cf0a1ca8349785a1e97a416630747de016347edbe0e9698cbf08f05ad9f5416324a5b68bd7007b838627a6c33b156ea9eccb434833215aeb7123156bfe7cc6261970ed67ef530cdaccc9010800094e9add1d16c6effdce5da99da1346cbeabd93ce72e3d003dda49caba25fe7a04decb227655865675a7e0bd387d62b605963743567547c456f018bb45987f27a255e92e67354b6243bfa928f"}) (async, rerun: 32)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (rerun: 32)

05:48:29 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x1a900)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0xe, 0x2, 0x198, &(0x7f0000001340)="2a51c24ffd957a7df24bebdc895f336c55a73444123c679b36211d493ea649054a20b293ef00088a2298ed60bf743da01e6fe92052b01fa086f4fa6b44c20e4aaa8e3ccd5a08c6bce92ef097d665c7f7b148da6d279b4fcdfc1ae1a0b25edf56182e9bcc450eb6fa2cb69b35c0039014ce02e4cb359baeac2e84752103292efc16d44a5fa1bae95e7242d25d0fa354ebe5b174bf982a418a6e5b1c02009ee409dd834303c42d8d85424fa8e97f8b395e171e1d358eb66be80297d68e9191f22465136bd776c31104594c6e912107c6249b140dc3bf8871962dd148a79f2b59f067fbf12404db61ecfeacfb19cd104ba2c6ccc33b71c5f85fdc17a0a75de117e8462a3b23cd778e348b0e276f22d1608300eb5fb77f3beadecdf82e022787735dfea77883d331ba17df712353de0510a877721fb4167fb04f0f00524f685beae1c6604af82a8c889a5c23b3788c388e64ea370e5ea8175c72d10985c53a8592e5f6870f1fb3d0b3234c47c30046e5bc2ccc0862c8626791494669fb4f98abb29bdd9cec28a79a632e0bfdb37d3997ae73e68a22847344deb8b72d81ed2daba1ba4caaf36e1fb42d05ee1c4589908782ce8370a04cb1e6cea67999eec8dfe21ce71eed8864977d3a1c8aead329e9d2b99022a840c5f0d0d390f59980b583571a36d65ef91690b2530b1423d60e538354d8f637a547ec87a9fb0b159c2c92702763b5f9f838b7f88e1fde384972368f517bcc20fd3ebbb8d7e4fd641940aaf78697b77ffb58b170a4001e8b4fd0bd2f522ff0ca9d541cb82fb136483541d1931a6d294483d7dda4f324cc93cd3620e0b4aefdfebbfa7d176492a21327a7fa9a97b8b6ac870cf323954fbebce60f256df1e78c2acb225b1a6be945699102a790ea074c7f9bd63a4fbdb3e233cabac4d64bd00bc6bd3fd9c63bea220569f83f48e2590122577c8d3a00c7e7a8c45753f4a3520327181a0a6f822a1fcfbdf8e770de9afd1f3de55b68e1fb5d15ceaecb6ff6eae903b8be00462a69a1ff0bd75217cecf656d07e17fd92e46d3c8f69058d74300e84b1e9241d13cc1673126d7ac378c325b393a6a757a0ceb4ab3fe1cb8cccf3f82d22e87ef22e091b6b4c7da0429b3b78f38f87402cdbd31316bf63a47711b21acc543bae12306d1d26633eefb171fb92be1eea12f7da52e5d316102521c35e03aec80f49dd504cf3b6c3a2a1837c9fad9382188720b4cf0a1ca8349785a1e97a416630747de016347edbe0e9698cbf08f05ad9f5416324a5b68bd7007b838627a6c33b156ea9eccb434833215aeb7123156bfe7cc6261970ed67ef530cdaccc9010800094e9add1d16c6effdce5da99da1346cbeabd93ce72e3d003dda49caba25fe7a04decb227655865675a7e0bd387d62b605963743567547c456f018bb45987f27a255e92e67354b6243bfa928f"})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:29 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4089, 0xff9)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e23, 0x29612a13, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x800}}}, 0x38)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x3)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4089, 0xff9) (async)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000040)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e23, 0x29612a13, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x800}}}, 0x38) (async)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x3) (async)

05:48:29 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x10000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x5)

05:48:29 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x10000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x5)

05:48:29 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x10000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x5)
syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x10000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x5) (async)

05:48:29 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x139080)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:29 executing program 3:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000001580)={0x3e0, r0, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0xd8, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x34, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xffffffffffffffff}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2f8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "d82cdbeed37ba4c098a548882d7287e5c248c0026a382d081550155d18d78d3e"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x6}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "c0ff63db2e25861339370fa94a2e2ee3e64c8ab9aec988d4f0309ba5d40cd140"}, @NL802154_KEY_ATTR_ID={0x48, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x101}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x46}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x7c, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x78, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xfffffffffffeffff}, @NL802154_KEY_ID_ATTR_INDEX={0x5}]}]}, @NL802154_ATTR_SEC_KEY={0x28, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "454e40eea3bc6b2805b31296d88b4552ea6f84f45a4cfa1d7c153dd9b50bca53"}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_SEC_KEY={0xf0, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "29cac2b4cbcaa67280ab178221f1b17c"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "41d0741379aa68997e0ec41b669c9735"}, @NL802154_KEY_ATTR_ID={0x40, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "e800bd95bf72904a78d2d6597b68348e06bb003ac98442889d93a50054a8e15a"}, @NL802154_KEY_ATTR_ID={0x60, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}]}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x140, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x7c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x4c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "f0a13ffeb39a392fb7da54fc1e6461df6c4294a4684305e6b341c7684a624964"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xff}, @NL802154_KEY_ATTR_ID={0x1c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "306d85b7ecb8e46e2859687e9addd84e2c72afad7f5e7caf7291d1cb3c70e41d"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xf3}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "26e024acd4cdd8f985b63d2c42db112a02763e914941965276f3927ea0e12093"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xe}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "c39c499028b852d6e77d5f8011629db2"}, @NL802154_KEY_ATTR_ID={0xc, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}]}, 0x3e0}, 0x1, 0x0, 0x0, 0x8000}, 0x20004891)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000002c0)={'wpan0\x00'})
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000001340)={0x204, r0, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000001}, @NL802154_ATTR_SEC_KEY={0xd0, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x7c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x3c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "35ee3175c3474c2196ce2e7ff6d2ae5f2b79dd1f6352258c80594bc6132c37be"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x8}, @NL802154_KEY_ATTR_ID={0x24, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xcb84}]}]}, @NL802154_ATTR_SEC_KEY={0xe8, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "fc3688eff37826a8fc8ee18140970bd9caa08346c3e96c6217812fcf0759a5d7"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "741d46239a8065fb35e7cdd1315330e6a636e1d6db54598e8531e67e74e3640e"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "d44307d3e04fc20f2646d5188be276bc"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x4}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "393836757f0ca153447f11cbfd8f4f07"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "464fa043762ec883679ab45bfaa7f709817295c4c585f861c1aef620f8e80675"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "0cdc3c21d0b70b67ec8e72e10c660eb60d37967550d95cc0f5c48476cbe7f296"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "03fcf4f37988c63b9e0e80813393e983790f542fd123996f46d51cf938d73482"}]}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x204}, 0x1, 0x0, 0x0, 0x4044000}, 0x4000)
r6 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r6, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000000)="80ebda322537ed2bf5e20885df70ba69b3951bd677dc414aef4954ba0a2d40fef2d517a06e1577ecdf1fee97bd7b3de9c8bbba2c59ca5884c7689290a98e04222562a6fd431155490f6a60826aa313ca5cb510ec503cff30f404ab357d7890c7866379181c742329386c8db87c936ccecc67c3a535a2e656a7", 0x79})
read$snapshot(r6, &(0x7f0000000340)=""/4096, 0x1000)

05:48:29 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:29 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000040), 0x10002, 0x203)
ioctl$BLKROSET(r2, 0x125d, &(0x7f0000000080)=0x9)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$NBD_PRINT_DEBUG(r3, 0xab06)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0x40)
ioctl$VT_WAITACTIVE(r1, 0x5607)
read$snapshot(r0, 0x0, 0x0)

05:48:30 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000000)=0x90c) (async)
ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000040)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:30 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000080)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYRES64=r0, @ANYRES32=r0, @ANYBLOB="b66de6b083699a43ccc72eb59df83eb3cce4e4946539c33560fb3989a9d207f19198859082872544d1d9c4bcb2ac0000880c6755501e87c8eb95ad3e8c472adfe3a3975e44b7fcc2641bda375008fb6948f6722cd9e2c87675d204596d5be633bc50c6d7777fa99ac877e4ad1368f9686d208c1c60092af94666d6d99d00"/136, @ANYRES64=r0, @ANYRES32], 0xc8}, 0x1, 0x0, 0x0, 0x404c020}, 0x48000)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000000))
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x100000001, 0x8082)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280), 0x2, 0x6}}, 0x20)

05:48:30 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f0000000000)={0x0, 0x8001})
syz_open_pts(r0, 0x1)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000040)={0x2, 0x0, 0x10, 0x15, 0x11ba, &(0x7f0000001340)="6f9ced7031125741d0e5f9039ec47d58868b96f9eb845756c8cb04f2ebd389175e7a61477ac536a2af4e8cccb4018545b393b086738a19f403f40435f72b1251b3660ff3871d96a8a9b5fceaa651c3f8dfdae1e12b3d1590ff9a0aa42b7a1d99e88900792a6f08d75e338826bca0dcce920c27658aef541017f09f44b81427c829c7eeda51503595552141621f70b2ff11f264cdddff67a3c58c3f44860d698132e53da103e6600ea4c6e614adfb0836089bb8f92c1e6b6daa7f9baf4a66ecf7c543a5667f54ac05c387e8e11a134115fdc3c07c50da07da15ad8be768cc18a06cfc2d5363a88a27ade55ad5e6a724a63b7c6d0c5c1580ba428d5df6d69f398789ce84c9b6d9532705d7737b6543ef3d13164c4ebe46ba06bae20d3ec8936c8686ee840de8729243539fa1da694bd294f17b235b537484327da4d08388451c33aa3032c3373a9cefbd94322a6c82da633fc1325471b9b11496f6cc6a1c53b826e284965afd4b5c556b92ceda631dae4b50544a6ccb96e176b0ade13848c15d737b6f2080f92f795723d06874a1ca252a1cff28e156fe95266cc5b087c52393b29e92717ac46856b101ae73e911b34a81081a8892e5c4629218c20e19a1e4f13e78f818d0c7e9fe698db1ac235383cdefe116d114c90b4eee266810bb9a5e5db0f10e5eefeecf7241c3e2356d5f34099769899491113b539282d27bd87054d29ce5cabec3a9249e0baf1db49f4bc8fdf9e0b916634caeccb37f1bc911f1ee1dfb1fe534796d8d8d05b2fed6d31def95bbe56e75539b0ed2b5e52bdfcf864fe7976a26310f8248f7cbab3a6420e69e939569253bc3761fe4a476e00015a9e30549002d316466c9fb82fa90f96b2f9aac3fb2787e81de55a124217085b9aeec350dc5b29bc531023890c43d7a9539ce0611072cf5930b13237c4b27065fa0b41cd8912cf2b0ffeca73fdc68b056d8891c728d7f749cb8d9f9554c0c539f632f4d320b0893b302ee9cc0c5a1e8cbba7db3834b9f5da2bf1bf915592cf664377a4bf6b6cff12364fea1a41067cb302c4d5d6fa355db3cee557337cd0327bc7ac8b63b7ca62b98787249f85969e628d4798bda379dc3ebe21492498a4accfe0637c0c33c851f96b7f9b4903a67fce42433031bbfe06185547567a3b33de53ea0359001b812c1d8fb26367f9a4001c677aaf62213d7338e240303395809303ac020251c64eeeef19dc946e97cea5b66599821195f4d7bf0aa20cfb56407cec2fe9c20322e378666f47198f5c4c34aee0481802788e80eef39b634b63494c102db5601b1413aef2dcea702e0117e5273e17a185c99c4806469b1013e36a8d3cdaa91b0fef724d972e8152f64e81be7b6bd117a9e8656755f49e3644d6ea7d9318c17f12ef26b1f57d139731de6c1a1972e5da567f5dfb14722fa250d6ac0ef9153bf00fb"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCCONS(r1, 0x541d)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)

05:48:30 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000040), 0x7, 0x301000)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000000))

05:48:30 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000040)={0x1f, 0x8000000000000001})
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000140)=0xfff)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000200))
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
ioctl$BLKRAGET(r2, 0x1263, &(0x7f00000000c0))
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000180)=0x1)
r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0x7ff, 0x600280)
ioctl$SNAPSHOT_FREE(r3, 0x3305)

05:48:30 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:48:30 executing program 3:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000001580)={0x3e0, r0, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0xd8, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x34, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xffffffffffffffff}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2f8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "d82cdbeed37ba4c098a548882d7287e5c248c0026a382d081550155d18d78d3e"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x6}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "c0ff63db2e25861339370fa94a2e2ee3e64c8ab9aec988d4f0309ba5d40cd140"}, @NL802154_KEY_ATTR_ID={0x48, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x101}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x46}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x7c, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x78, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xfffffffffffeffff}, @NL802154_KEY_ID_ATTR_INDEX={0x5}]}]}, @NL802154_ATTR_SEC_KEY={0x28, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "454e40eea3bc6b2805b31296d88b4552ea6f84f45a4cfa1d7c153dd9b50bca53"}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_SEC_KEY={0xf0, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "29cac2b4cbcaa67280ab178221f1b17c"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "41d0741379aa68997e0ec41b669c9735"}, @NL802154_KEY_ATTR_ID={0x40, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "e800bd95bf72904a78d2d6597b68348e06bb003ac98442889d93a50054a8e15a"}, @NL802154_KEY_ATTR_ID={0x60, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}]}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x140, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x7c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x4c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "f0a13ffeb39a392fb7da54fc1e6461df6c4294a4684305e6b341c7684a624964"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xff}, @NL802154_KEY_ATTR_ID={0x1c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "306d85b7ecb8e46e2859687e9addd84e2c72afad7f5e7caf7291d1cb3c70e41d"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xf3}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "26e024acd4cdd8f985b63d2c42db112a02763e914941965276f3927ea0e12093"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xe}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "c39c499028b852d6e77d5f8011629db2"}, @NL802154_KEY_ATTR_ID={0xc, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}]}, 0x3e0}, 0x1, 0x0, 0x0, 0x8000}, 0x20004891)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000002c0)={'wpan0\x00'})
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000001340)={0x204, r0, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000001}, @NL802154_ATTR_SEC_KEY={0xd0, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x7c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x3c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "35ee3175c3474c2196ce2e7ff6d2ae5f2b79dd1f6352258c80594bc6132c37be"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x8}, @NL802154_KEY_ATTR_ID={0x24, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xcb84}]}]}, @NL802154_ATTR_SEC_KEY={0xe8, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "fc3688eff37826a8fc8ee18140970bd9caa08346c3e96c6217812fcf0759a5d7"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "741d46239a8065fb35e7cdd1315330e6a636e1d6db54598e8531e67e74e3640e"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "d44307d3e04fc20f2646d5188be276bc"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x4}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "393836757f0ca153447f11cbfd8f4f07"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "464fa043762ec883679ab45bfaa7f709817295c4c585f861c1aef620f8e80675"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "0cdc3c21d0b70b67ec8e72e10c660eb60d37967550d95cc0f5c48476cbe7f296"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "03fcf4f37988c63b9e0e80813393e983790f542fd123996f46d51cf938d73482"}]}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x204}, 0x1, 0x0, 0x0, 0x4044000}, 0x4000)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r6 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r6, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000000)="80ebda322537ed2bf5e20885df70ba69b3951bd677dc414aef4954ba0a2d40fef2d517a06e1577ecdf1fee97bd7b3de9c8bbba2c59ca5884c7689290a98e04222562a6fd431155490f6a60826aa313ca5cb510ec503cff30f404ab357d7890c7866379181c742329386c8db87c936ccecc67c3a535a2e656a7", 0x79}) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r6, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000000)="80ebda322537ed2bf5e20885df70ba69b3951bd677dc414aef4954ba0a2d40fef2d517a06e1577ecdf1fee97bd7b3de9c8bbba2c59ca5884c7689290a98e04222562a6fd431155490f6a60826aa313ca5cb510ec503cff30f404ab357d7890c7866379181c742329386c8db87c936ccecc67c3a535a2e656a7", 0x79})
read$snapshot(r6, &(0x7f0000000340)=""/4096, 0x1000)

05:48:30 executing program 0:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000001580)={0x3e0, r0, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0xd8, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x34, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xffffffffffffffff}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2f8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "d82cdbeed37ba4c098a548882d7287e5c248c0026a382d081550155d18d78d3e"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x6}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "c0ff63db2e25861339370fa94a2e2ee3e64c8ab9aec988d4f0309ba5d40cd140"}, @NL802154_KEY_ATTR_ID={0x48, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x101}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x46}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x7c, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x78, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xfffffffffffeffff}, @NL802154_KEY_ID_ATTR_INDEX={0x5}]}]}, @NL802154_ATTR_SEC_KEY={0x28, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "454e40eea3bc6b2805b31296d88b4552ea6f84f45a4cfa1d7c153dd9b50bca53"}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_SEC_KEY={0xf0, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "29cac2b4cbcaa67280ab178221f1b17c"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "41d0741379aa68997e0ec41b669c9735"}, @NL802154_KEY_ATTR_ID={0x40, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "e800bd95bf72904a78d2d6597b68348e06bb003ac98442889d93a50054a8e15a"}, @NL802154_KEY_ATTR_ID={0x60, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}]}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x140, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x7c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x4c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "f0a13ffeb39a392fb7da54fc1e6461df6c4294a4684305e6b341c7684a624964"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xff}, @NL802154_KEY_ATTR_ID={0x1c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "306d85b7ecb8e46e2859687e9addd84e2c72afad7f5e7caf7291d1cb3c70e41d"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xf3}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "26e024acd4cdd8f985b63d2c42db112a02763e914941965276f3927ea0e12093"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xe}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "c39c499028b852d6e77d5f8011629db2"}, @NL802154_KEY_ATTR_ID={0xc, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}]}, 0x3e0}, 0x1, 0x0, 0x0, 0x8000}, 0x20004891)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000002c0)={'wpan0\x00'})
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000001340)={0x204, r0, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000001}, @NL802154_ATTR_SEC_KEY={0xd0, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x7c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x3c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "35ee3175c3474c2196ce2e7ff6d2ae5f2b79dd1f6352258c80594bc6132c37be"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x8}, @NL802154_KEY_ATTR_ID={0x24, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xcb84}]}]}, @NL802154_ATTR_SEC_KEY={0xe8, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "fc3688eff37826a8fc8ee18140970bd9caa08346c3e96c6217812fcf0759a5d7"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "741d46239a8065fb35e7cdd1315330e6a636e1d6db54598e8531e67e74e3640e"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "d44307d3e04fc20f2646d5188be276bc"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x4}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "393836757f0ca153447f11cbfd8f4f07"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "464fa043762ec883679ab45bfaa7f709817295c4c585f861c1aef620f8e80675"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "0cdc3c21d0b70b67ec8e72e10c660eb60d37967550d95cc0f5c48476cbe7f296"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "03fcf4f37988c63b9e0e80813393e983790f542fd123996f46d51cf938d73482"}]}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x204}, 0x1, 0x0, 0x0, 0x4044000}, 0x4000)
r6 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r6, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000000)="80ebda322537ed2bf5e20885df70ba69b3951bd677dc414aef4954ba0a2d40fef2d517a06e1577ecdf1fee97bd7b3de9c8bbba2c59ca5884c7689290a98e04222562a6fd431155490f6a60826aa313ca5cb510ec503cff30f404ab357d7890c7866379181c742329386c8db87c936ccecc67c3a535a2e656a7", 0x79})
read$snapshot(r6, &(0x7f0000000340)=""/4096, 0x1000)

05:48:30 executing program 5:
openat$pfkey(0xffffffffffffff9c, &(0x7f0000002640), 0x4000, 0x0)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:30 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f00000000c0)={0x10000})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000000)={@hyper})

05:48:30 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000040)={0x1f, 0x8000000000000001}) (async)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000140)=0xfff)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000200)) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
ioctl$BLKRAGET(r2, 0x1263, &(0x7f00000000c0))
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000180)=0x1) (async)
r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0x7ff, 0x600280)
ioctl$SNAPSHOT_FREE(r3, 0x3305)

05:48:30 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:48:30 executing program 3:
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r4, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000001580)={0x3e0, r0, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0xd8, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x34, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xffffffffffffffff}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2f8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "d82cdbeed37ba4c098a548882d7287e5c248c0026a382d081550155d18d78d3e"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x6}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "c0ff63db2e25861339370fa94a2e2ee3e64c8ab9aec988d4f0309ba5d40cd140"}, @NL802154_KEY_ATTR_ID={0x48, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x101}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x46}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x7c, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x78, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xfffffffffffeffff}, @NL802154_KEY_ID_ATTR_INDEX={0x5}]}]}, @NL802154_ATTR_SEC_KEY={0x28, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "454e40eea3bc6b2805b31296d88b4552ea6f84f45a4cfa1d7c153dd9b50bca53"}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_SEC_KEY={0xf0, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "29cac2b4cbcaa67280ab178221f1b17c"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "41d0741379aa68997e0ec41b669c9735"}, @NL802154_KEY_ATTR_ID={0x40, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "e800bd95bf72904a78d2d6597b68348e06bb003ac98442889d93a50054a8e15a"}, @NL802154_KEY_ATTR_ID={0x60, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}]}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x140, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x7c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x4c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "f0a13ffeb39a392fb7da54fc1e6461df6c4294a4684305e6b341c7684a624964"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xff}, @NL802154_KEY_ATTR_ID={0x1c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "306d85b7ecb8e46e2859687e9addd84e2c72afad7f5e7caf7291d1cb3c70e41d"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xf3}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "26e024acd4cdd8f985b63d2c42db112a02763e914941965276f3927ea0e12093"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xe}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "c39c499028b852d6e77d5f8011629db2"}, @NL802154_KEY_ATTR_ID={0xc, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}]}, 0x3e0}, 0x1, 0x0, 0x0, 0x8000}, 0x20004891) (async)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000002c0)={'wpan0\x00'})
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000001340)={0x204, r0, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000001}, @NL802154_ATTR_SEC_KEY={0xd0, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x7c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x3c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "35ee3175c3474c2196ce2e7ff6d2ae5f2b79dd1f6352258c80594bc6132c37be"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x8}, @NL802154_KEY_ATTR_ID={0x24, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xcb84}]}]}, @NL802154_ATTR_SEC_KEY={0xe8, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "fc3688eff37826a8fc8ee18140970bd9caa08346c3e96c6217812fcf0759a5d7"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "741d46239a8065fb35e7cdd1315330e6a636e1d6db54598e8531e67e74e3640e"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "d44307d3e04fc20f2646d5188be276bc"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x4}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "393836757f0ca153447f11cbfd8f4f07"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "464fa043762ec883679ab45bfaa7f709817295c4c585f861c1aef620f8e80675"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "0cdc3c21d0b70b67ec8e72e10c660eb60d37967550d95cc0f5c48476cbe7f296"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "03fcf4f37988c63b9e0e80813393e983790f542fd123996f46d51cf938d73482"}]}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x204}, 0x1, 0x0, 0x0, 0x4044000}, 0x4000) (async)
r6 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r6, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000000)="80ebda322537ed2bf5e20885df70ba69b3951bd677dc414aef4954ba0a2d40fef2d517a06e1577ecdf1fee97bd7b3de9c8bbba2c59ca5884c7689290a98e04222562a6fd431155490f6a60826aa313ca5cb510ec503cff30f404ab357d7890c7866379181c742329386c8db87c936ccecc67c3a535a2e656a7", 0x79}) (async)
read$snapshot(r6, &(0x7f0000000340)=""/4096, 0x1000)

05:48:30 executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000080)=0x100)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
openat$cgroup_subtree(r1, &(0x7f0000000040), 0x2, 0x0)
r2 = syz_open_dev$audion(&(0x7f00000000c0), 0x100000001, 0x8000)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000100), 0x106, 0x8}}, 0x20)

05:48:30 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0xffffffff, 0x4000)
ioctl$SNAPSHOT_FREE(r0, 0x3305)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:31 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/4082, 0xff2)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x2)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000100))
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x102, 0x0)
r4 = syz_open_pts(r3, 0x321000)
ioctl$TIOCL_UNBLANKSCREEN(r4, 0x541c, &(0x7f0000000080))
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r3, 0x3312, 0x5)

05:48:31 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f00000000c0)={0x10000}) (async)
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f00000000c0)={0x10000})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000000)={@hyper})

05:48:31 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000040)={0x1f, 0x8000000000000001})
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x8)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000140)=0xfff)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000200)) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
ioctl$BLKRAGET(r2, 0x1263, &(0x7f00000000c0)) (async)
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000180)=0x1) (async)
r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0x7ff, 0x600280)
ioctl$SNAPSHOT_FREE(r3, 0x3305)

05:48:31 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:48:31 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000002400)={0x5, &(0x7f0000000040)=""/234, &(0x7f00000002c0)=[{0x10001, 0x7d, 0x4, &(0x7f0000000140)=""/125}, {0x4889, 0xc, 0x5, &(0x7f0000000200)=""/12}, {0x0, 0x1000, 0x3f, &(0x7f0000001340)=""/4096}, {0xfffffffc, 0x6c, 0x1, &(0x7f0000000240)=""/108}, {0x9, 0xb6, 0x7, &(0x7f0000002340)=""/182}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:31 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f00000000c0)={0x10000})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000000)={@hyper})

05:48:31 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 64)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8) (rerun: 64)
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f00000000c0)={0x10000})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000000)={@hyper})

05:48:31 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x11fffffd, 0x76dd20)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000000)={0x0, 0x88})
read$snapshot(r0, 0x0, 0x0)

05:48:31 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$KIOCSOUND(r1, 0x4b2f, 0xffffffffffffffff)

05:48:31 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f00000013c0)={0x3, &(0x7f0000000040)=""/49, &(0x7f0000001340)=[{0x8, 0xd0, 0x5, &(0x7f0000000080)=""/208}, {0x7, 0xe7, 0x3ff, &(0x7f0000000180)=""/231}, {0x8, 0x8a, 0x80, &(0x7f0000000280)=""/138}]})
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x10000004007, 0x48800)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:31 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f00000013c0)={0x3, &(0x7f0000000040)=""/49, &(0x7f0000001340)=[{0x8, 0xd0, 0x5, &(0x7f0000000080)=""/208}, {0x7, 0xe7, 0x3ff, &(0x7f0000000180)=""/231}, {0x8, 0x8a, 0x80, &(0x7f0000000280)=""/138}]})
syz_open_dev$audion(&(0x7f0000000000), 0x10000004007, 0x48800) (async)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x10000004007, 0x48800)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:31 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f00000013c0)={0x3, &(0x7f0000000040)=""/49, &(0x7f0000001340)=[{0x8, 0xd0, 0x5, &(0x7f0000000080)=""/208}, {0x7, 0xe7, 0x3ff, &(0x7f0000000180)=""/231}, {0x8, 0x8a, 0x80, &(0x7f0000000280)=""/138}]})
syz_open_dev$audion(&(0x7f0000000000), 0x10000004007, 0x48800) (async)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x10000004007, 0x48800)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:31 executing program 4:
read$snapshot(0xffffffffffffffff, 0x0, 0x12)

05:48:31 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x8001, 0x80c01)
setrlimit(0x0, &(0x7f0000000080)={0x80000000, 0x80000000})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000040))

05:48:31 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000002400)={0x5, &(0x7f0000000040)=""/234, &(0x7f00000002c0)=[{0x10001, 0x7d, 0x4, &(0x7f0000000140)=""/125}, {0x4889, 0xc, 0x5, &(0x7f0000000200)=""/12}, {0x0, 0x1000, 0x3f, &(0x7f0000001340)=""/4096}, {0xfffffffc, 0x6c, 0x1, &(0x7f0000000240)=""/108}, {0x9, 0xb6, 0x7, &(0x7f0000002340)=""/182}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:31 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000002400)={0x5, &(0x7f0000000040)=""/234, &(0x7f00000002c0)=[{0x10001, 0x7d, 0x4, &(0x7f0000000140)=""/125}, {0x4889, 0xc, 0x5, &(0x7f0000000200)=""/12}, {0x0, 0x1000, 0x3f, &(0x7f0000001340)=""/4096}, {0xfffffffc, 0x6c, 0x1, &(0x7f0000000240)=""/108}, {0x9, 0xb6, 0x7, &(0x7f0000002340)=""/182}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:31 executing program 4:
read$snapshot(0xffffffffffffffff, 0x0, 0x12)

05:48:31 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x8001, 0x80c01)
setrlimit(0x0, &(0x7f0000000080)={0x80000000, 0x80000000}) (async, rerun: 64)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 64)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000040))

05:48:32 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$audion(&(0x7f0000000000), 0x80, 0x100)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:32 executing program 4:
read$snapshot(0xffffffffffffffff, 0x0, 0x12)

05:48:32 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x8001, 0x80c01)
setrlimit(0x0, &(0x7f0000000080)={0x80000000, 0x80000000}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000040))

05:48:32 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x601, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x1f)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:32 executing program 0:
r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000080)={0x3, 0x1, 0x84dd, 0x20})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x1c1840, 0x0)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x240)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:32 executing program 4:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:48:32 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
semctl$GETVAL(0x0, 0x1, 0xc, &(0x7f0000000040)=""/52)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012bbd7000fcdbdf25180000000c00060000000000000000000c000600010000000100000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB="0c00060000009e000000f0a30ba167ce0614cd001624003e801800018005000200010000000c00038008000200000000a6f8aee9b20c8e818a06fc65de35bba70507e04d2b73fe7d7fb90084c0ecd2bab5bd3e486004122f4ca6abb53fc6b1c4f4e532a0429c471badad63d95e1aecfe7a551636845c2829e320446ee3178ea894faf1823eae40ae1c"], 0x6c}}, 0x4000000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:32 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000040)={0xffffffffffffff34, 0x1ff})
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000080)={0x8000, 0x1, 0x5, 0x9})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f0000000000), 0x100, 0x2c402)

05:48:32 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000002400)={0x5, &(0x7f0000000040)=""/234, &(0x7f00000002c0)=[{0x10001, 0x7d, 0x4, &(0x7f0000000140)=""/125}, {0x4889, 0xc, 0x5, &(0x7f0000000200)=""/12}, {0x0, 0x1000, 0x3f, &(0x7f0000001340)=""/4096}, {0xfffffffc, 0x6c, 0x1, &(0x7f0000000240)=""/108}, {0x9, 0xb6, 0x7, &(0x7f0000002340)=""/182}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:32 executing program 4:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:48:32 executing program 4:
r0 = syz_open_dev$audion(0x0, 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:48:32 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:48:33 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$audion(&(0x7f0000000000), 0x80, 0x100) (async, rerun: 64)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (rerun: 64)

05:48:33 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:48:33 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:48:33 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$audion(&(0x7f0000000000), 0x80, 0x100)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:33 executing program 4:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, 0x0, 0x12)

05:48:33 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
semctl$GETVAL(0x0, 0x1, 0xc, &(0x7f0000000040)=""/52) (async)
semctl$GETVAL(0x0, 0x1, 0xc, &(0x7f0000000040)=""/52)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012bbd7000fcdbdf25180000000c00060000000000000000000c000600010000000100000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB="0c00060000009e000000f0a30ba167ce0614cd001624003e801800018005000200010000000c00038008000200000000a6f8aee9b20c8e818a06fc65de35bba70507e04d2b73fe7d7fb90084c0ecd2bab5bd3e486004122f4ca6abb53fc6b1c4f4e532a0429c471badad63d95e1aecfe7a551636845c2829e320446ee3178ea894faf1823eae40ae1c"], 0x6c}}, 0x4000000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:33 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:48:33 executing program 4:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, 0x0, 0x12)

05:48:33 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0x4, 0x100000000, 0xff, 0x1})
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0xff013e59317b837b, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x8001)

05:48:33 executing program 4:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(0xffffffffffffffff, 0x0, 0x12)

05:48:33 executing program 0:
r0 = getpgid(0x0)
capset(&(0x7f0000000000)={0x20080522, r0}, &(0x7f0000000040)={0x1f, 0x398738f8, 0x4, 0x61, 0x9, 0x7})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:33 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10d040)
read$snapshot(r0, 0x0, 0x0)

05:48:33 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$audion(&(0x7f0000000000), 0x80, 0x100)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:33 executing program 4:
ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f0000000000)={0x6, 0x7fff, 0xe00000, 0xde})
r0 = syz_open_dev$audion(&(0x7f0000000040), 0xfffffffffffffffe, 0x323526dc5c1a061b)
read$snapshot(r0, 0x0, 0x0)

05:48:33 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
semctl$GETVAL(0x0, 0x1, 0xc, &(0x7f0000000040)=""/52) (async)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012bbd7000fcdbdf25180000000c00060000000000000000000c000600010000000100000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB="0c00060000009e000000f0a30ba167ce0614cd001624003e801800018005000200010000000c00038008000200000000a6f8aee9b20c8e818a06fc65de35bba70507e04d2b73fe7d7fb90084c0ecd2bab5bd3e486004122f4ca6abb53fc6b1c4f4e532a0429c471badad63d95e1aecfe7a551636845c2829e320446ee3178ea894faf1823eae40ae1c"], 0x6c}}, 0x4000000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:33 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000040)={&(0x7f0000000000)=[0x7, 0x2, 0xfff, 0x3, 0x6de1], 0x5, 0x8000, 0xe7e7, 0x1000, 0x372, 0x80000001, 0x8, {0x5, 0x4, 0x7, 0x9, 0x1, 0x3, 0x0, 0x3, 0x75b, 0x4, 0x9, 0x0, 0x8001, 0x8, "7ba04247d415ba762523dbbfbbe7b1f7f412bf39b00e0f2868884ce592d5e137"}})

05:48:33 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0))
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000100)=0x2)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000080)={0x582, 0x0, 0x10001})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:33 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000) (async)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0x4, 0x100000000, 0xff, 0x1}) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0xff013e59317b837b, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x8001)

05:48:34 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(r1, 0x4010641a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[0x0, 0x0]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:34 executing program 1:
r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x6)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x10001)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x100)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
syz_open_pts(r2, 0x80)
syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000040))
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)

05:48:34 executing program 1:
r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x6)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x10001) (async)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x100) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
syz_open_pts(r2, 0x80)
syz_open_dev$ptys(0xc, 0x3, 0x1) (async)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000040)) (async)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000)

05:48:34 executing program 1:
r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x6)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x10001)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) (async)
syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x100)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
syz_open_pts(r2, 0x80)
syz_open_dev$ptys(0xc, 0x3, 0x1) (async)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000040)) (async, rerun: 32)
read$snapshot(0xffffffffffffffff, &(0x7f0000000340)=""/4096, 0x1000) (rerun: 32)

05:48:34 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x8, 0xa00)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = mq_open(&(0x7f0000000000)='/dev/audio#\x00', 0x80, 0x10, &(0x7f0000000040)={0x100000001, 0x7, 0x1, 0x6})
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0xb98)
ioctl$TIOCGPKT(r2, 0x80045438, &(0x7f0000000100))
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
mq_getsetattr(r1, &(0x7f0000000080)={0x4, 0x5c13a35f, 0x1, 0x2}, &(0x7f00000000c0))

05:48:34 executing program 1:
syz_open_dev$audion(&(0x7f00000001c0), 0x8, 0xa00) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x8, 0xa00)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = mq_open(&(0x7f0000000000)='/dev/audio#\x00', 0x80, 0x10, &(0x7f0000000040)={0x100000001, 0x7, 0x1, 0x6})
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0xb98)
ioctl$TIOCGPKT(r2, 0x80045438, &(0x7f0000000100))
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
mq_getsetattr(r1, &(0x7f0000000080)={0x4, 0x5c13a35f, 0x1, 0x2}, &(0x7f00000000c0))

05:48:34 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x8, 0xa00)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = mq_open(&(0x7f0000000000)='/dev/audio#\x00', 0x80, 0x10, &(0x7f0000000040)={0x100000001, 0x7, 0x1, 0x6})
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0xb98)
ioctl$TIOCGPKT(r2, 0x80045438, &(0x7f0000000100))
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
mq_getsetattr(r1, &(0x7f0000000080)={0x4, 0x5c13a35f, 0x1, 0x2}, &(0x7f00000000c0))
syz_open_dev$audion(&(0x7f00000001c0), 0x8, 0xa00) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
mq_open(&(0x7f0000000000)='/dev/audio#\x00', 0x80, 0x10, &(0x7f0000000040)={0x100000001, 0x7, 0x1, 0x6}) (async)
ioctl$TIOCGPTPEER(r0, 0x5441, 0xb98) (async)
ioctl$TIOCGPKT(r2, 0x80045438, &(0x7f0000000100)) (async)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) (async)
mq_getsetattr(r1, &(0x7f0000000080)={0x4, 0x5c13a35f, 0x1, 0x2}, &(0x7f00000000c0)) (async)

05:48:34 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x80800)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000200)={0x0, 0x14, 0xfffffffffffffffb})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r1, 0xc01064ac, &(0x7f0000000180)={0x2, 0x9c, &(0x7f00000000c0)=""/156})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r2, 0xc00464be, &(0x7f00000001c0)={0x2})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_GEM_CLOSE(r2, 0x40086409, &(0x7f0000000040))

05:48:34 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={0xffffffffffffffff, r0}, 0x10)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000040)={0xfffffffffffff800})

05:48:34 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(r1, 0x4010641a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[0x0, 0x0]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:34 executing program 0:
r0 = semget$private(0x0, 0x0, 0x22)
semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000100)=""/143)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x1ffffffe, 0x40002)
r3 = semget$private(0x0, 0x4, 0x20)
semctl$IPC_RMID(r3, 0x0, 0x0)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000080))
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000000))

05:48:34 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000) (async)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0x4, 0x100000000, 0xff, 0x1})
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0xff013e59317b837b, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x8001)

05:48:34 executing program 4:
r0 = syz_open_dev$audion(&(0x7f0000000180), 0xffffffffffffffff, 0x3fb080)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000140)={0x7fff})
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$VT_WAITACTIVE(r2, 0x5607)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000080))

05:48:34 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x80800)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000200)={0x0, 0x14, 0xfffffffffffffffb})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r1, 0xc01064ac, &(0x7f0000000180)={0x2, 0x9c, &(0x7f00000000c0)=""/156}) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r2, 0xc00464be, &(0x7f00000001c0)={0x2})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_GEM_CLOSE(r2, 0x40086409, &(0x7f0000000040))

05:48:34 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={0xffffffffffffffff, r0}, 0x10)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async, rerun: 64)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000040)={0xfffffffffffff800}) (rerun: 64)

05:48:34 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r7, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r11, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r12}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r10, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r12, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000080)=0x93e)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000000)={0x4, 0x0, 0x7, 0x5ffd})
r14 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r14, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:34 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={0xffffffffffffffff, r0}, 0x10) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000040)={0xfffffffffffff800})

05:48:34 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x80800)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000200)={0x0, 0x14, 0xfffffffffffffffb})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r1, 0xc01064ac, &(0x7f0000000180)={0x2, 0x9c, &(0x7f00000000c0)=""/156})
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r2, 0xc00464be, &(0x7f00000001c0)={0x2})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_GEM_CLOSE(r2, 0x40086409, &(0x7f0000000040))

05:48:34 executing program 0:
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r0=>0x0)
sched_setparam(r0, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xe27c)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)

05:48:34 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r7, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r11, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r12}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r10, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r12, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000080)=0x93e)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000000)={0x4, 0x0, 0x7, 0x5ffd})
r14 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r14, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:34 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000000)={0x1ff, 0xf7a2, 0x400})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:35 executing program 5:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x8, 0xa2000)
openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x200100, 0x0)
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000300)={0xffffffffffffffff}, 0x4)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001480)='./cgroup/syz1\x00', 0x200002, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000014c0)={r1, r3, 0x22}, 0x10)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001340), 0x202000, 0x0)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
r7 = bpf$ITER_CREATE(0x21, &(0x7f0000001380)={r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0xc, 0x8, &(0x7f0000000100)=@raw=[@btf_id={0x18, 0xf, 0x3, 0x0, 0x1}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0xcf6}, @alu={0x3, 0x0, 0xc, 0x8, 0x2, 0xffffffffffffffc0, 0xfffffffffffffff7}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x1}], &(0x7f0000000140)='GPL\x00', 0xfffffffb, 0xf8, &(0x7f0000000180)=""/248, 0x41100, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x3, 0x5}, 0x8, 0x10, &(0x7f00000002c0)={0x3, 0x5, 0x8, 0x6}, 0x10, 0xffffffffffffffff, r1, 0x0, &(0x7f00000013c0)=[r2, r0, r4, r5, r6, r7, r0]}, 0x80)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000040))
r8 = syz_open_dev$audion(&(0x7f0000000080), 0x0, 0x0)
read$snapshot(r8, &(0x7f0000000340)=""/4096, 0x1000)

05:48:35 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r7, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r11, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r12}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r10, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r12, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000080)=0x93e)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000000)={0x4, 0x0, 0x7, 0x5ffd})
r14 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r14, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r4=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r3, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r7, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000001440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="af000000000000000000100000004a751bf1a4e1375f426c6ef15db81e1addf0d00c7fa6760a29be1a4957a7faf22a2ce5713f92630ffd752002a854af990b817ebdebedffbeaaef293020251840e2c6aa418f2417714ad22c73af60910f50872034517320829d2b9818affa1c249fd71e2e6722b21afb1368db077141b3988267865eccb7d4f9290f2f8254c388bed1e36c13f3c4b4cf3e8669fbb0b01300ae5d0402bb4c1100abeeb4f99f89aba3359fbf980625436b5090d764d1cce871d3ac7e8f8b3767e2de067f82174e63bb3447b9cfbd469460ee97e82a0000"], 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r6, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r8, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r11=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r10, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r14, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r15}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r12, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r16=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r13, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r15, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r16}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000280)={'wpan0\x00', <r17=>0x0})
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000001380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001340)={&(0x7f00000013c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="00de5d448c00000000040000000000000000e418673c434bc3d47ce1df564f22d53500"/44, @ANYRES32=r4, @ANYBLOB="050011000000000005001000080000000c000600020000000200000008000300", @ANYRES32=r16, @ANYBLOB="08000300", @ANYRES32=r17, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x48001}, 0x880)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x68, 0x0, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_LEVEL={0x2c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000031}, 0x4004014)
r18 = syz_open_dev$audion(&(0x7f0000000000), 0x2, 0x4400)
read$snapshot(r18, &(0x7f0000000340)=""/4065, 0xff31)

05:48:35 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000000)={0x1d})

05:48:35 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r7, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r11, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r12}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r10, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r12, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000080)=0x93e)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000000)={0x4, 0x0, 0x7, 0x5ffd})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TCSBRK(r0, 0x5409, 0x100000001)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000040)={0x16, 0x98, 0xfa00, {&(0x7f0000000000), 0x2, 0xffffffffffffffff, 0x30, 0x1, @in6={0xa, 0x4e22, 0x5, @mcast1, 0xaf}}}, 0xa0)

05:48:35 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f00000001c0)=0x80000001)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x10600, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000100), 0x400, 0x10da2edfa06df265)
ioctl$DRM_IOCTL_DROP_MASTER(0xffffffffffffffff, 0x641f)
ioctl$BLKBSZGET(r1, 0x80081270, &(0x7f0000000040))
ioctl$TIOCMBIS(r2, 0x5416, &(0x7f0000000180)=0xad)
r3 = openat$md(0xffffffffffffff9c, &(0x7f0000000080), 0x4001, 0x0)
ioctl$BLKPBSZGET(r3, 0x127b, &(0x7f00000000c0))
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)

05:48:35 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r7, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r11, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r12}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r10, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r12, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000080)=0x93e)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000000)={0x4, 0x0, 0x7, 0x5ffd})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000000)={0x1ff, 0xf7a2, 0x400})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:35 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r7, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r11, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r12}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r10, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r12, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000080)=0x93e)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000000)={0x4, 0x0, 0x7, 0x5ffd})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r4=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r3, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r7, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000001440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="af000000000000000000100000004a751bf1a4e1375f426c6ef15db81e1addf0d00c7fa6760a29be1a4957a7faf22a2ce5713f92630ffd752002a854af990b817ebdebedffbeaaef293020251840e2c6aa418f2417714ad22c73af60910f50872034517320829d2b9818affa1c249fd71e2e6722b21afb1368db077141b3988267865eccb7d4f9290f2f8254c388bed1e36c13f3c4b4cf3e8669fbb0b01300ae5d0402bb4c1100abeeb4f99f89aba3359fbf980625436b5090d764d1cce871d3ac7e8f8b3767e2de067f82174e63bb3447b9cfbd469460ee97e82a0000"], 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r6, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r8, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r11=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r10, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r14, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r15}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r12, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r16=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r13, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r15, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r16}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000280)={'wpan0\x00', <r17=>0x0})
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000001380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001340)={&(0x7f00000013c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="00de5d448c00000000040000000000000000e418673c434bc3d47ce1df564f22d53500"/44, @ANYRES32=r4, @ANYBLOB="050011000000000005001000080000000c000600020000000200000008000300", @ANYRES32=r16, @ANYBLOB="08000300", @ANYRES32=r17, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x48001}, 0x880) (async)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x68, 0x0, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_LEVEL={0x2c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000031}, 0x4004014) (async)
r18 = syz_open_dev$audion(&(0x7f0000000000), 0x2, 0x4400)
read$snapshot(r18, &(0x7f0000000340)=""/4065, 0xff31)

05:48:35 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000000)={0x1ff, 0xf7a2, 0x400})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:35 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r4=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r3, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r7, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000001440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="af000000000000000000100000004a751bf1a4e1375f426c6ef15db81e1addf0d00c7fa6760a29be1a4957a7faf22a2ce5713f92630ffd752002a854af990b817ebdebedffbeaaef293020251840e2c6aa418f2417714ad22c73af60910f50872034517320829d2b9818affa1c249fd71e2e6722b21afb1368db077141b3988267865eccb7d4f9290f2f8254c388bed1e36c13f3c4b4cf3e8669fbb0b01300ae5d0402bb4c1100abeeb4f99f89aba3359fbf980625436b5090d764d1cce871d3ac7e8f8b3767e2de067f82174e63bb3447b9cfbd469460ee97e82a0000"], 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r6, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r8, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r11=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r10, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r15 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r14, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r15}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r12, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r16=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r13, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r15, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r16}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000280)={'wpan0\x00', <r17=>0x0}) (rerun: 64)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000001380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001340)={&(0x7f00000013c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="00de5d448c00000000040000000000000000e418673c434bc3d47ce1df564f22d53500"/44, @ANYRES32=r4, @ANYBLOB="050011000000000005001000080000000c000600020000000200000008000300", @ANYRES32=r16, @ANYBLOB="08000300", @ANYRES32=r17, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x48001}, 0x880) (async)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x68, 0x0, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_LEVEL={0x2c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000031}, 0x4004014) (async)
r18 = syz_open_dev$audion(&(0x7f0000000000), 0x2, 0x4400)
read$snapshot(r18, &(0x7f0000000340)=""/4065, 0xff31)

05:48:35 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r7, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r11, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r12}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r10, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r12, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000080)=0x93e)
r14 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r14, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000000)={0x800, 0x2, 0x2})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:35 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000000)={0x1d})

05:48:35 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r7, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r11, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r12}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r10, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r12, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
r14 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r14, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r7, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r11, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r12}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r10, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r12, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000080)=0x93e)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000000)={0x4, 0x0, 0x7, 0x5ffd})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r10, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r11}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r12=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r9, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r11, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
r13 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r13, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000000)={0x1ff, 0xf7a2, 0x400}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:35 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r7, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r11, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r12}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r10, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r12, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKROSET(r3, 0x125d, &(0x7f0000000080)=0x93e)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000000)={0x4, 0x0, 0x7, 0x5ffd})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (fail_nth: 1)

05:48:35 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r10, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r11}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r12=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r9, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r11, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r13 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r13, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r10, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r11}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r12=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r9, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r11, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000884}, 0x4008811)
r13 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r13, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r9, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f00000007c0)={'wpan0\x00'})
r11 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r11, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:35 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000000)={0x800, 0x2, 0x2})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:35 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000000)={0x800, 0x2, 0x2})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

[ 2506.246435] FAULT_INJECTION: forcing a failure.
[ 2506.246435] name failslab, interval 1, probability 0, space 0, times 0
[ 2506.264252] CPU: 0 PID: 28014 Comm: syz-executor.0 Not tainted 4.14.307-syzkaller #0
[ 2506.272148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2506.281495] Call Trace:
[ 2506.284079]  dump_stack+0x1b2/0x281
[ 2506.287694]  should_fail.cold+0x10a/0x149
[ 2506.291818]  should_failslab+0xd6/0x130
[ 2506.295769]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2506.300433]  snd_pcm_oss_change_params_locked+0x15c/0x3550
[ 2506.306059]  ? lock_acquire+0x170/0x3f0
[ 2506.310042]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2506.314356]  ? __mutex_lock+0x360/0x1310
[ 2506.318406]  ? snd_pcm_plugin_append+0x190/0x190
[ 2506.323144]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2506.327447]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[ 2506.332883]  ? lock_acquire+0x170/0x3f0
[ 2506.336846]  ? lock_downgrade+0x740/0x740
[ 2506.340978]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2506.346165]  snd_pcm_oss_read+0x2b7/0x650
[ 2506.350296]  __vfs_read+0xe4/0x620
[ 2506.353812]  ? snd_pcm_oss_read2+0x330/0x330
[ 2506.358194]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2506.363108]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2506.367682]  ? common_file_perm+0x3ee/0x580
[ 2506.371983]  ? lock_acquire+0x170/0x3f0
[ 2506.375936]  ? security_file_permission+0x82/0x1e0
[ 2506.380846]  ? rw_verify_area+0xe1/0x2a0
[ 2506.384892]  vfs_read+0x139/0x340
[ 2506.388341]  SyS_read+0xf2/0x210
[ 2506.391687]  ? kernel_write+0x110/0x110
[ 2506.395636]  ? __do_page_fault+0x159/0xad0
[ 2506.399855]  ? do_syscall_64+0x4c/0x640
[ 2506.403818]  ? kernel_write+0x110/0x110
[ 2506.407778]  do_syscall_64+0x1d5/0x640
[ 2506.411665]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2506.416831] RIP: 0033:0x7ffaefda60f9
[ 2506.420517] RSP: 002b:00007ffaee318168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2506.428204] RAX: ffffffffffffffda RBX: 00007ffaefec5f80 RCX: 00007ffaefda60f9
[ 2506.435454] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000003
[ 2506.442697] RBP: 00007ffaee3181d0 R08: 0000000000000000 R09: 0000000000000000
[ 2506.449942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2506.457185] R13: 00007ffc19153c2f R14: 00007ffaee318300 R15: 0000000000022000
05:48:36 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000000)={0x1d})

05:48:36 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r8, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r9}, 0x14}}, 0x0)
r10 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r10, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:36 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (fail_nth: 2)

05:48:36 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000000))

05:48:36 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (fail_nth: 1)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:36 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
r8 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r8, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2506.943616] FAULT_INJECTION: forcing a failure.
[ 2506.943616] name failslab, interval 1, probability 0, space 0, times 0
[ 2506.960886] CPU: 1 PID: 28026 Comm: syz-executor.0 Not tainted 4.14.307-syzkaller #0
[ 2506.968779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2506.978127] Call Trace:
[ 2506.980397] FAULT_INJECTION: forcing a failure.
[ 2506.980397] name failslab, interval 1, probability 0, space 0, times 0
[ 2506.980710]  dump_stack+0x1b2/0x281
[ 2506.995490]  should_fail.cold+0x10a/0x149
[ 2506.999637]  should_failslab+0xd6/0x130
[ 2507.003614]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2507.008278]  snd_pcm_oss_change_params_locked+0x192/0x3550
[ 2507.013895]  ? lock_acquire+0x170/0x3f0
[ 2507.017870]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2507.022180]  ? __mutex_lock+0x360/0x1310
[ 2507.026232]  ? snd_pcm_plugin_append+0x190/0x190
[ 2507.030975]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2507.035294]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
05:48:36 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000000)={0x800, 0x2, 0x2})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

[ 2507.040733]  ? lock_acquire+0x170/0x3f0
[ 2507.044691]  ? lock_downgrade+0x740/0x740
[ 2507.048825]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2507.054005]  snd_pcm_oss_read+0x2b7/0x650
[ 2507.058147]  __vfs_read+0xe4/0x620
[ 2507.061670]  ? snd_pcm_oss_read2+0x330/0x330
[ 2507.066059]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2507.070976]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2507.075548]  ? common_file_perm+0x3ee/0x580
[ 2507.079854]  ? lock_acquire+0x170/0x3f0
[ 2507.083831]  ? security_file_permission+0x82/0x1e0
[ 2507.088767]  ? rw_verify_area+0xe1/0x2a0
[ 2507.092824]  vfs_read+0x139/0x340
[ 2507.096282]  SyS_read+0xf2/0x210
[ 2507.099641]  ? kernel_write+0x110/0x110
[ 2507.103601]  ? __do_page_fault+0x159/0xad0
[ 2507.107822]  ? do_syscall_64+0x4c/0x640
[ 2507.111787]  ? kernel_write+0x110/0x110
[ 2507.115753]  do_syscall_64+0x1d5/0x640
[ 2507.119635]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2507.124809] RIP: 0033:0x7ffaefda60f9
[ 2507.128510] RSP: 002b:00007ffaee318168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2507.136242] RAX: ffffffffffffffda RBX: 00007ffaefec5f80 RCX: 00007ffaefda60f9
05:48:36 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r8, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2507.143495] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000003
[ 2507.150762] RBP: 00007ffaee3181d0 R08: 0000000000000000 R09: 0000000000000000
[ 2507.158015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2507.165271] R13: 00007ffc19153c2f R14: 00007ffaee318300 R15: 0000000000022000
[ 2507.172540] CPU: 0 PID: 28031 Comm: syz-executor.5 Not tainted 4.14.307-syzkaller #0
[ 2507.180415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2507.189762] Call Trace:
05:48:36 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r8, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:36 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r8, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2507.192350]  dump_stack+0x1b2/0x281
[ 2507.195978]  should_fail.cold+0x10a/0x149
[ 2507.200128]  should_failslab+0xd6/0x130
[ 2507.204098]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2507.208768]  snd_pcm_oss_change_params_locked+0x15c/0x3550
[ 2507.214390]  ? lock_acquire+0x170/0x3f0
[ 2507.218385]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2507.222813]  ? __mutex_lock+0x360/0x1310
[ 2507.226876]  ? snd_pcm_plugin_append+0x190/0x190
[ 2507.231633]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2507.235957]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
05:48:36 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r8 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r8, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:36 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00'})
r6 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2507.241407]  ? lock_acquire+0x170/0x3f0
[ 2507.245386]  ? lock_downgrade+0x740/0x740
[ 2507.249540]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2507.254739]  snd_pcm_oss_read+0x2b7/0x650
[ 2507.258893]  __vfs_read+0xe4/0x620
[ 2507.262541]  ? snd_pcm_oss_read2+0x330/0x330
[ 2507.267032]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2507.271970]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2507.276552]  ? common_file_perm+0x3ee/0x580
[ 2507.281005]  ? lock_acquire+0x170/0x3f0
[ 2507.284982]  ? security_file_permission+0x82/0x1e0
[ 2507.289929]  ? rw_verify_area+0xe1/0x2a0
[ 2507.293977]  vfs_read+0x139/0x340
[ 2507.297411]  SyS_read+0xf2/0x210
[ 2507.300757]  ? kernel_write+0x110/0x110
[ 2507.304712]  ? do_syscall_64+0x4c/0x640
[ 2507.308680]  ? kernel_write+0x110/0x110
[ 2507.312634]  do_syscall_64+0x1d5/0x640
[ 2507.317392]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2507.322560] RIP: 0033:0x7fa8ee4b80f9
[ 2507.326262] RSP: 002b:00007fa8eca2a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2507.333948] RAX: ffffffffffffffda RBX: 00007fa8ee5d7f80 RCX: 00007fa8ee4b80f9
[ 2507.341199] RDX: 0000000000001000 RSI: 0000000020000340 RDI: 0000000000000003
[ 2507.348554] RBP: 00007fa8eca2a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2507.355908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2507.363156] R13: 00007ffc1bec276f R14: 00007fa8eca2a300 R15: 0000000000022000
05:48:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0)
r5 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:37 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (fail_nth: 3)

05:48:37 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000000))

05:48:37 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (fail_nth: 2)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:37 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x8000)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x5, 0x2bad80)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x106, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {&(0x7f0000000040), 0x3, r2, 0x2c, 0x0, @ib={0x1b, 0x7, 0x6, {"3eb90a6a303a2a6d06892e65d5084a6d"}, 0x8, 0x4, 0x4}}}, 0xa0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$VT_WAITACTIVE(r3, 0x5607)
read$snapshot(r0, &(0x7f0000001240)=""/4114, 0x1012)

05:48:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2507.817526] FAULT_INJECTION: forcing a failure.
[ 2507.817526] name failslab, interval 1, probability 0, space 0, times 0
[ 2507.829217] FAULT_INJECTION: forcing a failure.
[ 2507.829217] name failslab, interval 1, probability 0, space 0, times 0
[ 2507.846870] CPU: 1 PID: 28053 Comm: syz-executor.0 Not tainted 4.14.307-syzkaller #0
[ 2507.854769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2507.864110] Call Trace:
[ 2507.866686]  dump_stack+0x1b2/0x281
[ 2507.870299]  should_fail.cold+0x10a/0x149
[ 2507.874433]  should_failslab+0xd6/0x130
[ 2507.878415]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2507.883161]  snd_pcm_oss_change_params_locked+0x1c8/0x3550
[ 2507.888775]  ? lock_acquire+0x170/0x3f0
[ 2507.892744]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2507.897058]  ? __mutex_lock+0x360/0x1310
[ 2507.901134]  ? snd_pcm_plugin_append+0x190/0x190
[ 2507.905878]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2507.910286]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[ 2507.915727]  ? lock_acquire+0x170/0x3f0
[ 2507.919688]  ? lock_downgrade+0x740/0x740
[ 2507.923840]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2507.929015]  snd_pcm_oss_read+0x2b7/0x650
[ 2507.933166]  __vfs_read+0xe4/0x620
[ 2507.936688]  ? snd_pcm_oss_read2+0x330/0x330
[ 2507.941079]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2507.945997]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2507.950565]  ? common_file_perm+0x3ee/0x580
[ 2507.954868]  ? lock_acquire+0x170/0x3f0
[ 2507.958828]  ? security_file_permission+0x82/0x1e0
[ 2507.963745]  ? rw_verify_area+0xe1/0x2a0
[ 2507.967794]  vfs_read+0x139/0x340
[ 2507.971243]  SyS_read+0xf2/0x210
[ 2507.974602]  ? kernel_write+0x110/0x110
[ 2507.978567]  ? __do_page_fault+0x159/0xad0
[ 2507.982800]  ? do_syscall_64+0x4c/0x640
[ 2507.986791]  ? kernel_write+0x110/0x110
[ 2507.990923]  do_syscall_64+0x1d5/0x640
[ 2507.994799]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2507.999977] RIP: 0033:0x7ffaefda60f9
[ 2508.003668] RSP: 002b:00007ffaee318168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2508.011458] RAX: ffffffffffffffda RBX: 00007ffaefec5f80 RCX: 00007ffaefda60f9
[ 2508.018808] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000003
[ 2508.026060] RBP: 00007ffaee3181d0 R08: 0000000000000000 R09: 0000000000000000
[ 2508.033314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2508.040563] R13: 00007ffc19153c2f R14: 00007ffaee318300 R15: 0000000000022000
[ 2508.047827] CPU: 0 PID: 28060 Comm: syz-executor.5 Not tainted 4.14.307-syzkaller #0
[ 2508.055709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2508.065055] Call Trace:
05:48:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:37 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x120, 0x12, 0x8, 0x70bd25, 0x25dfdbfc, {0x2a, 0x9, 0x6, 0x4, {0x4e23, 0x4e23, [0x8001, 0x4, 0x4, 0x8], [0x8000, 0x0, 0x4, 0x8], 0x0, [0xa627, 0x80000001]}, 0xffff, 0x2}, [@INET_DIAG_REQ_BYTECODE={0xd3, 0x1, "b3b80e6bec3c03b44a63b73aa298f096f5b4bc243af0cc8d3b2126433e033990ea16a120274b8cca515f29760096f47450b93d3311c2c528e186cb7c55d1aa8b0a1e9a4362c1c79e5988d7521c164aa804c5a5d27cd06debaad117db12904349c05913edd0d571d663174de830e8ed161139ddba032c3827ee217525220dc3f262ae9f13c712ea6836910cd1bc5597b41a49036bc470ce4a5516ff826eef643509550330e79915520aacd33c3e3ef8ad6d75c9ecd367e2ed85c4649743e9567f59d7fc204042708270daebf04c4dd5"}]}, 0x120}, 0x1, 0x0, 0x0, 0x20}, 0x44004)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2508.067643]  dump_stack+0x1b2/0x281
[ 2508.071273]  should_fail.cold+0x10a/0x149
[ 2508.075424]  should_failslab+0xd6/0x130
[ 2508.079398]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2508.084070]  snd_pcm_oss_change_params_locked+0x192/0x3550
[ 2508.089687]  ? lock_acquire+0x170/0x3f0
[ 2508.093688]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2508.098015]  ? __mutex_lock+0x360/0x1310
[ 2508.102076]  ? snd_pcm_plugin_append+0x190/0x190
[ 2508.106832]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2508.111153]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
05:48:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2508.116634]  ? lock_acquire+0x170/0x3f0
[ 2508.120612]  ? lock_downgrade+0x740/0x740
[ 2508.124773]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2508.129960]  snd_pcm_oss_read+0x2b7/0x650
[ 2508.134108]  __vfs_read+0xe4/0x620
[ 2508.137642]  ? snd_pcm_oss_read2+0x330/0x330
[ 2508.142046]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2508.146971]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2508.151549]  ? common_file_perm+0x3ee/0x580
[ 2508.155868]  ? lock_acquire+0x170/0x3f0
[ 2508.159870]  ? security_file_permission+0x82/0x1e0
[ 2508.164794]  ? rw_verify_area+0xe1/0x2a0
05:48:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2508.168853]  vfs_read+0x139/0x340
[ 2508.172303]  SyS_read+0xf2/0x210
[ 2508.175673]  ? kernel_write+0x110/0x110
[ 2508.179654]  ? __do_page_fault+0x159/0xad0
[ 2508.183885]  ? do_syscall_64+0x4c/0x640
[ 2508.187850]  ? kernel_write+0x110/0x110
[ 2508.191822]  do_syscall_64+0x1d5/0x640
[ 2508.195714]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2508.200894] RIP: 0033:0x7fa8ee4b80f9
[ 2508.204594] RSP: 002b:00007fa8eca2a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
05:48:37 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (fail_nth: 4)

[ 2508.212299] RAX: ffffffffffffffda RBX: 00007fa8ee5d7f80 RCX: 00007fa8ee4b80f9
[ 2508.219559] RDX: 0000000000001000 RSI: 0000000020000340 RDI: 0000000000000003
[ 2508.226829] RBP: 00007fa8eca2a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2508.234111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2508.241375] R13: 00007ffc1bec276f R14: 00007fa8eca2a300 R15: 0000000000022000
[ 2508.271749] FAULT_INJECTION: forcing a failure.
[ 2508.271749] name failslab, interval 1, probability 0, space 0, times 0
[ 2508.285543] CPU: 1 PID: 28082 Comm: syz-executor.0 Not tainted 4.14.307-syzkaller #0
[ 2508.293550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2508.302895] Call Trace:
[ 2508.305479]  dump_stack+0x1b2/0x281
[ 2508.309112]  should_fail.cold+0x10a/0x149
[ 2508.313249]  should_failslab+0xd6/0x130
[ 2508.317202]  kmem_cache_alloc_trace+0x29a/0x3d0
05:48:37 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 32)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (rerun: 32)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000000))

[ 2508.321856]  snd_pcm_oss_change_params_locked+0x678/0x3550
[ 2508.327464]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2508.331765]  ? __mutex_lock+0x360/0x1310
[ 2508.335818]  ? snd_pcm_plugin_append+0x190/0x190
[ 2508.340572]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2508.344900]  ? lock_downgrade+0x740/0x740
[ 2508.349051]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2508.354240]  snd_pcm_oss_read+0x2b7/0x650
[ 2508.358389]  __vfs_read+0xe4/0x620
[ 2508.361912]  ? snd_pcm_oss_read2+0x330/0x330
[ 2508.366307]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2508.371231]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2508.375804]  ? common_file_perm+0x3ee/0x580
[ 2508.380106]  ? lock_acquire+0x170/0x3f0
[ 2508.384099]  ? security_file_permission+0x82/0x1e0
[ 2508.389043]  ? rw_verify_area+0xe1/0x2a0
[ 2508.393093]  vfs_read+0x139/0x340
[ 2508.396529]  SyS_read+0xf2/0x210
[ 2508.399870]  ? kernel_write+0x110/0x110
[ 2508.403828]  ? __do_page_fault+0x159/0xad0
[ 2508.408052]  ? do_syscall_64+0x4c/0x640
[ 2508.412109]  ? kernel_write+0x110/0x110
[ 2508.416062]  do_syscall_64+0x1d5/0x640
[ 2508.419952]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2508.425132] RIP: 0033:0x7ffaefda60f9
[ 2508.428833] RSP: 002b:00007ffaee318168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2508.436617] RAX: ffffffffffffffda RBX: 00007ffaefec5f80 RCX: 00007ffaefda60f9
[ 2508.443966] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000003
[ 2508.451219] RBP: 00007ffaee3181d0 R08: 0000000000000000 R09: 0000000000000000
[ 2508.458481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2508.465733] R13: 00007ffc19153c2f R14: 00007ffaee318300 R15: 0000000000022000
05:48:38 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (fail_nth: 3)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

[ 2508.673225] FAULT_INJECTION: forcing a failure.
[ 2508.673225] name failslab, interval 1, probability 0, space 0, times 0
[ 2508.685211] CPU: 0 PID: 28088 Comm: syz-executor.5 Not tainted 4.14.307-syzkaller #0
[ 2508.693093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2508.702442] Call Trace:
[ 2508.705027]  dump_stack+0x1b2/0x281
[ 2508.708654]  should_fail.cold+0x10a/0x149
[ 2508.712801]  should_failslab+0xd6/0x130
[ 2508.716775]  kmem_cache_alloc_trace+0x29a/0x3d0
05:48:38 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x8000)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x5, 0x2bad80) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x106, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {&(0x7f0000000040), 0x3, r2, 0x2c, 0x0, @ib={0x1b, 0x7, 0x6, {"3eb90a6a303a2a6d06892e65d5084a6d"}, 0x8, 0x4, 0x4}}}, 0xa0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$VT_WAITACTIVE(r3, 0x5607) (async)
read$snapshot(r0, &(0x7f0000001240)=""/4114, 0x1012)

05:48:38 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:38 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (fail_nth: 5)

05:48:38 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x120, 0x12, 0x8, 0x70bd25, 0x25dfdbfc, {0x2a, 0x9, 0x6, 0x4, {0x4e23, 0x4e23, [0x8001, 0x4, 0x4, 0x8], [0x8000, 0x0, 0x4, 0x8], 0x0, [0xa627, 0x80000001]}, 0xffff, 0x2}, [@INET_DIAG_REQ_BYTECODE={0xd3, 0x1, "b3b80e6bec3c03b44a63b73aa298f096f5b4bc243af0cc8d3b2126433e033990ea16a120274b8cca515f29760096f47450b93d3311c2c528e186cb7c55d1aa8b0a1e9a4362c1c79e5988d7521c164aa804c5a5d27cd06debaad117db12904349c05913edd0d571d663174de830e8ed161139ddba032c3827ee217525220dc3f262ae9f13c712ea6836910cd1bc5597b41a49036bc470ce4a5516ff826eef643509550330e79915520aacd33c3e3ef8ad6d75c9ecd367e2ed85c4649743e9567f59d7fc204042708270daebf04c4dd5"}]}, 0x120}, 0x1, 0x0, 0x0, 0x20}, 0x44004)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:38 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:38 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2508.721452]  snd_pcm_oss_change_params_locked+0x1c8/0x3550
[ 2508.727072]  ? lock_acquire+0x170/0x3f0
[ 2508.731050]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2508.735371]  ? __mutex_lock+0x360/0x1310
[ 2508.739430]  ? snd_pcm_plugin_append+0x190/0x190
[ 2508.744185]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2508.748504]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[ 2508.753948]  ? lock_acquire+0x170/0x3f0
[ 2508.757915]  ? lock_downgrade+0x740/0x740
[ 2508.762066]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2508.767251]  snd_pcm_oss_read+0x2b7/0x650
05:48:38 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:38 executing program 4:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r0, 0x1279, &(0x7f00000001c0))
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2508.771400]  __vfs_read+0xe4/0x620
[ 2508.774935]  ? snd_pcm_oss_read2+0x330/0x330
[ 2508.779336]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2508.784258]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2508.788832]  ? common_file_perm+0x3ee/0x580
[ 2508.793152]  ? lock_acquire+0x170/0x3f0
[ 2508.797131]  ? security_file_permission+0x82/0x1e0
[ 2508.802055]  ? rw_verify_area+0xe1/0x2a0
[ 2508.806112]  vfs_read+0x139/0x340
[ 2508.809563]  SyS_read+0xf2/0x210
[ 2508.812923]  ? kernel_write+0x110/0x110
[ 2508.816892]  ? __do_page_fault+0x159/0xad0
05:48:38 executing program 4:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2508.821120]  ? do_syscall_64+0x4c/0x640
[ 2508.825084]  ? kernel_write+0x110/0x110
[ 2508.829053]  do_syscall_64+0x1d5/0x640
[ 2508.832943]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2508.838118] RIP: 0033:0x7fa8ee4b80f9
[ 2508.841815] RSP: 002b:00007fa8eca2a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2508.849514] RAX: ffffffffffffffda RBX: 00007fa8ee5d7f80 RCX: 00007fa8ee4b80f9
[ 2508.850551] FAULT_INJECTION: forcing a failure.
[ 2508.850551] name failslab, interval 1, probability 0, space 0, times 0
05:48:38 executing program 4:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2508.856771] RDX: 0000000000001000 RSI: 0000000020000340 RDI: 0000000000000003
[ 2508.856778] RBP: 00007fa8eca2a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2508.856783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2508.856789] R13: 00007ffc1bec276f R14: 00007fa8eca2a300 R15: 0000000000022000
[ 2508.900893] CPU: 1 PID: 28107 Comm: syz-executor.0 Not tainted 4.14.307-syzkaller #0
[ 2508.908797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2508.918141] Call Trace:
[ 2508.920728]  dump_stack+0x1b2/0x281
[ 2508.924347]  should_fail.cold+0x10a/0x149
[ 2508.928475]  should_failslab+0xd6/0x130
[ 2508.932427]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2508.937080]  snd_pcm_hw_param_near.constprop.0+0xc3/0x6f0
[ 2508.942605]  ? mark_held_locks+0xa6/0xf0
[ 2508.946653]  ? snd_pcm_oss_plugin_clear.isra.0+0xd0/0xd0
[ 2508.952078]  ? snd_pcm_oss_change_params_locked+0x2223/0x3550
[ 2508.957935]  ? trace_hardirqs_on_caller+0x3a8/0x580
[ 2508.962928]  snd_pcm_oss_change_params_locked+0x8ff/0x3550
[ 2508.968548]  ? snd_pcm_plugin_append+0x190/0x190
[ 2508.973278]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2508.977580]  ? lock_downgrade+0x740/0x740
[ 2508.981721]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2508.986895]  snd_pcm_oss_read+0x2b7/0x650
[ 2508.991049]  __vfs_read+0xe4/0x620
[ 2508.994565]  ? snd_pcm_oss_read2+0x330/0x330
[ 2508.998951]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2509.003856]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2509.008418]  ? common_file_perm+0x3ee/0x580
[ 2509.012714]  ? lock_acquire+0x170/0x3f0
[ 2509.016681]  ? security_file_permission+0x82/0x1e0
[ 2509.021611]  ? rw_verify_area+0xe1/0x2a0
[ 2509.025659]  vfs_read+0x139/0x340
[ 2509.029089]  SyS_read+0xf2/0x210
[ 2509.032433]  ? kernel_write+0x110/0x110
[ 2509.036381]  ? __do_page_fault+0x159/0xad0
[ 2509.040591]  ? do_syscall_64+0x4c/0x640
[ 2509.044542]  ? kernel_write+0x110/0x110
[ 2509.048489]  do_syscall_64+0x1d5/0x640
[ 2509.052355]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2509.057534] RIP: 0033:0x7ffaefda60f9
[ 2509.061229] RSP: 002b:00007ffaee318168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2509.068913] RAX: ffffffffffffffda RBX: 00007ffaefec5f80 RCX: 00007ffaefda60f9
[ 2509.076157] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000003
[ 2509.083401] RBP: 00007ffaee3181d0 R08: 0000000000000000 R09: 0000000000000000
[ 2509.090649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2509.097899] R13: 00007ffc19153c2f R14: 00007ffaee318300 R15: 0000000000022000
05:48:38 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x3, 0xa4000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:39 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (fail_nth: 4)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

[ 2509.415452] FAULT_INJECTION: forcing a failure.
[ 2509.415452] name failslab, interval 1, probability 0, space 0, times 0
[ 2509.426768] CPU: 1 PID: 28116 Comm: syz-executor.5 Not tainted 4.14.307-syzkaller #0
[ 2509.434643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2509.443982] Call Trace:
[ 2509.446552]  dump_stack+0x1b2/0x281
[ 2509.450156]  should_fail.cold+0x10a/0x149
[ 2509.454283]  should_failslab+0xd6/0x130
[ 2509.458234]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2509.462881]  snd_pcm_oss_change_params_locked+0x678/0x3550
[ 2509.468491]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2509.472791]  ? __mutex_lock+0x360/0x1310
[ 2509.476829]  ? snd_pcm_plugin_append+0x190/0x190
[ 2509.481559]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2509.485863]  ? lock_downgrade+0x740/0x740
[ 2509.489990]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2509.495161]  snd_pcm_oss_read+0x2b7/0x650
[ 2509.499288]  __vfs_read+0xe4/0x620
[ 2509.502811]  ? snd_pcm_oss_read2+0x330/0x330
[ 2509.507209]  ? proc_tgid_io_accounting+0x7a0/0x7a0
05:48:39 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x8000)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x5, 0x2bad80) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x106, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {&(0x7f0000000040), 0x3, r2, 0x2c, 0x0, @ib={0x1b, 0x7, 0x6, {"3eb90a6a303a2a6d06892e65d5084a6d"}, 0x8, 0x4, 0x4}}}, 0xa0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$VT_WAITACTIVE(r3, 0x5607) (async)
read$snapshot(r0, &(0x7f0000001240)=""/4114, 0x1012)

05:48:39 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:39 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (fail_nth: 6)

05:48:39 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x3, 0xa4000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:39 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async, rerun: 64)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (rerun: 64)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x120, 0x12, 0x8, 0x70bd25, 0x25dfdbfc, {0x2a, 0x9, 0x6, 0x4, {0x4e23, 0x4e23, [0x8001, 0x4, 0x4, 0x8], [0x8000, 0x0, 0x4, 0x8], 0x0, [0xa627, 0x80000001]}, 0xffff, 0x2}, [@INET_DIAG_REQ_BYTECODE={0xd3, 0x1, "b3b80e6bec3c03b44a63b73aa298f096f5b4bc243af0cc8d3b2126433e033990ea16a120274b8cca515f29760096f47450b93d3311c2c528e186cb7c55d1aa8b0a1e9a4362c1c79e5988d7521c164aa804c5a5d27cd06debaad117db12904349c05913edd0d571d663174de830e8ed161139ddba032c3827ee217525220dc3f262ae9f13c712ea6836910cd1bc5597b41a49036bc470ce4a5516ff826eef643509550330e79915520aacd33c3e3ef8ad6d75c9ecd367e2ed85c4649743e9567f59d7fc204042708270daebf04c4dd5"}]}, 0x120}, 0x1, 0x0, 0x0, 0x20}, 0x44004) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

[ 2509.512121]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2509.516688]  ? common_file_perm+0x3ee/0x580
[ 2509.520985]  ? lock_acquire+0x170/0x3f0
[ 2509.524940]  ? security_file_permission+0x82/0x1e0
[ 2509.529846]  ? rw_verify_area+0xe1/0x2a0
[ 2509.533891]  vfs_read+0x139/0x340
[ 2509.537332]  SyS_read+0xf2/0x210
[ 2509.540693]  ? kernel_write+0x110/0x110
[ 2509.544643]  ? __do_page_fault+0x159/0xad0
[ 2509.548857]  ? do_syscall_64+0x4c/0x640
[ 2509.552819]  ? kernel_write+0x110/0x110
[ 2509.556791]  do_syscall_64+0x1d5/0x640
[ 2509.560681]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
05:48:39 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:39 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2509.565865] RIP: 0033:0x7fa8ee4b80f9
[ 2509.569566] RSP: 002b:00007fa8eca2a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2509.577275] RAX: ffffffffffffffda RBX: 00007fa8ee5d7f80 RCX: 00007fa8ee4b80f9
[ 2509.584554] RDX: 0000000000001000 RSI: 0000000020000340 RDI: 0000000000000003
[ 2509.591822] RBP: 00007fa8eca2a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2509.599092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2509.606361] R13: 00007ffc1bec276f R14: 00007fa8eca2a300 R15: 0000000000022000
05:48:39 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:39 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x3, 0xa4000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

[ 2509.648350] FAULT_INJECTION: forcing a failure.
[ 2509.648350] name failslab, interval 1, probability 0, space 0, times 0
[ 2509.673191] CPU: 1 PID: 28131 Comm: syz-executor.0 Not tainted 4.14.307-syzkaller #0
[ 2509.681096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2509.690450] Call Trace:
[ 2509.693036]  dump_stack+0x1b2/0x281
05:48:39 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, 0x0)

[ 2509.696661]  should_fail.cold+0x10a/0x149
[ 2509.700807]  should_failslab+0xd6/0x130
[ 2509.704778]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2509.709451]  snd_pcm_hw_param_near.constprop.0+0xc3/0x6f0
[ 2509.714979]  ? snd_pcm_oss_plugin_clear.isra.0+0xd0/0xd0
[ 2509.720404]  ? memset+0x20/0x40
[ 2509.723660]  ? snd_interval_refine+0x24a/0x460
[ 2509.728216]  ? plug_slave_size+0x1c8/0x380
[ 2509.732442]  snd_pcm_oss_change_params_locked+0x167c/0x3550
[ 2509.738134]  ? snd_pcm_plugin_append+0x190/0x190
[ 2509.742868]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2509.747180]  ? lock_downgrade+0x740/0x740
[ 2509.751315]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2509.756484]  snd_pcm_oss_read+0x2b7/0x650
[ 2509.760625]  __vfs_read+0xe4/0x620
[ 2509.764152]  ? snd_pcm_oss_read2+0x330/0x330
[ 2509.768549]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2509.773458]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2509.778020]  ? common_file_perm+0x3ee/0x580
[ 2509.782317]  ? lock_acquire+0x170/0x3f0
[ 2509.786272]  ? security_file_permission+0x82/0x1e0
[ 2509.791178]  ? rw_verify_area+0xe1/0x2a0
[ 2509.795215]  vfs_read+0x139/0x340
[ 2509.798652]  SyS_read+0xf2/0x210
[ 2509.801993]  ? kernel_write+0x110/0x110
[ 2509.805951]  ? __do_page_fault+0x159/0xad0
[ 2509.810173]  ? do_syscall_64+0x4c/0x640
[ 2509.814124]  ? kernel_write+0x110/0x110
[ 2509.818083]  do_syscall_64+0x1d5/0x640
[ 2509.821958]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2509.827122] RIP: 0033:0x7ffaefda60f9
[ 2509.830811] RSP: 002b:00007ffaee318168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2509.838494] RAX: ffffffffffffffda RBX: 00007ffaefec5f80 RCX: 00007ffaefda60f9
05:48:39 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x501940)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
openat$cgroup_subtree(r1, &(0x7f0000000040), 0x2, 0x0)

[ 2509.845743] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000003
[ 2509.852994] RBP: 00007ffaee3181d0 R08: 0000000000000000 R09: 0000000000000000
[ 2509.860240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2509.867505] R13: 00007ffc19153c2f R14: 00007ffaee318300 R15: 0000000000022000
05:48:39 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x501940)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
openat$cgroup_subtree(r1, &(0x7f0000000040), 0x2, 0x0)

05:48:40 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_FREE(r0, 0x3305)

05:48:40 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (fail_nth: 5)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:40 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, 0x0)

05:48:40 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (fail_nth: 7)

05:48:40 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x501940)
read$snapshot(r0, &(0x7f0000001340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
openat$cgroup_subtree(r1, &(0x7f0000000040), 0x2, 0x0)

05:48:40 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x7916, 0x400)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)

05:48:40 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

[ 2510.457792] FAULT_INJECTION: forcing a failure.
[ 2510.457792] name failslab, interval 1, probability 0, space 0, times 0
[ 2510.474851] CPU: 1 PID: 28153 Comm: syz-executor.5 Not tainted 4.14.307-syzkaller #0
[ 2510.480124] FAULT_INJECTION: forcing a failure.
[ 2510.480124] name failslab, interval 1, probability 0, space 0, times 0
[ 2510.482747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2510.482753] Call Trace:
[ 2510.482769]  dump_stack+0x1b2/0x281
[ 2510.482784]  should_fail.cold+0x10a/0x149
[ 2510.482799]  should_failslab+0xd6/0x130
[ 2510.482814]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2510.482831]  snd_pcm_hw_param_near.constprop.0+0xc3/0x6f0
[ 2510.527706]  ? mark_held_locks+0xa6/0xf0
[ 2510.531748]  ? snd_pcm_oss_plugin_clear.isra.0+0xd0/0xd0
[ 2510.537178]  ? snd_pcm_oss_change_params_locked+0x2223/0x3550
[ 2510.543043]  ? trace_hardirqs_on_caller+0x3a8/0x580
[ 2510.548044]  snd_pcm_oss_change_params_locked+0x8ff/0x3550
[ 2510.553657]  ? snd_pcm_plugin_append+0x190/0x190
[ 2510.558399]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2510.562709]  ? lock_downgrade+0x740/0x740
[ 2510.566855]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2510.572026]  snd_pcm_oss_read+0x2b7/0x650
[ 2510.576158]  __vfs_read+0xe4/0x620
[ 2510.579680]  ? snd_pcm_oss_read2+0x330/0x330
[ 2510.584069]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2510.588990]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2510.593568]  ? common_file_perm+0x3ee/0x580
[ 2510.597867]  ? lock_acquire+0x170/0x3f0
[ 2510.601824]  ? security_file_permission+0x82/0x1e0
[ 2510.606734]  ? rw_verify_area+0xe1/0x2a0
[ 2510.610776]  vfs_read+0x139/0x340
[ 2510.614210]  SyS_read+0xf2/0x210
[ 2510.617646]  ? kernel_write+0x110/0x110
[ 2510.621606]  ? __do_page_fault+0x159/0xad0
[ 2510.625825]  ? do_syscall_64+0x4c/0x640
[ 2510.629778]  ? kernel_write+0x110/0x110
[ 2510.633732]  do_syscall_64+0x1d5/0x640
[ 2510.637611]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2510.642788] RIP: 0033:0x7fa8ee4b80f9
[ 2510.646477] RSP: 002b:00007fa8eca2a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
05:48:40 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, 0x0)

[ 2510.654161] RAX: ffffffffffffffda RBX: 00007fa8ee5d7f80 RCX: 00007fa8ee4b80f9
[ 2510.661419] RDX: 0000000000001000 RSI: 0000000020000340 RDI: 0000000000000003
[ 2510.668668] RBP: 00007fa8eca2a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2510.675921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2510.683186] R13: 00007ffc1bec276f R14: 00007fa8eca2a300 R15: 0000000000022000
[ 2510.690452] CPU: 0 PID: 28160 Comm: syz-executor.0 Not tainted 4.14.307-syzkaller #0
[ 2510.698332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
05:48:40 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2510.707675] Call Trace:
[ 2510.710262]  dump_stack+0x1b2/0x281
[ 2510.713888]  should_fail.cold+0x10a/0x149
[ 2510.718036]  should_failslab+0xd6/0x130
[ 2510.722008]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2510.726675]  snd_pcm_hw_param_near.constprop.0+0xc3/0x6f0
[ 2510.732221]  ? snd_pcm_oss_plugin_clear.isra.0+0xd0/0xd0
[ 2510.737667]  ? memset+0x20/0x40
[ 2510.740944]  ? snd_interval_refine+0x24a/0x460
[ 2510.745523]  ? plug_slave_size+0x1c8/0x380
[ 2510.749766]  snd_pcm_oss_change_params_locked+0x16cf/0x3550
[ 2510.755484]  ? snd_pcm_plugin_append+0x190/0x190
[ 2510.760235]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2510.764565]  ? lock_downgrade+0x740/0x740
[ 2510.768717]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2510.773904]  snd_pcm_oss_read+0x2b7/0x650
[ 2510.778055]  __vfs_read+0xe4/0x620
[ 2510.781592]  ? snd_pcm_oss_read2+0x330/0x330
[ 2510.785992]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2510.790916]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2510.795499]  ? common_file_perm+0x3ee/0x580
[ 2510.799814]  ? lock_acquire+0x170/0x3f0
[ 2510.803789]  ? security_file_permission+0x82/0x1e0
05:48:40 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:40 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2510.808711]  ? rw_verify_area+0xe1/0x2a0
[ 2510.812771]  vfs_read+0x139/0x340
[ 2510.816222]  SyS_read+0xf2/0x210
[ 2510.819585]  ? kernel_write+0x110/0x110
[ 2510.823558]  ? __do_page_fault+0x159/0xad0
[ 2510.827786]  ? do_syscall_64+0x4c/0x640
[ 2510.831759]  ? kernel_write+0x110/0x110
[ 2510.835732]  do_syscall_64+0x1d5/0x640
[ 2510.839621]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2510.844803] RIP: 0033:0x7ffaefda60f9
[ 2510.848503] RSP: 002b:00007ffaee318168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
05:48:40 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2510.856207] RAX: ffffffffffffffda RBX: 00007ffaefec5f80 RCX: 00007ffaefda60f9
[ 2510.863473] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000003
[ 2510.870745] RBP: 00007ffaee3181d0 R08: 0000000000000000 R09: 0000000000000000
[ 2510.878006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2510.885269] R13: 00007ffc19153c2f R14: 00007ffaee318300 R15: 0000000000022000
05:48:40 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_FREE(r0, 0x3305)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$SNAPSHOT_FREE(r0, 0x3305) (async)

05:48:40 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (fail_nth: 6)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:40 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:40 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (fail_nth: 8)

05:48:40 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x7916, 0x400)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f0000000040), 0x7916, 0x400) (async)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) (async)

05:48:40 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

[ 2511.316270] FAULT_INJECTION: forcing a failure.
[ 2511.316270] name failslab, interval 1, probability 0, space 0, times 0
[ 2511.329084] CPU: 1 PID: 28185 Comm: syz-executor.0 Not tainted 4.14.307-syzkaller #0
[ 2511.331496] FAULT_INJECTION: forcing a failure.
[ 2511.331496] name failslab, interval 1, probability 0, space 0, times 0
[ 2511.336978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2511.336984] Call Trace:
[ 2511.337003]  dump_stack+0x1b2/0x281
[ 2511.337018]  should_fail.cold+0x10a/0x149
[ 2511.337031]  should_failslab+0xd6/0x130
[ 2511.337049]  kmem_cache_alloc_node_trace+0x25a/0x400
[ 2511.377016]  __get_vm_area_node+0xed/0x340
[ 2511.381240]  ? _snd_pcm_lib_alloc_vmalloc_buffer+0x10b/0x1b0
[ 2511.387022]  __vmalloc+0xfe/0x1d0
[ 2511.390459]  ? _snd_pcm_lib_alloc_vmalloc_buffer+0x10b/0x1b0
[ 2511.396245]  ? vzalloc+0x150/0x150
[ 2511.399777]  ? snd_pcm_hw_param_value+0xd7/0x4b0
[ 2511.404527]  ? snd_pcm_format_size+0x6c/0x90
[ 2511.408929]  _snd_pcm_lib_alloc_vmalloc_buffer+0x10b/0x1b0
[ 2511.414538]  ? loopback_hw_free+0x190/0x190
[ 2511.418842]  snd_pcm_hw_params+0xdc3/0x1ee0
[ 2511.423150]  ? snd_pcm_sync_ptr+0x850/0x850
[ 2511.427454]  ? snd_pcm_hw_param_near.constprop.0+0x552/0x6f0
[ 2511.433236]  ? snd_pcm_oss_plugin_clear.isra.0+0xd0/0xd0
[ 2511.438668]  ? memset+0x20/0x40
[ 2511.441931]  snd_pcm_kernel_ioctl+0x19d/0x330
[ 2511.446429]  snd_pcm_oss_change_params_locked+0x16fe/0x3550
[ 2511.452145]  ? snd_pcm_plugin_append+0x190/0x190
[ 2511.456888]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2511.461194]  ? lock_downgrade+0x740/0x740
[ 2511.465342]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2511.470524]  snd_pcm_oss_read+0x2b7/0x650
[ 2511.474663]  __vfs_read+0xe4/0x620
[ 2511.478188]  ? snd_pcm_oss_read2+0x330/0x330
[ 2511.482584]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2511.487500]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2511.492064]  ? common_file_perm+0x3ee/0x580
[ 2511.496363]  ? lock_acquire+0x170/0x3f0
[ 2511.500413]  ? security_file_permission+0x82/0x1e0
[ 2511.505324]  ? rw_verify_area+0xe1/0x2a0
[ 2511.509379]  vfs_read+0x139/0x340
[ 2511.512845]  SyS_read+0xf2/0x210
[ 2511.516194]  ? kernel_write+0x110/0x110
[ 2511.520149]  ? __do_page_fault+0x159/0xad0
[ 2511.524364]  ? do_syscall_64+0x4c/0x640
[ 2511.528331]  ? kernel_write+0x110/0x110
[ 2511.532382]  do_syscall_64+0x1d5/0x640
[ 2511.536263]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2511.541437] RIP: 0033:0x7ffaefda60f9
[ 2511.545128] RSP: 002b:00007ffaee318168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2511.552831] RAX: ffffffffffffffda RBX: 00007ffaefec5f80 RCX: 00007ffaefda60f9
[ 2511.560086] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000003
[ 2511.567344] RBP: 00007ffaee3181d0 R08: 0000000000000000 R09: 0000000000000000
[ 2511.574591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2511.581843] R13: 00007ffc19153c2f R14: 00007ffaee318300 R15: 0000000000022000
[ 2511.589111] CPU: 0 PID: 28187 Comm: syz-executor.5 Not tainted 4.14.307-syzkaller #0
[ 2511.591876] syz-executor.0: 
[ 2511.596988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2511.596992] Call Trace:
[ 2511.597008]  dump_stack+0x1b2/0x281
[ 2511.597024]  should_fail.cold+0x10a/0x149
[ 2511.597037]  should_failslab+0xd6/0x130
[ 2511.597049]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2511.597064]  snd_pcm_hw_param_near.constprop.0+0xc3/0x6f0
[ 2511.600098] vmalloc: allocation failure: 2097152 bytes
[ 2511.609395]  ? snd_pcm_oss_plugin_clear.isra.0+0xd0/0xd0
[ 2511.609402]  ? memset+0x20/0x40
[ 2511.609410]  ? snd_interval_refine+0x24a/0x460
[ 2511.609418]  ? plug_slave_size+0x1c8/0x380
[ 2511.609431]  snd_pcm_oss_change_params_locked+0x167c/0x3550
[ 2511.609451]  ? snd_pcm_plugin_append+0x190/0x190
[ 2511.612040] , mode:0x14080c2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=
[ 2511.615611]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2511.615626]  ? lock_downgrade+0x740/0x740
[ 2511.615645]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2511.615656]  snd_pcm_oss_read+0x2b7/0x650
[ 2511.615672]  __vfs_read+0xe4/0x620
[ 2511.619820] (null)
[ 2511.623743]  ? snd_pcm_oss_read2+0x330/0x330
[ 2511.623753]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2511.623764]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2511.623777]  ? common_file_perm+0x3ee/0x580
[ 2511.623785]  ? lock_acquire+0x170/0x3f0
[ 2511.623803]  ? security_file_permission+0x82/0x1e0
[ 2511.628470] syz-executor.0 cpuset=
[ 2511.633952]  ? rw_verify_area+0xe1/0x2a0
[ 2511.633964]  vfs_read+0x139/0x340
[ 2511.633977]  SyS_read+0xf2/0x210
[ 2511.633987]  ? kernel_write+0x110/0x110
[ 2511.634000]  ? __do_page_fault+0x159/0xad0
[ 2511.639308] /
[ 2511.644696]  ? do_syscall_64+0x4c/0x640
[ 2511.644705]  ? kernel_write+0x110/0x110
[ 2511.648192]  mems_allowed=0-1
[ 2511.652618]  do_syscall_64+0x1d5/0x640
[ 2511.652636]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2511.652644] RIP: 0033:0x7fa8ee4b80f9
[ 2511.652649] RSP: 002b:00007fa8eca2a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2511.652661] RAX: ffffffffffffffda RBX: 00007fa8ee5d7f80 RCX: 00007fa8ee4b80f9
[ 2511.788000] RDX: 0000000000001000 RSI: 0000000020000340 RDI: 0000000000000003
[ 2511.795251] RBP: 00007fa8eca2a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2511.802508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2511.809762] R13: 00007ffc1bec276f R14: 00007fa8eca2a300 R15: 0000000000022000
[ 2511.817026] CPU: 1 PID: 28185 Comm: syz-executor.0 Not tainted 4.14.307-syzkaller #0
[ 2511.824909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2511.834247] Call Trace:
[ 2511.836837]  dump_stack+0x1b2/0x281
[ 2511.840473]  warn_alloc.cold+0x96/0x1cc
[ 2511.844444]  ? zone_watermark_ok_safe+0x220/0x220
[ 2511.849292]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[ 2511.854748]  ? __get_vm_area_node+0xed/0x340
[ 2511.859155]  ? __get_vm_area_node+0x27d/0x340
[ 2511.863649]  ? _snd_pcm_lib_alloc_vmalloc_buffer+0x10b/0x1b0
[ 2511.869441]  __vmalloc+0x170/0x1d0
[ 2511.872981]  ? vzalloc+0x150/0x150
[ 2511.876516]  ? snd_pcm_hw_param_value+0xd7/0x4b0
[ 2511.881269]  ? snd_pcm_format_size+0x6c/0x90
[ 2511.885674]  _snd_pcm_lib_alloc_vmalloc_buffer+0x10b/0x1b0
[ 2511.891313]  ? loopback_hw_free+0x190/0x190
[ 2511.895634]  snd_pcm_hw_params+0xdc3/0x1ee0
[ 2511.899959]  ? snd_pcm_sync_ptr+0x850/0x850
[ 2511.904302]  ? snd_pcm_hw_param_near.constprop.0+0x552/0x6f0
[ 2511.910101]  ? snd_pcm_oss_plugin_clear.isra.0+0xd0/0xd0
[ 2511.915544]  ? memset+0x20/0x40
05:48:41 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:41 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:41 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_FREE(r0, 0x3305) (async)
ioctl$SNAPSHOT_FREE(r0, 0x3305)

05:48:41 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x7916, 0x400)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)

[ 2511.918825]  snd_pcm_kernel_ioctl+0x19d/0x330
[ 2511.923320]  snd_pcm_oss_change_params_locked+0x16fe/0x3550
[ 2511.929038]  ? snd_pcm_plugin_append+0x190/0x190
[ 2511.933793]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2511.938119]  ? lock_downgrade+0x740/0x740
[ 2511.942445]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2511.947797]  snd_pcm_oss_read+0x2b7/0x650
[ 2511.951936]  __vfs_read+0xe4/0x620
[ 2511.955463]  ? snd_pcm_oss_read2+0x330/0x330
[ 2511.959854]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2511.964765]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2511.969332]  ? common_file_perm+0x3ee/0x580
[ 2511.973642]  ? lock_acquire+0x170/0x3f0
[ 2511.977694]  ? security_file_permission+0x82/0x1e0
[ 2511.982602]  ? rw_verify_area+0xe1/0x2a0
[ 2511.986644]  vfs_read+0x139/0x340
[ 2511.990078]  SyS_read+0xf2/0x210
[ 2511.993426]  ? kernel_write+0x110/0x110
[ 2511.997385]  ? __do_page_fault+0x159/0xad0
[ 2512.001603]  ? do_syscall_64+0x4c/0x640
[ 2512.005564]  ? kernel_write+0x110/0x110
[ 2512.009529]  do_syscall_64+0x1d5/0x640
[ 2512.013410]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2512.018584] RIP: 0033:0x7ffaefda60f9
[ 2512.022280] RSP: 002b:00007ffaee318168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2512.029980] RAX: ffffffffffffffda RBX: 00007ffaefec5f80 RCX: 00007ffaefda60f9
[ 2512.037239] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000003
[ 2512.044491] RBP: 00007ffaee3181d0 R08: 0000000000000000 R09: 0000000000000000
[ 2512.051737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2512.058992] R13: 00007ffc19153c2f R14: 00007ffaee318300 R15: 0000000000022000
[ 2512.069703] Mem-Info:
[ 2512.072229] active_anon:26248 inactive_anon:7722 isolated_anon:0
[ 2512.072229]  active_file:5852 inactive_file:12498 isolated_file:0
[ 2512.072229]  unevictable:0 dirty:168 writeback:0 unstable:0
[ 2512.072229]  slab_reclaimable:29637 slab_unreclaimable:115795
[ 2512.072229]  mapped:32091 shmem:8213 pagetables:661 bounce:0
[ 2512.072229]  free:1468098 free_pcp:199 free_cma:0
05:48:41 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (fail_nth: 7)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:41 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

[ 2512.106362] Node 0 active_anon:104992kB inactive_anon:30888kB active_file:23288kB inactive_file:49992kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:128372kB dirty:680kB writeback:0kB shmem:32852kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 36864kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2512.135445] Node 1 active_anon:0kB inactive_anon:0kB active_file:120kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
05:48:41 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x7916, 0x400)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f0000000040), 0x7916, 0x400) (async)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) (async)

[ 2512.174232] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2512.213511] FAULT_INJECTION: forcing a failure.
[ 2512.213511] name failslab, interval 1, probability 0, space 0, times 0
[ 2512.224127] lowmem_reserve[]: 0 2717 2718 2718 2718
[ 2512.228897] CPU: 0 PID: 28213 Comm: syz-executor.5 Not tainted 4.14.307-syzkaller #0
[ 2512.229916] Node 0 
[ 2512.237789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2512.237794] Call Trace:
[ 2512.237810]  dump_stack+0x1b2/0x281
[ 2512.237825]  should_fail.cold+0x10a/0x149
[ 2512.237839]  should_failslab+0xd6/0x130
[ 2512.237852]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2512.237869]  snd_pcm_hw_param_near.constprop.0+0xc3/0x6f0
[ 2512.237882]  ? snd_pcm_oss_plugin_clear.isra.0+0xd0/0xd0
[ 2512.237888]  ? memset+0x20/0x40
[ 2512.237896]  ? snd_interval_refine+0x24a/0x460
[ 2512.237904]  ? plug_slave_size+0x1c8/0x380
[ 2512.237917]  snd_pcm_oss_change_params_locked+0x16cf/0x3550
[ 2512.237937]  ? snd_pcm_plugin_append+0x190/0x190
05:48:42 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, 0x0)

[ 2512.240165] DMA32 free:1819572kB min:36196kB low:45244kB high:54292kB active_anon:104888kB inactive_anon:30888kB active_file:23288kB inactive_file:50004kB unevictable:0kB writepending:688kB present:3129332kB managed:2787976kB mlocked:0kB kernel_stack:7744kB pagetables:2552kB bounce:0kB free_pcp:332kB local_pcp:136kB free_cma:0kB
[ 2512.249495]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2512.249509]  ? lock_downgrade+0x740/0x740
[ 2512.249526]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2512.249537]  snd_pcm_oss_read+0x2b7/0x650
[ 2512.249554]  __vfs_read+0xe4/0x620
[ 2512.252102] lowmem_reserve[]:
[ 2512.255714]  ? snd_pcm_oss_read2+0x330/0x330
[ 2512.255724]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2512.255735]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2512.255748]  ? common_file_perm+0x3ee/0x580
05:48:42 executing program 4:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r0, 0x1279, &(0x7f00000001c0))
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2512.259861]  0
[ 2512.263812]  ? lock_acquire+0x170/0x3f0
[ 2512.263830]  ? security_file_permission+0x82/0x1e0
[ 2512.263840]  ? rw_verify_area+0xe1/0x2a0
[ 2512.268478]  0
[ 2512.274226]  vfs_read+0x139/0x340
[ 2512.274239]  SyS_read+0xf2/0x210
[ 2512.274249]  ? kernel_write+0x110/0x110
[ 2512.274259]  ? __do_page_fault+0x159/0xad0
[ 2512.274268]  ? do_syscall_64+0x4c/0x640
[ 2512.274276]  ? kernel_write+0x110/0x110
[ 2512.274286]  do_syscall_64+0x1d5/0x640
[ 2512.274300]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2512.280413]  0
[ 2512.282980] RIP: 0033:0x7fa8ee4b80f9
[ 2512.282985] RSP: 002b:00007fa8eca2a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2512.282995] RAX: ffffffffffffffda RBX: 00007fa8ee5d7f80 RCX: 00007fa8ee4b80f9
[ 2512.283000] RDX: 0000000000001000 RSI: 0000000020000340 RDI: 0000000000000003
[ 2512.283005] RBP: 00007fa8eca2a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2512.283010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2512.283015] R13: 00007ffc1bec276f R14: 00007fa8eca2a300 R15: 0000000000022000
[ 2512.473052]  0 0
[ 2512.475026] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:468kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2512.500617] lowmem_reserve[]: 0 0 0 0 0
[ 2512.504686] Node 1 Normal free:4040812kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:120kB inactive_file:0kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2512.532369] lowmem_reserve[]: 0 0 0 0 0
[ 2512.536345] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
[ 2512.549969] Node 0 DMA32: 879*4kB (UME) 129*8kB (UME) 83*16kB (UME) 404*32kB (UME) 365*64kB (UM) 51*128kB (UM) 6*256kB (UME) 3*512kB (UE) 3*1024kB (UME) 4*2048kB (UME) 430*4096kB (M) = 1824308kB
[ 2512.567565] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 2512.578341] Node 1 Normal: 71*4kB (UME) 384*8kB (UM) 293*16kB (UME) 86*32kB (UM) 23*64kB (UME) 17*128kB (UM) 12*256kB (UME) 4*512kB (UE) 3*1024kB (UME) 4*2048kB (UM) 979*4096kB (M) = 4040812kB
[ 2512.595749] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2512.604659] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2512.613284] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
05:48:42 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000040)={0xe3, 0xe9, 0x1000, 0x7f4a, 0x1ff})
ioctl$TCSBRK(r1, 0x5409, 0x1)
read$snapshot(r0, 0x0, 0x12)

05:48:42 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000180), 0x1ff, 0x84600)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000001c0))
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000100)={0x7fffffff, 0x3f, 0x4, 0x80000000})
ioctl$NBD_PRINT_DEBUG(r0, 0xab06)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r2}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x7, 0x8, 0xffff3d30, 0x80, 0x12, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:42 executing program 3:
r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x7fff)
r1 = syz_open_pts(r0, 0x208601)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000))
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)

[ 2512.622112] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2512.630744] 26571 total pagecache pages
[ 2512.634807] 0 pages in swap cache
[ 2512.638246] Swap cache stats: add 0, delete 0, find 0/0
[ 2512.643656] Free swap  = 0kB
[ 2512.646656] Total swap = 0kB
[ 2512.649652] 2097051 pages RAM
[ 2512.652815] 0 pages HighMem/MovableOnly
[ 2512.656777] 363899 pages reserved
[ 2512.660202] 0 pages cma reserved
05:48:42 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000000))

05:48:42 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (fail_nth: 8)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

[ 2512.851698] FAULT_INJECTION: forcing a failure.
[ 2512.851698] name failslab, interval 1, probability 0, space 0, times 0
[ 2512.863469] CPU: 0 PID: 28237 Comm: syz-executor.5 Not tainted 4.14.307-syzkaller #0
[ 2512.871338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2512.880671] Call Trace:
[ 2512.883240]  dump_stack+0x1b2/0x281
[ 2512.886847]  should_fail.cold+0x10a/0x149
[ 2512.890995]  should_failslab+0xd6/0x130
[ 2512.894949]  kmem_cache_alloc_node_trace+0x25a/0x400
[ 2512.900028]  __get_vm_area_node+0xed/0x340
[ 2512.904245]  ? _snd_pcm_lib_alloc_vmalloc_buffer+0x10b/0x1b0
[ 2512.910020]  __vmalloc+0xfe/0x1d0
[ 2512.913449]  ? _snd_pcm_lib_alloc_vmalloc_buffer+0x10b/0x1b0
[ 2512.919222]  ? vzalloc+0x150/0x150
[ 2512.922746]  ? snd_pcm_hw_param_value+0xd7/0x4b0
[ 2512.927482]  ? snd_pcm_format_size+0x6c/0x90
[ 2512.931867]  _snd_pcm_lib_alloc_vmalloc_buffer+0x10b/0x1b0
[ 2512.937465]  ? loopback_hw_free+0x190/0x190
[ 2512.941780]  snd_pcm_hw_params+0xdc3/0x1ee0
[ 2512.946081]  ? snd_pcm_sync_ptr+0x850/0x850
[ 2512.950389]  ? snd_pcm_hw_param_near.constprop.0+0x552/0x6f0
[ 2512.956190]  ? snd_pcm_oss_plugin_clear.isra.0+0xd0/0xd0
[ 2512.961613]  ? memset+0x20/0x40
[ 2512.964872]  snd_pcm_kernel_ioctl+0x19d/0x330
[ 2512.969353]  snd_pcm_oss_change_params_locked+0x16fe/0x3550
[ 2512.975044]  ? snd_pcm_plugin_append+0x190/0x190
[ 2512.980416]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2512.984729]  ? lock_downgrade+0x740/0x740
[ 2512.988888]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2512.994056]  snd_pcm_oss_read+0x2b7/0x650
[ 2512.998184]  __vfs_read+0xe4/0x620
[ 2513.001807]  ? snd_pcm_oss_read2+0x330/0x330
[ 2513.006197]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2513.011105]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2513.015672]  ? common_file_perm+0x3ee/0x580
[ 2513.019996]  ? lock_acquire+0x170/0x3f0
[ 2513.023981]  ? security_file_permission+0x82/0x1e0
[ 2513.028899]  ? rw_verify_area+0xe1/0x2a0
[ 2513.032945]  vfs_read+0x139/0x340
[ 2513.036378]  SyS_read+0xf2/0x210
[ 2513.039727]  ? kernel_write+0x110/0x110
[ 2513.043675]  ? __do_page_fault+0x159/0xad0
[ 2513.047892]  ? do_syscall_64+0x4c/0x640
05:48:42 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)="bbd7c3a38a3b67e3cde0d7a975a4b8871c2982cfc767ea933b2ee1a2cbe786c00bf3f7218f36c8619bb412e1635dcfa85eac65f5dc4d9a1a822ebd283836ff", 0x3f})

[ 2513.051853]  ? kernel_write+0x110/0x110
[ 2513.055816]  do_syscall_64+0x1d5/0x640
[ 2513.059704]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2513.064890] RIP: 0033:0x7fa8ee4b80f9
[ 2513.068681] RSP: 002b:00007fa8eca2a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2513.076391] RAX: ffffffffffffffda RBX: 00007fa8ee5d7f80 RCX: 00007fa8ee4b80f9
[ 2513.083656] RDX: 0000000000001000 RSI: 0000000020000340 RDI: 0000000000000003
[ 2513.090915] RBP: 00007fa8eca2a1d0 R08: 0000000000000000 R09: 0000000000000000
05:48:42 executing program 1:
syz_open_dev$audion(&(0x7f00000001c0), 0x8, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000240)=""/4078, 0xfee)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_VERSION(r1, 0xc0406400, &(0x7f0000001240)={0xffffffff, 0x3ff, 0x7, 0x97, &(0x7f00000000c0)=""/151, 0xff0, &(0x7f0000001340)=""/4080, 0x1018, &(0x7f0000003380)=""/4120})
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x400, 0x440a02)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000180)={0x1, 0x0, 0xf, 0x400})
syz_open_dev$vcsa(&(0x7f0000000080), 0xb524, 0x800)
ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000040)={0x0, 0x2})

[ 2513.098169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2513.105438] R13: 00007ffc1bec276f R14: 00007fa8eca2a300 R15: 0000000000022000
[ 2513.122577] syz-executor.5: vmalloc: allocation failure: 2097152 bytes, mode:0x14080c2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[ 2513.135538] syz-executor.5 cpuset=/ mems_allowed=0-1
[ 2513.141061] CPU: 0 PID: 28237 Comm: syz-executor.5 Not tainted 4.14.307-syzkaller #0
05:48:42 executing program 1:
syz_open_dev$audion(&(0x7f00000001c0), 0x8, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000240)=""/4078, 0xfee)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_VERSION(r1, 0xc0406400, &(0x7f0000001240)={0xffffffff, 0x3ff, 0x7, 0x97, &(0x7f00000000c0)=""/151, 0xff0, &(0x7f0000001340)=""/4080, 0x1018, &(0x7f0000003380)=""/4120})
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x400, 0x440a02)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000180)={0x1, 0x0, 0xf, 0x400})
syz_open_dev$vcsa(&(0x7f0000000080), 0xb524, 0x800)
ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000040)={0x0, 0x2})
syz_open_dev$audion(&(0x7f00000001c0), 0x8, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
read$snapshot(r0, &(0x7f0000000240)=""/4078, 0xfee) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_VERSION(r1, 0xc0406400, &(0x7f0000001240)={0xffffffff, 0x3ff, 0x7, 0x97, &(0x7f00000000c0)=""/151, 0xff0, &(0x7f0000001340)=""/4080, 0x1018, &(0x7f0000003380)=""/4120}) (async)
syz_open_dev$dri(&(0x7f0000000000), 0x400, 0x440a02) (async)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000180)={0x1, 0x0, 0xf, 0x400}) (async)
syz_open_dev$vcsa(&(0x7f0000000080), 0xb524, 0x800) (async)
ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000040)={0x0, 0x2}) (async)

[ 2513.148955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2513.158315] Call Trace:
[ 2513.160904]  dump_stack+0x1b2/0x281
[ 2513.164543]  warn_alloc.cold+0x96/0x1cc
[ 2513.168523]  ? zone_watermark_ok_safe+0x220/0x220
[ 2513.173616]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[ 2513.173629]  ? __get_vm_area_node+0xed/0x340
[ 2513.173641]  ? __get_vm_area_node+0x27d/0x340
[ 2513.173656]  ? _snd_pcm_lib_alloc_vmalloc_buffer+0x10b/0x1b0
[ 2513.173664]  __vmalloc+0x170/0x1d0
[ 2513.173674]  ? vzalloc+0x150/0x150
[ 2513.173681]  ? snd_pcm_hw_param_value+0xd7/0x4b0
[ 2513.173693]  ? snd_pcm_format_size+0x6c/0x90
[ 2513.209985]  _snd_pcm_lib_alloc_vmalloc_buffer+0x10b/0x1b0
[ 2513.215607]  ? loopback_hw_free+0x190/0x190
[ 2513.219911]  snd_pcm_hw_params+0xdc3/0x1ee0
[ 2513.224219]  ? snd_pcm_sync_ptr+0x850/0x850
[ 2513.228632]  ? snd_pcm_hw_param_near.constprop.0+0x552/0x6f0
[ 2513.234424]  ? snd_pcm_oss_plugin_clear.isra.0+0xd0/0xd0
[ 2513.239866]  ? memset+0x20/0x40
[ 2513.243222]  snd_pcm_kernel_ioctl+0x19d/0x330
[ 2513.247709]  snd_pcm_oss_change_params_locked+0x16fe/0x3550
05:48:42 executing program 1:
syz_open_dev$audion(&(0x7f00000001c0), 0x8, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async, rerun: 32)
read$snapshot(r0, &(0x7f0000000240)=""/4078, 0xfee) (async, rerun: 32)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_VERSION(r1, 0xc0406400, &(0x7f0000001240)={0xffffffff, 0x3ff, 0x7, 0x97, &(0x7f00000000c0)=""/151, 0xff0, &(0x7f0000001340)=""/4080, 0x1018, &(0x7f0000003380)=""/4120}) (async)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x400, 0x440a02) (async)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000180)={0x1, 0x0, 0xf, 0x400}) (async)
syz_open_dev$vcsa(&(0x7f0000000080), 0xb524, 0x800)
ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000040)={0x0, 0x2})

[ 2513.253421]  ? snd_pcm_plugin_append+0x190/0x190
[ 2513.258201]  ? snd_pcm_oss_read+0x2a2/0x650
[ 2513.258216]  ? lock_downgrade+0x740/0x740
[ 2513.266652]  snd_pcm_oss_make_ready_locked+0x99/0x110
[ 2513.271951]  snd_pcm_oss_read+0x2b7/0x650
[ 2513.276108]  __vfs_read+0xe4/0x620
[ 2513.279647]  ? snd_pcm_oss_read2+0x330/0x330
[ 2513.284054]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2513.288982]  ? vfs_copy_file_range+0x9b0/0x9b0
[ 2513.293562]  ? common_file_perm+0x3ee/0x580
[ 2513.297890]  ? lock_acquire+0x170/0x3f0
05:48:42 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x4000, 0x0)
ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000280))
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140), 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000180)={r2, r1, 0x0, r3}, 0x10)
r4 = syz_open_dev$loop(&(0x7f0000000000), 0x8000000001001, 0xb2081)
mq_getsetattr(r1, &(0x7f00000000c0)={0x0, 0xa74, 0xb8, 0x4}, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000100))
mq_timedreceive(r1, &(0x7f0000001340)=""/232, 0xe8, 0x8cc, &(0x7f00000002c0)={0x77359400})
ioctl$IOC_PR_RESERVE(r4, 0x401070c9, &(0x7f0000000040)={0x2, 0x2, 0x1})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000200)={0x0, 0x6f1})
ioctl$IOC_PR_PREEMPT_ABORT(r4, 0x401870cc, &(0x7f0000000080)={0x81, 0x3, 0x7, 0x976})

[ 2513.301876]  ? security_file_permission+0x82/0x1e0
[ 2513.301889]  ? rw_verify_area+0xe1/0x2a0
[ 2513.310869]  vfs_read+0x139/0x340
[ 2513.314324]  SyS_read+0xf2/0x210
[ 2513.317683]  ? kernel_write+0x110/0x110
[ 2513.321654]  ? __do_page_fault+0x159/0xad0
[ 2513.325883]  ? do_syscall_64+0x4c/0x640
[ 2513.329856]  ? kernel_write+0x110/0x110
[ 2513.333823]  do_syscall_64+0x1d5/0x640
[ 2513.337696]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2513.342872] RIP: 0033:0x7fa8ee4b80f9
[ 2513.346581] RSP: 002b:00007fa8eca2a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2513.354274] RAX: ffffffffffffffda RBX: 00007fa8ee5d7f80 RCX: 00007fa8ee4b80f9
[ 2513.361523] RDX: 0000000000001000 RSI: 0000000020000340 RDI: 0000000000000003
[ 2513.368771] RBP: 00007fa8eca2a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2513.376022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2513.383275] R13: 00007ffc1bec276f R14: 00007fa8eca2a300 R15: 0000000000022000
[ 2513.392766] Mem-Info:
[ 2513.395195] active_anon:26264 inactive_anon:7722 isolated_anon:0
05:48:43 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000040)={0xe3, 0xe9, 0x1000, 0x7f4a, 0x1ff}) (async)
ioctl$TCSBRK(r1, 0x5409, 0x1) (async)
read$snapshot(r0, 0x0, 0x12)

05:48:43 executing program 3:
r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x7fff)
r1 = syz_open_pts(r0, 0x208601)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000)) (async)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)

05:48:43 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)="bbd7c3a38a3b67e3cde0d7a975a4b8871c2982cfc767ea933b2ee1a2cbe786c00bf3f7218f36c8619bb412e1635dcfa85eac65f5dc4d9a1a822ebd283836ff", 0x3f})

[ 2513.395195]  active_file:5852 inactive_file:12510 isolated_file:0
[ 2513.395195]  unevictable:0 dirty:180 writeback:0 unstable:0
[ 2513.395195]  slab_reclaimable:29508 slab_unreclaimable:116422
[ 2513.395195]  mapped:32106 shmem:8213 pagetables:661 bounce:0
[ 2513.395195]  free:1467596 free_pcp:220 free_cma:0
05:48:43 executing program 4:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)="bbd7c3a38a3b67e3cde0d7a975a4b8871c2982cfc767ea933b2ee1a2cbe786c00bf3f7218f36c8619bb412e1635dcfa85eac65f5dc4d9a1a822ebd283836ff", 0x3f})

05:48:43 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000040)={0xe3, 0xe9, 0x1000, 0x7f4a, 0x1ff})
ioctl$TCSBRK(r1, 0x5409, 0x1) (async)
ioctl$TCSBRK(r1, 0x5409, 0x1)
read$snapshot(r0, 0x0, 0x12)

[ 2513.441719] Node 0 active_anon:100812kB inactive_anon:30888kB active_file:23288kB inactive_file:50040kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:128424kB dirty:716kB writeback:0kB shmem:32852kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 36864kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2513.491655] Node 1 active_anon:0kB inactive_anon:0kB active_file:120kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2513.517809] Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2513.544544] lowmem_reserve[]: 0 2717 2718 2718 2718
[ 2513.549583] Node 0 DMA32 free:1814552kB min:36196kB low:45244kB high:54292kB active_anon:104964kB inactive_anon:30888kB active_file:23288kB inactive_file:50052kB unevictable:0kB writepending:728kB present:3129332kB managed:2787976kB mlocked:0kB kernel_stack:7936kB pagetables:2660kB bounce:0kB free_pcp:944kB local_pcp:740kB free_cma:0kB
[ 2513.579499] lowmem_reserve[]: 0 0 0 0 0
[ 2513.583569] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:468kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2513.609400] lowmem_reserve[]: 0 0 0 0 0
[ 2513.613471] Node 1 Normal free:4040812kB min:53696kB low:67120kB high:80544kB active_anon:0kB inactive_anon:0kB active_file:120kB inactive_file:0kB unevictable:0kB writepending:4kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2513.641123] lowmem_reserve[]: 0 0 0 0 0
05:48:43 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x4000, 0x0)
ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000280)) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140), 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000180)={r2, r1, 0x0, r3}, 0x10)
r4 = syz_open_dev$loop(&(0x7f0000000000), 0x8000000001001, 0xb2081) (async)
mq_getsetattr(r1, &(0x7f00000000c0)={0x0, 0xa74, 0xb8, 0x4}, 0x0) (async, rerun: 64)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000100)) (async, rerun: 64)
mq_timedreceive(r1, &(0x7f0000001340)=""/232, 0xe8, 0x8cc, &(0x7f00000002c0)={0x77359400})
ioctl$IOC_PR_RESERVE(r4, 0x401070c9, &(0x7f0000000040)={0x2, 0x2, 0x1}) (async)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000200)={0x0, 0x6f1})
ioctl$IOC_PR_PREEMPT_ABORT(r4, 0x401870cc, &(0x7f0000000080)={0x81, 0x3, 0x7, 0x976})

[ 2513.645175] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
[ 2513.658867] Node 0 DMA32: 504*4kB (UE) 241*8kB (UME) 11*16kB (UME) 274*32kB (UME) 364*64kB (UM) 50*128kB (UM) 5*256kB (UME) 4*512kB (UE) 3*1024kB (UME) 2*2048kB (UE) 430*4096kB (M) = 1814360kB
[ 2513.676717] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 2513.687609] Node 1 Normal: 71*4kB (UME) 384*8kB (UM) 293*16kB (UME) 86*32kB (UM) 23*64kB (UME) 17*128kB (UM) 12*256kB (UME) 4*512kB (UE) 3*1024kB (UME) 4*2048kB (UM) 979*4096kB (M) = 4040812kB
[ 2513.705175] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2513.714065] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2513.722713] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2513.731538] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2513.740436] 26579 total pagecache pages
[ 2513.744525] 0 pages in swap cache
[ 2513.748147] Swap cache stats: add 0, delete 0, find 0/0
05:48:43 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x2, 0xa280)
write$cgroup_subtree(r0, &(0x7f0000000080)={[{0x4f, 'hugetlb'}, {0x2d, 'net_prio'}, {0x2b, 'blkio'}, {0x2d, 'perf_event'}, {0x0, 'blkio'}, {0x2d, 'perf_event'}, {0x2b, 'pids'}, {0x2b, 'memory'}, {0x2d, 'perf_event'}]}, 0x53)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000000)={0x9a, 0x12b024ab, 0x6})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:43 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x2, 0xa280)
write$cgroup_subtree(r0, &(0x7f0000000080)={[{0x4f, 'hugetlb'}, {0x2d, 'net_prio'}, {0x2b, 'blkio'}, {0x2d, 'perf_event'}, {0x0, 'blkio'}, {0x2d, 'perf_event'}, {0x2b, 'pids'}, {0x2b, 'memory'}, {0x2d, 'perf_event'}]}, 0x53) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000000)={0x9a, 0x12b024ab, 0x6})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

[ 2513.753568] Free swap  = 0kB
[ 2513.756569] Total swap = 0kB
[ 2513.759565] 2097051 pages RAM
[ 2513.762720] 0 pages HighMem/MovableOnly
[ 2513.766681] 363899 pages reserved
[ 2513.770119] 0 pages cma reserved
05:48:43 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x2, 0xa280)
write$cgroup_subtree(r0, &(0x7f0000000080)={[{0x4f, 'hugetlb'}, {0x2d, 'net_prio'}, {0x2b, 'blkio'}, {0x2d, 'perf_event'}, {0x0, 'blkio'}, {0x2d, 'perf_event'}, {0x2b, 'pids'}, {0x2b, 'memory'}, {0x2d, 'perf_event'}]}, 0x53)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000000)={0x9a, 0x12b024ab, 0x6})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
syz_open_dev$audion(&(0x7f00000001c0), 0x2, 0xa280) (async)
write$cgroup_subtree(r0, &(0x7f0000000080)={[{0x4f, 'hugetlb'}, {0x2d, 'net_prio'}, {0x2b, 'blkio'}, {0x2d, 'perf_event'}, {0x0, 'blkio'}, {0x2d, 'perf_event'}, {0x2b, 'pids'}, {0x2b, 'memory'}, {0x2d, 'perf_event'}]}, 0x53) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000000)={0x9a, 0x12b024ab, 0x6}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)

05:48:43 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0)
read$snapshot(r1, &(0x7f0000000040), 0xfd4d)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000040))

05:48:43 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000000)="bbd7c3a38a3b67e3cde0d7a975a4b8871c2982cfc767ea933b2ee1a2cbe786c00bf3f7218f36c8619bb412e1635dcfa85eac65f5dc4d9a1a822ebd283836ff", 0x3f})

05:48:43 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (fail_nth: 1)

05:48:43 executing program 3:
r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x7fff)
r1 = syz_open_pts(r0, 0x208601)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000))
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x7fff) (async)
syz_open_pts(r0, 0x208601) (async)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000)) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:43 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x4, 0x100)
syz_open_dev$loop(&(0x7f0000000040), 0x200, 0x200000)
syz_open_dev$audion(&(0x7f0000000080), 0x2, 0x70000)
r1 = syz_open_dev$audion(&(0x7f00000000c0), 0x4, 0x10000)
ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000100)={0x6, 0x3, 0x1})
read$snapshot(r0, 0x0, 0x12)

05:48:43 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000040)={0x2, 0x0, 0xfffffffc, 0x0, 0xc, "b85600009e00000000000000009cab00"})
ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x24)

05:48:43 executing program 0:
syz_open_dev$audion(&(0x7f0000000000), 0x4, 0x100) (async)
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x4, 0x100)
syz_open_dev$loop(&(0x7f0000000040), 0x200, 0x200000) (async)
syz_open_dev$loop(&(0x7f0000000040), 0x200, 0x200000)
syz_open_dev$audion(&(0x7f0000000080), 0x2, 0x70000)
r1 = syz_open_dev$audion(&(0x7f00000000c0), 0x4, 0x10000)
ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000100)={0x6, 0x3, 0x1})
read$snapshot(r0, 0x0, 0x12)

05:48:43 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000040)={0x2, 0x0, 0xfffffffc, 0x0, 0xc, "b85600009e00000000000000009cab00"}) (async)
ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x24)

05:48:43 executing program 1:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x4000, 0x0) (async)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x4000, 0x0)
ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000280))
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140), 0x4) (async)
r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140), 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000180)={r2, r1, 0x0, r3}, 0x10)
r4 = syz_open_dev$loop(&(0x7f0000000000), 0x8000000001001, 0xb2081)
mq_getsetattr(r1, &(0x7f00000000c0)={0x0, 0xa74, 0xb8, 0x4}, 0x0) (async)
mq_getsetattr(r1, &(0x7f00000000c0)={0x0, 0xa74, 0xb8, 0x4}, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000100))
mq_timedreceive(r1, &(0x7f0000001340)=""/232, 0xe8, 0x8cc, &(0x7f00000002c0)={0x77359400}) (async)
mq_timedreceive(r1, &(0x7f0000001340)=""/232, 0xe8, 0x8cc, &(0x7f00000002c0)={0x77359400})
ioctl$IOC_PR_RESERVE(r4, 0x401070c9, &(0x7f0000000040)={0x2, 0x2, 0x1}) (async)
ioctl$IOC_PR_RESERVE(r4, 0x401070c9, &(0x7f0000000040)={0x2, 0x2, 0x1})
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000200)={0x0, 0x6f1})
ioctl$IOC_PR_PREEMPT_ABORT(r4, 0x401870cc, &(0x7f0000000080)={0x81, 0x3, 0x7, 0x976})

05:48:43 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x4, 0x100)
syz_open_dev$loop(&(0x7f0000000040), 0x200, 0x200000)
syz_open_dev$audion(&(0x7f0000000080), 0x2, 0x70000)
r1 = syz_open_dev$audion(&(0x7f00000000c0), 0x4, 0x10000)
ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000100)={0x6, 0x3, 0x1})
read$snapshot(r0, 0x0, 0x12)
syz_open_dev$audion(&(0x7f0000000000), 0x4, 0x100) (async)
syz_open_dev$loop(&(0x7f0000000040), 0x200, 0x200000) (async)
syz_open_dev$audion(&(0x7f0000000080), 0x2, 0x70000) (async)
syz_open_dev$audion(&(0x7f00000000c0), 0x4, 0x10000) (async)
ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000100)={0x6, 0x3, 0x1}) (async)
read$snapshot(r0, 0x0, 0x12) (async)

05:48:43 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000040)={0x2, 0x0, 0xfffffffc, 0x0, 0xc, "b85600009e00000000000000009cab00"}) (async)
ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x24)

05:48:43 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x88000, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000080)={0x0, 0x0, r0})
ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000040))
read$snapshot(r0, 0x0, 0x12)
r2 = syz_open_dev$audion(&(0x7f00000000c0), 0x1, 0x40)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000100))

05:48:44 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 64)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0) (rerun: 64)
read$snapshot(r1, &(0x7f0000000040), 0xfd4d) (async, rerun: 32)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (rerun: 32)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000040))

05:48:44 executing program 2:
ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, &(0x7f0000000000))
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x8001)
ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{}, {}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:44 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000040))
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)={0x6, 0xffff, 0x2, 0x3ff, 0x14, "92935daedf50d4908cb2f8c114f832c2c0fa76"})

05:48:44 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r0, 0x4)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x94982)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:44 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x88000, 0x0) (async)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000080)={0x0, 0x0, r0})
ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000040)) (async)
read$snapshot(r0, 0x0, 0x12) (async, rerun: 64)
r2 = syz_open_dev$audion(&(0x7f00000000c0), 0x1, 0x40) (rerun: 64)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000100))

05:48:44 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000040)) (async)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)={0x6, 0xffff, 0x2, 0x3ff, 0x14, "92935daedf50d4908cb2f8c114f832c2c0fa76"})

05:48:44 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan1\x00', <r8=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004800}, 0x20000810)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x58, r2, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_DEVKEY={0x34, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x58}, 0x1, 0x0, 0x0, 0x4008000}, 0x24000001)

05:48:44 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r0, 0x4)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x94982)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:44 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000040)) (async)
ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000040))
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)={0x6, 0xffff, 0x2, 0x3ff, 0x14, "92935daedf50d4908cb2f8c114f832c2c0fa76"})

05:48:44 executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r0, 0x4) (async)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x94982)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:44 executing program 4:
pselect6(0x40, &(0x7f0000000040), &(0x7f0000000080)={0xf}, 0x0, 0x0, 0x0)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(0xffffffffffffffff, 0xc00464be, &(0x7f0000000000)={0x1})

05:48:44 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x88000, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000080)={0x0, 0x0, r0}) (async, rerun: 64)
ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000040)) (async, rerun: 64)
read$snapshot(r0, 0x0, 0x12) (async, rerun: 32)
r2 = syz_open_dev$audion(&(0x7f00000000c0), 0x1, 0x40) (rerun: 32)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000100))

05:48:44 executing program 5:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0)
read$snapshot(r1, &(0x7f0000000040), 0xfd4d)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000040))

05:48:44 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$KIOCSOUND(r1, 0x4b2f, 0x1)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
sendmsg$DCCPDIAG_GETSOCK(r2, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20401050}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="ac0000001300200028bd86390470e1fc875f78094e244e21080000000f0000006c000200050000000000000009000000080014d306000000719113692ca01bf0327c830a67b62707aac535f2eb5cdca136a4f90a9fc1dfeb728e135b067056c9f8501983165c8845221e50313ca1e3a00f60f80f42a716ba0f430ec39606635c15b84a44c88e8918", @ANYRES32=0x0, @ANYBLOB="ffffffff06000000ff000000008000006000010076453c642a8e8fe7a0dbb02fa481f38367c4ab94eb3fd888ceb8599dd5776bc20cab15076b27bfc7a324f290fe7fbe6bea6bbc82d0619e45f9c2b923ac1c04b47b44aa0f209a82b0a4df0002915701f61c43595825627934910adf43"], 0xac}, 0x1, 0x0, 0x0, 0x20004881}, 0x200000d4)

05:48:44 executing program 4:
pselect6(0x40, &(0x7f0000000040), &(0x7f0000000080)={0xf}, 0x0, 0x0, 0x0) (async)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(0xffffffffffffffff, 0xc00464be, &(0x7f0000000000)={0x1})

05:48:44 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309)

05:48:44 executing program 2:
ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, &(0x7f0000000000))
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x8001)
ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{}, {}]}) (async)
ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{}, {}]})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:44 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$KIOCSOUND(r1, 0x4b2f, 0x1) (async)
socket$nl_sock_diag(0x10, 0x3, 0x4) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
sendmsg$DCCPDIAG_GETSOCK(r2, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20401050}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="ac0000001300200028bd86390470e1fc875f78094e244e21080000000f0000006c000200050000000000000009000000080014d306000000719113692ca01bf0327c830a67b62707aac535f2eb5cdca136a4f90a9fc1dfeb728e135b067056c9f8501983165c8845221e50313ca1e3a00f60f80f42a716ba0f430ec39606635c15b84a44c88e8918", @ANYRES32=0x0, @ANYBLOB="ffffffff06000000ff000000008000006000010076453c642a8e8fe7a0dbb02fa481f38367c4ab94eb3fd888ceb8599dd5776bc20cab15076b27bfc7a324f290fe7fbe6bea6bbc82d0619e45f9c2b923ac1c04b47b44aa0f209a82b0a4df0002915701f61c43595825627934910adf43"], 0xac}, 0x1, 0x0, 0x0, 0x20004881}, 0x200000d4)

05:48:45 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan1\x00', <r8=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004800}, 0x20000810) (async)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x58, r2, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_DEVKEY={0x34, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x58}, 0x1, 0x0, 0x0, 0x4008000}, 0x24000001)

05:48:45 executing program 4:
pselect6(0x40, &(0x7f0000000040), &(0x7f0000000080)={0xf}, 0x0, 0x0, 0x0) (async)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(0xffffffffffffffff, 0xc00464be, &(0x7f0000000000)={0x1})

05:48:45 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$KIOCSOUND(r1, 0x4b2f, 0x1) (async)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
sendmsg$DCCPDIAG_GETSOCK(r2, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20401050}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="ac0000001300200028bd86390470e1fc875f78094e244e21080000000f0000006c000200050000000000000009000000080014d306000000719113692ca01bf0327c830a67b62707aac535f2eb5cdca136a4f90a9fc1dfeb728e135b067056c9f8501983165c8845221e50313ca1e3a00f60f80f42a716ba0f430ec39606635c15b84a44c88e8918", @ANYRES32=0x0, @ANYBLOB="ffffffff06000000ff000000008000006000010076453c642a8e8fe7a0dbb02fa481f38367c4ab94eb3fd888ceb8599dd5776bc20cab15076b27bfc7a324f290fe7fbe6bea6bbc82d0619e45f9c2b923ac1c04b47b44aa0f209a82b0a4df0002915701f61c43595825627934910adf43"], 0xac}, 0x1, 0x0, 0x0, 0x20004881}, 0x200000d4)

05:48:45 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x381c2)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000040))

05:48:45 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000000)={0x6, 0x26, 0x9, 0x1})
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r1}, 0x8)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000140)={0x0, <r4=>0x0})
ioctl$DRM_IOCTL_GEM_OPEN(r3, 0xc010640b, &(0x7f0000000180)={r4})
write$cgroup_subtree(r2, &(0x7f0000000080)={[{0x2b, 'net_cls'}, {0x16, 'net'}, {0x2b, 'hugetlb'}]}, 0x17)

05:48:45 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000000)={0x6, 0x26, 0x9, 0x1}) (async)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000000)={0x6, 0x26, 0x9, 0x1})
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r1}, 0x8)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000140)={0x0, <r4=>0x0})
ioctl$DRM_IOCTL_GEM_OPEN(r3, 0xc010640b, &(0x7f0000000180)={r4})
write$cgroup_subtree(r2, &(0x7f0000000080)={[{0x2b, 'net_cls'}, {0x16, 'net'}, {0x2b, 'hugetlb'}]}, 0x17)

05:48:45 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000300)={0x2, 0x5, 0x7fffffff, 0x100, 0x19, 0x7fffffff})
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f00000002c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x18)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001340), 0x40, 0x0)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
clock_gettime(0x0, &(0x7f0000000180))
mq_timedsend(0xffffffffffffffff, &(0x7f0000001580)="d2c647629dca0f979a7d5f83a6994fdecfd0d10f811a9e4f9e91ee96f3f11a43d1d87288362c7ad490f40f428290ee030b48a1e054d09bbaf0b2a1c81c4d095a1e09b41533f8c6f5b6a599f6752d65696bcc1c644f33deb0bd12a6afaa22cdbac8034f2c8322583ccdbadebb6acb9fdf076626cbdac7f42c613c1ae3c1fcb5293a2e57c24f639f298b68a9979aa0c087a31e9645692d958140cf836ef0aa26260b248cabaf62a6856023956e664b0dd47643123d1da8307c44f2f267f6346d5ddef605bc9f9d1bac3c266b109c0066adcedd34ef8c36376245f4b30231c064f00344c6080384a516cfba65737c6ed5f9a554ceec2656bcdedf40d0c74efdbff21e3dd890f777b5ed5fcdf13708798108b51507300a4a9aafde0b2917052670879b47b449c29fbf68cf66b023378c72fb9de90582dc2a2b024533578b580a85b3e88dae5c121efe0ea43d742e22c4788cefbf27e19abaa427254bf3aa9a78f54f926375bf10c82fe2f93236cb6666647e1a8c7375eeb240337e919fecb01afa01f2133861adde8dbd79215554970d76c2132f1fa0533046cccba50129b40f88b17cde8d2281e0", 0x1a6, 0x3, &(0x7f0000001380)={0x0, 0x3938700})

05:48:45 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x381c2)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000040))

05:48:45 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000000)={0x6, 0x26, 0x9, 0x1})
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r1}, 0x8) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={0x0, 0x0, <r3=>0xffffffffffffffff}) (async)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000140)={0x0, <r4=>0x0})
ioctl$DRM_IOCTL_GEM_OPEN(r3, 0xc010640b, &(0x7f0000000180)={r4}) (async)
write$cgroup_subtree(r2, &(0x7f0000000080)={[{0x2b, 'net_cls'}, {0x16, 'net'}, {0x2b, 'hugetlb'}]}, 0x17)

05:48:45 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (async)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309)

05:48:45 executing program 2:
ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, &(0x7f0000000000))
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x8001)
ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{}, {}]}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:45 executing program 3:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x381c2)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000040))

05:48:45 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff) (async)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan1\x00', <r8=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004800}, 0x20000810) (async)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x58, r2, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_DEVKEY={0x34, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x58}, 0x1, 0x0, 0x0, 0x4008000}, 0x24000001)

05:48:45 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0x17, 0x1d, 0xdc, &(0x7f0000000240)="14ecdae43fd21dcdca0a0f0d6dcb49809af5937c1177f4f89a3cc1aa1e179bc909c907a84b7406d1e025cb0912a851d2eb47e69f947ce71a44360967582680dbe14ae31470e87bfe58e48e3fb1fd861252d97b6626c447068d65c0710e878dcd9b6daa9ee87e9306a1dfea1e4275b7a24fb73b70f82296e6c23b3078b17e0f1b897769ef55a0b0390d14d1b12d61864261155dc64503b414e069f4c4fde0278c1911591521eba604f0447da393024cf3418bc6a626905f56e41b43bc9c40d7b9cb2298d3990cc6cb904f77939a06d1472f69e843fe38f1d4a40f3e917ee06b3731aea9916b4b3df4b4cf0745d9b4fae208c810f30d03a001cb1fd603379f4f41b9b47970fdb13899698ac9adad6d43e2a12d6c339355eafbeefd2294452bdbdba911145a1f76e46f6186b35f978c7910d630220b526a9679c8f130b8f4c35af3a112c43dfbb6c0a9b9dba3d16505672947ce003ea7fb03167b96c4a9862beb5a5b2a52ba2bcf46e484506cba224b2651006bf43297305af9ad3ed2becc8dacb1d2c0fb8252f18e25bef4ae3a17b53a48e8e10708cc78cea3499340e0336b08d253229cdc7e50a5cf0b8f0121abe41cf43f8f0e5be1157f25fa7d5cea242519b29eed0fae4483f721171c8c03fc986372f18178a92afbc7e9b5667e843642db339b1d27057575bd722c4dc9ac8378064f4b39e97ecb8a8abbf20c7721162a64fef8bf8a132d795bfb3a5e71c8699fe966d05dad088b7664f370f7390be161f54161593cda7192c3597425d3ef4b1111f9f5c15077bf2a9560422b84cce89937f9c91c9a6f83893bf7ecd56290500f6c19da25854855795aa85eaec5353787157c1521b24011c5c8ce218aa43274cfab854fefa6643120c8e12045fb8bd2be15301b07143fa79d023a1e7848e4661d5f97f8b96090fe390cd25bc85b066198901b92cbf577f147772688d8d3f1deb97d5baccf88c3a1c5573334cb010fa939b2b761e92df7da741c2005e49b9e5fdcc76869d95d08d1da69b95d48943e820cb3edea5a70cd4ada34d5fe8718abe5bc843c48f8e36d092a8a9ddb2012c78daa051f60a44f0a69718e7aff6fb00b23631ea689bf65b0a48dcf40177e1a0d094059b488693146145241f443e88ad311b3a925aa4a9c3b1363666868b3b751d0b74843a79e53bcc2fc1e4a304a715d80e37b3fc2da0fa772248a0617c3d899309f5125cd539583fa8d13c332275b73a27b6ab7aa81554695fcc0b7cb431fe95e50aa55966449c6da16902967d3a592174bceec603d1366a93e16ca2c4f303da7c11101aabdf65c46bee3c6adfe99c10cc9c1d8ea93099d73f55ef2bd4d81591dc913d885ff89b493e8aadb84a185245bd08ab223551cc427346ec95fd7a2682c0c8d9a29655bb0fa60ff28ad0c83acf3bd549bcff2633d46197e7e683e674b16ee8fd8"})

05:48:45 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x80)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20040, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000180)={0x6, 0x80000001})
r2 = syz_open_dev$audion(&(0x7f0000000080), 0x3ff, 0x12400)
ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f0000000140)={0xa64a})
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKDISCARD(r3, 0x1277, &(0x7f0000000100)=0x7b57)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000040)={0xfffffffffffffc01, 0x0, 0x2})
read$snapshot(r0, &(0x7f0000000200)=""/4098, 0x1002)

05:48:45 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x80) (async)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20040, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000180)={0x6, 0x80000001}) (async)
r2 = syz_open_dev$audion(&(0x7f0000000080), 0x3ff, 0x12400)
ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f0000000140)={0xa64a}) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$BLKDISCARD(r3, 0x1277, &(0x7f0000000100)=0x7b57)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000040)={0xfffffffffffffc01, 0x0, 0x2})
read$snapshot(r0, &(0x7f0000000200)=""/4098, 0x1002)

05:48:45 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0x17, 0x1d, 0xdc, &(0x7f0000000240)="14ecdae43fd21dcdca0a0f0d6dcb49809af5937c1177f4f89a3cc1aa1e179bc909c907a84b7406d1e025cb0912a851d2eb47e69f947ce71a44360967582680dbe14ae31470e87bfe58e48e3fb1fd861252d97b6626c447068d65c0710e878dcd9b6daa9ee87e9306a1dfea1e4275b7a24fb73b70f82296e6c23b3078b17e0f1b897769ef55a0b0390d14d1b12d61864261155dc64503b414e069f4c4fde0278c1911591521eba604f0447da393024cf3418bc6a626905f56e41b43bc9c40d7b9cb2298d3990cc6cb904f77939a06d1472f69e843fe38f1d4a40f3e917ee06b3731aea9916b4b3df4b4cf0745d9b4fae208c810f30d03a001cb1fd603379f4f41b9b47970fdb13899698ac9adad6d43e2a12d6c339355eafbeefd2294452bdbdba911145a1f76e46f6186b35f978c7910d630220b526a9679c8f130b8f4c35af3a112c43dfbb6c0a9b9dba3d16505672947ce003ea7fb03167b96c4a9862beb5a5b2a52ba2bcf46e484506cba224b2651006bf43297305af9ad3ed2becc8dacb1d2c0fb8252f18e25bef4ae3a17b53a48e8e10708cc78cea3499340e0336b08d253229cdc7e50a5cf0b8f0121abe41cf43f8f0e5be1157f25fa7d5cea242519b29eed0fae4483f721171c8c03fc986372f18178a92afbc7e9b5667e843642db339b1d27057575bd722c4dc9ac8378064f4b39e97ecb8a8abbf20c7721162a64fef8bf8a132d795bfb3a5e71c8699fe966d05dad088b7664f370f7390be161f54161593cda7192c3597425d3ef4b1111f9f5c15077bf2a9560422b84cce89937f9c91c9a6f83893bf7ecd56290500f6c19da25854855795aa85eaec5353787157c1521b24011c5c8ce218aa43274cfab854fefa6643120c8e12045fb8bd2be15301b07143fa79d023a1e7848e4661d5f97f8b96090fe390cd25bc85b066198901b92cbf577f147772688d8d3f1deb97d5baccf88c3a1c5573334cb010fa939b2b761e92df7da741c2005e49b9e5fdcc76869d95d08d1da69b95d48943e820cb3edea5a70cd4ada34d5fe8718abe5bc843c48f8e36d092a8a9ddb2012c78daa051f60a44f0a69718e7aff6fb00b23631ea689bf65b0a48dcf40177e1a0d094059b488693146145241f443e88ad311b3a925aa4a9c3b1363666868b3b751d0b74843a79e53bcc2fc1e4a304a715d80e37b3fc2da0fa772248a0617c3d899309f5125cd539583fa8d13c332275b73a27b6ab7aa81554695fcc0b7cb431fe95e50aa55966449c6da16902967d3a592174bceec603d1366a93e16ca2c4f303da7c11101aabdf65c46bee3c6adfe99c10cc9c1d8ea93099d73f55ef2bd4d81591dc913d885ff89b493e8aadb84a185245bd08ab223551cc427346ec95fd7a2682c0c8d9a29655bb0fa60ff28ad0c83acf3bd549bcff2633d46197e7e683e674b16ee8fd8"})

05:48:45 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x80)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20040, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000180)={0x6, 0x80000001})
r2 = syz_open_dev$audion(&(0x7f0000000080), 0x3ff, 0x12400)
ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f0000000140)={0xa64a})
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKDISCARD(r3, 0x1277, &(0x7f0000000100)=0x7b57)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000040)={0xfffffffffffffc01, 0x0, 0x2})
read$snapshot(r0, &(0x7f0000000200)=""/4098, 0x1002)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x80) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20040, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000180)={0x6, 0x80000001}) (async)
syz_open_dev$audion(&(0x7f0000000080), 0x3ff, 0x12400) (async)
ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f0000000140)={0xa64a}) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$BLKDISCARD(r3, 0x1277, &(0x7f0000000100)=0x7b57) (async)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000040)={0xfffffffffffffc01, 0x0, 0x2}) (async)
read$snapshot(r0, &(0x7f0000000200)=""/4098, 0x1002) (async)

05:48:46 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000300)={0x2, 0x5, 0x7fffffff, 0x100, 0x19, 0x7fffffff})
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f00000002c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x18) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001340), 0x40, 0x0)
ioctl$SNAPSHOT_FREE(r2, 0x3305) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) (async)
clock_gettime(0x0, &(0x7f0000000180)) (async)
mq_timedsend(0xffffffffffffffff, &(0x7f0000001580)="d2c647629dca0f979a7d5f83a6994fdecfd0d10f811a9e4f9e91ee96f3f11a43d1d87288362c7ad490f40f428290ee030b48a1e054d09bbaf0b2a1c81c4d095a1e09b41533f8c6f5b6a599f6752d65696bcc1c644f33deb0bd12a6afaa22cdbac8034f2c8322583ccdbadebb6acb9fdf076626cbdac7f42c613c1ae3c1fcb5293a2e57c24f639f298b68a9979aa0c087a31e9645692d958140cf836ef0aa26260b248cabaf62a6856023956e664b0dd47643123d1da8307c44f2f267f6346d5ddef605bc9f9d1bac3c266b109c0066adcedd34ef8c36376245f4b30231c064f00344c6080384a516cfba65737c6ed5f9a554ceec2656bcdedf40d0c74efdbff21e3dd890f777b5ed5fcdf13708798108b51507300a4a9aafde0b2917052670879b47b449c29fbf68cf66b023378c72fb9de90582dc2a2b024533578b580a85b3e88dae5c121efe0ea43d742e22c4788cefbf27e19abaa427254bf3aa9a78f54f926375bf10c82fe2f93236cb6666647e1a8c7375eeb240337e919fecb01afa01f2133861adde8dbd79215554970d76c2132f1fa0533046cccba50129b40f88b17cde8d2281e0", 0x1a6, 0x3, &(0x7f0000001380)={0x0, 0x3938700})

05:48:46 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async, rerun: 32)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0x17, 0x1d, 0xdc, &(0x7f0000000240)="14ecdae43fd21dcdca0a0f0d6dcb49809af5937c1177f4f89a3cc1aa1e179bc909c907a84b7406d1e025cb0912a851d2eb47e69f947ce71a44360967582680dbe14ae31470e87bfe58e48e3fb1fd861252d97b6626c447068d65c0710e878dcd9b6daa9ee87e9306a1dfea1e4275b7a24fb73b70f82296e6c23b3078b17e0f1b897769ef55a0b0390d14d1b12d61864261155dc64503b414e069f4c4fde0278c1911591521eba604f0447da393024cf3418bc6a626905f56e41b43bc9c40d7b9cb2298d3990cc6cb904f77939a06d1472f69e843fe38f1d4a40f3e917ee06b3731aea9916b4b3df4b4cf0745d9b4fae208c810f30d03a001cb1fd603379f4f41b9b47970fdb13899698ac9adad6d43e2a12d6c339355eafbeefd2294452bdbdba911145a1f76e46f6186b35f978c7910d630220b526a9679c8f130b8f4c35af3a112c43dfbb6c0a9b9dba3d16505672947ce003ea7fb03167b96c4a9862beb5a5b2a52ba2bcf46e484506cba224b2651006bf43297305af9ad3ed2becc8dacb1d2c0fb8252f18e25bef4ae3a17b53a48e8e10708cc78cea3499340e0336b08d253229cdc7e50a5cf0b8f0121abe41cf43f8f0e5be1157f25fa7d5cea242519b29eed0fae4483f721171c8c03fc986372f18178a92afbc7e9b5667e843642db339b1d27057575bd722c4dc9ac8378064f4b39e97ecb8a8abbf20c7721162a64fef8bf8a132d795bfb3a5e71c8699fe966d05dad088b7664f370f7390be161f54161593cda7192c3597425d3ef4b1111f9f5c15077bf2a9560422b84cce89937f9c91c9a6f83893bf7ecd56290500f6c19da25854855795aa85eaec5353787157c1521b24011c5c8ce218aa43274cfab854fefa6643120c8e12045fb8bd2be15301b07143fa79d023a1e7848e4661d5f97f8b96090fe390cd25bc85b066198901b92cbf577f147772688d8d3f1deb97d5baccf88c3a1c5573334cb010fa939b2b761e92df7da741c2005e49b9e5fdcc76869d95d08d1da69b95d48943e820cb3edea5a70cd4ada34d5fe8718abe5bc843c48f8e36d092a8a9ddb2012c78daa051f60a44f0a69718e7aff6fb00b23631ea689bf65b0a48dcf40177e1a0d094059b488693146145241f443e88ad311b3a925aa4a9c3b1363666868b3b751d0b74843a79e53bcc2fc1e4a304a715d80e37b3fc2da0fa772248a0617c3d899309f5125cd539583fa8d13c332275b73a27b6ab7aa81554695fcc0b7cb431fe95e50aa55966449c6da16902967d3a592174bceec603d1366a93e16ca2c4f303da7c11101aabdf65c46bee3c6adfe99c10cc9c1d8ea93099d73f55ef2bd4d81591dc913d885ff89b493e8aadb84a185245bd08ab223551cc427346ec95fd7a2682c0c8d9a29655bb0fa60ff28ad0c83acf3bd549bcff2633d46197e7e683e674b16ee8fd8"}) (rerun: 32)

05:48:46 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x3ff)

05:48:46 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x402)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:46 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (async)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309)

05:48:46 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x20800)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r0}, 0x8)
r3 = syz_open_dev$audion(&(0x7f0000000240), 0x8, 0x20000)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000280), 0x10000, 0x84181)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xd, 0x2, 0x1, 0x2, 0xa10, 0xffffffffffffffff, 0x99a9, '\x00', 0x0, r0, 0x2, 0x5, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0x1c, 0x4, &(0x7f0000000040)=@raw=[@map_val={0x18, 0x6, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x200}, @exit, @ldst={0x3, 0x1, 0x3, 0x1, 0x8}], &(0x7f0000000080)='GPL\x00', 0x2, 0x6d, &(0x7f00000000c0)=""/109, 0x41100, 0xbbb3f4914e119935, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f0000000180)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x0, 0x2, 0x7fffffff, 0x1000}, 0x10, 0x0, r0, 0x0, &(0x7f0000001340)=[r3, r4, r0, r5, r0, r0, r6]}, 0x80)

05:48:46 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x7, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:46 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x7, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x7, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:46 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x7, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:46 executing program 4:
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x8, <r0=>0x0}, 0x8)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r0}, 0x4)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x8, 0xffff3d30, 0x0, 0x0, "01000000e70d194bb84aa7016ae7a59d58ac91"})

05:48:46 executing program 4:
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x8, <r0=>0x0}, 0x8)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r0}, 0x4) (async)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x8, 0xffff3d30, 0x0, 0x0, "01000000e70d194bb84aa7016ae7a59d58ac91"})

05:48:46 executing program 4:
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x8}, 0x8) (async)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x8, <r0=>0x0}, 0x8)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r0}, 0x4)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x8, 0xffff3d30, 0x0, 0x0, "01000000e70d194bb84aa7016ae7a59d58ac91"})

05:48:47 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000300)={0x2, 0x5, 0x7fffffff, 0x100, 0x19, 0x7fffffff})
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f00000002c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x18)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001340), 0x40, 0x0)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) (async)
clock_gettime(0x0, &(0x7f0000000180))
mq_timedsend(0xffffffffffffffff, &(0x7f0000001580)="d2c647629dca0f979a7d5f83a6994fdecfd0d10f811a9e4f9e91ee96f3f11a43d1d87288362c7ad490f40f428290ee030b48a1e054d09bbaf0b2a1c81c4d095a1e09b41533f8c6f5b6a599f6752d65696bcc1c644f33deb0bd12a6afaa22cdbac8034f2c8322583ccdbadebb6acb9fdf076626cbdac7f42c613c1ae3c1fcb5293a2e57c24f639f298b68a9979aa0c087a31e9645692d958140cf836ef0aa26260b248cabaf62a6856023956e664b0dd47643123d1da8307c44f2f267f6346d5ddef605bc9f9d1bac3c266b109c0066adcedd34ef8c36376245f4b30231c064f00344c6080384a516cfba65737c6ed5f9a554ceec2656bcdedf40d0c74efdbff21e3dd890f777b5ed5fcdf13708798108b51507300a4a9aafde0b2917052670879b47b449c29fbf68cf66b023378c72fb9de90582dc2a2b024533578b580a85b3e88dae5c121efe0ea43d742e22c4788cefbf27e19abaa427254bf3aa9a78f54f926375bf10c82fe2f93236cb6666647e1a8c7375eeb240337e919fecb01afa01f2133861adde8dbd79215554970d76c2132f1fa0533046cccba50129b40f88b17cde8d2281e0", 0x1a6, 0x3, &(0x7f0000001380)={0x0, 0x3938700})

05:48:47 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSIG(r3, 0x40045436, 0x2d)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r1, r2}, 0x10)
r4 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCCONS(r4, 0x541d)

05:48:47 executing program 0:
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000000)={0x2, 0x2, 0x101, 0x3, 0x1b65, 0x209, 0x100})
read$snapshot(0xffffffffffffffff, 0x0, 0x12)

05:48:47 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x3ff)

05:48:47 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x20800)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r0}, 0x8)
r3 = syz_open_dev$audion(&(0x7f0000000240), 0x8, 0x20000)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000280), 0x10000, 0x84181)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xd, 0x2, 0x1, 0x2, 0xa10, 0xffffffffffffffff, 0x99a9, '\x00', 0x0, r0, 0x2, 0x5, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0x1c, 0x4, &(0x7f0000000040)=@raw=[@map_val={0x18, 0x6, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x200}, @exit, @ldst={0x3, 0x1, 0x3, 0x1, 0x8}], &(0x7f0000000080)='GPL\x00', 0x2, 0x6d, &(0x7f00000000c0)=""/109, 0x41100, 0xbbb3f4914e119935, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f0000000180)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x0, 0x2, 0x7fffffff, 0x1000}, 0x10, 0x0, r0, 0x0, &(0x7f0000001340)=[r3, r4, r0, r5, r0, r0, r6]}, 0x80)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x20800) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r0}, 0x8) (async)
syz_open_dev$audion(&(0x7f0000000240), 0x8, 0x20000) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
syz_open_dev$vcsa(&(0x7f0000000280), 0x10000, 0x84181) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xd, 0x2, 0x1, 0x2, 0xa10, 0xffffffffffffffff, 0x99a9, '\x00', 0x0, r0, 0x2, 0x5, 0x3}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0x1c, 0x4, &(0x7f0000000040)=@raw=[@map_val={0x18, 0x6, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x200}, @exit, @ldst={0x3, 0x1, 0x3, 0x1, 0x8}], &(0x7f0000000080)='GPL\x00', 0x2, 0x6d, &(0x7f00000000c0)=""/109, 0x41100, 0xbbb3f4914e119935, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f0000000180)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x0, 0x2, 0x7fffffff, 0x1000}, 0x10, 0x0, r0, 0x0, &(0x7f0000001340)=[r3, r4, r0, r5, r0, r0, r6]}, 0x80) (async)

05:48:47 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x402)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x402) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:47 executing program 0:
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000000)={0x2, 0x2, 0x101, 0x3, 0x1b65, 0x209, 0x100}) (async)
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000000)={0x2, 0x2, 0x101, 0x3, 0x1b65, 0x209, 0x100})
read$snapshot(0xffffffffffffffff, 0x0, 0x12)

05:48:47 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSIG(r3, 0x40045436, 0x2d)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r1, r2}, 0x10)
r4 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCCONS(r4, 0x541d)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
ioctl$TIOCSIG(r3, 0x40045436, 0x2d) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r1, r2}, 0x10) (async)
syz_open_dev$ptys(0xc, 0x3, 0x1) (async)
ioctl$TIOCCONS(r4, 0x541d) (async)

05:48:47 executing program 0:
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000000)={0x2, 0x2, 0x101, 0x3, 0x1b65, 0x209, 0x100})
read$snapshot(0xffffffffffffffff, 0x0, 0x12) (async)
read$snapshot(0xffffffffffffffff, 0x0, 0x12)

05:48:47 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async, rerun: 64)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) (rerun: 64)
ioctl$TIOCSIG(r3, 0x40045436, 0x2d)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r1, r2}, 0x10) (async)
r4 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCCONS(r4, 0x541d)

05:48:47 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/221, 0xdd)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x9c, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x3f}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0x2c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x7}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0xff}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40805}, 0x4004811)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)

05:48:47 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x20800)
bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r0}, 0x8) (async)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r0}, 0x8)
r3 = syz_open_dev$audion(&(0x7f0000000240), 0x8, 0x20000)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000280), 0x10000, 0x84181)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xd, 0x2, 0x1, 0x2, 0xa10, 0xffffffffffffffff, 0x99a9, '\x00', 0x0, r0, 0x2, 0x5, 0x3}, 0x48) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xd, 0x2, 0x1, 0x2, 0xa10, 0xffffffffffffffff, 0x99a9, '\x00', 0x0, r0, 0x2, 0x5, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0x1c, 0x4, &(0x7f0000000040)=@raw=[@map_val={0x18, 0x6, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x200}, @exit, @ldst={0x3, 0x1, 0x3, 0x1, 0x8}], &(0x7f0000000080)='GPL\x00', 0x2, 0x6d, &(0x7f00000000c0)=""/109, 0x41100, 0xbbb3f4914e119935, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f0000000180)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x0, 0x2, 0x7fffffff, 0x1000}, 0x10, 0x0, r0, 0x0, &(0x7f0000001340)=[r3, r4, r0, r5, r0, r0, r6]}, 0x80) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0x1c, 0x4, &(0x7f0000000040)=@raw=[@map_val={0x18, 0x6, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x200}, @exit, @ldst={0x3, 0x1, 0x3, 0x1, 0x8}], &(0x7f0000000080)='GPL\x00', 0x2, 0x6d, &(0x7f00000000c0)=""/109, 0x41100, 0xbbb3f4914e119935, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f0000000180)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x0, 0x2, 0x7fffffff, 0x1000}, 0x10, 0x0, r0, 0x0, &(0x7f0000001340)=[r3, r4, r0, r5, r0, r0, r6]}, 0x80)

05:48:48 executing program 5:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x5, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
write$snapshot(r1, &(0x7f00000000c0)="0f2f41209d52da6cefd6a535866de7f4352083a7445d13db04203e7dae4aaf292b2b83d0d03459771ed23647f7d1e3e2db523b27bcafe96a9930c3921160517033f7521340b033ec7b66e45de2f402a12054a915517aa863683c3abfb4fea63397ba199f97134cd390fc612a8749e06110e586c9c6d575b2ddb9f5ab27ec259dc29ad4c25c109230158ccded6fa4fdaf88b180a7cfcf4728eee416ef036ed45886577167c657f527a4d7d55d9b850a75a522e48157d0ad791ac8e9b026c24915fd5aa3ef94b14c9386785d6a7a1d7433f1ed9842dbcc800a2df672b3e275cce4951e", 0xe2)
ioctl$DRM_IOCTL_IRQ_BUSID(r1, 0xc0106403, &(0x7f0000000240)={0x5, 0x9b21, 0x6, 0x3})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000200)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
r2 = syz_open_dev$dri(&(0x7f0000000280), 0x3, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01064c2, &(0x7f00000002c0)={0x0, 0x1, r0})

05:48:48 executing program 4:
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0xffffffff, 0xffff3d30, 0x0, 0xfd, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:48 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
read$snapshot(r0, &(0x7f0000000200)=""/221, 0xdd) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x9c, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x3f}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0x2c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x7}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0xff}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40805}, 0x4004811) (async, rerun: 32)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (rerun: 32)

05:48:48 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x3ff)

05:48:48 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0xff, 0x2)
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000100))
ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000080))
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000000)={0x50dd, 0x6, 0x1f, 0x1f})
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)

05:48:48 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x402)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f0000000000), 0x1, 0x402) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:48 executing program 4:
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0xffffffff, 0xffff3d30, 0x0, 0xfd, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0xffffffff, 0xffff3d30, 0x0, 0xfd, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:48:48 executing program 5:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x5, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
write$snapshot(r1, &(0x7f00000000c0)="0f2f41209d52da6cefd6a535866de7f4352083a7445d13db04203e7dae4aaf292b2b83d0d03459771ed23647f7d1e3e2db523b27bcafe96a9930c3921160517033f7521340b033ec7b66e45de2f402a12054a915517aa863683c3abfb4fea63397ba199f97134cd390fc612a8749e06110e586c9c6d575b2ddb9f5ab27ec259dc29ad4c25c109230158ccded6fa4fdaf88b180a7cfcf4728eee416ef036ed45886577167c657f527a4d7d55d9b850a75a522e48157d0ad791ac8e9b026c24915fd5aa3ef94b14c9386785d6a7a1d7433f1ed9842dbcc800a2df672b3e275cce4951e", 0xe2) (async, rerun: 32)
ioctl$DRM_IOCTL_IRQ_BUSID(r1, 0xc0106403, &(0x7f0000000240)={0x5, 0x9b21, 0x6, 0x3}) (async, rerun: 32)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000200)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7}) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
r2 = syz_open_dev$dri(&(0x7f0000000280), 0x3, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01064c2, &(0x7f00000002c0)={0x0, 0x1, r0})

05:48:48 executing program 4:
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x0, 0xffffffff, 0xffff3d30, 0x0, 0xfd, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:48 executing program 0:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000200)=""/221, 0xdd)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000540)={'wpan4\x00'}) (async)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x9c, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x3f}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0x2c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x7}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0xff}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40805}, 0x4004811) (async)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)

05:48:48 executing program 5:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x5, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
write$snapshot(r1, &(0x7f00000000c0)="0f2f41209d52da6cefd6a535866de7f4352083a7445d13db04203e7dae4aaf292b2b83d0d03459771ed23647f7d1e3e2db523b27bcafe96a9930c3921160517033f7521340b033ec7b66e45de2f402a12054a915517aa863683c3abfb4fea63397ba199f97134cd390fc612a8749e06110e586c9c6d575b2ddb9f5ab27ec259dc29ad4c25c109230158ccded6fa4fdaf88b180a7cfcf4728eee416ef036ed45886577167c657f527a4d7d55d9b850a75a522e48157d0ad791ac8e9b026c24915fd5aa3ef94b14c9386785d6a7a1d7433f1ed9842dbcc800a2df672b3e275cce4951e", 0xe2) (async)
ioctl$DRM_IOCTL_IRQ_BUSID(r1, 0xc0106403, &(0x7f0000000240)={0x5, 0x9b21, 0x6, 0x3})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000200)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
r2 = syz_open_dev$dri(&(0x7f0000000280), 0x3, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01064c2, &(0x7f00000002c0)={0x0, 0x1, r0})

05:48:48 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x15)
syz_open_pts(r0, 0x9ccf5035f84b3baa)
ioctl$KIOCSOUND(r0, 0x4b2f, 0x7)

05:48:48 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000000), 0xfff, 0x202000)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, &(0x7f0000000080)={0xffffffffffff906d, 0x7fffffff})
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x1)

05:48:48 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
syz_open_dev$audion(&(0x7f0000000000), 0x81ec, 0x200)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{}, {}]})
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x42)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4)
r3 = syz_open_dev$audion(&(0x7f0000000140), 0x5, 0x800)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000180)={r1, r2, 0x4, r3}, 0x10)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309)

05:48:48 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x15)
syz_open_pts(r0, 0x9ccf5035f84b3baa)
ioctl$KIOCSOUND(r0, 0x4b2f, 0x7)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x15) (async)
syz_open_pts(r0, 0x9ccf5035f84b3baa) (async)
ioctl$KIOCSOUND(r0, 0x4b2f, 0x7) (async)

05:48:49 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
syz_open_dev$audion(&(0x7f0000000000), 0x81ec, 0x200)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{}, {}]})
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x42)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4)
r3 = syz_open_dev$audion(&(0x7f0000000140), 0x5, 0x800)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000180)={r1, r2, 0x4, r3}, 0x10)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309)

05:48:49 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x15) (async)
syz_open_pts(r0, 0x9ccf5035f84b3baa) (async)
ioctl$KIOCSOUND(r0, 0x4b2f, 0x7)

05:48:49 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TIOCGPKT(0xffffffffffffffff, 0x80045438, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:49 executing program 1:
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
syz_open_dev$vcsa(&(0x7f0000000040), 0xff, 0x2) (async)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0xff, 0x2)
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000100))
ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000080))
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000000)={0x50dd, 0x6, 0x1f, 0x1f})
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)

05:48:49 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
syz_open_dev$audion(&(0x7f0000000000), 0x81ec, 0x200)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{}, {}]})
bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x42) (async)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x42)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4)
r3 = syz_open_dev$audion(&(0x7f0000000140), 0x5, 0x800)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000180)={r1, r2, 0x4, r3}, 0x10) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000180)={r1, r2, 0x4, r3}, 0x10)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309)

05:48:49 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_pts(r0, 0x80000)
r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0xffffffff)
r3 = syz_open_pts(0xffffffffffffffff, 0x81)
ioctl$VT_ACTIVATE(r3, 0x5606, 0x100000001)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0x18, 0x15, 0xca, &(0x7f0000000240)="ae96a9a3fe34b7d92e1cfe86db3e1386dd133cf2d98e8c7a3c1ab315ae9b046088bbda3a1c5cdbe8f57a7b5a1772e715d73f1e162c0b633cc1d19a129c046d34a8bbcf4c5443780f4627d480564cc9cd83d52fdb9e6fada525a3fb2978e9121cdbd1aa5ba46a8ca91ffa0445b05d6d138a3d452771d959feb4b3eda48ae9bc43c8ab1e1a97dceb6203a220e9e40d9097bd031f3729bbaf236c000694f741e62c30e2dbc12b4637ce5ab50dc695e21bf4170a92a61beb185aa5cc2d76b6828a5b0bb64150f3c327013d56428c377a42c1253fff4c97fa5152bdce494514a2723a61e0f171ef4627c6093234802f209a92dc6c4a2864027bb88e3397eb385142e693b0503610118d4fc3a0e595e624a0500942cd660918752a521ff5661c7677c290aa68a785d2058d5c8cac729b00ac8d7caed750175a141f0fa9c1b0840015dc093854060bb6a9c954f1e3208242303e32aad4ac14cf063922bde8bfab2076f99d2ca1cad681c74671d69e4394768b8dc0942bb9c14d27c12d66322fc9444544093cc25627a2bdcc0b798a3e5a562de604222f1de3a66de99c3ee0053cfe8cd691790e8ab80c6fc13d4de48c9ca5cd8643d175425860c938efd912714d572217b717dc05e14c369605344a95e8633353da8209d96a013efa0f1c1b45c367690491540170aa5e7079bfc5a9eb99be568f570ca07de91ebb9c4563e537a19b3222347d0868d9985ec679bfbe0955a398b7ab2e7b1942ea146ae7d93e932e6275d66c72e46fbb5eb364d82dd64401d2b38d151c8d27070c8ee46e8ba260421a126a5206a87c480206b69731620d876ddce979da520e15a420b9a7f5b09f4284cbdfd5db4dd3e1cba834552144c3febfa7530dd91f7a5963fc036125ec4cde98d714489bce47159c361c3ba9c04aa1b15a1d842753ee618ade7f9da68c2643c88bd6a1d36f84605cb6b41171bf375105cb0facc155acf965b1956438775c75afc2a857ed2c19ace509e833f41ec3cfba6aac55fd3e4ddf3b4aea4af2d9d57ea5a7fbfef99da1b55564419c2f05ff5254fe2707b18c2a2c5a82dc79c65aa12c80eb877232cdcbc320ed165152297a1abd904a2cc6232354f2f30392a736748bdffea46dec7e6fdd6aeb51c12a66760e71249a156cbf7b6a0cb070322173ebe6740c146e078d7c6d2fd29716a30cd181dcacefd79d2e0d7ec4bb95e92e1c9b5fc9546f99c910631fa3f3e35a8c8a96c3e2d5d421a24156ec57f5fb534a87603a758137fe7580a44c5ff058900d97874c8b2654c21febe5a12abc46c6fd5a454ab78d6355d82e5ea50b53337181c60e687306bd80768083536695d971fa316a57c8fe683c4d8b2b2dc0ac236c037c0cd3013c823d83a6ee67d3a7374e6623e80814fe73e9175466ef9d075664d430342bac8bab1e2e178047233f01807c3542fedf2a90"})
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x7, 0x2, 0x4, 0x9, 0x13, "9d14e3534d330ddbbc9820b9f939b941470512"})

05:48:49 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
r1 = syz_open_pts(r0, 0x80000)
r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0xffffffff)
r3 = syz_open_pts(0xffffffffffffffff, 0x81)
ioctl$VT_ACTIVATE(r3, 0x5606, 0x100000001) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0x18, 0x15, 0xca, &(0x7f0000000240)="ae96a9a3fe34b7d92e1cfe86db3e1386dd133cf2d98e8c7a3c1ab315ae9b046088bbda3a1c5cdbe8f57a7b5a1772e715d73f1e162c0b633cc1d19a129c046d34a8bbcf4c5443780f4627d480564cc9cd83d52fdb9e6fada525a3fb2978e9121cdbd1aa5ba46a8ca91ffa0445b05d6d138a3d452771d959feb4b3eda48ae9bc43c8ab1e1a97dceb6203a220e9e40d9097bd031f3729bbaf236c000694f741e62c30e2dbc12b4637ce5ab50dc695e21bf4170a92a61beb185aa5cc2d76b6828a5b0bb64150f3c327013d56428c377a42c1253fff4c97fa5152bdce494514a2723a61e0f171ef4627c6093234802f209a92dc6c4a2864027bb88e3397eb385142e693b0503610118d4fc3a0e595e624a0500942cd660918752a521ff5661c7677c290aa68a785d2058d5c8cac729b00ac8d7caed750175a141f0fa9c1b0840015dc093854060bb6a9c954f1e3208242303e32aad4ac14cf063922bde8bfab2076f99d2ca1cad681c74671d69e4394768b8dc0942bb9c14d27c12d66322fc9444544093cc25627a2bdcc0b798a3e5a562de604222f1de3a66de99c3ee0053cfe8cd691790e8ab80c6fc13d4de48c9ca5cd8643d175425860c938efd912714d572217b717dc05e14c369605344a95e8633353da8209d96a013efa0f1c1b45c367690491540170aa5e7079bfc5a9eb99be568f570ca07de91ebb9c4563e537a19b3222347d0868d9985ec679bfbe0955a398b7ab2e7b1942ea146ae7d93e932e6275d66c72e46fbb5eb364d82dd64401d2b38d151c8d27070c8ee46e8ba260421a126a5206a87c480206b69731620d876ddce979da520e15a420b9a7f5b09f4284cbdfd5db4dd3e1cba834552144c3febfa7530dd91f7a5963fc036125ec4cde98d714489bce47159c361c3ba9c04aa1b15a1d842753ee618ade7f9da68c2643c88bd6a1d36f84605cb6b41171bf375105cb0facc155acf965b1956438775c75afc2a857ed2c19ace509e833f41ec3cfba6aac55fd3e4ddf3b4aea4af2d9d57ea5a7fbfef99da1b55564419c2f05ff5254fe2707b18c2a2c5a82dc79c65aa12c80eb877232cdcbc320ed165152297a1abd904a2cc6232354f2f30392a736748bdffea46dec7e6fdd6aeb51c12a66760e71249a156cbf7b6a0cb070322173ebe6740c146e078d7c6d2fd29716a30cd181dcacefd79d2e0d7ec4bb95e92e1c9b5fc9546f99c910631fa3f3e35a8c8a96c3e2d5d421a24156ec57f5fb534a87603a758137fe7580a44c5ff058900d97874c8b2654c21febe5a12abc46c6fd5a454ab78d6355d82e5ea50b53337181c60e687306bd80768083536695d971fa316a57c8fe683c4d8b2b2dc0ac236c037c0cd3013c823d83a6ee67d3a7374e6623e80814fe73e9175466ef9d075664d430342bac8bab1e2e178047233f01807c3542fedf2a90"})
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x7, 0x2, 0x4, 0x9, 0x13, "9d14e3534d330ddbbc9820b9f939b941470512"})

05:48:49 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async, rerun: 32)
r1 = syz_open_pts(r0, 0x80000) (rerun: 32)
r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0xffffffff) (async)
r3 = syz_open_pts(0xffffffffffffffff, 0x81)
ioctl$VT_ACTIVATE(r3, 0x5606, 0x100000001) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0x18, 0x15, 0xca, &(0x7f0000000240)="ae96a9a3fe34b7d92e1cfe86db3e1386dd133cf2d98e8c7a3c1ab315ae9b046088bbda3a1c5cdbe8f57a7b5a1772e715d73f1e162c0b633cc1d19a129c046d34a8bbcf4c5443780f4627d480564cc9cd83d52fdb9e6fada525a3fb2978e9121cdbd1aa5ba46a8ca91ffa0445b05d6d138a3d452771d959feb4b3eda48ae9bc43c8ab1e1a97dceb6203a220e9e40d9097bd031f3729bbaf236c000694f741e62c30e2dbc12b4637ce5ab50dc695e21bf4170a92a61beb185aa5cc2d76b6828a5b0bb64150f3c327013d56428c377a42c1253fff4c97fa5152bdce494514a2723a61e0f171ef4627c6093234802f209a92dc6c4a2864027bb88e3397eb385142e693b0503610118d4fc3a0e595e624a0500942cd660918752a521ff5661c7677c290aa68a785d2058d5c8cac729b00ac8d7caed750175a141f0fa9c1b0840015dc093854060bb6a9c954f1e3208242303e32aad4ac14cf063922bde8bfab2076f99d2ca1cad681c74671d69e4394768b8dc0942bb9c14d27c12d66322fc9444544093cc25627a2bdcc0b798a3e5a562de604222f1de3a66de99c3ee0053cfe8cd691790e8ab80c6fc13d4de48c9ca5cd8643d175425860c938efd912714d572217b717dc05e14c369605344a95e8633353da8209d96a013efa0f1c1b45c367690491540170aa5e7079bfc5a9eb99be568f570ca07de91ebb9c4563e537a19b3222347d0868d9985ec679bfbe0955a398b7ab2e7b1942ea146ae7d93e932e6275d66c72e46fbb5eb364d82dd64401d2b38d151c8d27070c8ee46e8ba260421a126a5206a87c480206b69731620d876ddce979da520e15a420b9a7f5b09f4284cbdfd5db4dd3e1cba834552144c3febfa7530dd91f7a5963fc036125ec4cde98d714489bce47159c361c3ba9c04aa1b15a1d842753ee618ade7f9da68c2643c88bd6a1d36f84605cb6b41171bf375105cb0facc155acf965b1956438775c75afc2a857ed2c19ace509e833f41ec3cfba6aac55fd3e4ddf3b4aea4af2d9d57ea5a7fbfef99da1b55564419c2f05ff5254fe2707b18c2a2c5a82dc79c65aa12c80eb877232cdcbc320ed165152297a1abd904a2cc6232354f2f30392a736748bdffea46dec7e6fdd6aeb51c12a66760e71249a156cbf7b6a0cb070322173ebe6740c146e078d7c6d2fd29716a30cd181dcacefd79d2e0d7ec4bb95e92e1c9b5fc9546f99c910631fa3f3e35a8c8a96c3e2d5d421a24156ec57f5fb534a87603a758137fe7580a44c5ff058900d97874c8b2654c21febe5a12abc46c6fd5a454ab78d6355d82e5ea50b53337181c60e687306bd80768083536695d971fa316a57c8fe683c4d8b2b2dc0ac236c037c0cd3013c823d83a6ee67d3a7374e6623e80814fe73e9175466ef9d075664d430342bac8bab1e2e178047233f01807c3542fedf2a90"})
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x7, 0x2, 0x4, 0x9, 0x13, "9d14e3534d330ddbbc9820b9f939b941470512"})

05:48:49 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000000)={0x2, 0x1, 0x2})

05:48:49 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f0000000000), 0xfff, 0x202000)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, &(0x7f0000000080)={0xffffffffffff906d, 0x7fffffff}) (async)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x1)

05:48:49 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000000)={0x2, 0x1, 0x2})

05:48:49 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000000)={0x2, 0x1, 0x2})

05:48:49 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x80)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20040, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000180)={0x6, 0x80000001})
r2 = syz_open_dev$audion(&(0x7f0000000080), 0x3ff, 0x12400)
ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f0000000140)={0xa64a})
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$BLKDISCARD(r3, 0x1277, &(0x7f0000000100)=0x7b57)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000040)={0xfffffffffffffc01, 0x0, 0x2})
read$snapshot(r0, &(0x7f0000000200)=""/4098, 0x1002)

05:48:49 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0xfffffffe, 0x400004, 0xffff3d30, 0x0, 0x13, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:49 executing program 2:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TIOCGPKT(0xffffffffffffffff, 0x80045438, &(0x7f0000000000))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:49 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0xff, 0x2)
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000100)) (async)
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000100))
ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000080))
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000000)={0x50dd, 0x6, 0x1f, 0x1f})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r2 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r2, &(0x7f0000000340)=""/4096, 0x1000)

05:48:49 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0xfffffffe, 0x400004, 0xffff3d30, 0x0, 0x13, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:49 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan1\x00', <r8=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004800}, 0x20000810)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x58, r2, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_DEVKEY={0x34, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x58}, 0x1, 0x0, 0x0, 0x4008000}, 0x24000001)

05:48:49 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (async)
syz_open_dev$audion(&(0x7f0000000000), 0x81ec, 0x200) (async)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{}, {}]})
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r0}, 0x42) (async)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4)
r3 = syz_open_dev$audion(&(0x7f0000000140), 0x5, 0x800)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000180)={r1, r2, 0x4, r3}, 0x10) (async, rerun: 32)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (rerun: 32)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r4, 0x3309)

05:48:49 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0xfffffffe, 0x400004, 0xffff3d30, 0x0, 0x13, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:49 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$IOC_PR_RESERVE(r2, 0x401070c9, &(0x7f0000000080)={0x8, 0xde89})
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0x5)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000000)={0xffffff80, 0x8, 0x7, 0x1})
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:50 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 64)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async, rerun: 64)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f0000000000), 0xfff, 0x202000)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, &(0x7f0000000080)={0xffffffffffff906d, 0x7fffffff}) (async, rerun: 64)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) (async, rerun: 64)
syz_open_dev$ptys(0xc, 0x3, 0x1)

05:48:50 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$IOC_PR_RESERVE(r2, 0x401070c9, &(0x7f0000000080)={0x8, 0xde89}) (async)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0x5)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000000)={0xffffff80, 0x8, 0x7, 0x1})
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:50 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async, rerun: 32)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (rerun: 32)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$IOC_PR_RESERVE(r2, 0x401070c9, &(0x7f0000000080)={0x8, 0xde89}) (async)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0x5) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async, rerun: 64)
ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000000)={0xffffff80, 0x8, 0x7, 0x1}) (rerun: 64)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:50 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000000))
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:50 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000000)) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:50 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TIOCGPKT(0xffffffffffffffff, 0x80045438, &(0x7f0000000000)) (async, rerun: 32)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (rerun: 32)

05:48:50 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:50 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000000))
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000000)) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:48:50 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan1\x00', <r8=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004800}, 0x20000810)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x58, r2, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_DEVKEY={0x34, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x58}, 0x1, 0x0, 0x0, 0x4008000}, 0x24000001)

05:48:50 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x2000)
read$snapshot(r0, 0x0, 0x12)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f00000000c0)={0x2, 0xffff0000, 0xff, 0x20, 0x1f8ba748, 0x79e444af, 0x13c1e0ac})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x800, "f0e41bee8fbeebcac03d2c739567a8a22d7fa8ddffc30211707159b6b487ee29"})
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000040))
r2 = syz_open_dev$vcsa(&(0x7f0000000100), 0x3, 0x204000)
ioctl$KIOCSOUND(r2, 0x4b2f, 0x0)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000080))

05:48:50 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:50 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x103200, 0x0)
ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f00000000c0))
ioctl$BLKROGET(r1, 0x125e, &(0x7f0000000040))
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000100)={0x0, 0x1, 0x0, [{0x7f, 0x1ff, 0x4, 0x40, 0x8, 0x1, 0x80, '\x00', 0x1}]})
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000080))

05:48:50 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r1, 0x3312, 0x3)
read$snapshot(r0, &(0x7f0000000040)=""/15, 0x11)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000080))

05:48:50 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x2000)
read$snapshot(r0, 0x0, 0x12)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f00000000c0)={0x2, 0xffff0000, 0xff, 0x20, 0x1f8ba748, 0x79e444af, 0x13c1e0ac})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x800, "f0e41bee8fbeebcac03d2c739567a8a22d7fa8ddffc30211707159b6b487ee29"})
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000040))
r2 = syz_open_dev$vcsa(&(0x7f0000000100), 0x3, 0x204000)
ioctl$KIOCSOUND(r2, 0x4b2f, 0x0)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000080))
syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x2000) (async)
read$snapshot(r0, 0x0, 0x12) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f00000000c0)={0x2, 0xffff0000, 0xff, 0x20, 0x1f8ba748, 0x79e444af, 0x13c1e0ac}) (async)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x800, "f0e41bee8fbeebcac03d2c739567a8a22d7fa8ddffc30211707159b6b487ee29"}) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000040)) (async)
syz_open_dev$vcsa(&(0x7f0000000100), 0x3, 0x204000) (async)
ioctl$KIOCSOUND(r2, 0x4b2f, 0x0) (async)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000080)) (async)

05:48:50 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)

05:48:50 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x103200, 0x0)
ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f00000000c0)) (async)
ioctl$BLKROGET(r1, 0x125e, &(0x7f0000000040))
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000100)={0x0, 0x1, 0x0, [{0x7f, 0x1ff, 0x4, 0x40, 0x8, 0x1, 0x80, '\x00', 0x1}]}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000080))

05:48:50 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan1\x00', <r8=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004800}, 0x20000810)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x58, r2, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_DEVKEY={0x34, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x58}, 0x1, 0x0, 0x0, 0x4008000}, 0x24000001)

05:48:51 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000000300)={0x6, &(0x7f0000000080)=""/248, &(0x7f00000023c0)=[{0x5, 0x1a, 0x5, &(0x7f0000000180)=""/26}, {0x5, 0x0, 0x4, 0xfffffffffffffffd}, {0x3, 0x48, 0x2, &(0x7f0000000200)=""/72}, {0x6, 0x66, 0x20, &(0x7f0000000280)=""/102}, {0x2, 0x1000, 0x61aa9187, &(0x7f0000001340)=""/4096}, {0x2, 0x68, 0x4, &(0x7f0000002340)=""/104}]})
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x3, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(r2, 0xc0106403, &(0x7f0000000040)={0x4, 0x10001, 0x8})

05:48:51 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x103200, 0x0)
ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f00000000c0))
ioctl$BLKROGET(r1, 0x125e, &(0x7f0000000040))
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000100)={0x0, 0x1, 0x0, [{0x7f, 0x1ff, 0x4, 0x40, 0x8, 0x1, 0x80, '\x00', 0x1}]})
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000080))
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x103200, 0x0) (async)
ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f00000000c0)) (async)
ioctl$BLKROGET(r1, 0x125e, &(0x7f0000000040)) (async)
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000100)={0x0, 0x1, 0x0, [{0x7f, 0x1ff, 0x4, 0x40, 0x8, 0x1, 0x80, '\x00', 0x1}]}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000080)) (async)

05:48:51 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x4, 0x2000)
read$snapshot(r0, 0x0, 0x12) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f00000000c0)={0x2, 0xffff0000, 0xff, 0x20, 0x1f8ba748, 0x79e444af, 0x13c1e0ac}) (async)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x800, "f0e41bee8fbeebcac03d2c739567a8a22d7fa8ddffc30211707159b6b487ee29"}) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000040)) (async)
r2 = syz_open_dev$vcsa(&(0x7f0000000100), 0x3, 0x204000)
ioctl$KIOCSOUND(r2, 0x4b2f, 0x0) (async)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000080))

05:48:51 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000040)=0x1)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, &(0x7f0000000000)={0x0, 0x4})

05:48:51 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r1, 0x3312, 0x3) (async)
read$snapshot(r0, &(0x7f0000000040)=""/15, 0x11) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000080))

05:48:51 executing program 0:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x8, 0x20040)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000080)={&(0x7f0000000040)=[0xffffffff, 0x7e, 0xfffff2cc], 0x3, 0x0, 0x101, 0x45ad, 0x6f, 0x98, 0x1ff, {0x4, 0x20, 0x6, 0xfff8, 0x800, 0x8, 0x5, 0x101, 0x0, 0x6, 0x81, 0x40000000, 0xfffffff8, 0x6e4a, "c66c0d2979250c6d60ccd8c97e9eea2cc405c59e6b45e2ef5200268174859dc5"}})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, 0x0, 0x12)

05:48:51 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r1, 0x3312, 0x3)
read$snapshot(r0, &(0x7f0000000040)=""/15, 0x11)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000080))
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) (async)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r1, 0x3312, 0x3) (async)
read$snapshot(r0, &(0x7f0000000040)=""/15, 0x11) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000080)) (async)

05:48:51 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000040))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={0x0, 0x1, r0})

05:48:51 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000))
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000080)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, r2, r3, 0x0], &(0x7f0000000140)=[0x9, 0x5, 0x7cf0], 0x8, 0x1})
ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000040)={0x6})
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:51 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000))
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000080)={<r2=>0x0}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, r2, r3, 0x0], &(0x7f0000000140)=[0x9, 0x5, 0x7cf0], 0x8, 0x1}) (async)
ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000040)={0x6}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:51 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000))
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000080)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, r2, r3, 0x0], &(0x7f0000000140)=[0x9, 0x5, 0x7cf0], 0x8, 0x1}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, r2, r3, 0x0], &(0x7f0000000140)=[0x9, 0x5, 0x7cf0], 0x8, 0x1})
ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000040)={0x6})
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:51 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan1\x00', <r7=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004800}, 0x20000810)

05:48:51 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431) (async)
ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000000300)={0x6, &(0x7f0000000080)=""/248, &(0x7f00000023c0)=[{0x5, 0x1a, 0x5, &(0x7f0000000180)=""/26}, {0x5, 0x0, 0x4, 0xfffffffffffffffd}, {0x3, 0x48, 0x2, &(0x7f0000000200)=""/72}, {0x6, 0x66, 0x20, &(0x7f0000000280)=""/102}, {0x2, 0x1000, 0x61aa9187, &(0x7f0000001340)=""/4096}, {0x2, 0x68, 0x4, &(0x7f0000002340)=""/104}]})
syz_open_dev$dri(&(0x7f0000000000), 0x3, 0x0) (async)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x3, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(r2, 0xc0106403, &(0x7f0000000040)={0x4, 0x10001, 0x8})

05:48:51 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x80000001)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000))
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x10200, 0x0)
ioctl$TCSBRK(r1, 0x5409, 0x3)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:51 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000040)=0x1) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, &(0x7f0000000000)={0x0, 0x4})

05:48:51 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x80000001)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x10200, 0x0)
ioctl$TCSBRK(r1, 0x5409, 0x3) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:51 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x80000001)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000))
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x10200, 0x0)
ioctl$TCSBRK(r1, 0x5409, 0x3)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x80000001) (async)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x10200, 0x0) (async)
ioctl$TCSBRK(r1, 0x5409, 0x3) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:48:51 executing program 0:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x8, 0x20040)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000080)={&(0x7f0000000040)=[0xffffffff, 0x7e, 0xfffff2cc], 0x3, 0x0, 0x101, 0x45ad, 0x6f, 0x98, 0x1ff, {0x4, 0x20, 0x6, 0xfff8, 0x800, 0x8, 0x5, 0x101, 0x0, 0x6, 0x81, 0x40000000, 0xfffffff8, 0x6e4a, "c66c0d2979250c6d60ccd8c97e9eea2cc405c59e6b45e2ef5200268174859dc5"}})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, 0x0, 0x12)

05:48:51 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf25200000000c000600030000000000000008000300", @ANYRES32=0x0, @ANYBLOB="08000300429b728bd8b159a3b902a1f3ebcbd020ef572fb3af65b5c40dfaceea8708d18d6f9ff4cd845b493140ac2fd86c97447ba61bace97c5e2d283c99aecbeb7730b087cb91aee8c72f3a38ae9b5af4e5f22663fcd0c188fa5ef73b39e036eb220adfc4aa7a9190239bb6c381bc5f57ea370ada5e8ea44960e502333087ca6c32cb9af28e918c8b745103c443816d6f595a6ae173e3b9d433b51443f782b705bfb1a5f194d4832d034b150e42f4b1dbe2d071f6ca8e31d5c15745dd", @ANYRES32=0x0, @ANYBLOB="0c00060000000000000000000c0006000100000001000000"], 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0xc0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x140a0002}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x8711ce5b1c332994}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040)=<r2=>0x0)
ptrace$pokeuser(0x6, r2, 0x679, 0x6)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f00000003c0)={0x6, 0xb, 0x8, 0x7, 0x5})

05:48:51 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000040))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async, rerun: 64)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={0x0, 0x1, r0}) (rerun: 64)

05:48:51 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf25200000000c000600030000000000000008000300", @ANYRES32=0x0, @ANYBLOB="08000300429b728bd8b159a3b902a1f3ebcbd020ef572fb3af65b5c40dfaceea8708d18d6f9ff4cd845b493140ac2fd86c97447ba61bace97c5e2d283c99aecbeb7730b087cb91aee8c72f3a38ae9b5af4e5f22663fcd0c188fa5ef73b39e036eb220adfc4aa7a9190239bb6c381bc5f57ea370ada5e8ea44960e502333087ca6c32cb9af28e918c8b745103c443816d6f595a6ae173e3b9d433b51443f782b705bfb1a5f194d4832d034b150e42f4b1dbe2d071f6ca8e31d5c15745dd", @ANYRES32=0x0, @ANYBLOB="0c00060000000000000000000c0006000100000001000000"], 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0xc0) (async)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x140a0002}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x8711ce5b1c332994}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x40000) (async)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040)=<r2=>0x0)
ptrace$pokeuser(0x6, r2, 0x679, 0x6) (async)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f00000003c0)={0x6, 0xb, 0x8, 0x7, 0x5})

05:48:51 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf25200000000c000600030000000000000008000300", @ANYRES32=0x0, @ANYBLOB="08000300429b728bd8b159a3b902a1f3ebcbd020ef572fb3af65b5c40dfaceea8708d18d6f9ff4cd845b493140ac2fd86c97447ba61bace97c5e2d283c99aecbeb7730b087cb91aee8c72f3a38ae9b5af4e5f22663fcd0c188fa5ef73b39e036eb220adfc4aa7a9190239bb6c381bc5f57ea370ada5e8ea44960e502333087ca6c32cb9af28e918c8b745103c443816d6f595a6ae173e3b9d433b51443f782b705bfb1a5f194d4832d034b150e42f4b1dbe2d071f6ca8e31d5c15745dd", @ANYRES32=0x0, @ANYBLOB="0c00060000000000000000000c0006000100000001000000"], 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0xc0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x140a0002}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x8711ce5b1c332994}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040)=<r2=>0x0)
ptrace$pokeuser(0x6, r2, 0x679, 0x6)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f00000003c0)={0x6, 0xb, 0x8, 0x7, 0x5})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf25200000000c000600030000000000000008000300", @ANYRES32=0x0, @ANYBLOB="08000300429b728bd8b159a3b902a1f3ebcbd020ef572fb3af65b5c40dfaceea8708d18d6f9ff4cd845b493140ac2fd86c97447ba61bace97c5e2d283c99aecbeb7730b087cb91aee8c72f3a38ae9b5af4e5f22663fcd0c188fa5ef73b39e036eb220adfc4aa7a9190239bb6c381bc5f57ea370ada5e8ea44960e502333087ca6c32cb9af28e918c8b745103c443816d6f595a6ae173e3b9d433b51443f782b705bfb1a5f194d4832d034b150e42f4b1dbe2d071f6ca8e31d5c15745dd", @ANYRES32=0x0, @ANYBLOB="0c00060000000000000000000c0006000100000001000000"], 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0xc0) (async)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x140a0002}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x8711ce5b1c332994}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x40000) (async)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040)) (async)
ptrace$pokeuser(0x6, r2, 0x679, 0x6) (async)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f00000003c0)={0x6, 0xb, 0x8, 0x7, 0x5}) (async)

05:48:51 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0xffff3d30, 0xfffffffe, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:52 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan1\x00'})

05:48:52 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000000300)={0x6, &(0x7f0000000080)=""/248, &(0x7f00000023c0)=[{0x5, 0x1a, 0x5, &(0x7f0000000180)=""/26}, {0x5, 0x0, 0x4, 0xfffffffffffffffd}, {0x3, 0x48, 0x2, &(0x7f0000000200)=""/72}, {0x6, 0x66, 0x20, &(0x7f0000000280)=""/102}, {0x2, 0x1000, 0x61aa9187, &(0x7f0000001340)=""/4096}, {0x2, 0x68, 0x4, &(0x7f0000002340)=""/104}]})
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x3, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(r2, 0xc0106403, &(0x7f0000000040)={0x4, 0x10001, 0x8})
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000000300)={0x6, &(0x7f0000000080)=""/248, &(0x7f00000023c0)=[{0x5, 0x1a, 0x5, &(0x7f0000000180)=""/26}, {0x5, 0x0, 0x4, 0xfffffffffffffffd}, {0x3, 0x48, 0x2, &(0x7f0000000200)=""/72}, {0x6, 0x66, 0x20, &(0x7f0000000280)=""/102}, {0x2, 0x1000, 0x61aa9187, &(0x7f0000001340)=""/4096}, {0x2, 0x68, 0x4, &(0x7f0000002340)=""/104}]}) (async)
syz_open_dev$dri(&(0x7f0000000000), 0x3, 0x0) (async)
ioctl$DRM_IOCTL_IRQ_BUSID(r2, 0xc0106403, &(0x7f0000000040)={0x4, 0x10001, 0x8}) (async)

05:48:52 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0xffff3d30, 0xfffffffe, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0xffff3d30, 0xfffffffe, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:48:52 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000040)=0x1)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, &(0x7f0000000000)={0x0, 0x4})

05:48:52 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0xffff3d30, 0xfffffffe, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0xffff3d30, 0xfffffffe, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:52 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x100, 0x102)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:52 executing program 0:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x8, 0x20040)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000080)={&(0x7f0000000040)=[0xffffffff, 0x7e, 0xfffff2cc], 0x3, 0x0, 0x101, 0x45ad, 0x6f, 0x98, 0x1ff, {0x4, 0x20, 0x6, 0xfff8, 0x800, 0x8, 0x5, 0x101, 0x0, 0x6, 0x81, 0x40000000, 0xfffffff8, 0x6e4a, "c66c0d2979250c6d60ccd8c97e9eea2cc405c59e6b45e2ef5200268174859dc5"}})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, 0x0, 0x12)

05:48:52 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x100, 0x102)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:52 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000040))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)={0x0, 0x1, r0})

05:48:52 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = mq_open(&(0x7f0000000000)='/dev/audio#\x00', 0x800, 0x100, &(0x7f0000000040)={0x4, 0x7fffffff, 0x75c6, 0x4})
mq_getsetattr(r1, &(0x7f0000000080)={0xff, 0x2, 0x3ff, 0x3}, &(0x7f00000000c0))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:52 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x100, 0x102)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
syz_open_dev$dri(&(0x7f0000000000), 0x100, 0x102) (async)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:48:52 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d31, 0x0, 0x7, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000000))

05:48:52 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

05:48:52 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d31, 0x0, 0x7, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d31, 0x0, 0x7, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000000))

05:48:52 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d31, 0x0, 0x7, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000000))
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d31, 0x0, 0x7, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000000)) (async)

05:48:52 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
mq_timedsend(r0, &(0x7f0000000000)="eeb7ae866c350384e90a3b4c6bcf518401ad72e1d45da3b3f9ce2e36c5fa7a79b103f18cec4e0c41df7f0524ddc349dde9ef9d533f8ff62d6f69135c074a77de0cf9b0dee5af46ed2fb9d8e5ad70c6753a590e4d527e4702319fae95a7862c2d38719eed7a003900fc3f32732e78d4155a124c6e14ebc2e08dccfed436d343a77140123d3da41345271048b7f829b7a35bca07fe700289075dd91ca73290f582405fe7e25224dcc2cbbf", 0xaa, 0x10001, 0x0)

05:48:52 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x1, "b8562e1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:52 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x1, "b8562e1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:52 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)

05:48:52 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x1, "b8562e1ce70d194bb84aa7016ae7a59d58ac91"})
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x1, "b8562e1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:48:53 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:53 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)

05:48:53 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000000)={0x7f, 0x81, 0x6, 0xc4, 0x400})
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:53 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
mq_open(&(0x7f0000000000)='/dev/audio#\x00', 0x800, 0x100, &(0x7f0000000040)={0x4, 0x7fffffff, 0x75c6, 0x4}) (async)
r1 = mq_open(&(0x7f0000000000)='/dev/audio#\x00', 0x800, 0x100, &(0x7f0000000040)={0x4, 0x7fffffff, 0x75c6, 0x4})
mq_getsetattr(r1, &(0x7f0000000080)={0xff, 0x2, 0x3ff, 0x3}, &(0x7f00000000c0))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:53 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r4}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00'})

05:48:53 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000000)={0x7f, 0x81, 0x6, 0xc4, 0x400}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:53 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)

05:48:53 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
mq_timedsend(r0, &(0x7f0000000000)="eeb7ae866c350384e90a3b4c6bcf518401ad72e1d45da3b3f9ce2e36c5fa7a79b103f18cec4e0c41df7f0524ddc349dde9ef9d533f8ff62d6f69135c074a77de0cf9b0dee5af46ed2fb9d8e5ad70c6753a590e4d527e4702319fae95a7862c2d38719eed7a003900fc3f32732e78d4155a124c6e14ebc2e08dccfed436d343a77140123d3da41345271048b7f829b7a35bca07fe700289075dd91ca73290f582405fe7e25224dcc2cbbf", 0xaa, 0x10001, 0x0)

05:48:53 executing program 0:
syz_open_dev$audion(&(0x7f0000000040), 0x1, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x4a0002, 0x0)
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x39)
read$snapshot(r0, 0x0, 0x0)

05:48:53 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000000)={0x7f, 0x81, 0x6, 0xc4, 0x400})
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:53 executing program 0:
syz_open_dev$audion(&(0x7f0000000040), 0x1, 0x0) (async, rerun: 64)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x4a0002, 0x0) (async, rerun: 64)
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x39)
read$snapshot(r0, 0x0, 0x0)

05:48:53 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x1f)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f00000002c0))
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r5, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}, 0x1, 0x0, 0x0, 0x880}, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f0000000280)={0x818, 0x8000000000000000, 0x7, 0x75})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan1\x00', <r6=>0x0})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r9, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r11=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r8, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r10, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r5, 0x4, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20001}, 0x40001)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f0000000040)={0x1, 0x5, 0x6, 0x2, 0xfffffffffffffffc})

05:48:54 executing program 5:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:54 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x1f) (async)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f00000002c0)) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r2=>0xffffffffffffffff}) (async)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r5, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}, 0x1, 0x0, 0x0, 0x880}, 0x0) (async)
ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f0000000280)={0x818, 0x8000000000000000, 0x7, 0x75})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan1\x00', <r6=>0x0}) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r9, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r11=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r8, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r10, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r5, 0x4, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20001}, 0x40001) (async)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f0000000040)={0x1, 0x5, 0x6, 0x2, 0xfffffffffffffffc})

05:48:54 executing program 0:
syz_open_dev$audion(&(0x7f0000000040), 0x1, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x4a0002, 0x0) (async)
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x39)
read$snapshot(r0, 0x0, 0x0)

05:48:54 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = mq_open(&(0x7f0000000000)='/dev/audio#\x00', 0x800, 0x100, &(0x7f0000000040)={0x4, 0x7fffffff, 0x75c6, 0x4})
mq_getsetattr(r1, &(0x7f0000000080)={0xff, 0x2, 0x3ff, 0x3}, &(0x7f00000000c0))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:54 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3}, 0x14}}, 0x0)

05:48:54 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
mq_timedsend(r0, &(0x7f0000000000)="eeb7ae866c350384e90a3b4c6bcf518401ad72e1d45da3b3f9ce2e36c5fa7a79b103f18cec4e0c41df7f0524ddc349dde9ef9d533f8ff62d6f69135c074a77de0cf9b0dee5af46ed2fb9d8e5ad70c6753a590e4d527e4702319fae95a7862c2d38719eed7a003900fc3f32732e78d4155a124c6e14ebc2e08dccfed436d343a77140123d3da41345271048b7f829b7a35bca07fe700289075dd91ca73290f582405fe7e25224dcc2cbbf", 0xaa, 0x10001, 0x0)

05:48:54 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x20, 0xb20c0)
read$snapshot(r0, &(0x7f0000000340)=""/4081, 0xff1)

05:48:54 executing program 0:
read$snapshot(0xffffffffffffffff, 0x0, 0x12)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40086432, &(0x7f0000000000))

05:48:54 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x1f) (async)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f00000002c0))
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r5, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}, 0x1, 0x0, 0x0, 0x880}, 0x0) (async)
ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f0000000280)={0x818, 0x8000000000000000, 0x7, 0x75}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan1\x00', <r6=>0x0}) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r9, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r10}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r11=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r8, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r10, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r5, 0x4, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20001}, 0x40001)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f0000000040)={0x1, 0x5, 0x6, 0x2, 0xfffffffffffffffc})

05:48:54 executing program 0:
read$snapshot(0xffffffffffffffff, 0x0, 0x12) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40086432, &(0x7f0000000000))

05:48:54 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x20, 0xb20c0)
read$snapshot(r0, &(0x7f0000000340)=""/4081, 0xff1)

05:48:54 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_pts(r0, 0x42040)
ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000000))

05:48:54 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:54 executing program 0:
read$snapshot(0xffffffffffffffff, 0x0, 0x12)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40086432, &(0x7f0000000000)) (async)
ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40086432, &(0x7f0000000000))

05:48:54 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_pts(r0, 0x42040)
ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000000))
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
syz_open_pts(r0, 0x42040) (async)
ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000000)) (async)

05:48:54 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x20, 0xb20c0)
read$snapshot(r0, &(0x7f0000000340)=""/4081, 0xff1)

05:48:54 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:54 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)

05:48:55 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000000)={0x1, 0x4, 0x0, [{0x100, 0x8001, 0xfffffffffffffffe, 0xaf, 0x0, 0x9, 0xff, '\x00', 0x8}, {0x9, 0x4, 0xc6d, 0x80, 0x83, 0x80, 0x8, '\x00', 0x35a}, {0x58fc, 0x4, 0x6, 0x4, 0x1, 0x1, 0x6, '\x00', 0x8000000000000001}, {0x8, 0x1, 0x7, 0x9, 0x5, 0x5f, 0x9}]})
read$snapshot(r0, 0x0, 0x12)

05:48:55 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x3, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x26}, 0x10)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
sendmsg$DCCPDIAG_GETSOCK(r3, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f0000001340)=ANY=[@ANYBLOB="f0000000130000002cbd7000fddbdf2515ff07004e244e2005000000070000000100000005000000050000000001000097050004000000005d2d01e510db93de2864e1fe5430d2dc0b94a17265c0f648aef5745b7023793cca5db3ee27739875088eb5fe94df60f77c2d6c4debe813cc5ec3346e78bf439f2198c941160cd00a137b2d45944737d7e1b498af80024323e4735b2872e337b79f5ef4417a82be4ca0453ba7fe60d3fbe00c0321cfc00894756b3358e6c4e509e1e72e7c75c446036b7ad579394894803f5c9d55527a0becea24085c2c2af4d9f8a21ffd0f52c4bba23c965cf9a42424363bdb78f05dda144c97a6bbca02d15cf6505db5c9209f95611fea4d09abe02a5e3cdca9d5ed3fb121afad2f224868b4f681c8a3fd6fd145d4cd9124ae6169fc029202c93759be03ac52b1dabece893e4802c090cb205d24494e792d", @ANYRES32=0x0, @ANYBLOB="040000003f000000084b0000ff000000a4000100a538c31a7f77e03ee90ad313544f58c23556c4a64159a37f7d193d084da67af4871bba405dfdf739246ea617bb91c65f70c45829f84e3c85ebea3c8f8dc9a2e40f3d00e3a10a9e84854267b791d54d32e7998f3ffa39343a0b060512ef1eeb109cb6d49c49b19db506e52082df99c8e2b353ad31a6f9da0fe382fd7f86918d379776aca871d8081b0f715cfa232ace268178fc406b60a202feda12b44819a285"], 0xf0}, 0x1, 0x0, 0x0, 0xd4}, 0x20008004)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:55 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_pts(r0, 0x42040)
ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000000))

05:48:55 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x3, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x26}, 0x10) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x26}, 0x10)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
sendmsg$DCCPDIAG_GETSOCK(r3, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f0000001340)=ANY=[@ANYBLOB="f0000000130000002cbd7000fddbdf2515ff07004e244e2005000000070000000100000005000000050000000001000097050004000000005d2d01e510db93de2864e1fe5430d2dc0b94a17265c0f648aef5745b7023793cca5db3ee27739875088eb5fe94df60f77c2d6c4debe813cc5ec3346e78bf439f2198c941160cd00a137b2d45944737d7e1b498af80024323e4735b2872e337b79f5ef4417a82be4ca0453ba7fe60d3fbe00c0321cfc00894756b3358e6c4e509e1e72e7c75c446036b7ad579394894803f5c9d55527a0becea24085c2c2af4d9f8a21ffd0f52c4bba23c965cf9a42424363bdb78f05dda144c97a6bbca02d15cf6505db5c9209f95611fea4d09abe02a5e3cdca9d5ed3fb121afad2f224868b4f681c8a3fd6fd145d4cd9124ae6169fc029202c93759be03ac52b1dabece893e4802c090cb205d24494e792d", @ANYRES32=0x0, @ANYBLOB="040000003f000000084b0000ff000000a4000100a538c31a7f77e03ee90ad313544f58c23556c4a64159a37f7d193d084da67af4871bba405dfdf739246ea617bb91c65f70c45829f84e3c85ebea3c8f8dc9a2e40f3d00e3a10a9e84854267b791d54d32e7998f3ffa39343a0b060512ef1eeb109cb6d49c49b19db506e52082df99c8e2b353ad31a6f9da0fe382fd7f86918d379776aca871d8081b0f715cfa232ace268178fc406b60a202feda12b44819a285"], 0xf0}, 0x1, 0x0, 0x0, 0xd4}, 0x20008004)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:55 executing program 2:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x3, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x26}, 0x10)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
sendmsg$DCCPDIAG_GETSOCK(r3, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f0000001340)=ANY=[@ANYBLOB="f0000000130000002cbd7000fddbdf2515ff07004e244e2005000000070000000100000005000000050000000001000097050004000000005d2d01e510db93de2864e1fe5430d2dc0b94a17265c0f648aef5745b7023793cca5db3ee27739875088eb5fe94df60f77c2d6c4debe813cc5ec3346e78bf439f2198c941160cd00a137b2d45944737d7e1b498af80024323e4735b2872e337b79f5ef4417a82be4ca0453ba7fe60d3fbe00c0321cfc00894756b3358e6c4e509e1e72e7c75c446036b7ad579394894803f5c9d55527a0becea24085c2c2af4d9f8a21ffd0f52c4bba23c965cf9a42424363bdb78f05dda144c97a6bbca02d15cf6505db5c9209f95611fea4d09abe02a5e3cdca9d5ed3fb121afad2f224868b4f681c8a3fd6fd145d4cd9124ae6169fc029202c93759be03ac52b1dabece893e4802c090cb205d24494e792d", @ANYRES32=0x0, @ANYBLOB="040000003f000000084b0000ff000000a4000100a538c31a7f77e03ee90ad313544f58c23556c4a64159a37f7d193d084da67af4871bba405dfdf739246ea617bb91c65f70c45829f84e3c85ebea3c8f8dc9a2e40f3d00e3a10a9e84854267b791d54d32e7998f3ffa39343a0b060512ef1eeb109cb6d49c49b19db506e52082df99c8e2b353ad31a6f9da0fe382fd7f86918d379776aca871d8081b0f715cfa232ace268178fc406b60a202feda12b44819a285"], 0xf0}, 0x1, 0x0, 0x0, 0xd4}, 0x20008004)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_open_dev$audion(&(0x7f0000000040), 0x3, 0x0) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x26}, 0x10) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
sendmsg$DCCPDIAG_GETSOCK(r3, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f0000001340)=ANY=[@ANYBLOB="f0000000130000002cbd7000fddbdf2515ff07004e244e2005000000070000000100000005000000050000000001000097050004000000005d2d01e510db93de2864e1fe5430d2dc0b94a17265c0f648aef5745b7023793cca5db3ee27739875088eb5fe94df60f77c2d6c4debe813cc5ec3346e78bf439f2198c941160cd00a137b2d45944737d7e1b498af80024323e4735b2872e337b79f5ef4417a82be4ca0453ba7fe60d3fbe00c0321cfc00894756b3358e6c4e509e1e72e7c75c446036b7ad579394894803f5c9d55527a0becea24085c2c2af4d9f8a21ffd0f52c4bba23c965cf9a42424363bdb78f05dda144c97a6bbca02d15cf6505db5c9209f95611fea4d09abe02a5e3cdca9d5ed3fb121afad2f224868b4f681c8a3fd6fd145d4cd9124ae6169fc029202c93759be03ac52b1dabece893e4802c090cb205d24494e792d", @ANYRES32=0x0, @ANYBLOB="040000003f000000084b0000ff000000a4000100a538c31a7f77e03ee90ad313544f58c23556c4a64159a37f7d193d084da67af4871bba405dfdf739246ea617bb91c65f70c45829f84e3c85ebea3c8f8dc9a2e40f3d00e3a10a9e84854267b791d54d32e7998f3ffa39343a0b060512ef1eeb109cb6d49c49b19db506e52082df99c8e2b353ad31a6f9da0fe382fd7f86918d379776aca871d8081b0f715cfa232ace268178fc406b60a202feda12b44819a285"], 0xf0}, 0x1, 0x0, 0x0, 0xd4}, 0x20008004) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)

05:48:55 executing program 4:
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000000)={<r0=>0x0})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000140)={0x8000, "22fd79f6ef750e0a1a05dbacf39b24085702084f2fe1be8f2779e072fc79627b", <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={<r2=>0x0, 0x1, r1})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(0xffffffffffffffff, 0xc01864cd, &(0x7f0000000100)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, r2], &(0x7f00000000c0)=[0x4, 0x8000, 0x5e2112ef, 0xa75], 0x9})
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:55 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x4)
write$snapshot(r0, &(0x7f0000000080)="32656150c324ca0c98616eb3499f17a2ef02673900635f007cb2823940eeccce91486c38c4b8b7d7f2866ece0eadf49617f2f301b9d9eeb4dc193679899c958a4a5b1a662c80c469bdbaf1f7d5c520cc8a5ed78392957d2df4034d3e4ea4b62e8673bd9ab037ec1de553c29870178f837bd82d9ecb06b4b9a837dac7f691e59b86072a1cb6266798023daf0595abb7723cb0eb4b3966483e7e1667e3dd76d22cd3dc922712659da1e94dfc6a4ea27282263e3d8fbf4bced898e9ddd0e942b3ba4cff044f28e1fedfa7b460d378104c616446e27de6d52760d40d67f636c71525c7", 0xe1)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x62)

05:48:55 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x2, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4099, 0x1003)

05:48:55 executing program 4:
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000000)={<r0=>0x0})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000140)={0x8000, "22fd79f6ef750e0a1a05dbacf39b24085702084f2fe1be8f2779e072fc79627b", <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={<r2=>0x0, 0x1, r1})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(0xffffffffffffffff, 0xc01864cd, &(0x7f0000000100)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, r2], &(0x7f00000000c0)=[0x4, 0x8000, 0x5e2112ef, 0xa75], 0x9})
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:55 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:55 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000000)={0x1, 0x4, 0x0, [{0x100, 0x8001, 0xfffffffffffffffe, 0xaf, 0x0, 0x9, 0xff, '\x00', 0x8}, {0x9, 0x4, 0xc6d, 0x80, 0x83, 0x80, 0x8, '\x00', 0x35a}, {0x58fc, 0x4, 0x6, 0x4, 0x1, 0x1, 0x6, '\x00', 0x8000000000000001}, {0x8, 0x1, 0x7, 0x9, 0x5, 0x5f, 0x9}]})
read$snapshot(r0, 0x0, 0x12)

05:48:55 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000000)={0x1, 0x4, 0x0, [{0x100, 0x8001, 0xfffffffffffffffe, 0xaf, 0x0, 0x9, 0xff, '\x00', 0x8}, {0x9, 0x4, 0xc6d, 0x80, 0x83, 0x80, 0x8, '\x00', 0x35a}, {0x58fc, 0x4, 0x6, 0x4, 0x1, 0x1, 0x6, '\x00', 0x8000000000000001}, {0x8, 0x1, 0x7, 0x9, 0x5, 0x5f, 0x9}]}) (async)
read$snapshot(r0, 0x0, 0x12)

05:48:55 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x2, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4099, 0x1003)

05:48:55 executing program 4:
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000000)={<r0=>0x0}) (async)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000140)={0x8000, "22fd79f6ef750e0a1a05dbacf39b24085702084f2fe1be8f2779e072fc79627b", <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={<r2=>0x0, 0x1, r1})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(0xffffffffffffffff, 0xc01864cd, &(0x7f0000000100)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, r2], &(0x7f00000000c0)=[0x4, 0x8000, 0x5e2112ef, 0xa75], 0x9}) (async)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:55 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x2, 0x0)
read$snapshot(r0, &(0x7f0000001340)=""/4099, 0x1003) (async)
read$snapshot(r0, &(0x7f0000001340)=""/4099, 0x1003)

05:48:55 executing program 4:
ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, &(0x7f00000000c0)={0x0, 0x4000000001})
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)={0x5, 0x0, 0xffff3d30, 0x2000002, 0xa, "b85ec81ce7f01a4bb84ad83063e7bc9d58ac91"})
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x10240, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x280001, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000200)={0x0, 0x0, r1})
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0x3)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x200080, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000180)={0x200, 0x4, 0x8, 0x100, 0x8, "82c725113d9fe25040f2000000000000ffff00"})
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$VT_GETMODE(r4, 0x5601, &(0x7f0000000140))

05:48:55 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)

05:48:56 executing program 4:
ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, &(0x7f00000000c0)={0x0, 0x4000000001})
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)={0x5, 0x0, 0xffff3d30, 0x2000002, 0xa, "b85ec81ce7f01a4bb84ad83063e7bc9d58ac91"})
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x10240, 0x0) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x280001, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000200)={0x0, 0x0, r1}) (async)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0x3)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x200080, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000180)={0x200, 0x4, 0x8, 0x100, 0x8, "82c725113d9fe25040f2000000000000ffff00"}) (async)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
ioctl$VT_GETMODE(r4, 0x5601, &(0x7f0000000140))

05:48:56 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x4) (async)
write$snapshot(r0, &(0x7f0000000080)="32656150c324ca0c98616eb3499f17a2ef02673900635f007cb2823940eeccce91486c38c4b8b7d7f2866ece0eadf49617f2f301b9d9eeb4dc193679899c958a4a5b1a662c80c469bdbaf1f7d5c520cc8a5ed78392957d2df4034d3e4ea4b62e8673bd9ab037ec1de553c29870178f837bd82d9ecb06b4b9a837dac7f691e59b86072a1cb6266798023daf0595abb7723cb0eb4b3966483e7e1667e3dd76d22cd3dc922712659da1e94dfc6a4ea27282263e3d8fbf4bced898e9ddd0e942b3ba4cff044f28e1fedfa7b460d378104c616446e27de6d52760d40d67f636c71525c7", 0xe1) (async)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x62)

05:48:56 executing program 4:
ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, &(0x7f00000000c0)={0x0, 0x4000000001})
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)={0x5, 0x0, 0xffff3d30, 0x2000002, 0xa, "b85ec81ce7f01a4bb84ad83063e7bc9d58ac91"}) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x10240, 0x0) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x280001, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000200)={0x0, 0x0, r1}) (async)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0x3) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x200080, 0x0) (async)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000180)={0x200, 0x4, 0x8, 0x100, 0x8, "82c725113d9fe25040f2000000000000ffff00"}) (async)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$VT_GETMODE(r4, 0x5601, &(0x7f0000000140))

05:48:56 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:56 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)

05:48:56 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000000)={0x1, 0x4, 0x0, [{0x100, 0x8001, 0xfffffffffffffffe, 0xaf, 0x0, 0x9, 0xff, '\x00', 0x8}, {0x9, 0x4, 0xc6d, 0x80, 0x83, 0x80, 0x8, '\x00', 0x35a}, {0x58fc, 0x4, 0x6, 0x4, 0x1, 0x1, 0x6, '\x00', 0x8000000000000001}, {0x8, 0x1, 0x7, 0x9, 0x5, 0x5f, 0x9}]})
read$snapshot(r0, 0x0, 0x12)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000000)={0x1, 0x4, 0x0, [{0x100, 0x8001, 0xfffffffffffffffe, 0xaf, 0x0, 0x9, 0xff, '\x00', 0x8}, {0x9, 0x4, 0xc6d, 0x80, 0x83, 0x80, 0x8, '\x00', 0x35a}, {0x58fc, 0x4, 0x6, 0x4, 0x1, 0x1, 0x6, '\x00', 0x8000000000000001}, {0x8, 0x1, 0x7, 0x9, 0x5, 0x5f, 0x9}]}) (async)
read$snapshot(r0, 0x0, 0x12) (async)

05:48:56 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan1\x00', <r7=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004800}, 0x20000810)

05:48:56 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$VT_ACTIVATE(r0, 0x5606, 0xffff)

05:48:56 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$VT_ACTIVATE(r0, 0x5606, 0xffff)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$VT_ACTIVATE(r0, 0x5606, 0xffff) (async)

05:48:56 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$VT_ACTIVATE(r0, 0x5606, 0xffff)

05:48:56 executing program 4:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20002015)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:56 executing program 4:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) (async)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20002015)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:56 executing program 4:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20002015)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20002015) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:48:57 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x4)
write$snapshot(r0, &(0x7f0000000080)="32656150c324ca0c98616eb3499f17a2ef02673900635f007cb2823940eeccce91486c38c4b8b7d7f2866ece0eadf49617f2f301b9d9eeb4dc193679899c958a4a5b1a662c80c469bdbaf1f7d5c520cc8a5ed78392957d2df4034d3e4ea4b62e8673bd9ab037ec1de553c29870178f837bd82d9ecb06b4b9a837dac7f691e59b86072a1cb6266798023daf0595abb7723cb0eb4b3966483e7e1667e3dd76d22cd3dc922712659da1e94dfc6a4ea27282263e3d8fbf4bced898e9ddd0e942b3ba4cff044f28e1fedfa7b460d378104c616446e27de6d52760d40d67f636c71525c7", 0xe1)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x62)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x4) (async)
write$snapshot(r0, &(0x7f0000000080)="32656150c324ca0c98616eb3499f17a2ef02673900635f007cb2823940eeccce91486c38c4b8b7d7f2866ece0eadf49617f2f301b9d9eeb4dc193679899c958a4a5b1a662c80c469bdbaf1f7d5c520cc8a5ed78392957d2df4034d3e4ea4b62e8673bd9ab037ec1de553c29870178f837bd82d9ecb06b4b9a837dac7f691e59b86072a1cb6266798023daf0595abb7723cb0eb4b3966483e7e1667e3dd76d22cd3dc922712659da1e94dfc6a4ea27282263e3d8fbf4bced898e9ddd0e942b3ba4cff044f28e1fedfa7b460d378104c616446e27de6d52760d40d67f636c71525c7", 0xe1) (async)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x62) (async)

05:48:57 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="4e0f7fce512aaf72aa0bb1f94c4c790c0b45d8bbe1f98ca179458012b6669dc51d067b5830a816c1d0ef5e367cf944705bbd416f542f1fe17b6ddaf11d8ece07814451ebfd2a5c82d366dbdc0044549f5d88b9a693a9d5c71334dba8138774151cd7ad83b9fe1543754e8d1956a98fa74950d987d69f21206abb4de91b3198ac2044fc", 0x83, 0xfffffffffffffffb)

05:48:57 executing program 1:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20002015)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:57 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:57 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x141100, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r1}, 0x8)

05:48:57 executing program 2:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0xffff3d30, 0xfffffffe, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:57 executing program 1:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20002015)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:57 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="4e0f7fce512aaf72aa0bb1f94c4c790c0b45d8bbe1f98ca179458012b6669dc51d067b5830a816c1d0ef5e367cf944705bbd416f542f1fe17b6ddaf11d8ece07814451ebfd2a5c82d366dbdc0044549f5d88b9a693a9d5c71334dba8138774151cd7ad83b9fe1543754e8d1956a98fa74950d987d69f21206abb4de91b3198ac2044fc", 0x83, 0xfffffffffffffffb)

05:48:57 executing program 2:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x8, 0x20040)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000080)={&(0x7f0000000040)=[0xffffffff, 0x7e, 0xfffff2cc], 0x3, 0x0, 0x101, 0x45ad, 0x6f, 0x98, 0x1ff, {0x4, 0x20, 0x6, 0xfff8, 0x800, 0x8, 0x5, 0x101, 0x0, 0x6, 0x81, 0x40000000, 0xfffffff8, 0x6e4a, "c66c0d2979250c6d60ccd8c97e9eea2cc405c59e6b45e2ef5200268174859dc5"}})
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, 0x0, 0x12)

05:48:57 executing program 1:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20002015)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:57 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async, rerun: 64)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="4e0f7fce512aaf72aa0bb1f94c4c790c0b45d8bbe1f98ca179458012b6669dc51d067b5830a816c1d0ef5e367cf944705bbd416f542f1fe17b6ddaf11d8ece07814451ebfd2a5c82d366dbdc0044549f5d88b9a693a9d5c71334dba8138774151cd7ad83b9fe1543754e8d1956a98fa74950d987d69f21206abb4de91b3198ac2044fc", 0x83, 0xfffffffffffffffb) (rerun: 64)

05:48:57 executing program 1:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20002015)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)

05:48:57 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0xfffffffffffffffc, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r1, &(0x7f0000001340)=""/4082, 0xfffffffffffffeb0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309)

05:48:57 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, r0}, 0x10)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x7, 0x0, 0xfffe, 0x7, 0x6, "069d9100a480623400"})

05:48:57 executing program 1:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20002015)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:48:58 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)

05:48:58 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x141100, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r1}, 0x8)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, 0x0, 0x12) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x141100, 0x0) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r1}, 0x8) (async)

05:48:58 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, r0}, 0x10)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x7, 0x0, 0xfffe, 0x7, 0x6, "069d9100a480623400"})
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, r0}, 0x10) (async)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x7, 0x0, 0xfffe, 0x7, 0x6, "069d9100a480623400"}) (async)

05:48:58 executing program 1:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20002015)

05:48:58 executing program 1:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:58 executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:58 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x141100, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r1}, 0x8)

05:48:58 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, r0}, 0x10)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x7, 0x0, 0xfffe, 0x7, 0x6, "069d9100a480623400"}) (async)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x7, 0x0, 0xfffe, 0x7, 0x6, "069d9100a480623400"})

05:48:58 executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:58 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0xfffffffffffffffc, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r1, &(0x7f0000001340)=""/4082, 0xfffffffffffffeb0) (async)
read$snapshot(r1, &(0x7f0000001340)=""/4082, 0xfffffffffffffeb0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309) (async)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309)

05:48:58 executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:58 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x3, 0xffffffffffffffff, 0x10, 0x0, @in={0x2, 0x4e24, @multicast2}}}, 0xa0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000300)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0)={<r2=>0xffffffffffffffff}, 0x1, {0xa, 0x4e21, 0x83, @private0={0xfc, 0x0, '\x00', 0x1}, 0x5}}}, 0x38)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r3, &(0x7f0000000340)={0x11, 0xfffffd7c, 0xfa00, {&(0x7f00000002c0), r2}}, 0x18)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x3f)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r4, 0x4008af60, &(0x7f0000000040)={@host})
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x80, 0x0)
ioctl$BLKSECTGET(r5, 0x1267, &(0x7f0000000280))

05:48:58 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:58 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x141100, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r1}, 0x8)

05:48:58 executing program 1:
capset(0x0, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:58 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x3, 0xffffffffffffffff, 0x10, 0x0, @in={0x2, 0x4e24, @multicast2}}}, 0xa0) (async)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000300)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0)={<r2=>0xffffffffffffffff}, 0x1, {0xa, 0x4e21, 0x83, @private0={0xfc, 0x0, '\x00', 0x1}, 0x5}}}, 0x38)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r3, &(0x7f0000000340)={0x11, 0xfffffd7c, 0xfa00, {&(0x7f00000002c0), r2}}, 0x18)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x3f) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r4, 0x4008af60, &(0x7f0000000040)={@host}) (async)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x80, 0x0)
ioctl$BLKSECTGET(r5, 0x1267, &(0x7f0000000280))

05:48:58 executing program 1:
capset(0x0, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:58 executing program 2:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x3, 0xffffffffffffffff, 0x10, 0x0, @in={0x2, 0x4e24, @multicast2}}}, 0xa0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000300)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0)={<r2=>0xffffffffffffffff}, 0x1, {0xa, 0x4e21, 0x83, @private0={0xfc, 0x0, '\x00', 0x1}, 0x5}}}, 0x38)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r3, &(0x7f0000000340)={0x11, 0xfffffd7c, 0xfa00, {&(0x7f00000002c0), r2}}, 0x18)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x3f)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r4, 0x4008af60, &(0x7f0000000040)={@host})
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x80, 0x0)
ioctl$BLKSECTGET(r5, 0x1267, &(0x7f0000000280))

05:48:58 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x3, 0xffffffffffffffff, 0x10, 0x0, @in={0x2, 0x4e24, @multicast2}}}, 0xa0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000300)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0)={<r2=>0xffffffffffffffff}, 0x1, {0xa, 0x4e21, 0x83, @private0={0xfc, 0x0, '\x00', 0x1}, 0x5}}}, 0x38)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r3, &(0x7f0000000340)={0x11, 0xfffffd7c, 0xfa00, {&(0x7f00000002c0), r2}}, 0x18)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x3f)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r4, 0x4008af60, &(0x7f0000000040)={@host})
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x80, 0x0)
ioctl$BLKSECTGET(r5, 0x1267, &(0x7f0000000280))
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x3, 0xffffffffffffffff, 0x10, 0x0, @in={0x2, 0x4e24, @multicast2}}}, 0xa0) (async)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000300)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x1, {0xa, 0x4e21, 0x83, @private0={0xfc, 0x0, '\x00', 0x1}, 0x5}}}, 0x38) (async)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) (async)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r3, &(0x7f0000000340)={0x11, 0xfffffd7c, 0xfa00, {&(0x7f00000002c0), r2}}, 0x18) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x3f) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r4, 0x4008af60, &(0x7f0000000040)={@host}) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x80, 0x0) (async)
ioctl$BLKSECTGET(r5, 0x1267, &(0x7f0000000280)) (async)

05:48:58 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x20002015)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)

05:48:58 executing program 1:
capset(0x0, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:58 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0xfffffffffffffffc, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
read$snapshot(r1, &(0x7f0000001340)=""/4082, 0xfffffffffffffeb0)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0xfffffffffffffffc, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
read$snapshot(r1, &(0x7f0000001340)=""/4082, 0xfffffffffffffeb0) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309) (async)

05:48:58 executing program 1:
capset(&(0x7f0000000000), &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:59 executing program 2:
capset(0x0, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:59 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, r0, 0xa}, 0x5b)

05:48:59 executing program 2:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000))
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000080)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, r2, r3, 0x0], &(0x7f0000000140)=[0x9, 0x5, 0x7cf0], 0x8, 0x1})
ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000040)={0x6})
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:48:59 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x400, 0x5, 0x6, 0x8, 0x13, "c68c4602e3b7f872446be529c48ab1c9da12f6"})
r2 = syz_open_dev$ptys(0xc, 0x3, 0x0)
syz_open_pts(r2, 0x40440)
ioctl$VT_ACTIVATE(r1, 0x5606, 0x1b)

05:48:59 executing program 1:
capset(&(0x7f0000000000), &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:59 executing program 3:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0xa}, 0x5b)

05:48:59 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000100)={0xffffffff, 0xe56})
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="f003007000fcdbdf2500050f004e214e240100010009000000ff8dd8d0f501c74e3fe30f000001040000000000800300000002000000000000006ef188c437f53060494fe8663530a829845a159de8a074440b224cfad8221c40bc0b7abe6ee5b3c424d9316e9625b23135ec0b10083129279e2881c975714e8c7b28a3f3a43b53272acd242d", @ANYRES32=0x0, @ANYBLOB="55000000020000000300000005000000e000010042097df6466f1513fdce9e6817bc1635624f19044594f2b509270d044badf87927568ecfa0266f2cc9c5756f7cfe59f7b9c8b09274d8d7451d4d4dff25a06c071178b4b99fe2d1631b40f119ce97a3e64ff4488d6a29b63532db7e3e6867ec4fa386683977916482b41d63c84e7b3830e95d11bef94b12be8d821b5b3ffbbcf9eb7ef4d73519aae1faa1e0b0ea658b09aedba3bfd9fe014ce0648ba7d7eb04a4d3ff33a28c862c895ba983827594d3510647bbb4be96721522340f3e712fe0bb951d29d48b5fe8f2610ca0e616999ebd4d7857f67648ee1c204ff5c63c0001005b674a77059e0130c411139ebaf145feb3d2138a86d68a3a4f9902793eb8109561ac59360e4c0d8ebdbdabe7b4397e7468b8715455bf29d7c400010064660c1db76ec5abaf74b908443afbabb82e49a5534e41e714be717c84cd22515cf4a1dab5ccf2a79045db86b5520d78e08db011d1817d33a4be7d48f3e7fc5e2ee204cf0fadd3df4cb753c5142ae18220c4cfb74fbacda08b012532036b67fdeec92a6e6fca2222e45faf4568299595988cf73c6c6d572a8c5a92da56b6b03384ab552f4254dd9c1eb9f4be5b053fac9485a9cfc18e78f40a15a399432cf682b7fe836d398c0aff2c146764ae35d6c9b221bd093d009c540830541aa2baf5b71d000100c0bc53e5c3fd94d3c9a3f675071c20299a2da1a84329761bd3000000c2000100f3b66f9b1b8b247d3071a69664e6514f7f9542381b6ac4d1d94ca90a28415cfea744846d20db340becd1613e09c7b83f1ba84b091c8b782abe14412e1a26cd1fb6d17e58a6bd7b0caa555a2778a72940f5b8476a5bd9c101b72f50825d83f780e6957b01432795050a1d5fad48e64a640163dc4659bc9f730ca309d8ae9470debfe696650070a2305d6220c69e5c9e46470f406f315ed4e6d430a60e4d46961f3dd1736b7d736072fa9cff27cd38c058f98910779df75d2547542e32fcbe0000150001006dddf2147c5ce0e0c8bd7db84b4a988247000000c500010048a7f9f223e7e197f5e9e13e7f2dc4a39336f2dbca8c65a020de8d9be998779ca32a1793a34cb2f6d6252bb9bd4a6ddaae015c99a73109d8a3ab59fc535eeb06c4c03871b13772f74ed802805e6f969a22611fb7a5edc465d363e6270656ebff999970122f44b9a97ccd2e9f16e4af593fe2ec3a58a58d5cb8a73fc0f44a6266f08925005f4f41c6d5271985a9b5f1adc5eb15f44cd5a5be535fdbfa4dd3ca81c5b9659e59b38bb431c86f5ed96eb85c372154e7be1fa6fb54d77cf56f52afbf15000000"], 0x3f0}, 0x1, 0x0, 0x0, 0x44000}, 0x4000000)

05:48:59 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x189c0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r1, r1, 0xa}, 0x5b)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)

05:48:59 executing program 1:
capset(&(0x7f0000000000), &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:59 executing program 3:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0xa}, 0x5b)

05:48:59 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x8000000000000001, 0x123000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, r0, 0x12}, 0x10)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x26f, 0x194342)
syz_open_dev$vcsa(&(0x7f0000000140), 0x7fffffffffffffff, 0x600000)
bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r2}, 0x8)
syz_open_pts(0xffffffffffffffff, 0x20882)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:59 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x400, 0x5, 0x6, 0x8, 0x13, "c68c4602e3b7f872446be529c48ab1c9da12f6"}) (async)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x400, 0x5, 0x6, 0x8, 0x13, "c68c4602e3b7f872446be529c48ab1c9da12f6"})
r2 = syz_open_dev$ptys(0xc, 0x3, 0x0)
syz_open_pts(r2, 0x40440)
ioctl$VT_ACTIVATE(r1, 0x5606, 0x1b)

05:48:59 executing program 1:
capset(&(0x7f0000000000)={0x19980330}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:48:59 executing program 3:
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)

05:48:59 executing program 3:
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)

05:48:59 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x400, 0x5, 0x6, 0x8, 0x13, "c68c4602e3b7f872446be529c48ab1c9da12f6"}) (async, rerun: 64)
r2 = syz_open_dev$ptys(0xc, 0x3, 0x0) (rerun: 64)
syz_open_pts(r2, 0x40440) (async)
ioctl$VT_ACTIVATE(r1, 0x5606, 0x1b)

05:48:59 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x8000000000000001, 0x123000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, r0, 0x12}, 0x10)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x26f, 0x194342) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x26f, 0x194342)
syz_open_dev$vcsa(&(0x7f0000000140), 0x7fffffffffffffff, 0x600000) (async)
syz_open_dev$vcsa(&(0x7f0000000140), 0x7fffffffffffffff, 0x600000)
bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r2}, 0x8) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r2}, 0x8)
syz_open_pts(0xffffffffffffffff, 0x20882)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:48:59 executing program 1:
capset(&(0x7f0000000000)={0x19980330}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:00 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000100)={0xffffffff, 0xe56}) (async)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="f003007000fcdbdf2500050f004e214e240100010009000000ff8dd8d0f501c74e3fe30f000001040000000000800300000002000000000000006ef188c437f53060494fe8663530a829845a159de8a074440b224cfad8221c40bc0b7abe6ee5b3c424d9316e9625b23135ec0b10083129279e2881c975714e8c7b28a3f3a43b53272acd242d", @ANYRES32=0x0, @ANYBLOB="55000000020000000300000005000000e000010042097df6466f1513fdce9e6817bc1635624f19044594f2b509270d044badf87927568ecfa0266f2cc9c5756f7cfe59f7b9c8b09274d8d7451d4d4dff25a06c071178b4b99fe2d1631b40f119ce97a3e64ff4488d6a29b63532db7e3e6867ec4fa386683977916482b41d63c84e7b3830e95d11bef94b12be8d821b5b3ffbbcf9eb7ef4d73519aae1faa1e0b0ea658b09aedba3bfd9fe014ce0648ba7d7eb04a4d3ff33a28c862c895ba983827594d3510647bbb4be96721522340f3e712fe0bb951d29d48b5fe8f2610ca0e616999ebd4d7857f67648ee1c204ff5c63c0001005b674a77059e0130c411139ebaf145feb3d2138a86d68a3a4f9902793eb8109561ac59360e4c0d8ebdbdabe7b4397e7468b8715455bf29d7c400010064660c1db76ec5abaf74b908443afbabb82e49a5534e41e714be717c84cd22515cf4a1dab5ccf2a79045db86b5520d78e08db011d1817d33a4be7d48f3e7fc5e2ee204cf0fadd3df4cb753c5142ae18220c4cfb74fbacda08b012532036b67fdeec92a6e6fca2222e45faf4568299595988cf73c6c6d572a8c5a92da56b6b03384ab552f4254dd9c1eb9f4be5b053fac9485a9cfc18e78f40a15a399432cf682b7fe836d398c0aff2c146764ae35d6c9b221bd093d009c540830541aa2baf5b71d000100c0bc53e5c3fd94d3c9a3f675071c20299a2da1a84329761bd3000000c2000100f3b66f9b1b8b247d3071a69664e6514f7f9542381b6ac4d1d94ca90a28415cfea744846d20db340becd1613e09c7b83f1ba84b091c8b782abe14412e1a26cd1fb6d17e58a6bd7b0caa555a2778a72940f5b8476a5bd9c101b72f50825d83f780e6957b01432795050a1d5fad48e64a640163dc4659bc9f730ca309d8ae9470debfe696650070a2305d6220c69e5c9e46470f406f315ed4e6d430a60e4d46961f3dd1736b7d736072fa9cff27cd38c058f98910779df75d2547542e32fcbe0000150001006dddf2147c5ce0e0c8bd7db84b4a988247000000c500010048a7f9f223e7e197f5e9e13e7f2dc4a39336f2dbca8c65a020de8d9be998779ca32a1793a34cb2f6d6252bb9bd4a6ddaae015c99a73109d8a3ab59fc535eeb06c4c03871b13772f74ed802805e6f969a22611fb7a5edc465d363e6270656ebff999970122f44b9a97ccd2e9f16e4af593fe2ec3a58a58d5cb8a73fc0f44a6266f08925005f4f41c6d5271985a9b5f1adc5eb15f44cd5a5be535fdbfa4dd3ca81c5b9659e59b38bb431c86f5ed96eb85c372154e7be1fa6fb54d77cf56f52afbf15000000"], 0x3f0}, 0x1, 0x0, 0x0, 0x44000}, 0x4000000)

05:49:00 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000100)={0xffffffff, 0xe56})
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="f003007000fcdbdf2500050f004e214e240100010009000000ff8dd8d0f501c74e3fe30f000001040000000000800300000002000000000000006ef188c437f53060494fe8663530a829845a159de8a074440b224cfad8221c40bc0b7abe6ee5b3c424d9316e9625b23135ec0b10083129279e2881c975714e8c7b28a3f3a43b53272acd242d", @ANYRES32=0x0, @ANYBLOB="55000000020000000300000005000000e000010042097df6466f1513fdce9e6817bc1635624f19044594f2b509270d044badf87927568ecfa0266f2cc9c5756f7cfe59f7b9c8b09274d8d7451d4d4dff25a06c071178b4b99fe2d1631b40f119ce97a3e64ff4488d6a29b63532db7e3e6867ec4fa386683977916482b41d63c84e7b3830e95d11bef94b12be8d821b5b3ffbbcf9eb7ef4d73519aae1faa1e0b0ea658b09aedba3bfd9fe014ce0648ba7d7eb04a4d3ff33a28c862c895ba983827594d3510647bbb4be96721522340f3e712fe0bb951d29d48b5fe8f2610ca0e616999ebd4d7857f67648ee1c204ff5c63c0001005b674a77059e0130c411139ebaf145feb3d2138a86d68a3a4f9902793eb8109561ac59360e4c0d8ebdbdabe7b4397e7468b8715455bf29d7c400010064660c1db76ec5abaf74b908443afbabb82e49a5534e41e714be717c84cd22515cf4a1dab5ccf2a79045db86b5520d78e08db011d1817d33a4be7d48f3e7fc5e2ee204cf0fadd3df4cb753c5142ae18220c4cfb74fbacda08b012532036b67fdeec92a6e6fca2222e45faf4568299595988cf73c6c6d572a8c5a92da56b6b03384ab552f4254dd9c1eb9f4be5b053fac9485a9cfc18e78f40a15a399432cf682b7fe836d398c0aff2c146764ae35d6c9b221bd093d009c540830541aa2baf5b71d000100c0bc53e5c3fd94d3c9a3f675071c20299a2da1a84329761bd3000000c2000100f3b66f9b1b8b247d3071a69664e6514f7f9542381b6ac4d1d94ca90a28415cfea744846d20db340becd1613e09c7b83f1ba84b091c8b782abe14412e1a26cd1fb6d17e58a6bd7b0caa555a2778a72940f5b8476a5bd9c101b72f50825d83f780e6957b01432795050a1d5fad48e64a640163dc4659bc9f730ca309d8ae9470debfe696650070a2305d6220c69e5c9e46470f406f315ed4e6d430a60e4d46961f3dd1736b7d736072fa9cff27cd38c058f98910779df75d2547542e32fcbe0000150001006dddf2147c5ce0e0c8bd7db84b4a988247000000c500010048a7f9f223e7e197f5e9e13e7f2dc4a39336f2dbca8c65a020de8d9be998779ca32a1793a34cb2f6d6252bb9bd4a6ddaae015c99a73109d8a3ab59fc535eeb06c4c03871b13772f74ed802805e6f969a22611fb7a5edc465d363e6270656ebff999970122f44b9a97ccd2e9f16e4af593fe2ec3a58a58d5cb8a73fc0f44a6266f08925005f4f41c6d5271985a9b5f1adc5eb15f44cd5a5be535fdbfa4dd3ca81c5b9659e59b38bb431c86f5ed96eb85c372154e7be1fa6fb54d77cf56f52afbf15000000"], 0x3f0}, 0x1, 0x0, 0x0, 0x44000}, 0x4000000)

05:49:00 executing program 3:
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)

05:49:00 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x5)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d2e, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$TIOCGPKT(r4, 0x80045438, &(0x7f0000000080))

05:49:00 executing program 1:
capset(&(0x7f0000000000)={0x19980330}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:00 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x8000000000000001, 0x123000)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, r0, 0x12}, 0x10) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x26f, 0x194342)
syz_open_dev$vcsa(&(0x7f0000000140), 0x7fffffffffffffff, 0x600000) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r2}, 0x8)
syz_open_pts(0xffffffffffffffff, 0x20882) (async, rerun: 64)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (rerun: 64)

05:49:00 executing program 3:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:00 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x900)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000000)=0x3fff8)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:49:00 executing program 1:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x88000, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000080)={0x0, 0x0, r0})
ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000040))
read$snapshot(r0, 0x0, 0x12)
r2 = syz_open_dev$audion(&(0x7f00000000c0), 0x1, 0x40)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000100))

05:49:00 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x88000, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000080)={0x0, 0x0, r0})
ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000040))
read$snapshot(r0, 0x0, 0x12)
r2 = syz_open_dev$audion(&(0x7f00000000c0), 0x1, 0x40)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r2, 0x80083313, &(0x7f0000000100))

05:49:00 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (fail_nth: 1)

05:49:00 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff) (async)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x5) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d2e, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
ioctl$TIOCGPKT(r4, 0x80045438, &(0x7f0000000080))

05:49:00 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000100)={0xffffffff, 0xe56})
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="f003007000fcdbdf2500050f004e214e240100010009000000ff8dd8d0f501c74e3fe30f000001040000000000800300000002000000000000006ef188c437f53060494fe8663530a829845a159de8a074440b224cfad8221c40bc0b7abe6ee5b3c424d9316e9625b23135ec0b10083129279e2881c975714e8c7b28a3f3a43b53272acd242d", @ANYRES32=0x0, @ANYBLOB="55000000020000000300000005000000e000010042097df6466f1513fdce9e6817bc1635624f19044594f2b509270d044badf87927568ecfa0266f2cc9c5756f7cfe59f7b9c8b09274d8d7451d4d4dff25a06c071178b4b99fe2d1631b40f119ce97a3e64ff4488d6a29b63532db7e3e6867ec4fa386683977916482b41d63c84e7b3830e95d11bef94b12be8d821b5b3ffbbcf9eb7ef4d73519aae1faa1e0b0ea658b09aedba3bfd9fe014ce0648ba7d7eb04a4d3ff33a28c862c895ba983827594d3510647bbb4be96721522340f3e712fe0bb951d29d48b5fe8f2610ca0e616999ebd4d7857f67648ee1c204ff5c63c0001005b674a77059e0130c411139ebaf145feb3d2138a86d68a3a4f9902793eb8109561ac59360e4c0d8ebdbdabe7b4397e7468b8715455bf29d7c400010064660c1db76ec5abaf74b908443afbabb82e49a5534e41e714be717c84cd22515cf4a1dab5ccf2a79045db86b5520d78e08db011d1817d33a4be7d48f3e7fc5e2ee204cf0fadd3df4cb753c5142ae18220c4cfb74fbacda08b012532036b67fdeec92a6e6fca2222e45faf4568299595988cf73c6c6d572a8c5a92da56b6b03384ab552f4254dd9c1eb9f4be5b053fac9485a9cfc18e78f40a15a399432cf682b7fe836d398c0aff2c146764ae35d6c9b221bd093d009c540830541aa2baf5b71d000100c0bc53e5c3fd94d3c9a3f675071c20299a2da1a84329761bd3000000c2000100f3b66f9b1b8b247d3071a69664e6514f7f9542381b6ac4d1d94ca90a28415cfea744846d20db340becd1613e09c7b83f1ba84b091c8b782abe14412e1a26cd1fb6d17e58a6bd7b0caa555a2778a72940f5b8476a5bd9c101b72f50825d83f780e6957b01432795050a1d5fad48e64a640163dc4659bc9f730ca309d8ae9470debfe696650070a2305d6220c69e5c9e46470f406f315ed4e6d430a60e4d46961f3dd1736b7d736072fa9cff27cd38c058f98910779df75d2547542e32fcbe0000150001006dddf2147c5ce0e0c8bd7db84b4a988247000000c500010048a7f9f223e7e197f5e9e13e7f2dc4a39336f2dbca8c65a020de8d9be998779ca32a1793a34cb2f6d6252bb9bd4a6ddaae015c99a73109d8a3ab59fc535eeb06c4c03871b13772f74ed802805e6f969a22611fb7a5edc465d363e6270656ebff999970122f44b9a97ccd2e9f16e4af593fe2ec3a58a58d5cb8a73fc0f44a6266f08925005f4f41c6d5271985a9b5f1adc5eb15f44cd5a5be535fdbfa4dd3ca81c5b9659e59b38bb431c86f5ed96eb85c372154e7be1fa6fb54d77cf56f52afbf15000000"], 0x3f0}, 0x1, 0x0, 0x0, 0x44000}, 0x4000000)

05:49:00 executing program 2:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x900)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000000)=0x3fff8)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:49:00 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x5)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d2e, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$TIOCGPKT(r4, 0x80045438, &(0x7f0000000080))

05:49:00 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x900)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000000)=0x3fff8)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x900) (async)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000000)=0x3fff8) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)

05:49:00 executing program 1:
sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c000000150001002cbd7000fbdbdf250a064700010015b70c149f4619598530d669f01847cd096544205eb04b61794b0d5294d927ca087c9d546cce41e2528285ce3ffab63665e43edeb598d3ed28a5d653c85c0c0751184f000000f87ff6844ade82d39a8670a88169ac3aab3c924023d6008107f5107cded615775c847193b291fd7b88781f799da45b"], 0x5c}, 0x1, 0x0, 0x0, 0x4045}, 0x20008040)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:00 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff) (async, rerun: 32)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9) (rerun: 32)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0) (async)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x5) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d2e, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async, rerun: 32)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (rerun: 32)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
ioctl$TIOCGPKT(r4, 0x80045438, &(0x7f0000000080))

05:49:00 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x5)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d2e, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$TIOCGPKT(r4, 0x80045438, &(0x7f0000000080))

05:49:00 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x4003, 0x0)
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000240)={0x7, 0x7, 0x0, [{0xfffffffffffffeff, 0x2, 0x3, 0x6f, 0x0, 0x9, 0xa9, '\x00', 0x12c4}, {0x8, 0x100000000, 0x6, 0x1, 0x5, 0x62, 0x5, '\x00', 0x17d1a9f6}, {0x2, 0x6e8, 0x10000, 0x80, 0x0, 0x6, 0x0, '\x00', 0x6}, {0x7, 0x0, 0x1ff, 0x7f, 0x3f, 0x8, 0x8, '\x00', 0xd8d}, {0x101, 0x0, 0x1f, 0x0, 0x0, 0x8, 0x9, '\x00', 0x5}, {0x1c0a, 0x1, 0xfffffffffffff6b4, 0x1, 0x7, 0x35}, {0x2, 0x0, 0x8, 0x8, 0x1, 0xfa, 0x1, '\x00', 0x3}]})

05:49:00 executing program 1:
sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c000000150001002cbd7000fbdbdf250a064700010015b70c149f4619598530d669f01847cd096544205eb04b61794b0d5294d927ca087c9d546cce41e2528285ce3ffab63665e43edeb598d3ed28a5d653c85c0c0751184f000000f87ff6844ade82d39a8670a88169ac3aab3c924023d6008107f5107cded615775c847193b291fd7b88781f799da45b"], 0x5c}, 0x1, 0x0, 0x0, 0x4045}, 0x20008040)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:00 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x900)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000000)=0x3fff8)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x900) (async)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000000)=0x3fff8) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)

05:49:00 executing program 2:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x5)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d2e, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$TIOCGPKT(r4, 0x80045438, &(0x7f0000000080))

05:49:00 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x4003, 0x0)
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000240)={0x7, 0x7, 0x0, [{0xfffffffffffffeff, 0x2, 0x3, 0x6f, 0x0, 0x9, 0xa9, '\x00', 0x12c4}, {0x8, 0x100000000, 0x6, 0x1, 0x5, 0x62, 0x5, '\x00', 0x17d1a9f6}, {0x2, 0x6e8, 0x10000, 0x80, 0x0, 0x6, 0x0, '\x00', 0x6}, {0x7, 0x0, 0x1ff, 0x7f, 0x3f, 0x8, 0x8, '\x00', 0xd8d}, {0x101, 0x0, 0x1f, 0x0, 0x0, 0x8, 0x9, '\x00', 0x5}, {0x1c0a, 0x1, 0xfffffffffffff6b4, 0x1, 0x7, 0x35}, {0x2, 0x0, 0x8, 0x8, 0x1, 0xfa, 0x1, '\x00', 0x3}]})

05:49:01 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x100000000000001, 0x4122c1)
read$snapshot(r0, 0x0, 0x12)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
write$snapshot(r1, &(0x7f0000000080)="65ce0513c8760049d0085e2f846ad5182b10a223877392cdc2c52b9c9fd9d03ec09d40ea06a97d73581cdd60560673ad009c0f1494d602a332ee7dec64e83731922f881688a9bf2ebab8a1215173c32ff5a27708e06d5bfe3349522ae96dd3eb4294acec96af27e1704ab37d5cb27074", 0x70)

05:49:01 executing program 1:
sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c000000150001002cbd7000fbdbdf250a064700010015b70c149f4619598530d669f01847cd096544205eb04b61794b0d5294d927ca087c9d546cce41e2528285ce3ffab63665e43edeb598d3ed28a5d653c85c0c0751184f000000f87ff6844ade82d39a8670a88169ac3aab3c924023d6008107f5107cded615775c847193b291fd7b88781f799da45b"], 0x5c}, 0x1, 0x0, 0x0, 0x4045}, 0x20008040) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:01 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x5)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d2e, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$TIOCGPKT(r4, 0x80045438, &(0x7f0000000080))

05:49:01 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x4003, 0x0)
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000240)={0x7, 0x7, 0x0, [{0xfffffffffffffeff, 0x2, 0x3, 0x6f, 0x0, 0x9, 0xa9, '\x00', 0x12c4}, {0x8, 0x100000000, 0x6, 0x1, 0x5, 0x62, 0x5, '\x00', 0x17d1a9f6}, {0x2, 0x6e8, 0x10000, 0x80, 0x0, 0x6, 0x0, '\x00', 0x6}, {0x7, 0x0, 0x1ff, 0x7f, 0x3f, 0x8, 0x8, '\x00', 0xd8d}, {0x101, 0x0, 0x1f, 0x0, 0x0, 0x8, 0x9, '\x00', 0x5}, {0x1c0a, 0x1, 0xfffffffffffff6b4, 0x1, 0x7, 0x35}, {0x2, 0x0, 0x8, 0x8, 0x1, 0xfa, 0x1, '\x00', 0x3}]})
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x4003, 0x0) (async)
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000240)={0x7, 0x7, 0x0, [{0xfffffffffffffeff, 0x2, 0x3, 0x6f, 0x0, 0x9, 0xa9, '\x00', 0x12c4}, {0x8, 0x100000000, 0x6, 0x1, 0x5, 0x62, 0x5, '\x00', 0x17d1a9f6}, {0x2, 0x6e8, 0x10000, 0x80, 0x0, 0x6, 0x0, '\x00', 0x6}, {0x7, 0x0, 0x1ff, 0x7f, 0x3f, 0x8, 0x8, '\x00', 0xd8d}, {0x101, 0x0, 0x1f, 0x0, 0x0, 0x8, 0x9, '\x00', 0x5}, {0x1c0a, 0x1, 0xfffffffffffff6b4, 0x1, 0x7, 0x35}, {0x2, 0x0, 0x8, 0x8, 0x1, 0xfa, 0x1, '\x00', 0x3}]}) (async)

05:49:01 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 1)

05:49:01 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f00000000c0)={0x4, 0x1, 0x40, 0xffffffff, 0x10, 0xffffffffffffffff})
ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000080))
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000100)={0xa4, 0x7fff, 0xa70c, 0x4, 0x4, 0x6})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:49:01 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x5)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d2e, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)

05:49:01 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x100000000000001, 0x4122c1)
read$snapshot(r0, 0x0, 0x12)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
write$snapshot(r1, &(0x7f0000000080)="65ce0513c8760049d0085e2f846ad5182b10a223877392cdc2c52b9c9fd9d03ec09d40ea06a97d73581cdd60560673ad009c0f1494d602a332ee7dec64e83731922f881688a9bf2ebab8a1215173c32ff5a27708e06d5bfe3349522ae96dd3eb4294acec96af27e1704ab37d5cb27074", 0x70)
syz_open_dev$audion(&(0x7f0000000040), 0x100000000000001, 0x4122c1) (async)
read$snapshot(r0, 0x0, 0x12) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0) (async)
write$snapshot(r1, &(0x7f0000000080)="65ce0513c8760049d0085e2f846ad5182b10a223877392cdc2c52b9c9fd9d03ec09d40ea06a97d73581cdd60560673ad009c0f1494d602a332ee7dec64e83731922f881688a9bf2ebab8a1215173c32ff5a27708e06d5bfe3349522ae96dd3eb4294acec96af27e1704ab37d5cb27074", 0x70) (async)

05:49:01 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x10)

05:49:01 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x5)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d2e, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)

05:49:01 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000040), 0x100000000000001, 0x4122c1)
read$snapshot(r0, 0x0, 0x12)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
write$snapshot(r1, &(0x7f0000000080)="65ce0513c8760049d0085e2f846ad5182b10a223877392cdc2c52b9c9fd9d03ec09d40ea06a97d73581cdd60560673ad009c0f1494d602a332ee7dec64e83731922f881688a9bf2ebab8a1215173c32ff5a27708e06d5bfe3349522ae96dd3eb4294acec96af27e1704ab37d5cb27074", 0x70)
syz_open_dev$audion(&(0x7f0000000040), 0x100000000000001, 0x4122c1) (async)
read$snapshot(r0, 0x0, 0x12) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0) (async)
write$snapshot(r1, &(0x7f0000000080)="65ce0513c8760049d0085e2f846ad5182b10a223877392cdc2c52b9c9fd9d03ec09d40ea06a97d73581cdd60560673ad009c0f1494d602a332ee7dec64e83731922f881688a9bf2ebab8a1215173c32ff5a27708e06d5bfe3349522ae96dd3eb4294acec96af27e1704ab37d5cb27074", 0x70) (async)

[ 2531.547759] FAULT_INJECTION: forcing a failure.
[ 2531.547759] name failslab, interval 1, probability 0, space 0, times 0
[ 2531.573309] CPU: 1 PID: 29292 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2531.581213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2531.590561] Call Trace:
[ 2531.593146]  dump_stack+0x1b2/0x281
05:49:01 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x10) (async)

05:49:01 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x10)

05:49:01 executing program 1:
r0 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x5, 0x100)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000080)={r0, r1}, 0x10)

05:49:01 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0xa926, "af6f5b9e40feba35d40bdaeceb58dd7262ce4d0d2b63c468b1c2b3dad70ad659", <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000080)={0x0, 0x1, r1})
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000000)={0x4, 0x9, 0x400})
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2531.596796]  should_fail.cold+0x10a/0x149
[ 2531.600947]  should_failslab+0xd6/0x130
[ 2531.604925]  kmem_cache_alloc+0x28e/0x3c0
[ 2531.609072]  getname_flags+0xc8/0x550
[ 2531.612873]  do_sys_open+0x1ce/0x410
[ 2531.616593]  ? filp_open+0x60/0x60
[ 2531.620131]  ? __do_page_fault+0x159/0xad0
[ 2531.624363]  ? do_syscall_64+0x4c/0x640
[ 2531.628335]  ? SyS_open+0x30/0x30
[ 2531.631797]  do_syscall_64+0x1d5/0x640
[ 2531.635696]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2531.640886] RIP: 0033:0x7f6a3bf3e284
05:49:01 executing program 0:
ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, &(0x7f00000000c0))
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x5d53, 0x10000)
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)
r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0xffffffffffffffc0, 0x200)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, r2, 0xc}, 0x10)
read$snapshot(r0, 0x0, 0x12)

05:49:01 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 2)

[ 2531.644601] RSP: 002b:00007f6a3a4fe090 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2531.652740] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf3e284
[ 2531.660011] RDX: 0000000000000000 RSI: 00007f6a3bfe69ab RDI: 00000000ffffff9c
[ 2531.667328] RBP: 00007f6a3bfe69ab R08: 0000000000000000 R09: 0000000000000000
[ 2531.674598] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2531.681870] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
[ 2531.713463] FAULT_INJECTION: forcing a failure.
[ 2531.713463] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2531.725268] CPU: 1 PID: 29326 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2531.733140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2531.742480] Call Trace:
[ 2531.745052]  dump_stack+0x1b2/0x281
[ 2531.748660]  should_fail.cold+0x10a/0x149
[ 2531.753147]  __alloc_pages_nodemask+0x21e/0x2900
[ 2531.757894]  ? __lock_acquire+0x5fc/0x3f20
[ 2531.762109]  ? get_pid_task+0x91/0x130
[ 2531.765975]  ? gfp_pfmemalloc_allowed+0x150/0x150
[ 2531.770810]  ? lock_downgrade+0x740/0x740
[ 2531.774955]  ? get_pid_task+0xb8/0x130
[ 2531.778822]  ? proc_fail_nth_write+0x7b/0x180
[ 2531.783296]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2531.788207]  cache_grow_begin+0x91/0x700
[ 2531.792255]  ? fs_reclaim_release+0xd0/0x110
[ 2531.796650]  ? check_preemption_disabled+0x35/0x240
[ 2531.801650]  cache_alloc_refill+0x273/0x350
[ 2531.805952]  kmem_cache_alloc+0x333/0x3c0
[ 2531.810175]  getname_flags+0xc8/0x550
[ 2531.813958]  do_sys_open+0x1ce/0x410
[ 2531.817661]  ? filp_open+0x60/0x60
[ 2531.821188]  ? __do_page_fault+0x159/0xad0
[ 2531.825400]  ? do_syscall_64+0x4c/0x640
[ 2531.829368]  ? SyS_open+0x30/0x30
[ 2531.832813]  do_syscall_64+0x1d5/0x640
[ 2531.836709]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2531.841875] RIP: 0033:0x7f6a3bf3e284
[ 2531.845563] RSP: 002b:00007f6a3a4fe090 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2531.853251] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf3e284
[ 2531.860677] RDX: 0000000000000000 RSI: 00007f6a3bfe69ab RDI: 00000000ffffff9c
[ 2531.867943] RBP: 00007f6a3bfe69ab R08: 0000000000000000 R09: 0000000000000000
[ 2531.875190] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2531.882436] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
05:49:02 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f00000000c0)={0x4, 0x1, 0x40, 0xffffffff, 0x10, 0xffffffffffffffff})
ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000080))
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000100)={0xa4, 0x7fff, 0xa70c, 0x4, 0x4, 0x6})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)) (async)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f00000000c0)={0x4, 0x1, 0x40, 0xffffffff, 0x10, 0xffffffffffffffff}) (async)
ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000080)) (async)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000100)={0xa4, 0x7fff, 0xa70c, 0x4, 0x4, 0x6}) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)

05:49:02 executing program 0:
ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, &(0x7f00000000c0)) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x5d53, 0x10000) (async)
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)
r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0xffffffffffffffc0, 0x200)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, r2, 0xc}, 0x10) (async)
read$snapshot(r0, 0x0, 0x12)

05:49:02 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0xa926, "af6f5b9e40feba35d40bdaeceb58dd7262ce4d0d2b63c468b1c2b3dad70ad659", <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000080)={0x0, 0x1, r1}) (async)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000000)={0x4, 0x9, 0x400})
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:02 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x5)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d2e, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:02 executing program 1:
r0 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x5, 0x100)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000080)={r0, r1}, 0x10)

05:49:02 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 3)

05:49:02 executing program 0:
ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, &(0x7f00000000c0)) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x5d53, 0x10000) (async)
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)
r2 = syz_open_dev$vcsa(&(0x7f0000000040), 0xffffffffffffffc0, 0x200)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, r2, 0xc}, 0x10)
read$snapshot(r0, 0x0, 0x12)

05:49:02 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0xa926, "af6f5b9e40feba35d40bdaeceb58dd7262ce4d0d2b63c468b1c2b3dad70ad659", <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000080)={0x0, 0x1, r1})
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000000)={0x4, 0x9, 0x400}) (async)
ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:02 executing program 1:
r0 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async, rerun: 32)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x5, 0x100) (rerun: 32)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000080)={r0, r1}, 0x10)

[ 2532.404430] FAULT_INJECTION: forcing a failure.
[ 2532.404430] name failslab, interval 1, probability 0, space 0, times 0
[ 2532.436943] CPU: 0 PID: 29338 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2532.444858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
05:49:02 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x5)

05:49:02 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x4, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x4)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)

05:49:02 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x5)

[ 2532.454213] Call Trace:
[ 2532.456810]  dump_stack+0x1b2/0x281
[ 2532.460443]  should_fail.cold+0x10a/0x149
[ 2532.464593]  should_failslab+0xd6/0x130
[ 2532.468581]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2532.468596]  apparmor_file_alloc_security+0x129/0x800
[ 2532.478450]  security_file_alloc+0x66/0xa0
[ 2532.482696]  ? selinux_is_enabled+0x5/0x50
[ 2532.482709]  get_empty_filp+0x16b/0x3f0
[ 2532.490904]  path_openat+0x84/0x2970
[ 2532.490915]  ? get_pid_task+0x91/0x130
[ 2532.498495]  ? path_lookupat+0x780/0x780
[ 2532.498506]  ? trace_hardirqs_on+0x10/0x10
[ 2532.498519]  do_filp_open+0x179/0x3c0
[ 2532.498526]  ? may_open_dev+0xe0/0xe0
[ 2532.498535]  ? __alloc_fd+0x1be/0x490
[ 2532.498546]  ? lock_downgrade+0x740/0x740
05:49:02 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x0, <r1=>0xffffffffffffffff}) (async)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f00000000c0)={0x4, 0x1, 0x40, 0xffffffff, 0x10, 0xffffffffffffffff})
ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000080)) (async)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000100)={0xa4, 0x7fff, 0xa70c, 0x4, 0x4, 0x6}) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:49:02 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10003)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan4\x00', <r2=>0x0})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x60, r1, 0x700, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x24000091)
read$snapshot(r0, 0x0, 0x12)

05:49:02 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 4)

05:49:02 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x4, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x4)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x4, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x4) (async)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) (async)

05:49:02 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x5)

[ 2532.498556]  ? do_raw_spin_unlock+0x164/0x220
[ 2532.498565]  ? _raw_spin_unlock+0x29/0x40
[ 2532.498571]  ? __alloc_fd+0x1be/0x490
[ 2532.498585]  do_sys_open+0x296/0x410
[ 2532.498595]  ? filp_open+0x60/0x60
[ 2532.498607]  ? __do_page_fault+0x159/0xad0
[ 2532.498616]  ? do_syscall_64+0x4c/0x640
[ 2532.498624]  ? SyS_open+0x30/0x30
[ 2532.498632]  do_syscall_64+0x1d5/0x640
05:49:02 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10003)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan4\x00', <r2=>0x0}) (async)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x60, r1, 0x700, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x24000091)
read$snapshot(r0, 0x0, 0x12)

05:49:02 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 5)

05:49:02 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x5)

[ 2532.498646]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2532.498653] RIP: 0033:0x7f6a3bf3e284
[ 2532.498657] RSP: 002b:00007f6a3a4fe090 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2532.498666] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf3e284
[ 2532.498671] RDX: 0000000000000000 RSI: 00007f6a3bfe69ab RDI: 00000000ffffff9c
[ 2532.498675] RBP: 00007f6a3bfe69ab R08: 0000000000000000 R09: 0000000000000000
[ 2532.498680] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2532.498685] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
[ 2532.627702] FAULT_INJECTION: forcing a failure.
[ 2532.627702] name failslab, interval 1, probability 0, space 0, times 0
[ 2532.627714] CPU: 1 PID: 29378 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2532.627719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2532.627723] Call Trace:
[ 2532.627737]  dump_stack+0x1b2/0x281
[ 2532.627752]  should_fail.cold+0x10a/0x149
[ 2532.627765]  should_failslab+0xd6/0x130
[ 2532.627780]  kmem_cache_alloc_trace+0x29a/0x3d0
[ 2532.627795]  apparmor_file_alloc_security+0x129/0x800
[ 2532.627812]  security_file_alloc+0x66/0xa0
[ 2532.627822]  ? selinux_is_enabled+0x5/0x50
[ 2532.627834]  get_empty_filp+0x16b/0x3f0
[ 2532.627846]  path_openat+0x84/0x2970
[ 2532.627857]  ? get_pid_task+0x91/0x130
[ 2532.627868]  ? gfp_pfmemalloc_allowed+0x150/0x150
[ 2532.627880]  ? path_lookupat+0x780/0x780
[ 2532.627891]  ? trace_hardirqs_on+0x10/0x10
[ 2532.627904]  do_filp_open+0x179/0x3c0
[ 2532.627912]  ? may_open_dev+0xe0/0xe0
[ 2532.627921]  ? __alloc_fd+0x1be/0x490
[ 2532.627934]  ? lock_downgrade+0x740/0x740
[ 2532.627944]  ? do_raw_spin_unlock+0x164/0x220
[ 2532.627954]  ? _raw_spin_unlock+0x29/0x40
[ 2532.627962]  ? __alloc_fd+0x1be/0x490
[ 2532.627977]  do_sys_open+0x296/0x410
[ 2532.627988]  ? filp_open+0x60/0x60
[ 2532.627998]  ? __do_page_fault+0x159/0xad0
[ 2532.628007]  ? do_syscall_64+0x4c/0x640
[ 2532.628015]  ? SyS_open+0x30/0x30
[ 2532.628025]  do_syscall_64+0x1d5/0x640
[ 2532.628040]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2532.628048] RIP: 0033:0x7f6a3bf3e284
[ 2532.628053] RSP: 002b:00007f6a3a4fe090 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2532.628063] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf3e284
[ 2532.628069] RDX: 0000000000000000 RSI: 00007f6a3bfe69ab RDI: 00000000ffffff9c
[ 2532.628074] RBP: 00007f6a3bfe69ab R08: 0000000000000000 R09: 0000000000000000
[ 2532.628080] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2532.628085] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
[ 2532.658976] FAULT_INJECTION: forcing a failure.
[ 2532.658976] name failslab, interval 1, probability 0, space 0, times 0
[ 2532.658987] CPU: 0 PID: 29388 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2532.658993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2532.658996] Call Trace:
[ 2532.659010]  dump_stack+0x1b2/0x281
[ 2532.659025]  should_fail.cold+0x10a/0x149
[ 2532.659039]  should_failslab+0xd6/0x130
[ 2532.659054]  kmem_cache_alloc_trace+0x47/0x3d0
[ 2532.659069]  proc_self_get_link+0x1af/0x220
[ 2532.659079]  ? proc_ns_dir_lookup+0x250/0x250
[ 2532.659088]  link_path_walk+0xc47/0x10a0
[ 2532.659103]  ? walk_component+0xbc0/0xbc0
[ 2532.659117]  path_openat+0x15e/0x2970
[ 2532.659128]  ? get_pid_task+0x91/0x130
[ 2532.659138]  ? gfp_pfmemalloc_allowed+0x150/0x150
[ 2532.659149]  ? path_lookupat+0x780/0x780
[ 2532.659160]  ? trace_hardirqs_on+0x10/0x10
[ 2532.659175]  do_filp_open+0x179/0x3c0
[ 2532.659183]  ? may_open_dev+0xe0/0xe0
[ 2532.659201]  ? do_raw_spin_unlock+0x164/0x220
[ 2532.659212]  ? __alloc_fd+0x1be/0x490
[ 2532.659227]  do_sys_open+0x296/0x410
[ 2532.659238]  ? filp_open+0x60/0x60
[ 2532.659250]  ? __do_page_fault+0x159/0xad0
[ 2532.659259]  ? do_syscall_64+0x4c/0x640
[ 2532.659268]  ? SyS_open+0x30/0x30
[ 2532.659278]  do_syscall_64+0x1d5/0x640
[ 2532.659294]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2532.659302] RIP: 0033:0x7f6a3bf3e284
[ 2532.659307] RSP: 002b:00007f6a3a4fe090 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2532.659318] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf3e284
[ 2532.659324] RDX: 0000000000000000 RSI: 00007f6a3bfe69ab RDI: 00000000ffffff9c
[ 2532.659329] RBP: 00007f6a3bfe69ab R08: 0000000000000000 R09: 0000000000000000
05:49:02 executing program 1:
r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, 0xffffffffffffffff, 0x1e}, 0x10)

05:49:02 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x4, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x4)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)

05:49:02 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 6)

05:49:02 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10003)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan4\x00', <r2=>0x0}) (async, rerun: 32)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x60, r1, 0x700, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x24000091) (async)
read$snapshot(r0, 0x0, 0x12)

[ 2532.659335] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2532.659344] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
[ 2533.133946] FAULT_INJECTION: forcing a failure.
[ 2533.133946] name failslab, interval 1, probability 0, space 0, times 0
[ 2533.146280] CPU: 1 PID: 29399 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2533.154168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2533.163589] Call Trace:
[ 2533.166160]  dump_stack+0x1b2/0x281
[ 2533.169767]  should_fail.cold+0x10a/0x149
[ 2533.173892]  should_failslab+0xd6/0x130
[ 2533.177843]  kmem_cache_alloc+0x28e/0x3c0
[ 2533.181967]  ? proc_i_callback+0x20/0x20
[ 2533.186005]  proc_alloc_inode+0x18/0x1a0
[ 2533.190044]  ? proc_i_callback+0x20/0x20
[ 2533.194080]  alloc_inode+0x5d/0x170
[ 2533.197686]  new_inode+0x1d/0xf0
[ 2533.201031]  proc_pid_make_inode+0x22/0x230
[ 2533.205328]  proc_pident_instantiate+0x78/0x280
[ 2533.209971]  proc_pident_lookup+0x181/0x200
[ 2533.214290]  lookup_slow+0x20a/0x400
[ 2533.217986]  ? follow_dotdot_rcu+0xf00/0xf00
[ 2533.222369]  ? lookup_fast+0x430/0xe30
[ 2533.226239]  walk_component+0x6a1/0xbc0
[ 2533.230190]  ? lookup_fast+0xe30/0xe30
[ 2533.234056]  ? proc_pid_permission+0x181/0x240
[ 2533.238613]  ? security_inode_permission+0xb5/0xf0
[ 2533.243618]  ? mem_write+0x60/0x60
[ 2533.247138]  link_path_walk+0x823/0x10a0
[ 2533.251180]  ? walk_component+0xbc0/0xbc0
[ 2533.255323]  path_openat+0x15e/0x2970
[ 2533.259099]  ? get_pid_task+0x91/0x130
[ 2533.262979]  ? trace_hardirqs_on+0x10/0x10
[ 2533.267234]  ? path_lookupat+0x780/0x780
[ 2533.271283]  ? trace_hardirqs_on+0x10/0x10
[ 2533.275503]  do_filp_open+0x179/0x3c0
[ 2533.279286]  ? may_open_dev+0xe0/0xe0
[ 2533.283068]  ? simple_attr_release+0x40/0x40
[ 2533.287455]  ? do_raw_spin_unlock+0x164/0x220
[ 2533.291927]  ? __alloc_fd+0x1be/0x490
[ 2533.295708]  do_sys_open+0x296/0x410
[ 2533.299399]  ? filp_open+0x60/0x60
[ 2533.302918]  ? __do_page_fault+0x159/0xad0
[ 2533.307132]  ? do_syscall_64+0x4c/0x640
[ 2533.311086]  ? SyS_open+0x30/0x30
[ 2533.314518]  do_syscall_64+0x1d5/0x640
[ 2533.318384]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2533.323549] RIP: 0033:0x7f6a3bf3e284
[ 2533.327240] RSP: 002b:00007f6a3a4fe090 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2533.334925] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf3e284
[ 2533.342172] RDX: 0000000000000000 RSI: 00007f6a3bfe69ab RDI: 00000000ffffff9c
[ 2533.349418] RBP: 00007f6a3bfe69ab R08: 0000000000000000 R09: 0000000000000000
[ 2533.356992] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2533.364258] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
05:49:03 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x8, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f)
ioctl$BLKFRASET(r0, 0x1264, &(0x7f0000000080)=0xda7d)

05:49:03 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000040)=0xfff)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
r2 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x5)

05:49:03 executing program 1:
r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, 0xffffffffffffffff, 0x1e}, 0x10)

05:49:03 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0xaf7c, 0x6, 0xffff3d30, 0x0, 0xfd, "b8564a1ce720194bb870964758e7a59d58ac91"})

05:49:03 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:49:03 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 7)

05:49:03 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0xaf7c, 0x6, 0xffff3d30, 0x0, 0xfd, "b8564a1ce720194bb870964758e7a59d58ac91"})
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0xaf7c, 0x6, 0xffff3d30, 0x0, 0xfd, "b8564a1ce720194bb870964758e7a59d58ac91"}) (async)

05:49:03 executing program 1:
r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, 0xffffffffffffffff, 0x1e}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, 0xffffffffffffffff, 0x1e}, 0x10) (async)

05:49:03 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x0)
read$snapshot(r0, 0x0, 0x12)

[ 2533.505153] FAULT_INJECTION: forcing a failure.
[ 2533.505153] name failslab, interval 1, probability 0, space 0, times 0
[ 2533.520001] CPU: 1 PID: 29414 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2533.527898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2533.537246] Call Trace:
[ 2533.539833]  dump_stack+0x1b2/0x281
[ 2533.543463]  should_fail.cold+0x10a/0x149
[ 2533.547613]  should_failslab+0xd6/0x130
05:49:03 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x0)
read$snapshot(r0, 0x0, 0x12)

[ 2533.551584]  kmem_cache_alloc+0x28e/0x3c0
[ 2533.555729]  ? proc_i_callback+0x20/0x20
[ 2533.559792]  proc_alloc_inode+0x18/0x1a0
[ 2533.563848]  ? proc_i_callback+0x20/0x20
[ 2533.567903]  alloc_inode+0x5d/0x170
[ 2533.571529]  new_inode+0x1d/0xf0
[ 2533.574895]  proc_pid_make_inode+0x22/0x230
[ 2533.579195]  proc_pident_instantiate+0x78/0x280
[ 2533.583848]  proc_pident_lookup+0x181/0x200
[ 2533.588157]  lookup_slow+0x20a/0x400
[ 2533.591857]  ? follow_dotdot_rcu+0xf00/0xf00
[ 2533.596251]  ? lookup_fast+0x430/0xe30
[ 2533.600397]  walk_component+0x6a1/0xbc0
[ 2533.604445]  ? lookup_fast+0xe30/0xe30
[ 2533.608311]  ? proc_pid_permission+0x181/0x240
[ 2533.612870]  ? security_inode_permission+0xb5/0xf0
[ 2533.617789]  ? mem_write+0x60/0x60
[ 2533.621341]  link_path_walk+0x823/0x10a0
[ 2533.625400]  ? walk_component+0xbc0/0xbc0
[ 2533.629527]  path_openat+0x15e/0x2970
[ 2533.633308]  ? get_pid_task+0x91/0x130
[ 2533.637175]  ? gfp_pfmemalloc_allowed+0x150/0x150
[ 2533.642007]  ? path_lookupat+0x780/0x780
[ 2533.646056]  ? trace_hardirqs_on+0x10/0x10
[ 2533.650275]  do_filp_open+0x179/0x3c0
[ 2533.654050]  ? may_open_dev+0xe0/0xe0
[ 2533.657837]  ? simple_attr_release+0x40/0x40
[ 2533.662242]  ? do_raw_spin_unlock+0x164/0x220
[ 2533.666713]  ? __alloc_fd+0x1be/0x490
[ 2533.670497]  do_sys_open+0x296/0x410
[ 2533.674293]  ? filp_open+0x60/0x60
[ 2533.677813]  ? __do_page_fault+0x159/0xad0
[ 2533.682028]  ? do_syscall_64+0x4c/0x640
[ 2533.685978]  ? SyS_open+0x30/0x30
[ 2533.689412]  do_syscall_64+0x1d5/0x640
[ 2533.693283]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2533.698467] RIP: 0033:0x7f6a3bf3e284
05:49:03 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000080))

05:49:03 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000040)=0xfff)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x5)

[ 2533.702153] RSP: 002b:00007f6a3a4fe090 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2533.711137] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf3e284
[ 2533.718380] RDX: 0000000000000000 RSI: 00007f6a3bfe69ab RDI: 00000000ffffff9c
[ 2533.725628] RBP: 00007f6a3bfe69ab R08: 0000000000000000 R09: 0000000000000000
[ 2533.732875] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2533.740119] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
05:49:03 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x8, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) (async)
ioctl$BLKFRASET(r0, 0x1264, &(0x7f0000000080)=0xda7d)

05:49:03 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0xaf7c, 0x6, 0xffff3d30, 0x0, 0xfd, "b8564a1ce720194bb870964758e7a59d58ac91"})

05:49:03 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x5)

05:49:03 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 8)

05:49:03 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000140), 0x7fffffff, 0x16001)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x509800, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000100)={0x1, 0x1, 0x3f, 0x3, 0x9, 0x7f, 0x9})
read$snapshot(r2, 0x0, 0x0)

05:49:03 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) (async)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000080))

05:49:04 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000080))

05:49:04 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000080), 0x82a8, 0x100)
ioctl$VT_ACTIVATE(r1, 0x5606, 0x4)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x14, 0x5, 0x0, 0xc, "ca564a0de70d194b9100"})
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000040))
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f00000000c0)={&(0x7f0000000240)="4023b59d3bcac5de0e61a5bbbea6b18716c8f74889410530cd4a340f1bcf9a9cf74c33c79260bcb9ad0a89d482ec7eb2c30803de5d62453dc98c5158407b6d9a16c4557700dcc0c279e958294654f4718d7e868d3017d9be9a848853b5185b8c35f70f07ecde7fe0ec3b746b4c425920a9bb832bea5919c790b758061970bdee3e4fc34e0a309fcfa4b0281f54fb8b5f253e35763c42e48b12b63e2aa2089a1bfe0133b7fcf7d104216bbd5be9f02baca9861a43c27e9de5ed43d97fdd2863d96f30a803cb0c88a8653a8aa5e769d97f95f4b8fc011bcd96532f3613c720921a463e468e546bd5875c38a969287d1d911b106593d5350434cf8eb708073e4d3dae9239eee7c4cdc9c85e14d56103c309c2af7f54de3a84fab3193b92a7178424e9e4150474ec066de18ffe0fe726a5f32356a6b53db65cd3dec42fb15f24013503464e6f726ab8d6cb621f142da8acd70d101b722351bbca53793b30e06d46a47aed90064b3e5be67e2dfd8615ddbcf141ab3d20022d077ac6d1548ed6638c7d9bf845bdd85bacb9337e67244c10733e2b75bddde34caf39ebf1d4c3c3f6610e81ab737dad73493e53464028de20b6fa06d5370c48dbd494ef89cc25c9860f0162206d05346f709ed5c2901cd132b0d10daae32019e43770e6ed80a80427b853ef3f1a5b86466a486069e1cf9032471772c1c8c89f09d8b7a766875d4cd6302d5c32133231cf8a9da934f84185e2eb7b325150e4cda39dd29e8cf9b85b6808097a17748f768bf033ac6fff48b47437250bd43bca902ca85c4d5088acb8e41828f45a8c479561644c44ffeee80e792184430b1d5f59f69e8b8cf62f9d9152bbecfbc3ae563ce830ca2bf834f9d791f55c6c71351a48516e2830b23d1955af7ab43d7572d080bfe6b48450a5d67a541550869ed6a3201d98764584d6a7a0b9aa890380ecbdbaa30f2922431a1b18b868ee8c0839a4958732e3c3db99f6403aadecf116dd24ebc8bbc0cf63f5186823a7b8bce54c575f4d3700562ec9a98d8f21ee20d1f9ed50b8b4db210f0dd4a48f87dd9125b5579e6bd27dff9e9384d72b4e4519a679c5bf710ef92364c2704d7882d9b47775d6b1cfb577e182b4d56ae9bc5aabda551cf0554b030d2931e02235e89dfd321475ab44224362e283c669478e7e6452638f3565b30494f6bab12ad57534395aee627d9a9634dbfc08f6275bb7cf167cf9042426c066e9a1cb91a0545c7e9b7a178c90c0e2e3e3678adb115bb5de408276a9064fbe50b82ec2243ffaa39d0ae42ab087dd92c579b30105fb7c8a1997d40e490ed8f464d9659904504c91b79a1ef2100f756e62a25d74fa895e5ce2db1d0f85e2f06db011c061afd3fd2cee982f36df51f242829224f2cb7bf5a142b002a224b30b076a7ebe5215b900cd4c64deafdd3a00f29fccf6d3d0ca059e088805a363cbe7aa25c340c772a58e25541b51b2c1a09405fe83ef8a8cf75d79e5fa227ca946216e8a39719f85081abaca058efb6e0127c632f18dd13607da88d8dc188e9bbb168c83ad44b114f9b15f013f2c1a02990d1d5a6b1b5306885a03d1664c8d1f3207373f68d33d8ed912d6ea216761c7a7c2f95ef3e35926faa85ed6960f0a8e1880f48f52e3af3f504881c1b37c4d06d5aeab0ca140db7a08582397f8972bc011eb29d6c5689c0f7f1c00ce24b434673fac64805a08032a570c388c7a48752ef83f409a5bd7574b8c7ebac953113758d651199d634ed9b65f4db269630bffb79e37a7c6d238fb6c20914527e187a6c2424b824def5566f3ce648ad1cc519c6981492914e3e711eb8833f42a11c1a939eafdcb6d015c3608ad527b176bf9759e8a5c55d5617808f3b09e1636ca467adbf77d22c4b9031b2c142909db9bfe7c4b26b503e842fe6275c68eb719fe926f2d068d938c2141c9893f47f678a7b8f2da74a70740bf2d8ca17e0a33b748db233eeee77f18c11da8a877956c82c57784521df3c5068724c37b5be3455c09aa84b5d23bc45671d6aa1986dec7e513160b826c89b340025bf205507e8d5cf2e6faa95aa72005d3cd5fc46a37ec174b1eb8598eff134e22269aa37fb38bd40792d505efdb232301e5b268a7415dfb4cc9bb3ea794a2d1cc257219b102ebbd4e8ebb869431fd217ad43df6e9abaadcfcefd0b49b37af5bb38859b63f5f1b24efbf61acdfefabcb7257e19a49e515d04820468b2a58addc2d620c0906d9411446a1d8c691ccdee7f9534384e851e1c7396d6b2de7fee8a1820b18d42de2766dba4bdbb64b1854d0df15ce2d7b6497401ea2f53a14b0b357cce9b36e18659c12ca5a7a926f7aa58a304aba84fef8ef2dd9c58569605c72b98a60a2b1c332607111c0e6857ae326b694595acb56e4bc2274984540cb5fbe729b23eaa3cae5e006122e19a59089e31e5c56627a5f5350f3a97f062cb192e788d8115b38d641220e7face5601b875e06317b4d944cde8a22e31121ee86e36a7607b12403b12903107799d091ed53a14312a79f7b72d49ae3557a4fcd72be08c38a17e3bd13e979cf9030571061ffb70a64b6b3b1c378ec966d65ed59eb1f8906a2caa36e1904af69e280781ddd43f6112a07196b57b843a41f465877fe3892b01ff4c064152e79c24edf30ae78694cd8f6e8ffe738b7b342be56b55cff752d37b8f0015760708fa802c8dbe038df1eb4b403f161c1937c080b3ff905eec44f0703383d6a23142fba7453a17ce782212bbca58db7dacc0dfc708d0c0d3a7ecc68b4f6cf205a0dfdbbb4e4c54ccd5eece0b364ac2aebc15e88bf04098d4c97caa34be8f7e185930b99cfccbdf41430aba8a681b9d3ce43c4e78503fe0253e18de62bf5f7a877923a94cc68c6f3294b3adc4cb1caabe2780e1727831c3c1aa093a39f04adf0faff308cca4f23aa7592c3db90e9db4ef50001c4ed4989e50f744eda30fe5a33644f4cf329426add340f438aec55334ab07600fb339dbf20b17f14c2369d21ca6d42769233dbcceda9fc5a0c845deba90fc00a75b21f93cce528c4ff61509f3f4754dca3011f02944cab41a08f9a8b4b3d7640d7c849540638e6bc4b16c00df73b02a7c3a9e4068ad1ccac495a46bc25bc04db6828e080887bd023a437d47aba9a513ac8474c4358258f4eab7e83244b85f24e1c5daa1fdafd81b6b9c966d3c48f88d328e23a977807f222faed066df5d975c1e45f54361e5186e9350948327d052fb5d5a86c8979e67a97223f86c14e8d34b4af2c12a89253e8bdd6ff37559490c27f21454128acc6febef0fa027f0c434af3d90bd07cd43c5c1b9becec22b290170e8071d3a9a56c6e7b7f567d93a611ef7130054a31f1c19f854a3b1159e573b3877794032eac7353c3266ad619949e0726cb0c82a83eabb1bfe423681bfe93888f9ba5092ff4cb9d3229b5140163b833eb4a08ef79eeb4d6b2e36b3208a54feddf2258416631492ef7e753302b64b07fa7c709025c05c3647dcc3d1babd25435c72a47588ef9f2c7a81a8c36bcb2724e93f81efca843cd53c6079c7fdb84bb149b50e4398a58ba1b356abcbbc894580c90df67dc3f853c57fa25332a70900a082f353800d01da072b1a5db96000d49122b2562b479c3f7b2e34c180fa71c5b8aef6994f25e76f13fc8703aac614055ee4a3f264fcf754490a10ad8f1e3059f4ee4c2a6c9c59005e805c11ca6bff1f554fe94846fd5fd86fa54a7754d260b394c843e98cb3e5a3cfb7bd2fb06bc3b5e82caaefbb13f494d07f6632b17c61393cf94f11b2f2c1ed16e8c50cdffb710fe944d7de42fef3f691a776227104866b30427148c73cdaefef7619f399e7db81b4fe812c0176118b05df12e8475fb98a72611daa2d6f005011d70022a28c4ba935eaa794ada247421b7c7096a2c7603074ff195182190f5ee0ef456a127cb19fafbec649a393fc33e76674c2ac9b3039600cf3ac46e661152e8a0556cf0502c95e6705716b9894ceec416e97a55519b5e83db7271a60c9f53465e61cf3c5a2c0eaaa74c13b3cc5bf7a7f992d70e71f1c929162d7abdc7d668668b8f1046e7bc7a61334316dce71617ee1e0e0a4e23c420aa29a7000de9bc771d1c942d369bb33feefbb050405e9242fad27b09509a4dfddda410ef245d06470cf7f165aa240a5e87a8a0c29704697aec09793df0b147270d15be508ed45bade599cde0bbb7595525342c5ebe658e4d83419db09283f06ba2c77d16efc4d56b73845c049d099aa0cef21d5d4b149bb7c101946a4527584323f9508379cff01153e07d1d6b902e36f299fa85911045cba1f25f88a9cd1a06da1e44a5006a88f2355dba7c552e63833ec8d93d20732975cfb5de7017c3a4625c10b8b0a5b27b1496dea3203608c4e9f17cfa6f1aeadaf21a4dfae1abc11540aafa8c869e0b86762c11b54d9fa2c9fe5a097e09ba43032e628cbeba81d7f2c5aa966c43e7fa8889c994f9a50b5b6dd74bcf8c5b7ad1e06f5a6a35a3d552f73e2e578fa3afb64fd10b6a0d286b91f03c481dca5fbf99a296e917d0e349b0c35842494f6a872809517fad261ffce1a79b26a2992e268b5b56018d0e1b06c6f0a6da63cdf89d18a28ac9553da36dcee1733651c32e563811dd62d7af74cbb19d6935bf0d4d8969e60a4311cf94215526ec90a0de8072b9390a89b6088d66d244325d07266e523f0e3c2c402cfe0561e86aefedde5c07191ae6e463e12f77eed58a94186aaf2d267546e6d2df0735d156030cd55a93d419d433db9f48d096390f13db87951b000fd8e8e770ee22acc4bc112c0e95c5c5614afddd783b7f00a339cace94cdec70cb95eccfb7f8af0aae6cd83602ad25cd34e84ca0b20f4ef6a6baf0b2bd413368192426cdbc3972fe0161a1e67a6a436f0aadf6ca9d421b995c5a1a527598882795020921782717ca052a248c85602c519e3ff86f8eb87543c10151c5cda3a717e303797396ba45b7ba05dfa18ab40d562f5b9c5c455e8e3ebacbbf174741e78c5c801dd5533c5a98d50f2412d581a452f3e3d214bd4ebf45697d34014ef06c55ce661fa45796c344c02869678966e4d3e08d927ec9f0bf82f6cd8b316c03cd20dd848e6b40687f39128fa37cb275b5c4c9dd36487b3c242e8d1479fd5d59d462c52b271359bdb461c47002add60d262c45db7adb47f897efc7cb972f71b3952f4e54805a98f591ad64277792a7d2ee60994065a1ae280f72af10c8e9eeb252d849487e2a44d24657ba90ab6dac2c5b1d430c3e73c89de53414410b9c7201094ff681da0780ebe2bd635bb523d17f52cb2bc46595e032a9eebdcbd4bbf8c94726da28088d6933c3d1b0994d2151291d79f7525de3a83a9098aff83336312e63c4a5016607696dc9202ef613dde2a700812ef26934a636850a5c2e526d613f09cd5c4463803add4ba0ec04a3d69b7c17f8b02468acb3729d89356602cd358203fd766b57e7bb6d5e8d646904ddf49b590632bae6651ab43331d67bc46389ffff1faad32148170f5e795579a41adbddcb8d9ccfb4dd1be62386a5f7ce0ad3455f663b8108ba0746fef9d831ba840ecdbbaf4a3539e33cc76d7f82efbb8ffd570014d6e0273780b55de1c8b21d9e4481876cac7c241e7314688066ce6c3302c82c6bf62cf3af61ea4aa9f0266e1a3138c66a99f35e5242ffeb86f72d2949f0bdef1e6117941d8d8f3d575a9501d7691e977c0f26c8ba9cb72a698ba14c0a638592369e1e201a1c1b3891fa51deaea1749e6e729bcc044a8506267b494989756ace96833714e25cbd018b3580bad8cd8d", 0x1000, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r1, 0xc00464be, &(0x7f0000000100)={r2})
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)=0x1)

05:49:04 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000140), 0x7fffffff, 0x16001)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x509800, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000100)={0x1, 0x1, 0x3f, 0x3, 0x9, 0x7f, 0x9})
read$snapshot(r2, 0x0, 0x0)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$vcsa(&(0x7f0000000140), 0x7fffffff, 0x16001) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x509800, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8) (async)
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000100)={0x1, 0x1, 0x3f, 0x3, 0x9, 0x7f, 0x9}) (async)
read$snapshot(r2, 0x0, 0x0) (async)

05:49:04 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x5)

[ 2534.354700] FAULT_INJECTION: forcing a failure.
[ 2534.354700] name failslab, interval 1, probability 0, space 0, times 0
05:49:04 executing program 1:
r0 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000000)={0x2, 0x1, 0x10, 0xc, 0x107, &(0x7f0000000080)="57dc31ec589b9fc1983dc3d815e3e77b16d95b4e6816f6e3f23096612252ce3b055ed634413c7c2e45f1ffc39085c42772bfb5c3482c3fd019568901c0f01f5a359f720c467f8ab98cbb0b919ef72b665dcfc08bd314b75eb6a81cec4b2cc20820fdb6496ccedf8170b429eb16f3f916f953fdd17aa246cde5314951db0a3376b325c99b944d357b8826ff761808ea178322a014830d615b568e32560acf43a317765876327b3cafcb209ac9dfac5844c367826e4e7e8abaf1647c60b28210f21c3b59eb523f706542c25c23f19eac06f7e641e2a3ac934ec2b87286ae8690d6516624d71ac8b82f39094f6312a6f47808fe9fe375deec710e19b8a54cf5a033749cdbde5d485709e8b5f28d6cfed11129a2e9848132c369c915da1745e424cacd985f298d63cc2d48d66e7416bb26bc64ab352afc9d4984805d4186537ec087b989b630e11d91a251a4e40fade1e36f7e11793461c4aba795bae236c993a1cfbe274ecc466a9b18a494c8c149a65ec43ba1452497654ed606ba92acbeb1796abf7bbdaa0b25ded80d08084ad3e20044f291fcde12f0d2a60e3ab7fdf1a080099121c7fbf3fc1799b1cea0060ac69dc3115eb188a81d4569ab89ff1c24082bab0894e5e581a83543302de57447b9204af8d642da22f992c321116923fbcbe52b92c6423efc470bf9c9746877c3532d05a5c03ac6f6226148d380a89cd37417381eb4815e8d71b27e90a6b18e2f9bc53a37956804af8e84f514091bc402d63cfd5bc4e467bc801fa1ecc97ed5869225566f11746fe5d4ff8f65bbc1a79a99a4a6b0f14c47142996aa30110af0232d6d2c8d2ff6e6401dfbe150bdb233955c913b4bb0fed1d0018544e45893f819b10fb7a91976b7e23d4d8e493af5eb1317e2642211d58661139493c8057e223283d9ec29753f06d64bf6f82f960ac83af23d35e4659d425d9da95f6119cc56f41c07ded952ac9b10aa5bcd41cdbbec33cccebdc1c8a81e56879fb51ed57416101d1f25fe06665f88c8761a747a7ec17f7b30d46fc272d62857741ae92087812be5e3684d33dac54c5ea26287fccb734607f7447bfe376c4233d12c696e4a87492bb9da9fa022d0dd172ca4e20d066310408de1769181bb441ff4c6b7702c0c62afdc33e39ca7871450cee15a5f502d5c176976bc93e88e379d033899b51ed44d8f11aca450d4c225019ba4c4e8b656e6c461e1c9680e532e9727e397424a1f31666dbadd34358004936b4e59bf70d8dd3e7bdd500843031aaf6a9665b7af0ba739d3460f583bd124aa9714f10a8cd2a1f20a9376e0a5202368ed479c14a5b7aa1d61bb475d99ff0608443e19445096e995ecc505271ff305acc3ff610a8e04929290095e06ed3f83a55ea570b08132c88a88dea1bcb0728566a183237dc451a380bf22656ca184c7fbfd8355a11d7922acef75"})
bpf$ITER_CREATE(0x21, &(0x7f0000000500)={r0}, 0x8)
r1 = syz_open_dev$ndb(&(0x7f0000000480), 0x0, 0x2)
ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f00000004c0))

05:49:04 executing program 1:
r0 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000000)={0x2, 0x1, 0x10, 0xc, 0x107, &(0x7f0000000080)="57dc31ec589b9fc1983dc3d815e3e77b16d95b4e6816f6e3f23096612252ce3b055ed634413c7c2e45f1ffc39085c42772bfb5c3482c3fd019568901c0f01f5a359f720c467f8ab98cbb0b919ef72b665dcfc08bd314b75eb6a81cec4b2cc20820fdb6496ccedf8170b429eb16f3f916f953fdd17aa246cde5314951db0a3376b325c99b944d357b8826ff761808ea178322a014830d615b568e32560acf43a317765876327b3cafcb209ac9dfac5844c367826e4e7e8abaf1647c60b28210f21c3b59eb523f706542c25c23f19eac06f7e641e2a3ac934ec2b87286ae8690d6516624d71ac8b82f39094f6312a6f47808fe9fe375deec710e19b8a54cf5a033749cdbde5d485709e8b5f28d6cfed11129a2e9848132c369c915da1745e424cacd985f298d63cc2d48d66e7416bb26bc64ab352afc9d4984805d4186537ec087b989b630e11d91a251a4e40fade1e36f7e11793461c4aba795bae236c993a1cfbe274ecc466a9b18a494c8c149a65ec43ba1452497654ed606ba92acbeb1796abf7bbdaa0b25ded80d08084ad3e20044f291fcde12f0d2a60e3ab7fdf1a080099121c7fbf3fc1799b1cea0060ac69dc3115eb188a81d4569ab89ff1c24082bab0894e5e581a83543302de57447b9204af8d642da22f992c321116923fbcbe52b92c6423efc470bf9c9746877c3532d05a5c03ac6f6226148d380a89cd37417381eb4815e8d71b27e90a6b18e2f9bc53a37956804af8e84f514091bc402d63cfd5bc4e467bc801fa1ecc97ed5869225566f11746fe5d4ff8f65bbc1a79a99a4a6b0f14c47142996aa30110af0232d6d2c8d2ff6e6401dfbe150bdb233955c913b4bb0fed1d0018544e45893f819b10fb7a91976b7e23d4d8e493af5eb1317e2642211d58661139493c8057e223283d9ec29753f06d64bf6f82f960ac83af23d35e4659d425d9da95f6119cc56f41c07ded952ac9b10aa5bcd41cdbbec33cccebdc1c8a81e56879fb51ed57416101d1f25fe06665f88c8761a747a7ec17f7b30d46fc272d62857741ae92087812be5e3684d33dac54c5ea26287fccb734607f7447bfe376c4233d12c696e4a87492bb9da9fa022d0dd172ca4e20d066310408de1769181bb441ff4c6b7702c0c62afdc33e39ca7871450cee15a5f502d5c176976bc93e88e379d033899b51ed44d8f11aca450d4c225019ba4c4e8b656e6c461e1c9680e532e9727e397424a1f31666dbadd34358004936b4e59bf70d8dd3e7bdd500843031aaf6a9665b7af0ba739d3460f583bd124aa9714f10a8cd2a1f20a9376e0a5202368ed479c14a5b7aa1d61bb475d99ff0608443e19445096e995ecc505271ff305acc3ff610a8e04929290095e06ed3f83a55ea570b08132c88a88dea1bcb0728566a183237dc451a380bf22656ca184c7fbfd8355a11d7922acef75"}) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000500)={r0}, 0x8)
r1 = syz_open_dev$ndb(&(0x7f0000000480), 0x0, 0x2)
ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f00000004c0))

[ 2534.403093] CPU: 0 PID: 29440 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2534.410985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2534.420336] Call Trace:
[ 2534.422928]  dump_stack+0x1b2/0x281
[ 2534.426565]  should_fail.cold+0x10a/0x149
[ 2534.430715]  should_failslab+0xd6/0x130
[ 2534.434687]  kmem_cache_alloc+0x28e/0x3c0
[ 2534.438831]  __d_alloc+0x2a/0xa20
[ 2534.442280]  d_alloc+0x46/0x240
[ 2534.445554]  d_alloc_parallel+0xd6/0x16b0
[ 2534.449697]  ? lock_acquire+0x170/0x3f0
[ 2534.453668]  ? lock_downgrade+0x740/0x740
[ 2534.457818]  ? __d_lookup_rcu+0x640/0x640
[ 2534.461970]  ? mark_held_locks+0xa6/0xf0
[ 2534.466031]  ? d_lookup+0x172/0x220
[ 2534.469657]  ? d_lookup+0x156/0x220
[ 2534.473278]  lookup_open+0x462/0x1750
[ 2534.477083]  ? vfs_mkdir+0x6e0/0x6e0
[ 2534.480800]  path_openat+0x14bb/0x2970
[ 2534.484686]  ? path_lookupat+0x780/0x780
[ 2534.488742]  ? trace_hardirqs_on+0x10/0x10
[ 2534.492979]  do_filp_open+0x179/0x3c0
[ 2534.496777]  ? may_open_dev+0xe0/0xe0
[ 2534.500566]  ? simple_attr_release+0x40/0x40
[ 2534.504950]  ? do_raw_spin_unlock+0x164/0x220
[ 2534.509421]  ? __alloc_fd+0x1be/0x490
[ 2534.513211]  do_sys_open+0x296/0x410
[ 2534.516929]  ? filp_open+0x60/0x60
[ 2534.520447]  ? __do_page_fault+0x159/0xad0
[ 2534.524658]  ? do_syscall_64+0x4c/0x640
[ 2534.528609]  ? SyS_open+0x30/0x30
[ 2534.532047]  do_syscall_64+0x1d5/0x640
[ 2534.535924]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2534.541089] RIP: 0033:0x7f6a3bf3e284
[ 2534.544789] RSP: 002b:00007f6a3a4fe090 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2534.552480] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf3e284
[ 2534.559736] RDX: 0000000000000000 RSI: 00007f6a3bfe69ab RDI: 00000000ffffff9c
[ 2534.566993] RBP: 00007f6a3bfe69ab R08: 0000000000000000 R09: 0000000000000000
[ 2534.574240] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2534.581485] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
05:49:04 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x8, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) (async)
ioctl$BLKFRASET(r0, 0x1264, &(0x7f0000000080)=0xda7d)

05:49:04 executing program 1:
r0 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000000)={0x2, 0x1, 0x10, 0xc, 0x107, &(0x7f0000000080)="57dc31ec589b9fc1983dc3d815e3e77b16d95b4e6816f6e3f23096612252ce3b055ed634413c7c2e45f1ffc39085c42772bfb5c3482c3fd019568901c0f01f5a359f720c467f8ab98cbb0b919ef72b665dcfc08bd314b75eb6a81cec4b2cc20820fdb6496ccedf8170b429eb16f3f916f953fdd17aa246cde5314951db0a3376b325c99b944d357b8826ff761808ea178322a014830d615b568e32560acf43a317765876327b3cafcb209ac9dfac5844c367826e4e7e8abaf1647c60b28210f21c3b59eb523f706542c25c23f19eac06f7e641e2a3ac934ec2b87286ae8690d6516624d71ac8b82f39094f6312a6f47808fe9fe375deec710e19b8a54cf5a033749cdbde5d485709e8b5f28d6cfed11129a2e9848132c369c915da1745e424cacd985f298d63cc2d48d66e7416bb26bc64ab352afc9d4984805d4186537ec087b989b630e11d91a251a4e40fade1e36f7e11793461c4aba795bae236c993a1cfbe274ecc466a9b18a494c8c149a65ec43ba1452497654ed606ba92acbeb1796abf7bbdaa0b25ded80d08084ad3e20044f291fcde12f0d2a60e3ab7fdf1a080099121c7fbf3fc1799b1cea0060ac69dc3115eb188a81d4569ab89ff1c24082bab0894e5e581a83543302de57447b9204af8d642da22f992c321116923fbcbe52b92c6423efc470bf9c9746877c3532d05a5c03ac6f6226148d380a89cd37417381eb4815e8d71b27e90a6b18e2f9bc53a37956804af8e84f514091bc402d63cfd5bc4e467bc801fa1ecc97ed5869225566f11746fe5d4ff8f65bbc1a79a99a4a6b0f14c47142996aa30110af0232d6d2c8d2ff6e6401dfbe150bdb233955c913b4bb0fed1d0018544e45893f819b10fb7a91976b7e23d4d8e493af5eb1317e2642211d58661139493c8057e223283d9ec29753f06d64bf6f82f960ac83af23d35e4659d425d9da95f6119cc56f41c07ded952ac9b10aa5bcd41cdbbec33cccebdc1c8a81e56879fb51ed57416101d1f25fe06665f88c8761a747a7ec17f7b30d46fc272d62857741ae92087812be5e3684d33dac54c5ea26287fccb734607f7447bfe376c4233d12c696e4a87492bb9da9fa022d0dd172ca4e20d066310408de1769181bb441ff4c6b7702c0c62afdc33e39ca7871450cee15a5f502d5c176976bc93e88e379d033899b51ed44d8f11aca450d4c225019ba4c4e8b656e6c461e1c9680e532e9727e397424a1f31666dbadd34358004936b4e59bf70d8dd3e7bdd500843031aaf6a9665b7af0ba739d3460f583bd124aa9714f10a8cd2a1f20a9376e0a5202368ed479c14a5b7aa1d61bb475d99ff0608443e19445096e995ecc505271ff305acc3ff610a8e04929290095e06ed3f83a55ea570b08132c88a88dea1bcb0728566a183237dc451a380bf22656ca184c7fbfd8355a11d7922acef75"}) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000500)={r0}, 0x8) (async)
r1 = syz_open_dev$ndb(&(0x7f0000000480), 0x0, 0x2)
ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f00000004c0))

05:49:04 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f0000000140), 0x7fffffff, 0x16001) (async)
r1 = syz_open_dev$vcsa(&(0x7f0000000140), 0x7fffffff, 0x16001)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x509800, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8) (async)
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000100)={0x1, 0x1, 0x3f, 0x3, 0x9, 0x7f, 0x9})
read$snapshot(r2, 0x0, 0x0)

05:49:04 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x5)

05:49:04 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000080), 0x82a8, 0x100)
ioctl$VT_ACTIVATE(r1, 0x5606, 0x4)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x14, 0x5, 0x0, 0xc, "ca564a0de70d194b9100"}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x14, 0x5, 0x0, 0xc, "ca564a0de70d194b9100"})
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000040))
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f00000000c0)={&(0x7f0000000240)="4023b59d3bcac5de0e61a5bbbea6b18716c8f74889410530cd4a340f1bcf9a9cf74c33c79260bcb9ad0a89d482ec7eb2c30803de5d62453dc98c5158407b6d9a16c4557700dcc0c279e958294654f4718d7e868d3017d9be9a848853b5185b8c35f70f07ecde7fe0ec3b746b4c425920a9bb832bea5919c790b758061970bdee3e4fc34e0a309fcfa4b0281f54fb8b5f253e35763c42e48b12b63e2aa2089a1bfe0133b7fcf7d104216bbd5be9f02baca9861a43c27e9de5ed43d97fdd2863d96f30a803cb0c88a8653a8aa5e769d97f95f4b8fc011bcd96532f3613c720921a463e468e546bd5875c38a969287d1d911b106593d5350434cf8eb708073e4d3dae9239eee7c4cdc9c85e14d56103c309c2af7f54de3a84fab3193b92a7178424e9e4150474ec066de18ffe0fe726a5f32356a6b53db65cd3dec42fb15f24013503464e6f726ab8d6cb621f142da8acd70d101b722351bbca53793b30e06d46a47aed90064b3e5be67e2dfd8615ddbcf141ab3d20022d077ac6d1548ed6638c7d9bf845bdd85bacb9337e67244c10733e2b75bddde34caf39ebf1d4c3c3f6610e81ab737dad73493e53464028de20b6fa06d5370c48dbd494ef89cc25c9860f0162206d05346f709ed5c2901cd132b0d10daae32019e43770e6ed80a80427b853ef3f1a5b86466a486069e1cf9032471772c1c8c89f09d8b7a766875d4cd6302d5c32133231cf8a9da934f84185e2eb7b325150e4cda39dd29e8cf9b85b6808097a17748f768bf033ac6fff48b47437250bd43bca902ca85c4d5088acb8e41828f45a8c479561644c44ffeee80e792184430b1d5f59f69e8b8cf62f9d9152bbecfbc3ae563ce830ca2bf834f9d791f55c6c71351a48516e2830b23d1955af7ab43d7572d080bfe6b48450a5d67a541550869ed6a3201d98764584d6a7a0b9aa890380ecbdbaa30f2922431a1b18b868ee8c0839a4958732e3c3db99f6403aadecf116dd24ebc8bbc0cf63f5186823a7b8bce54c575f4d3700562ec9a98d8f21ee20d1f9ed50b8b4db210f0dd4a48f87dd9125b5579e6bd27dff9e9384d72b4e4519a679c5bf710ef92364c2704d7882d9b47775d6b1cfb577e182b4d56ae9bc5aabda551cf0554b030d2931e02235e89dfd321475ab44224362e283c669478e7e6452638f3565b30494f6bab12ad57534395aee627d9a9634dbfc08f6275bb7cf167cf9042426c066e9a1cb91a0545c7e9b7a178c90c0e2e3e3678adb115bb5de408276a9064fbe50b82ec2243ffaa39d0ae42ab087dd92c579b30105fb7c8a1997d40e490ed8f464d9659904504c91b79a1ef2100f756e62a25d74fa895e5ce2db1d0f85e2f06db011c061afd3fd2cee982f36df51f242829224f2cb7bf5a142b002a224b30b076a7ebe5215b900cd4c64deafdd3a00f29fccf6d3d0ca059e088805a363cbe7aa25c340c772a58e25541b51b2c1a09405fe83ef8a8cf75d79e5fa227ca946216e8a39719f85081abaca058efb6e0127c632f18dd13607da88d8dc188e9bbb168c83ad44b114f9b15f013f2c1a02990d1d5a6b1b5306885a03d1664c8d1f3207373f68d33d8ed912d6ea216761c7a7c2f95ef3e35926faa85ed6960f0a8e1880f48f52e3af3f504881c1b37c4d06d5aeab0ca140db7a08582397f8972bc011eb29d6c5689c0f7f1c00ce24b434673fac64805a08032a570c388c7a48752ef83f409a5bd7574b8c7ebac953113758d651199d634ed9b65f4db269630bffb79e37a7c6d238fb6c20914527e187a6c2424b824def5566f3ce648ad1cc519c6981492914e3e711eb8833f42a11c1a939eafdcb6d015c3608ad527b176bf9759e8a5c55d5617808f3b09e1636ca467adbf77d22c4b9031b2c142909db9bfe7c4b26b503e842fe6275c68eb719fe926f2d068d938c2141c9893f47f678a7b8f2da74a70740bf2d8ca17e0a33b748db233eeee77f18c11da8a877956c82c57784521df3c5068724c37b5be3455c09aa84b5d23bc45671d6aa1986dec7e513160b826c89b340025bf205507e8d5cf2e6faa95aa72005d3cd5fc46a37ec174b1eb8598eff134e22269aa37fb38bd40792d505efdb232301e5b268a7415dfb4cc9bb3ea794a2d1cc257219b102ebbd4e8ebb869431fd217ad43df6e9abaadcfcefd0b49b37af5bb38859b63f5f1b24efbf61acdfefabcb7257e19a49e515d04820468b2a58addc2d620c0906d9411446a1d8c691ccdee7f9534384e851e1c7396d6b2de7fee8a1820b18d42de2766dba4bdbb64b1854d0df15ce2d7b6497401ea2f53a14b0b357cce9b36e18659c12ca5a7a926f7aa58a304aba84fef8ef2dd9c58569605c72b98a60a2b1c332607111c0e6857ae326b694595acb56e4bc2274984540cb5fbe729b23eaa3cae5e006122e19a59089e31e5c56627a5f5350f3a97f062cb192e788d8115b38d641220e7face5601b875e06317b4d944cde8a22e31121ee86e36a7607b12403b12903107799d091ed53a14312a79f7b72d49ae3557a4fcd72be08c38a17e3bd13e979cf9030571061ffb70a64b6b3b1c378ec966d65ed59eb1f8906a2caa36e1904af69e280781ddd43f6112a07196b57b843a41f465877fe3892b01ff4c064152e79c24edf30ae78694cd8f6e8ffe738b7b342be56b55cff752d37b8f0015760708fa802c8dbe038df1eb4b403f161c1937c080b3ff905eec44f0703383d6a23142fba7453a17ce782212bbca58db7dacc0dfc708d0c0d3a7ecc68b4f6cf205a0dfdbbb4e4c54ccd5eece0b364ac2aebc15e88bf04098d4c97caa34be8f7e185930b99cfccbdf41430aba8a681b9d3ce43c4e78503fe0253e18de62bf5f7a877923a94cc68c6f3294b3adc4cb1caabe2780e1727831c3c1aa093a39f04adf0faff308cca4f23aa7592c3db90e9db4ef50001c4ed4989e50f744eda30fe5a33644f4cf329426add340f438aec55334ab07600fb339dbf20b17f14c2369d21ca6d42769233dbcceda9fc5a0c845deba90fc00a75b21f93cce528c4ff61509f3f4754dca3011f02944cab41a08f9a8b4b3d7640d7c849540638e6bc4b16c00df73b02a7c3a9e4068ad1ccac495a46bc25bc04db6828e080887bd023a437d47aba9a513ac8474c4358258f4eab7e83244b85f24e1c5daa1fdafd81b6b9c966d3c48f88d328e23a977807f222faed066df5d975c1e45f54361e5186e9350948327d052fb5d5a86c8979e67a97223f86c14e8d34b4af2c12a89253e8bdd6ff37559490c27f21454128acc6febef0fa027f0c434af3d90bd07cd43c5c1b9becec22b290170e8071d3a9a56c6e7b7f567d93a611ef7130054a31f1c19f854a3b1159e573b3877794032eac7353c3266ad619949e0726cb0c82a83eabb1bfe423681bfe93888f9ba5092ff4cb9d3229b5140163b833eb4a08ef79eeb4d6b2e36b3208a54feddf2258416631492ef7e753302b64b07fa7c709025c05c3647dcc3d1babd25435c72a47588ef9f2c7a81a8c36bcb2724e93f81efca843cd53c6079c7fdb84bb149b50e4398a58ba1b356abcbbc894580c90df67dc3f853c57fa25332a70900a082f353800d01da072b1a5db96000d49122b2562b479c3f7b2e34c180fa71c5b8aef6994f25e76f13fc8703aac614055ee4a3f264fcf754490a10ad8f1e3059f4ee4c2a6c9c59005e805c11ca6bff1f554fe94846fd5fd86fa54a7754d260b394c843e98cb3e5a3cfb7bd2fb06bc3b5e82caaefbb13f494d07f6632b17c61393cf94f11b2f2c1ed16e8c50cdffb710fe944d7de42fef3f691a776227104866b30427148c73cdaefef7619f399e7db81b4fe812c0176118b05df12e8475fb98a72611daa2d6f005011d70022a28c4ba935eaa794ada247421b7c7096a2c7603074ff195182190f5ee0ef456a127cb19fafbec649a393fc33e76674c2ac9b3039600cf3ac46e661152e8a0556cf0502c95e6705716b9894ceec416e97a55519b5e83db7271a60c9f53465e61cf3c5a2c0eaaa74c13b3cc5bf7a7f992d70e71f1c929162d7abdc7d668668b8f1046e7bc7a61334316dce71617ee1e0e0a4e23c420aa29a7000de9bc771d1c942d369bb33feefbb050405e9242fad27b09509a4dfddda410ef245d06470cf7f165aa240a5e87a8a0c29704697aec09793df0b147270d15be508ed45bade599cde0bbb7595525342c5ebe658e4d83419db09283f06ba2c77d16efc4d56b73845c049d099aa0cef21d5d4b149bb7c101946a4527584323f9508379cff01153e07d1d6b902e36f299fa85911045cba1f25f88a9cd1a06da1e44a5006a88f2355dba7c552e63833ec8d93d20732975cfb5de7017c3a4625c10b8b0a5b27b1496dea3203608c4e9f17cfa6f1aeadaf21a4dfae1abc11540aafa8c869e0b86762c11b54d9fa2c9fe5a097e09ba43032e628cbeba81d7f2c5aa966c43e7fa8889c994f9a50b5b6dd74bcf8c5b7ad1e06f5a6a35a3d552f73e2e578fa3afb64fd10b6a0d286b91f03c481dca5fbf99a296e917d0e349b0c35842494f6a872809517fad261ffce1a79b26a2992e268b5b56018d0e1b06c6f0a6da63cdf89d18a28ac9553da36dcee1733651c32e563811dd62d7af74cbb19d6935bf0d4d8969e60a4311cf94215526ec90a0de8072b9390a89b6088d66d244325d07266e523f0e3c2c402cfe0561e86aefedde5c07191ae6e463e12f77eed58a94186aaf2d267546e6d2df0735d156030cd55a93d419d433db9f48d096390f13db87951b000fd8e8e770ee22acc4bc112c0e95c5c5614afddd783b7f00a339cace94cdec70cb95eccfb7f8af0aae6cd83602ad25cd34e84ca0b20f4ef6a6baf0b2bd413368192426cdbc3972fe0161a1e67a6a436f0aadf6ca9d421b995c5a1a527598882795020921782717ca052a248c85602c519e3ff86f8eb87543c10151c5cda3a717e303797396ba45b7ba05dfa18ab40d562f5b9c5c455e8e3ebacbbf174741e78c5c801dd5533c5a98d50f2412d581a452f3e3d214bd4ebf45697d34014ef06c55ce661fa45796c344c02869678966e4d3e08d927ec9f0bf82f6cd8b316c03cd20dd848e6b40687f39128fa37cb275b5c4c9dd36487b3c242e8d1479fd5d59d462c52b271359bdb461c47002add60d262c45db7adb47f897efc7cb972f71b3952f4e54805a98f591ad64277792a7d2ee60994065a1ae280f72af10c8e9eeb252d849487e2a44d24657ba90ab6dac2c5b1d430c3e73c89de53414410b9c7201094ff681da0780ebe2bd635bb523d17f52cb2bc46595e032a9eebdcbd4bbf8c94726da28088d6933c3d1b0994d2151291d79f7525de3a83a9098aff83336312e63c4a5016607696dc9202ef613dde2a700812ef26934a636850a5c2e526d613f09cd5c4463803add4ba0ec04a3d69b7c17f8b02468acb3729d89356602cd358203fd766b57e7bb6d5e8d646904ddf49b590632bae6651ab43331d67bc46389ffff1faad32148170f5e795579a41adbddcb8d9ccfb4dd1be62386a5f7ce0ad3455f663b8108ba0746fef9d831ba840ecdbbaf4a3539e33cc76d7f82efbb8ffd570014d6e0273780b55de1c8b21d9e4481876cac7c241e7314688066ce6c3302c82c6bf62cf3af61ea4aa9f0266e1a3138c66a99f35e5242ffeb86f72d2949f0bdef1e6117941d8d8f3d575a9501d7691e977c0f26c8ba9cb72a698ba14c0a638592369e1e201a1c1b3891fa51deaea1749e6e729bcc044a8506267b494989756ace96833714e25cbd018b3580bad8cd8d", 0x1000, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r1, 0xc00464be, &(0x7f0000000100)={r2}) (async)
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r1, 0xc00464be, &(0x7f0000000100)={r2})
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)=0x1)

05:49:04 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 9)

05:49:04 executing program 3:
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x5)

05:49:04 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000000))

05:49:04 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10040)
read$snapshot(r0, 0x0, 0x12)

05:49:04 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000080), 0x82a8, 0x100)
ioctl$VT_ACTIVATE(r1, 0x5606, 0x4) (async, rerun: 32)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x14, 0x5, 0x0, 0xc, "ca564a0de70d194b9100"}) (async, rerun: 32)
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000040)) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f00000000c0)={&(0x7f0000000240)="4023b59d3bcac5de0e61a5bbbea6b18716c8f74889410530cd4a340f1bcf9a9cf74c33c79260bcb9ad0a89d482ec7eb2c30803de5d62453dc98c5158407b6d9a16c4557700dcc0c279e958294654f4718d7e868d3017d9be9a848853b5185b8c35f70f07ecde7fe0ec3b746b4c425920a9bb832bea5919c790b758061970bdee3e4fc34e0a309fcfa4b0281f54fb8b5f253e35763c42e48b12b63e2aa2089a1bfe0133b7fcf7d104216bbd5be9f02baca9861a43c27e9de5ed43d97fdd2863d96f30a803cb0c88a8653a8aa5e769d97f95f4b8fc011bcd96532f3613c720921a463e468e546bd5875c38a969287d1d911b106593d5350434cf8eb708073e4d3dae9239eee7c4cdc9c85e14d56103c309c2af7f54de3a84fab3193b92a7178424e9e4150474ec066de18ffe0fe726a5f32356a6b53db65cd3dec42fb15f24013503464e6f726ab8d6cb621f142da8acd70d101b722351bbca53793b30e06d46a47aed90064b3e5be67e2dfd8615ddbcf141ab3d20022d077ac6d1548ed6638c7d9bf845bdd85bacb9337e67244c10733e2b75bddde34caf39ebf1d4c3c3f6610e81ab737dad73493e53464028de20b6fa06d5370c48dbd494ef89cc25c9860f0162206d05346f709ed5c2901cd132b0d10daae32019e43770e6ed80a80427b853ef3f1a5b86466a486069e1cf9032471772c1c8c89f09d8b7a766875d4cd6302d5c32133231cf8a9da934f84185e2eb7b325150e4cda39dd29e8cf9b85b6808097a17748f768bf033ac6fff48b47437250bd43bca902ca85c4d5088acb8e41828f45a8c479561644c44ffeee80e792184430b1d5f59f69e8b8cf62f9d9152bbecfbc3ae563ce830ca2bf834f9d791f55c6c71351a48516e2830b23d1955af7ab43d7572d080bfe6b48450a5d67a541550869ed6a3201d98764584d6a7a0b9aa890380ecbdbaa30f2922431a1b18b868ee8c0839a4958732e3c3db99f6403aadecf116dd24ebc8bbc0cf63f5186823a7b8bce54c575f4d3700562ec9a98d8f21ee20d1f9ed50b8b4db210f0dd4a48f87dd9125b5579e6bd27dff9e9384d72b4e4519a679c5bf710ef92364c2704d7882d9b47775d6b1cfb577e182b4d56ae9bc5aabda551cf0554b030d2931e02235e89dfd321475ab44224362e283c669478e7e6452638f3565b30494f6bab12ad57534395aee627d9a9634dbfc08f6275bb7cf167cf9042426c066e9a1cb91a0545c7e9b7a178c90c0e2e3e3678adb115bb5de408276a9064fbe50b82ec2243ffaa39d0ae42ab087dd92c579b30105fb7c8a1997d40e490ed8f464d9659904504c91b79a1ef2100f756e62a25d74fa895e5ce2db1d0f85e2f06db011c061afd3fd2cee982f36df51f242829224f2cb7bf5a142b002a224b30b076a7ebe5215b900cd4c64deafdd3a00f29fccf6d3d0ca059e088805a363cbe7aa25c340c772a58e25541b51b2c1a09405fe83ef8a8cf75d79e5fa227ca946216e8a39719f85081abaca058efb6e0127c632f18dd13607da88d8dc188e9bbb168c83ad44b114f9b15f013f2c1a02990d1d5a6b1b5306885a03d1664c8d1f3207373f68d33d8ed912d6ea216761c7a7c2f95ef3e35926faa85ed6960f0a8e1880f48f52e3af3f504881c1b37c4d06d5aeab0ca140db7a08582397f8972bc011eb29d6c5689c0f7f1c00ce24b434673fac64805a08032a570c388c7a48752ef83f409a5bd7574b8c7ebac953113758d651199d634ed9b65f4db269630bffb79e37a7c6d238fb6c20914527e187a6c2424b824def5566f3ce648ad1cc519c6981492914e3e711eb8833f42a11c1a939eafdcb6d015c3608ad527b176bf9759e8a5c55d5617808f3b09e1636ca467adbf77d22c4b9031b2c142909db9bfe7c4b26b503e842fe6275c68eb719fe926f2d068d938c2141c9893f47f678a7b8f2da74a70740bf2d8ca17e0a33b748db233eeee77f18c11da8a877956c82c57784521df3c5068724c37b5be3455c09aa84b5d23bc45671d6aa1986dec7e513160b826c89b340025bf205507e8d5cf2e6faa95aa72005d3cd5fc46a37ec174b1eb8598eff134e22269aa37fb38bd40792d505efdb232301e5b268a7415dfb4cc9bb3ea794a2d1cc257219b102ebbd4e8ebb869431fd217ad43df6e9abaadcfcefd0b49b37af5bb38859b63f5f1b24efbf61acdfefabcb7257e19a49e515d04820468b2a58addc2d620c0906d9411446a1d8c691ccdee7f9534384e851e1c7396d6b2de7fee8a1820b18d42de2766dba4bdbb64b1854d0df15ce2d7b6497401ea2f53a14b0b357cce9b36e18659c12ca5a7a926f7aa58a304aba84fef8ef2dd9c58569605c72b98a60a2b1c332607111c0e6857ae326b694595acb56e4bc2274984540cb5fbe729b23eaa3cae5e006122e19a59089e31e5c56627a5f5350f3a97f062cb192e788d8115b38d641220e7face5601b875e06317b4d944cde8a22e31121ee86e36a7607b12403b12903107799d091ed53a14312a79f7b72d49ae3557a4fcd72be08c38a17e3bd13e979cf9030571061ffb70a64b6b3b1c378ec966d65ed59eb1f8906a2caa36e1904af69e280781ddd43f6112a07196b57b843a41f465877fe3892b01ff4c064152e79c24edf30ae78694cd8f6e8ffe738b7b342be56b55cff752d37b8f0015760708fa802c8dbe038df1eb4b403f161c1937c080b3ff905eec44f0703383d6a23142fba7453a17ce782212bbca58db7dacc0dfc708d0c0d3a7ecc68b4f6cf205a0dfdbbb4e4c54ccd5eece0b364ac2aebc15e88bf04098d4c97caa34be8f7e185930b99cfccbdf41430aba8a681b9d3ce43c4e78503fe0253e18de62bf5f7a877923a94cc68c6f3294b3adc4cb1caabe2780e1727831c3c1aa093a39f04adf0faff308cca4f23aa7592c3db90e9db4ef50001c4ed4989e50f744eda30fe5a33644f4cf329426add340f438aec55334ab07600fb339dbf20b17f14c2369d21ca6d42769233dbcceda9fc5a0c845deba90fc00a75b21f93cce528c4ff61509f3f4754dca3011f02944cab41a08f9a8b4b3d7640d7c849540638e6bc4b16c00df73b02a7c3a9e4068ad1ccac495a46bc25bc04db6828e080887bd023a437d47aba9a513ac8474c4358258f4eab7e83244b85f24e1c5daa1fdafd81b6b9c966d3c48f88d328e23a977807f222faed066df5d975c1e45f54361e5186e9350948327d052fb5d5a86c8979e67a97223f86c14e8d34b4af2c12a89253e8bdd6ff37559490c27f21454128acc6febef0fa027f0c434af3d90bd07cd43c5c1b9becec22b290170e8071d3a9a56c6e7b7f567d93a611ef7130054a31f1c19f854a3b1159e573b3877794032eac7353c3266ad619949e0726cb0c82a83eabb1bfe423681bfe93888f9ba5092ff4cb9d3229b5140163b833eb4a08ef79eeb4d6b2e36b3208a54feddf2258416631492ef7e753302b64b07fa7c709025c05c3647dcc3d1babd25435c72a47588ef9f2c7a81a8c36bcb2724e93f81efca843cd53c6079c7fdb84bb149b50e4398a58ba1b356abcbbc894580c90df67dc3f853c57fa25332a70900a082f353800d01da072b1a5db96000d49122b2562b479c3f7b2e34c180fa71c5b8aef6994f25e76f13fc8703aac614055ee4a3f264fcf754490a10ad8f1e3059f4ee4c2a6c9c59005e805c11ca6bff1f554fe94846fd5fd86fa54a7754d260b394c843e98cb3e5a3cfb7bd2fb06bc3b5e82caaefbb13f494d07f6632b17c61393cf94f11b2f2c1ed16e8c50cdffb710fe944d7de42fef3f691a776227104866b30427148c73cdaefef7619f399e7db81b4fe812c0176118b05df12e8475fb98a72611daa2d6f005011d70022a28c4ba935eaa794ada247421b7c7096a2c7603074ff195182190f5ee0ef456a127cb19fafbec649a393fc33e76674c2ac9b3039600cf3ac46e661152e8a0556cf0502c95e6705716b9894ceec416e97a55519b5e83db7271a60c9f53465e61cf3c5a2c0eaaa74c13b3cc5bf7a7f992d70e71f1c929162d7abdc7d668668b8f1046e7bc7a61334316dce71617ee1e0e0a4e23c420aa29a7000de9bc771d1c942d369bb33feefbb050405e9242fad27b09509a4dfddda410ef245d06470cf7f165aa240a5e87a8a0c29704697aec09793df0b147270d15be508ed45bade599cde0bbb7595525342c5ebe658e4d83419db09283f06ba2c77d16efc4d56b73845c049d099aa0cef21d5d4b149bb7c101946a4527584323f9508379cff01153e07d1d6b902e36f299fa85911045cba1f25f88a9cd1a06da1e44a5006a88f2355dba7c552e63833ec8d93d20732975cfb5de7017c3a4625c10b8b0a5b27b1496dea3203608c4e9f17cfa6f1aeadaf21a4dfae1abc11540aafa8c869e0b86762c11b54d9fa2c9fe5a097e09ba43032e628cbeba81d7f2c5aa966c43e7fa8889c994f9a50b5b6dd74bcf8c5b7ad1e06f5a6a35a3d552f73e2e578fa3afb64fd10b6a0d286b91f03c481dca5fbf99a296e917d0e349b0c35842494f6a872809517fad261ffce1a79b26a2992e268b5b56018d0e1b06c6f0a6da63cdf89d18a28ac9553da36dcee1733651c32e563811dd62d7af74cbb19d6935bf0d4d8969e60a4311cf94215526ec90a0de8072b9390a89b6088d66d244325d07266e523f0e3c2c402cfe0561e86aefedde5c07191ae6e463e12f77eed58a94186aaf2d267546e6d2df0735d156030cd55a93d419d433db9f48d096390f13db87951b000fd8e8e770ee22acc4bc112c0e95c5c5614afddd783b7f00a339cace94cdec70cb95eccfb7f8af0aae6cd83602ad25cd34e84ca0b20f4ef6a6baf0b2bd413368192426cdbc3972fe0161a1e67a6a436f0aadf6ca9d421b995c5a1a527598882795020921782717ca052a248c85602c519e3ff86f8eb87543c10151c5cda3a717e303797396ba45b7ba05dfa18ab40d562f5b9c5c455e8e3ebacbbf174741e78c5c801dd5533c5a98d50f2412d581a452f3e3d214bd4ebf45697d34014ef06c55ce661fa45796c344c02869678966e4d3e08d927ec9f0bf82f6cd8b316c03cd20dd848e6b40687f39128fa37cb275b5c4c9dd36487b3c242e8d1479fd5d59d462c52b271359bdb461c47002add60d262c45db7adb47f897efc7cb972f71b3952f4e54805a98f591ad64277792a7d2ee60994065a1ae280f72af10c8e9eeb252d849487e2a44d24657ba90ab6dac2c5b1d430c3e73c89de53414410b9c7201094ff681da0780ebe2bd635bb523d17f52cb2bc46595e032a9eebdcbd4bbf8c94726da28088d6933c3d1b0994d2151291d79f7525de3a83a9098aff83336312e63c4a5016607696dc9202ef613dde2a700812ef26934a636850a5c2e526d613f09cd5c4463803add4ba0ec04a3d69b7c17f8b02468acb3729d89356602cd358203fd766b57e7bb6d5e8d646904ddf49b590632bae6651ab43331d67bc46389ffff1faad32148170f5e795579a41adbddcb8d9ccfb4dd1be62386a5f7ce0ad3455f663b8108ba0746fef9d831ba840ecdbbaf4a3539e33cc76d7f82efbb8ffd570014d6e0273780b55de1c8b21d9e4481876cac7c241e7314688066ce6c3302c82c6bf62cf3af61ea4aa9f0266e1a3138c66a99f35e5242ffeb86f72d2949f0bdef1e6117941d8d8f3d575a9501d7691e977c0f26c8ba9cb72a698ba14c0a638592369e1e201a1c1b3891fa51deaea1749e6e729bcc044a8506267b494989756ace96833714e25cbd018b3580bad8cd8d", 0x1000, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r1, 0xc00464be, &(0x7f0000000100)={r2}) (async, rerun: 32)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)=0x1) (rerun: 32)

[ 2535.239495] FAULT_INJECTION: forcing a failure.
[ 2535.239495] name failslab, interval 1, probability 0, space 0, times 0
[ 2535.270533] CPU: 0 PID: 29485 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2535.278434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
05:49:04 executing program 3:
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x5)

05:49:04 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async, rerun: 64)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000000)) (rerun: 64)

[ 2535.287783] Call Trace:
[ 2535.290377]  dump_stack+0x1b2/0x281
[ 2535.294008]  should_fail.cold+0x10a/0x149
[ 2535.298156]  should_failslab+0xd6/0x130
[ 2535.302134]  kmem_cache_alloc+0x28e/0x3c0
[ 2535.306277]  ? proc_i_callback+0x20/0x20
[ 2535.310341]  proc_alloc_inode+0x18/0x1a0
[ 2535.314399]  ? proc_i_callback+0x20/0x20
[ 2535.318460]  alloc_inode+0x5d/0x170
[ 2535.322087]  new_inode+0x1d/0xf0
[ 2535.325448]  proc_pid_make_inode+0x22/0x230
[ 2535.329762]  proc_ns_instantiate+0x47/0x100
[ 2535.334101]  proc_ns_dir_lookup+0x1a2/0x250
[ 2535.338422]  ? proc_ns_get_link+0x160/0x160
[ 2535.342735]  lookup_open+0x5c4/0x1750
[ 2535.346539]  ? vfs_mkdir+0x6e0/0x6e0
[ 2535.350262]  path_openat+0x14bb/0x2970
[ 2535.354150]  ? path_lookupat+0x780/0x780
[ 2535.358210]  ? trace_hardirqs_on+0x10/0x10
[ 2535.362445]  do_filp_open+0x179/0x3c0
[ 2535.366239]  ? may_open_dev+0xe0/0xe0
[ 2535.370028]  ? simple_attr_release+0x40/0x40
[ 2535.374415]  ? do_raw_spin_unlock+0x164/0x220
[ 2535.378886]  ? __alloc_fd+0x1be/0x490
[ 2535.382676]  do_sys_open+0x296/0x410
[ 2535.386388]  ? filp_open+0x60/0x60
[ 2535.389922]  ? __do_page_fault+0x159/0xad0
[ 2535.394152]  ? do_syscall_64+0x4c/0x640
[ 2535.398109]  ? SyS_open+0x30/0x30
[ 2535.401724]  do_syscall_64+0x1d5/0x640
[ 2535.405605]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2535.410778] RIP: 0033:0x7f6a3bf3e284
[ 2535.414466] RSP: 002b:00007f6a3a4fe090 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2535.422157] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf3e284
[ 2535.429411] RDX: 0000000000000000 RSI: 00007f6a3bfe69ab RDI: 00000000ffffff9c
[ 2535.436656] RBP: 00007f6a3bfe69ab R08: 0000000000000000 R09: 0000000000000000
[ 2535.443901] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2535.451155] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
05:49:05 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
sendmsg$SOCK_DESTROY(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="14010000150000032cbd7000dbdbdf251d1f51000100107eb15518c3ed149b06166fddf852f10676403556f44c11f967978f05683ca9cf8c6db53c73f4ff1034ade8a3d92c2395a701e316ef368c59369ba146cf51510b08e7ad1a881cc9c827a1e8e1000000aa00010010d91ba4bcde416210e2eed762875d00c318cbc507813397588e9ba35df7e86d0fcf2281041abc1d5c08e979b27db4e345fb214eacb5ba3db144fca2decbd2afbf5a107d4b536081817e2dfa67c36f42699da720412611c7ac22f6cfb25140d51999b9e792143751879784cf1094b14095562bed19c0743ff4e1ae8928b188993115b3e0a346ba96c66c81bb871b2f9535448b742a92505de7eac854299ff80000000000000003000000"], 0x114}}, 0x10)
r2 = syz_open_dev$dri(&(0x7f00000015c0), 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r2})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r3, 0x3312, 0xfff)

05:49:05 executing program 3:
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x5)

05:49:05 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f0000000000))

05:49:05 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10040)
read$snapshot(r0, 0x0, 0x12)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10040) (async)
read$snapshot(r0, 0x0, 0x12) (async)

05:49:05 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCMBIS(0xffffffffffffffff, 0x5416, &(0x7f0000000000)=0x1)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$KIOCSOUND(r0, 0x4b2f, 0x7)

05:49:05 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 10)

05:49:05 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCMBIS(0xffffffffffffffff, 0x5416, &(0x7f0000000000)=0x1) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$KIOCSOUND(r0, 0x4b2f, 0x7)

05:49:05 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x5)

05:49:05 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
syz_open_dev$vcsa(&(0x7f0000000080), 0xd90, 0x2000)
bpf$LINK_DETACH(0x22, &(0x7f00000000c0), 0xfcfb)

[ 2536.109455] FAULT_INJECTION: forcing a failure.
[ 2536.109455] name failslab, interval 1, probability 0, space 0, times 0
[ 2536.122542] CPU: 0 PID: 29518 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2536.130433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2536.139783] Call Trace:
[ 2536.142370]  dump_stack+0x1b2/0x281
[ 2536.145999]  should_fail.cold+0x10a/0x149
[ 2536.150150]  should_failslab+0xd6/0x130
[ 2536.154124]  kmem_cache_alloc+0x28e/0x3c0
05:49:05 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x10040)
read$snapshot(r0, 0x0, 0x12)

05:49:05 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TIOCMBIS(0xffffffffffffffff, 0x5416, &(0x7f0000000000)=0x1)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$KIOCSOUND(r0, 0x4b2f, 0x7)

05:49:05 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x100)
read$snapshot(r0, 0x0, 0x12)

[ 2536.158281]  alloc_inode+0xa0/0x170
[ 2536.158291]  new_inode_pseudo+0x14/0xe0
[ 2536.158301]  __ns_get_path+0xf8/0x6f0
[ 2536.158314]  ns_get_path+0x55/0xa0
[ 2536.158327]  proc_ns_get_link+0x12e/0x160
[ 2536.158337]  ? proc_ns_readlink+0x1c0/0x1c0
[ 2536.158350]  ? security_inode_follow_link+0xca/0x100
[ 2536.158363]  trailing_symlink+0x59c/0x750
[ 2536.158372]  ? proc_ns_readlink+0x1c0/0x1c0
[ 2536.158384]  path_openat+0x795/0x2970
[ 2536.158402]  ? path_lookupat+0x780/0x780
[ 2536.158413]  ? trace_hardirqs_on+0x10/0x10
[ 2536.158429]  do_filp_open+0x179/0x3c0
[ 2536.158438]  ? may_open_dev+0xe0/0xe0
[ 2536.158457]  ? do_raw_spin_unlock+0x164/0x220
[ 2536.158467]  ? __alloc_fd+0x1be/0x490
[ 2536.158483]  do_sys_open+0x296/0x410
[ 2536.158494]  ? filp_open+0x60/0x60
[ 2536.158507]  ? __do_page_fault+0x159/0xad0
[ 2536.158516]  ? do_syscall_64+0x4c/0x640
[ 2536.158524]  ? SyS_open+0x30/0x30
[ 2536.158534]  do_syscall_64+0x1d5/0x640
[ 2536.158550]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2536.158559] RIP: 0033:0x7f6a3bf3e284
[ 2536.158564] RSP: 002b:00007f6a3a4fe090 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2536.158574] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf3e284
[ 2536.158580] RDX: 0000000000000000 RSI: 00007f6a3bfe69ab RDI: 00000000ffffff9c
[ 2536.158586] RBP: 00007f6a3bfe69ab R08: 0000000000000000 R09: 0000000000000000
[ 2536.158591] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2536.158596] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
05:49:06 executing program 5:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
sendmsg$SOCK_DESTROY(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="14010000150000032cbd7000dbdbdf251d1f51000100107eb15518c3ed149b06166fddf852f10676403556f44c11f967978f05683ca9cf8c6db53c73f4ff1034ade8a3d92c2395a701e316ef368c59369ba146cf51510b08e7ad1a881cc9c827a1e8e1000000aa00010010d91ba4bcde416210e2eed762875d00c318cbc507813397588e9ba35df7e86d0fcf2281041abc1d5c08e979b27db4e345fb214eacb5ba3db144fca2decbd2afbf5a107d4b536081817e2dfa67c36f42699da720412611c7ac22f6cfb25140d51999b9e792143751879784cf1094b14095562bed19c0743ff4e1ae8928b188993115b3e0a346ba96c66c81bb871b2f9535448b742a92505de7eac854299ff80000000000000003000000"], 0x114}}, 0x10)
syz_open_dev$dri(&(0x7f00000015c0), 0x0, 0x0) (async)
r2 = syz_open_dev$dri(&(0x7f00000015c0), 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r2})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r3, 0x3312, 0xfff)

05:49:06 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x5)

05:49:06 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 11)

05:49:06 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSBRK(r0, 0x5409, 0x6)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:06 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)
syz_open_dev$vcsa(&(0x7f0000000080), 0xd90, 0x2000) (async, rerun: 64)
bpf$LINK_DETACH(0x22, &(0x7f00000000c0), 0xfcfb) (rerun: 64)

05:49:06 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x100)
read$snapshot(r0, 0x0, 0x12)

05:49:06 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x5)

05:49:06 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSBRK(r0, 0x5409, 0x6)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:06 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)
syz_open_dev$vcsa(&(0x7f0000000080), 0xd90, 0x2000) (async)
bpf$LINK_DETACH(0x22, &(0x7f00000000c0), 0xfcfb)

[ 2536.987723] FAULT_INJECTION: forcing a failure.
[ 2536.987723] name failslab, interval 1, probability 0, space 0, times 0
[ 2537.012014] CPU: 0 PID: 29553 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2537.019914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2537.029265] Call Trace:
[ 2537.031848]  dump_stack+0x1b2/0x281
05:49:06 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, 0x0)

05:49:06 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 12)

05:49:06 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSBRK(r0, 0x5409, 0x6) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

[ 2537.035488]  should_fail.cold+0x10a/0x149
[ 2537.035503]  should_failslab+0xd6/0x130
[ 2537.035515]  kmem_cache_alloc+0x28e/0x3c0
[ 2537.035528]  __d_alloc+0x2a/0xa20
[ 2537.035541]  __ns_get_path+0x2df/0x6f0
[ 2537.035551]  ns_get_path+0x55/0xa0
[ 2537.035563]  proc_ns_get_link+0x12e/0x160
[ 2537.035573]  ? proc_ns_readlink+0x1c0/0x1c0
[ 2537.035585]  ? security_inode_follow_link+0xca/0x100
[ 2537.035598]  trailing_symlink+0x59c/0x750
[ 2537.035606]  ? proc_ns_readlink+0x1c0/0x1c0
[ 2537.035616]  path_openat+0x795/0x2970
[ 2537.035632]  ? path_lookupat+0x780/0x780
[ 2537.035643]  ? trace_hardirqs_on+0x10/0x10
[ 2537.035657]  do_filp_open+0x179/0x3c0
[ 2537.035664]  ? may_open_dev+0xe0/0xe0
[ 2537.035681]  ? do_raw_spin_unlock+0x164/0x220
[ 2537.035691]  ? __alloc_fd+0x1be/0x490
[ 2537.035705]  do_sys_open+0x296/0x410
[ 2537.035715]  ? filp_open+0x60/0x60
[ 2537.035727]  ? __do_page_fault+0x159/0xad0
[ 2537.035736]  ? do_syscall_64+0x4c/0x640
[ 2537.035744]  ? SyS_open+0x30/0x30
[ 2537.035754]  do_syscall_64+0x1d5/0x640
[ 2537.035769]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2537.035778] RIP: 0033:0x7f6a3bf3e284
[ 2537.035782] RSP: 002b:00007f6a3a4fe090 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 2537.035790] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf3e284
[ 2537.035795] RDX: 0000000000000000 RSI: 00007f6a3bfe69ab RDI: 00000000ffffff9c
[ 2537.035799] RBP: 00007f6a3bfe69ab R08: 0000000000000000 R09: 0000000000000000
[ 2537.035804] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 2537.035808] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
[ 2537.084548] FAULT_INJECTION: forcing a failure.
[ 2537.084548] name failslab, interval 1, probability 0, space 0, times 0
[ 2537.084560] CPU: 0 PID: 29568 Comm: syz-executor.2 Not tainted 4.14.307-syzkaller #0
[ 2537.084566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2537.084569] Call Trace:
[ 2537.084585]  dump_stack+0x1b2/0x281
[ 2537.084601]  should_fail.cold+0x10a/0x149
[ 2537.084616]  should_failslab+0xd6/0x130
[ 2537.084628]  kmem_cache_alloc+0x28e/0x3c0
[ 2537.084655]  create_new_namespaces+0x30/0x720
[ 2537.084671]  SyS_setns+0x184/0x2b0
[ 2537.084681]  ? exit_task_namespaces+0x20/0x20
[ 2537.084693]  do_syscall_64+0x1d5/0x640
[ 2537.084708]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2537.084716] RIP: 0033:0x7f6a3bf8d6e7
[ 2537.084722] RSP: 002b:00007f6a3a4fe108 EFLAGS: 00000246 ORIG_RAX: 0000000000000134
[ 2537.084733] RAX: ffffffffffffffda RBX: 00007f6a3c0abf80 RCX: 00007f6a3bf8d6e7
[ 2537.084739] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000000c9
[ 2537.084744] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
[ 2537.084750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2537.084755] R13: 00007ffd8aebf21f R14: 00007f6a3a4fe300 R15: 0000000000022000
05:49:07 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
sendmsg$SOCK_DESTROY(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="14010000150000032cbd7000dbdbdf251d1f51000100107eb15518c3ed149b06166fddf852f10676403556f44c11f967978f05683ca9cf8c6db53c73f4ff1034ade8a3d92c2395a701e316ef368c59369ba146cf51510b08e7ad1a881cc9c827a1e8e1000000aa00010010d91ba4bcde416210e2eed762875d00c318cbc507813397588e9ba35df7e86d0fcf2281041abc1d5c08e979b27db4e345fb214eacb5ba3db144fca2decbd2afbf5a107d4b536081817e2dfa67c36f42699da720412611c7ac22f6cfb25140d51999b9e792143751879784cf1094b14095562bed19c0743ff4e1ae8928b188993115b3e0a346ba96c66c81bb871b2f9535448b742a92505de7eac854299ff80000000000000003000000"], 0x114}}, 0x10) (async)
r2 = syz_open_dev$dri(&(0x7f00000015c0), 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r2})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r3, 0x3312, 0xfff)

05:49:07 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (fail_nth: 13)

05:49:07 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, 0x0)

05:49:07 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
semctl$IPC_SET(0xffffffffffffffff, 0x0, 0x1, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x3eba02, 0x0)
syz_open_pts(r1, 0x8b00)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCMBIS(r2, 0x5416, &(0x7f0000000080)=0x1)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000000)={0x2, 0x1, 0x12, 0x1c, 0xac, &(0x7f0000000240)="f642b07af719e44c97d48f7ddb27752df0697b424029f5724670073ba7f9da11748756dfcec76815bf194ef647d3ac50ad6ec0d11cde1e895ec6b942459d01ed67227fef89bbf6e0c48e510c8de30ee5fa370ef937bea2d543dd91e9b8024f4dd306ee51afaac494ef4ca34cef2c436a81306c1b09c836f95be9ccf51506abbe57093cb3a215b46bd114e21d26fb81d0a7ef601c9b98bd8b4d590c4038f791d950c24b38bbe5077e34bf1a310a106bd9106c0264f31f5d56a9f08435702880a9379368f0daeffbae3766fd22bce37842cc9a5f176f2240e3bf5c68277e11686149b0db94da74b58eab4bb5bb3f09542d5ecc4157c1e1e220521a3fbb2e80edd7fbd28af56e05d2c69d145541b1d21f39649b5c8c58c3a6801c4cb2ab64ffae1b24be734e87a08f30f34f2a0f81a6f3b2422f0c64ac8976b24af8fd8abeb4532f3f69febd281cf3f46a85fd3af7a27ec9a085c1c3711127a35ce9acc421f66375b3666a11c2642a9901368cf3d302ab40734120208a76155e884d9fe64cdbb23a97ab7a5dd8f8e69711ef065a84525d065458e1a6d13991c49299cf7fd551650c72f3fac3a12ece5ba96d73295c71888b2b2f71ecad5954791900c464b71137e62359f677cfc1b6e18dbdd2e1f372b4b52af26c367e6b970803ec5936d2dcf01b80970cda5a031c3b0c575bcf20a968f775513d5dd6b3a60ea173e8fb06ea22ad51e0186033e9976870e254e2307c892ed1896c6f24c0f8d54384f3ed18069a16c2df8e67d48b5e9b3c9058268a8fe35c298316e407a0e084fef321d5d64a9aba16a55593409a21aa8ceb724a46bf336156abd7037043e5e601942871e0dc8d750c50ffb8dc555ebf77ec6688ec972353df2fa9ab3ab7d67109097234edad1420c8ca21eee7f28cd478d644e6baf82b60a8587c963cf782455dcb314bf7863fc529d3486a61c8195652e3a65c62e4365f4480ed3282440312383b562b2babbf5c921980219772ee43c6bc4cb390fa7bb8168f74ff3f05bb11ca5ab2e8e79e300bbf66a60f4b33d7681ce50a7f3153ad980ae1b3a772178f6994199894c6b183b8bac08af843dd31dacebba5f30c71c4321a54440b7f913f4158f418c50ab125c1c2397a475e206e2f3c40a7afd0914867b122f6fe89146e1df8a4b8d737f3f02d0d0517f158bc2f8cd0b3ae60de2b77f98658fd177523ba74c4cba6a1ca34972f34e0a14508420982fa57d5d944ff15f11068dc587c83d67a0b2997cb889ab24712537e304bcae8cac03419f3dae0605650d42ecd785ea5d7cd7561039b0d286bc9a616a4b22fecedca5b0528ee7650e04aea97b97c896b7640ffa8c852c55aeac6af92af97acdd0548c52e2a2dd7eb339eb2390a98acd0769165a2988e4334136391ed4df8269ccc00d1b5373a45a58564a00d7748ddf76a02eb65dfd097601f"})

05:49:07 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x4000, 0x705980)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, r0, 0x7}, 0x10)

05:49:07 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x100)
read$snapshot(r0, 0x0, 0x12)

05:49:07 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000100)={0xb9, 0x6, 0x648, 0x743, 0x8, 0x1f})
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
capset(&(0x7f0000000080), &(0x7f00000000c0)={0x7fffffff, 0x6e, 0x5, 0xffffffff, 0x2, 0x651})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:07 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x4000, 0x705980)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, r0, 0x7}, 0x10)

05:49:07 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
semctl$IPC_SET(0xffffffffffffffff, 0x0, 0x1, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x3eba02, 0x0)
syz_open_pts(r1, 0x8b00)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCMBIS(r2, 0x5416, &(0x7f0000000080)=0x1)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000000)={0x2, 0x1, 0x12, 0x1c, 0xac, &(0x7f0000000240)="f642b07af719e44c97d48f7ddb27752df0697b424029f5724670073ba7f9da11748756dfcec76815bf194ef647d3ac50ad6ec0d11cde1e895ec6b942459d01ed67227fef89bbf6e0c48e510c8de30ee5fa370ef937bea2d543dd91e9b8024f4dd306ee51afaac494ef4ca34cef2c436a81306c1b09c836f95be9ccf51506abbe57093cb3a215b46bd114e21d26fb81d0a7ef601c9b98bd8b4d590c4038f791d950c24b38bbe5077e34bf1a310a106bd9106c0264f31f5d56a9f08435702880a9379368f0daeffbae3766fd22bce37842cc9a5f176f2240e3bf5c68277e11686149b0db94da74b58eab4bb5bb3f09542d5ecc4157c1e1e220521a3fbb2e80edd7fbd28af56e05d2c69d145541b1d21f39649b5c8c58c3a6801c4cb2ab64ffae1b24be734e87a08f30f34f2a0f81a6f3b2422f0c64ac8976b24af8fd8abeb4532f3f69febd281cf3f46a85fd3af7a27ec9a085c1c3711127a35ce9acc421f66375b3666a11c2642a9901368cf3d302ab40734120208a76155e884d9fe64cdbb23a97ab7a5dd8f8e69711ef065a84525d065458e1a6d13991c49299cf7fd551650c72f3fac3a12ece5ba96d73295c71888b2b2f71ecad5954791900c464b71137e62359f677cfc1b6e18dbdd2e1f372b4b52af26c367e6b970803ec5936d2dcf01b80970cda5a031c3b0c575bcf20a968f775513d5dd6b3a60ea173e8fb06ea22ad51e0186033e9976870e254e2307c892ed1896c6f24c0f8d54384f3ed18069a16c2df8e67d48b5e9b3c9058268a8fe35c298316e407a0e084fef321d5d64a9aba16a55593409a21aa8ceb724a46bf336156abd7037043e5e601942871e0dc8d750c50ffb8dc555ebf77ec6688ec972353df2fa9ab3ab7d67109097234edad1420c8ca21eee7f28cd478d644e6baf82b60a8587c963cf782455dcb314bf7863fc529d3486a61c8195652e3a65c62e4365f4480ed3282440312383b562b2babbf5c921980219772ee43c6bc4cb390fa7bb8168f74ff3f05bb11ca5ab2e8e79e300bbf66a60f4b33d7681ce50a7f3153ad980ae1b3a772178f6994199894c6b183b8bac08af843dd31dacebba5f30c71c4321a54440b7f913f4158f418c50ab125c1c2397a475e206e2f3c40a7afd0914867b122f6fe89146e1df8a4b8d737f3f02d0d0517f158bc2f8cd0b3ae60de2b77f98658fd177523ba74c4cba6a1ca34972f34e0a14508420982fa57d5d944ff15f11068dc587c83d67a0b2997cb889ab24712537e304bcae8cac03419f3dae0605650d42ecd785ea5d7cd7561039b0d286bc9a616a4b22fecedca5b0528ee7650e04aea97b97c896b7640ffa8c852c55aeac6af92af97acdd0548c52e2a2dd7eb339eb2390a98acd0769165a2988e4334136391ed4df8269ccc00d1b5373a45a58564a00d7748ddf76a02eb65dfd097601f"})
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
semctl$IPC_SET(0xffffffffffffffff, 0x0, 0x1, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x3eba02, 0x0) (async)
syz_open_pts(r1, 0x8b00) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
ioctl$TIOCMBIS(r2, 0x5416, &(0x7f0000000080)=0x1) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000000)={0x2, 0x1, 0x12, 0x1c, 0xac, &(0x7f0000000240)="f642b07af719e44c97d48f7ddb27752df0697b424029f5724670073ba7f9da11748756dfcec76815bf194ef647d3ac50ad6ec0d11cde1e895ec6b942459d01ed67227fef89bbf6e0c48e510c8de30ee5fa370ef937bea2d543dd91e9b8024f4dd306ee51afaac494ef4ca34cef2c436a81306c1b09c836f95be9ccf51506abbe57093cb3a215b46bd114e21d26fb81d0a7ef601c9b98bd8b4d590c4038f791d950c24b38bbe5077e34bf1a310a106bd9106c0264f31f5d56a9f08435702880a9379368f0daeffbae3766fd22bce37842cc9a5f176f2240e3bf5c68277e11686149b0db94da74b58eab4bb5bb3f09542d5ecc4157c1e1e220521a3fbb2e80edd7fbd28af56e05d2c69d145541b1d21f39649b5c8c58c3a6801c4cb2ab64ffae1b24be734e87a08f30f34f2a0f81a6f3b2422f0c64ac8976b24af8fd8abeb4532f3f69febd281cf3f46a85fd3af7a27ec9a085c1c3711127a35ce9acc421f66375b3666a11c2642a9901368cf3d302ab40734120208a76155e884d9fe64cdbb23a97ab7a5dd8f8e69711ef065a84525d065458e1a6d13991c49299cf7fd551650c72f3fac3a12ece5ba96d73295c71888b2b2f71ecad5954791900c464b71137e62359f677cfc1b6e18dbdd2e1f372b4b52af26c367e6b970803ec5936d2dcf01b80970cda5a031c3b0c575bcf20a968f775513d5dd6b3a60ea173e8fb06ea22ad51e0186033e9976870e254e2307c892ed1896c6f24c0f8d54384f3ed18069a16c2df8e67d48b5e9b3c9058268a8fe35c298316e407a0e084fef321d5d64a9aba16a55593409a21aa8ceb724a46bf336156abd7037043e5e601942871e0dc8d750c50ffb8dc555ebf77ec6688ec972353df2fa9ab3ab7d67109097234edad1420c8ca21eee7f28cd478d644e6baf82b60a8587c963cf782455dcb314bf7863fc529d3486a61c8195652e3a65c62e4365f4480ed3282440312383b562b2babbf5c921980219772ee43c6bc4cb390fa7bb8168f74ff3f05bb11ca5ab2e8e79e300bbf66a60f4b33d7681ce50a7f3153ad980ae1b3a772178f6994199894c6b183b8bac08af843dd31dacebba5f30c71c4321a54440b7f913f4158f418c50ab125c1c2397a475e206e2f3c40a7afd0914867b122f6fe89146e1df8a4b8d737f3f02d0d0517f158bc2f8cd0b3ae60de2b77f98658fd177523ba74c4cba6a1ca34972f34e0a14508420982fa57d5d944ff15f11068dc587c83d67a0b2997cb889ab24712537e304bcae8cac03419f3dae0605650d42ecd785ea5d7cd7561039b0d286bc9a616a4b22fecedca5b0528ee7650e04aea97b97c896b7640ffa8c852c55aeac6af92af97acdd0548c52e2a2dd7eb339eb2390a98acd0769165a2988e4334136391ed4df8269ccc00d1b5373a45a58564a00d7748ddf76a02eb65dfd097601f"}) (async)

05:49:07 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, 0x0)

05:49:07 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
semctl$IPC_SET(0xffffffffffffffff, 0x0, 0x1, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x3eba02, 0x0)
syz_open_pts(r1, 0x8b00)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCMBIS(r2, 0x5416, &(0x7f0000000080)=0x1)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000000)={0x2, 0x1, 0x12, 0x1c, 0xac, &(0x7f0000000240)="f642b07af719e44c97d48f7ddb27752df0697b424029f5724670073ba7f9da11748756dfcec76815bf194ef647d3ac50ad6ec0d11cde1e895ec6b942459d01ed67227fef89bbf6e0c48e510c8de30ee5fa370ef937bea2d543dd91e9b8024f4dd306ee51afaac494ef4ca34cef2c436a81306c1b09c836f95be9ccf51506abbe57093cb3a215b46bd114e21d26fb81d0a7ef601c9b98bd8b4d590c4038f791d950c24b38bbe5077e34bf1a310a106bd9106c0264f31f5d56a9f08435702880a9379368f0daeffbae3766fd22bce37842cc9a5f176f2240e3bf5c68277e11686149b0db94da74b58eab4bb5bb3f09542d5ecc4157c1e1e220521a3fbb2e80edd7fbd28af56e05d2c69d145541b1d21f39649b5c8c58c3a6801c4cb2ab64ffae1b24be734e87a08f30f34f2a0f81a6f3b2422f0c64ac8976b24af8fd8abeb4532f3f69febd281cf3f46a85fd3af7a27ec9a085c1c3711127a35ce9acc421f66375b3666a11c2642a9901368cf3d302ab40734120208a76155e884d9fe64cdbb23a97ab7a5dd8f8e69711ef065a84525d065458e1a6d13991c49299cf7fd551650c72f3fac3a12ece5ba96d73295c71888b2b2f71ecad5954791900c464b71137e62359f677cfc1b6e18dbdd2e1f372b4b52af26c367e6b970803ec5936d2dcf01b80970cda5a031c3b0c575bcf20a968f775513d5dd6b3a60ea173e8fb06ea22ad51e0186033e9976870e254e2307c892ed1896c6f24c0f8d54384f3ed18069a16c2df8e67d48b5e9b3c9058268a8fe35c298316e407a0e084fef321d5d64a9aba16a55593409a21aa8ceb724a46bf336156abd7037043e5e601942871e0dc8d750c50ffb8dc555ebf77ec6688ec972353df2fa9ab3ab7d67109097234edad1420c8ca21eee7f28cd478d644e6baf82b60a8587c963cf782455dcb314bf7863fc529d3486a61c8195652e3a65c62e4365f4480ed3282440312383b562b2babbf5c921980219772ee43c6bc4cb390fa7bb8168f74ff3f05bb11ca5ab2e8e79e300bbf66a60f4b33d7681ce50a7f3153ad980ae1b3a772178f6994199894c6b183b8bac08af843dd31dacebba5f30c71c4321a54440b7f913f4158f418c50ab125c1c2397a475e206e2f3c40a7afd0914867b122f6fe89146e1df8a4b8d737f3f02d0d0517f158bc2f8cd0b3ae60de2b77f98658fd177523ba74c4cba6a1ca34972f34e0a14508420982fa57d5d944ff15f11068dc587c83d67a0b2997cb889ab24712537e304bcae8cac03419f3dae0605650d42ecd785ea5d7cd7561039b0d286bc9a616a4b22fecedca5b0528ee7650e04aea97b97c896b7640ffa8c852c55aeac6af92af97acdd0548c52e2a2dd7eb339eb2390a98acd0769165a2988e4334136391ed4df8269ccc00d1b5373a45a58564a00d7748ddf76a02eb65dfd097601f"}) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000000)={0x2, 0x1, 0x12, 0x1c, 0xac, &(0x7f0000000240)="f642b07af719e44c97d48f7ddb27752df0697b424029f5724670073ba7f9da11748756dfcec76815bf194ef647d3ac50ad6ec0d11cde1e895ec6b942459d01ed67227fef89bbf6e0c48e510c8de30ee5fa370ef937bea2d543dd91e9b8024f4dd306ee51afaac494ef4ca34cef2c436a81306c1b09c836f95be9ccf51506abbe57093cb3a215b46bd114e21d26fb81d0a7ef601c9b98bd8b4d590c4038f791d950c24b38bbe5077e34bf1a310a106bd9106c0264f31f5d56a9f08435702880a9379368f0daeffbae3766fd22bce37842cc9a5f176f2240e3bf5c68277e11686149b0db94da74b58eab4bb5bb3f09542d5ecc4157c1e1e220521a3fbb2e80edd7fbd28af56e05d2c69d145541b1d21f39649b5c8c58c3a6801c4cb2ab64ffae1b24be734e87a08f30f34f2a0f81a6f3b2422f0c64ac8976b24af8fd8abeb4532f3f69febd281cf3f46a85fd3af7a27ec9a085c1c3711127a35ce9acc421f66375b3666a11c2642a9901368cf3d302ab40734120208a76155e884d9fe64cdbb23a97ab7a5dd8f8e69711ef065a84525d065458e1a6d13991c49299cf7fd551650c72f3fac3a12ece5ba96d73295c71888b2b2f71ecad5954791900c464b71137e62359f677cfc1b6e18dbdd2e1f372b4b52af26c367e6b970803ec5936d2dcf01b80970cda5a031c3b0c575bcf20a968f775513d5dd6b3a60ea173e8fb06ea22ad51e0186033e9976870e254e2307c892ed1896c6f24c0f8d54384f3ed18069a16c2df8e67d48b5e9b3c9058268a8fe35c298316e407a0e084fef321d5d64a9aba16a55593409a21aa8ceb724a46bf336156abd7037043e5e601942871e0dc8d750c50ffb8dc555ebf77ec6688ec972353df2fa9ab3ab7d67109097234edad1420c8ca21eee7f28cd478d644e6baf82b60a8587c963cf782455dcb314bf7863fc529d3486a61c8195652e3a65c62e4365f4480ed3282440312383b562b2babbf5c921980219772ee43c6bc4cb390fa7bb8168f74ff3f05bb11ca5ab2e8e79e300bbf66a60f4b33d7681ce50a7f3153ad980ae1b3a772178f6994199894c6b183b8bac08af843dd31dacebba5f30c71c4321a54440b7f913f4158f418c50ab125c1c2397a475e206e2f3c40a7afd0914867b122f6fe89146e1df8a4b8d737f3f02d0d0517f158bc2f8cd0b3ae60de2b77f98658fd177523ba74c4cba6a1ca34972f34e0a14508420982fa57d5d944ff15f11068dc587c83d67a0b2997cb889ab24712537e304bcae8cac03419f3dae0605650d42ecd785ea5d7cd7561039b0d286bc9a616a4b22fecedca5b0528ee7650e04aea97b97c896b7640ffa8c852c55aeac6af92af97acdd0548c52e2a2dd7eb339eb2390a98acd0769165a2988e4334136391ed4df8269ccc00d1b5373a45a58564a00d7748ddf76a02eb65dfd097601f"})

05:49:07 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x4000, 0x705980)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, r0, 0x7}, 0x10)

05:49:08 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x108, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44001}, 0x20004015)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r8, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r9}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r10=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r7, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r9, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0xc085}, 0x20000000)
r11 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r11, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r11, &(0x7f0000000040)=""/5, 0x5)

05:49:08 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000100)={0xb9, 0x6, 0x648, 0x743, 0x8, 0x1f}) (async)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
capset(&(0x7f0000000080), &(0x7f00000000c0)={0x7fffffff, 0x6e, 0x5, 0xffffffff, 0x2, 0x651}) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:08 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x240b40, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x5, 0xfffffffe, 0xffff3d30, 0xfffffffd, 0x0, "b8564b05e70d69e7a59d58ac9100"})

05:49:08 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:08 executing program 1:
ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x5)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:08 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x13f, 0x4}}, 0x20)
read$snapshot(r0, 0x0, 0x12)

05:49:08 executing program 1:
ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x5) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:08 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r0}, 0x8)
sendmsg$SOCK_DESTROY(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="14010000150000032cbd7000dbdbdf251d1f51000100107eb15518c3ed149b06166fddf852f10676403556f44c11f967978f05683ca9cf8c6db53c73f4ff1034ade8a3d92c2395a701e316ef368c59369ba146cf51510b08e7ad1a881cc9c827a1e8e1000000aa00010010d91ba4bcde416210e2eed762875d00c318cbc507813397588e9ba35df7e86d0fcf2281041abc1d5c08e979b27db4e345fb214eacb5ba3db144fca2decbd2afbf5a107d4b536081817e2dfa67c36f42699da720412611c7ac22f6cfb25140d51999b9e792143751879784cf1094b14095562bed19c0743ff4e1ae8928b188993115b3e0a346ba96c66c81bb871b2f9535448b742a92505de7eac854299ff80000000000000003000000"], 0x114}}, 0x10)
r2 = syz_open_dev$dri(&(0x7f00000015c0), 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r2})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r3, 0x3312, 0xfff)

05:49:08 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x240b40, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x5, 0xfffffffe, 0xffff3d30, 0xfffffffd, 0x0, "b8564b05e70d69e7a59d58ac9100"})

05:49:08 executing program 2:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async, rerun: 32)
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000100)={0xb9, 0x6, 0x648, 0x743, 0x8, 0x1f}) (async, rerun: 32)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
capset(&(0x7f0000000080), &(0x7f00000000c0)={0x7fffffff, 0x6e, 0x5, 0xffffffff, 0x2, 0x651}) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:08 executing program 1:
ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x5) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:08 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x240b40, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x5, 0xfffffffe, 0xffff3d30, 0xfffffffd, 0x0, "b8564b05e70d69e7a59d58ac9100"})

05:49:09 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x108, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44001}, 0x20004015) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r8, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r9}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r10=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r7, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r9, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0xc085}, 0x20000000)
r11 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r11, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r11, &(0x7f0000000040)=""/5, 0x5)

05:49:09 executing program 1:
r0 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000080), 0x1, 0x141000)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r0, r1, 0x0, r2}, 0x10)

05:49:09 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
capset(&(0x7f0000000080)={0x20080522, 0xffffffffffffffff}, &(0x7f00000000c0)={0x2, 0x3, 0x800, 0x3, 0x97, 0x58b1})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:09 executing program 4:
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000000)="1de70fbafa1cd841f8b4fdbfa121fd2481484dd64c5c91baa3dc6ce02729457b6bfa97311dadbd7a0bce58ac0b6e3f6234494ea948c7c407f7a5a079372698d953ac732e336ea0c5accfc7684d44aa40db1d072746b05780fc6e7701100b1988473d28b113beaa69ca25b65a3ebb", 0x6e, <r0=>0x0})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(r1, 0xc0106403, &(0x7f0000000100)={0xffff0001, 0x1, 0x0, 0x1})
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000140)={0x0, <r2=>0x0})
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r3, 0xc01064ac, &(0x7f00000001c0)={r0, 0x6c, &(0x7f0000000240)=""/108})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ENABLE(r4, 0x40086432, &(0x7f00000000c0)=0xfffffff8)
r5 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$DRM_IOCTL_DROP_MASTER(r4, 0x641f)

05:49:09 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x13f, 0x4}}, 0x20)
read$snapshot(r0, 0x0, 0x12)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x13f, 0x4}}, 0x20) (async)
read$snapshot(r0, 0x0, 0x12) (async)

05:49:09 executing program 1:
r0 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000080), 0x1, 0x141000)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r0, r1, 0x0, r2}, 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0) (async)
syz_open_dev$vcsa(&(0x7f0000000080), 0x1, 0x141000) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r0, r1, 0x0, r2}, 0x10) (async)

05:49:09 executing program 4:
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000000)="1de70fbafa1cd841f8b4fdbfa121fd2481484dd64c5c91baa3dc6ce02729457b6bfa97311dadbd7a0bce58ac0b6e3f6234494ea948c7c407f7a5a079372698d953ac732e336ea0c5accfc7684d44aa40db1d072746b05780fc6e7701100b1988473d28b113beaa69ca25b65a3ebb", 0x6e, <r0=>0x0})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(r1, 0xc0106403, &(0x7f0000000100)={0xffff0001, 0x1, 0x0, 0x1})
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000140)={0x0, <r2=>0x0})
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r3, 0xc01064ac, &(0x7f00000001c0)={r0, 0x6c, &(0x7f0000000240)=""/108})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ENABLE(r4, 0x40086432, &(0x7f00000000c0)=0xfffffff8)
r5 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$DRM_IOCTL_DROP_MASTER(r4, 0x641f)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000000)="1de70fbafa1cd841f8b4fdbfa121fd2481484dd64c5c91baa3dc6ce02729457b6bfa97311dadbd7a0bce58ac0b6e3f6234494ea948c7c407f7a5a079372698d953ac732e336ea0c5accfc7684d44aa40db1d072746b05780fc6e7701100b1988473d28b113beaa69ca25b65a3ebb", 0x6e}) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_IRQ_BUSID(r1, 0xc0106403, &(0x7f0000000100)={0xffff0001, 0x1, 0x0, 0x1}) (async)
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000140)) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r3, 0xc01064ac, &(0x7f00000001c0)={r0, 0x6c, &(0x7f0000000240)=""/108}) (async)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2}) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_AGP_ENABLE(r4, 0x40086432, &(0x7f00000000c0)=0xfffffff8) (async)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$DRM_IOCTL_DROP_MASTER(r4, 0x641f) (async)

05:49:09 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x3, 0x0)
read$snapshot(r0, 0x0, 0x12)

05:49:09 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
capset(&(0x7f0000000080)={0x20080522, 0xffffffffffffffff}, &(0x7f00000000c0)={0x2, 0x3, 0x800, 0x3, 0x97, 0x58b1})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:09 executing program 1:
r0 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000080), 0x1, 0x141000)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r0, r1, 0x0, r2}, 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0) (async)
syz_open_dev$vcsa(&(0x7f0000000080), 0x1, 0x141000) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r0, r1, 0x0, r2}, 0x10) (async)

05:49:09 executing program 3:
r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, 0xffffffffffffffff, 0x1e}, 0x10)

05:49:09 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
capset(&(0x7f0000000080)={0x20080522, 0xffffffffffffffff}, &(0x7f00000000c0)={0x2, 0x3, 0x800, 0x3, 0x97, 0x58b1}) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:10 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x108, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44001}, 0x20004015) (async)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x108, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44001}, 0x20004015)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r8, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r9}, 0x14}}, 0x0) (async)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r8, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r9}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r10=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r7, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r9, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0xc085}, 0x20000000) (async)
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0xc085}, 0x20000000)
r11 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r11, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r11, &(0x7f0000000040)=""/5, 0x5) (async)
read$snapshot(r11, &(0x7f0000000040)=""/5, 0x5)

05:49:10 executing program 4:
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000000)="1de70fbafa1cd841f8b4fdbfa121fd2481484dd64c5c91baa3dc6ce02729457b6bfa97311dadbd7a0bce58ac0b6e3f6234494ea948c7c407f7a5a079372698d953ac732e336ea0c5accfc7684d44aa40db1d072746b05780fc6e7701100b1988473d28b113beaa69ca25b65a3ebb", 0x6e}) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000000)="1de70fbafa1cd841f8b4fdbfa121fd2481484dd64c5c91baa3dc6ce02729457b6bfa97311dadbd7a0bce58ac0b6e3f6234494ea948c7c407f7a5a079372698d953ac732e336ea0c5accfc7684d44aa40db1d072746b05780fc6e7701100b1988473d28b113beaa69ca25b65a3ebb", 0x6e, <r0=>0x0})
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_IRQ_BUSID(r1, 0xc0106403, &(0x7f0000000100)={0xffff0001, 0x1, 0x0, 0x1})
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000140)={0x0, <r2=>0x0})
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r3, 0xc01064ac, &(0x7f00000001c0)={r0, 0x6c, &(0x7f0000000240)=""/108})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2}) (async)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000180)={r2})
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r4 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ENABLE(r4, 0x40086432, &(0x7f00000000c0)=0xfffffff8) (async)
ioctl$DRM_IOCTL_AGP_ENABLE(r4, 0x40086432, &(0x7f00000000c0)=0xfffffff8)
r5 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$DRM_IOCTL_DROP_MASTER(r4, 0x641f)

05:49:10 executing program 3:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f00000000c0)={0x4, 0x1, 0x40, 0xffffffff, 0x10, 0xffffffffffffffff})
ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000080))
ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000100)={0xa4, 0x7fff, 0xa70c, 0x4, 0x4, 0x6})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:49:10 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, r0, 0x4}, 0x10)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
ioctl$BLKRAGET(r1, 0x1263, &(0x7f00000001c0))
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000100)={0x40, 0x73})
r2 = syz_open_dev$audion(&(0x7f0000000140), 0x3f, 0x200000)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r0, r2, 0x25}, 0x10)

05:49:10 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4, 0x3})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:10 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x13f, 0x4}}, 0x20)
read$snapshot(r0, 0x0, 0x12)

05:49:10 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4, 0x3}) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:10 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, r0, 0x4}, 0x10)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
ioctl$BLKRAGET(r1, 0x1263, &(0x7f00000001c0)) (async)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000100)={0x40, 0x73}) (async)
r2 = syz_open_dev$audion(&(0x7f0000000140), 0x3f, 0x200000)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r0, r2, 0x25}, 0x10)

05:49:10 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000000)={0x8, 0x4, 0x1, 0x3})

05:49:10 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4, 0x3}) (async, rerun: 32)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)

05:49:10 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async, rerun: 32)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000000)={0x8, 0x4, 0x1, 0x3}) (rerun: 32)

05:49:10 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, r0, 0x4}, 0x10) (async)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
ioctl$BLKRAGET(r1, 0x1263, &(0x7f00000001c0))
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000100)={0x40, 0x73}) (async)
r2 = syz_open_dev$audion(&(0x7f0000000140), 0x3f, 0x200000)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r0, r2, 0x25}, 0x10)

05:49:11 executing program 2:
pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0xffffffffffffffff)
pkey_alloc(0x0, 0x3)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x6})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:11 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000000)={0x8, 0x4, 0x1, 0x3})

05:49:11 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$TIOCGPTPEER(r0, 0x5441, 0x8000000000000001)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000140)={&(0x7f0000000080)="6edd49a922cf0568c3547f26eafaafba124cde346515ce369cc533e9419e363da3c128ecc94a17f2e4736b5ca8964aaa562a8ecc3f27bbc777e9c3aeb94870831eab50fc60b3fb2d50e6bb9d7d789f3c8aadb8c3596038bfb9094ccf37f9a5446b168e8f50fff2d06b964c925bf0f4ba885c6a08d6c85d09aa70216dccde36363031ef80245182ba2a158eab2fed573d1ca672e191ff6bfdaa7870c19cb44383f8d53ff8461bd9e1fbd3dbbfaea633099410", 0xb2})
ioctl$NBD_PRINT_DEBUG(0xffffffffffffffff, 0xab06)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000200)={0x0, 0x80000})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000180)={0x0, 0x40, 0x1})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:49:11 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x5}, 0x10)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000080)={0x2, <r0=>0x0})
ioctl$DRM_IOCTL_SG_FREE(0xffffffffffffffff, 0x40106439, &(0x7f0000000100)={0xfffffffffffffffd, r0})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000001c0)={<r2=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000200)={r2})
r3 = syz_open_dev$audion(&(0x7f0000000140), 0x72, 0x4343)
ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x400c330d, &(0x7f0000000180)={0x0, 0xdb15})
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8)

05:49:11 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0xffff, 0x2000)
socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000080))
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000040)=0x3)

05:49:11 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000000)={0x8, 0x4, 0x1, 0x3})

05:49:11 executing program 2:
pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0xffffffffffffffff)
pkey_alloc(0x0, 0x3)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x6})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0xffffffffffffffff) (async)
pkey_alloc(0x0, 0x3) (async)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)

05:49:11 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x5}, 0x10)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000080)={0x2, <r0=>0x0})
ioctl$DRM_IOCTL_SG_FREE(0xffffffffffffffff, 0x40106439, &(0x7f0000000100)={0xfffffffffffffffd, r0}) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000001c0)={<r2=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000200)={r2}) (async)
r3 = syz_open_dev$audion(&(0x7f0000000140), 0x72, 0x4343)
ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x400c330d, &(0x7f0000000180)={0x0, 0xdb15}) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8)

05:49:11 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)) (fail_nth: 1)

05:49:11 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x3, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:11 executing program 2:
pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0xffffffffffffffff)
pkey_alloc(0x0, 0x3) (async)
pkey_alloc(0x0, 0x3)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x6})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:11 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x5}, 0x10)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000080)={0x2, <r0=>0x0})
ioctl$DRM_IOCTL_SG_FREE(0xffffffffffffffff, 0x40106439, &(0x7f0000000100)={0xfffffffffffffffd, r0})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000001c0)={<r2=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000200)={r2})
r3 = syz_open_dev$audion(&(0x7f0000000140), 0x72, 0x4343)
ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x400c330d, &(0x7f0000000180)={0x0, 0xdb15})
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x5}, 0x10) (async)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000080)={0x2}) (async)
ioctl$DRM_IOCTL_SG_FREE(0xffffffffffffffff, 0x40106439, &(0x7f0000000100)={0xfffffffffffffffd, r0}) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000001c0)={0x0, 0x0, r1}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000200)={r2}) (async)
syz_open_dev$audion(&(0x7f0000000140), 0x72, 0x4343) (async)
ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x400c330d, &(0x7f0000000180)={0x0, 0xdb15}) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8) (async)

[ 2541.533614] FAULT_INJECTION: forcing a failure.
[ 2541.533614] name failslab, interval 1, probability 0, space 0, times 0
[ 2541.545917] CPU: 1 PID: 29757 Comm: syz-executor.3 Not tainted 4.14.307-syzkaller #0
[ 2541.554045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2541.563383] Call Trace:
[ 2541.565947]  dump_stack+0x1b2/0x281
[ 2541.569568]  should_fail.cold+0x10a/0x149
[ 2541.573695]  should_failslab+0xd6/0x130
[ 2541.577654]  __kmalloc+0x6d/0x400
[ 2541.581084]  ? tty_buffer_alloc+0xc0/0x270
[ 2541.585294]  tty_buffer_alloc+0xc0/0x270
[ 2541.589333]  __tty_buffer_request_room+0x12c/0x290
[ 2541.594235]  tty_insert_flip_string_fixed_flag+0x8b/0x210
[ 2541.599748]  tty_insert_flip_string_and_push_buffer+0x3e/0x160
[ 2541.605701]  pty_write+0xc3/0xf0
[ 2541.609042]  tty_put_char+0xfe/0x120
[ 2541.612726]  ? dev_match_devt+0x80/0x80
[ 2541.616673]  ? pty_write_room+0xa9/0xd0
[ 2541.620625]  ? ptmx_open+0x300/0x300
[ 2541.624314]  __process_echoes+0x48c/0x8c0
[ 2541.628452]  n_tty_receive_buf_common+0x9a3/0x25a0
[ 2541.633368]  ? n_tty_receive_buf2+0x40/0x40
[ 2541.637691]  tty_ioctl+0xe8a/0x1430
[ 2541.641319]  ? tty_fasync+0x2c0/0x2c0
[ 2541.645112]  ? proc_fail_nth_write+0x7b/0x180
[ 2541.649583]  ? trace_hardirqs_on+0x10/0x10
[ 2541.653801]  ? fsnotify+0x974/0x11b0
[ 2541.657493]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2541.662395]  ? debug_check_no_obj_freed+0x2c0/0x680
[ 2541.667385]  ? SyS_write+0x1b7/0x210
[ 2541.671074]  ? tty_fasync+0x2c0/0x2c0
[ 2541.674848]  do_vfs_ioctl+0x75a/0xff0
[ 2541.678623]  ? lock_acquire+0x170/0x3f0
[ 2541.682573]  ? ioctl_preallocate+0x1a0/0x1a0
[ 2541.686957]  ? __fget+0x265/0x3e0
[ 2541.690382]  ? do_vfs_ioctl+0xff0/0xff0
[ 2541.694331]  ? security_file_ioctl+0x83/0xb0
[ 2541.698715]  SyS_ioctl+0x7f/0xb0
[ 2541.702056]  ? do_vfs_ioctl+0xff0/0xff0
[ 2541.706004]  do_syscall_64+0x1d5/0x640
[ 2541.709872]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2541.715036] RIP: 0033:0x7f295bc330f9
[ 2541.718718] RSP: 002b:00007f295a1a5168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2541.726403] RAX: ffffffffffffffda RBX: 00007f295bd52f80 RCX: 00007f295bc330f9
[ 2541.733662] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000004
[ 2541.740903] RBP: 00007f295a1a51d0 R08: 0000000000000000 R09: 0000000000000000
[ 2541.748144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2541.755401] R13: 00007ffc992f7b8f R14: 00007f295a1a5300 R15: 0000000000022000
[ 2541.762651] 
[ 2541.762654] ======================================================
[ 2541.762656] WARNING: possible circular locking dependency detected
[ 2541.762657] 4.14.307-syzkaller #0 Not tainted
[ 2541.762659] ------------------------------------------------------
[ 2541.762661] syz-executor.3/29757 is trying to acquire lock:
[ 2541.762662]  (console_owner){....}, at: [<ffffffff81440a47>] console_unlock+0x307/0xf20
[ 2541.762667] 
[ 2541.762668] but task is already holding lock:
[ 2541.762669]  (&(&port->lock)->rlock){-.-.}, at: [<ffffffff83560f3b>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[ 2541.762674] 
[ 2541.762676] which lock already depends on the new lock.
[ 2541.762676] 
[ 2541.762677] 
[ 2541.762679] the existing dependency chain (in reverse order) is:
[ 2541.762680] 
[ 2541.762681] -> #2 (&(&port->lock)->rlock){-.-.}:
[ 2541.762685]        _raw_spin_lock_irqsave+0x8c/0xc0
[ 2541.762687]        tty_port_tty_get+0x1d/0x80
[ 2541.762688]        tty_port_default_wakeup+0x11/0x40
[ 2541.762690]        serial8250_tx_chars+0x3fe/0xc70
[ 2541.762692]        serial8250_handle_irq.part.0+0x2c7/0x390
[ 2541.762693]        serial8250_default_handle_irq+0x8a/0x1f0
[ 2541.762695]        serial8250_interrupt+0xf3/0x210
[ 2541.762696]        __handle_irq_event_percpu+0xee/0x7f0
[ 2541.762698]        handle_irq_event+0xed/0x240
[ 2541.762699]        handle_edge_irq+0x224/0xc40
[ 2541.762700]        handle_irq+0x35/0x50
[ 2541.762701]        do_IRQ+0x93/0x1d0
[ 2541.762703]        ret_from_intr+0x0/0x1e
[ 2541.762704]        _raw_spin_unlock_irqrestore+0xa3/0xe0
[ 2541.762706]        uart_write+0x2dd/0x560
[ 2541.762707]        do_output_char+0x4f5/0x750
[ 2541.762708]        n_tty_write+0x3e3/0xda0
[ 2541.762710]        tty_write+0x410/0x740
[ 2541.762711]        redirected_tty_write+0x9c/0xb0
[ 2541.762712]        do_iter_write+0x3da/0x550
[ 2541.762714]        vfs_writev+0x125/0x290
[ 2541.762715]        do_writev+0xfc/0x2c0
[ 2541.762716]        do_syscall_64+0x1d5/0x640
[ 2541.762718]        entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2541.762718] 
[ 2541.762719] -> #1 (&port_lock_key){-.-.}:
[ 2541.762724]        _raw_spin_lock_irqsave+0x8c/0xc0
[ 2541.762725]        serial8250_console_write+0x8cb/0xb40
[ 2541.762727]        console_unlock+0x99d/0xf20
[ 2541.762728]        vprintk_emit+0x224/0x620
[ 2541.762729]        vprintk_func+0x58/0x160
[ 2541.762730]        printk+0x9e/0xbc
[ 2541.762732]        register_console+0x6f4/0xad0
[ 2541.762733]        univ8250_console_init+0x2f/0x3a
[ 2541.762735]        console_init+0x46/0x53
[ 2541.762736]        start_kernel+0x521/0x763
[ 2541.762737]        secondary_startup_64+0xa5/0xb0
[ 2541.762738] 
[ 2541.762739] -> #0 (console_owner){....}:
[ 2541.762743]        lock_acquire+0x170/0x3f0
[ 2541.762745]        console_unlock+0x36f/0xf20
[ 2541.762746]        vprintk_emit+0x224/0x620
[ 2541.762748]        vprintk_func+0x58/0x160
[ 2541.762749]        printk+0x9e/0xbc
[ 2541.762750]        should_fail.cold+0xdf/0x149
[ 2541.762752]        should_failslab+0xd6/0x130
[ 2541.762753]        __kmalloc+0x6d/0x400
[ 2541.762754]        tty_buffer_alloc+0xc0/0x270
[ 2541.762756]        __tty_buffer_request_room+0x12c/0x290
[ 2541.762758]        tty_insert_flip_string_fixed_flag+0x8b/0x210
[ 2541.762760]        tty_insert_flip_string_and_push_buffer+0x3e/0x160
[ 2541.762761]        pty_write+0xc3/0xf0
[ 2541.762762]        tty_put_char+0xfe/0x120
[ 2541.762764]        __process_echoes+0x48c/0x8c0
[ 2541.762765]        n_tty_receive_buf_common+0x9a3/0x25a0
[ 2541.762766]        tty_ioctl+0xe8a/0x1430
[ 2541.762768]        do_vfs_ioctl+0x75a/0xff0
[ 2541.762769]        SyS_ioctl+0x7f/0xb0
[ 2541.762770]        do_syscall_64+0x1d5/0x640
[ 2541.762772]        entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2541.762773] 
[ 2541.762774] other info that might help us debug this:
[ 2541.762775] 
[ 2541.762776] Chain exists of:
[ 2541.762777]   console_owner --> &port_lock_key --> &(&port->lock)->rlock
[ 2541.762782] 
[ 2541.762784]  Possible unsafe locking scenario:
[ 2541.762784] 
[ 2541.762786]        CPU0                    CPU1
[ 2541.762787]        ----                    ----
[ 2541.762788]   lock(&(&port->lock)->rlock);
[ 2541.762791]                                lock(&port_lock_key);
[ 2541.762794]                                lock(&(&port->lock)->rlock);
[ 2541.762797]   lock(console_owner);
[ 2541.762799] 
[ 2541.762800]  *** DEADLOCK ***
[ 2541.762801] 
[ 2541.762802] 6 locks held by syz-executor.3/29757:
[ 2541.762803]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8355d3b2>] tty_ldisc_ref_wait+0x22/0x80
[ 2541.762808]  #1:  (&port->buf.lock/1){+.+.}, at: [<ffffffff8354b370>] tty_ioctl+0xe20/0x1430
[ 2541.762814]  #2:  (&o_tty->termios_rwsem/1){++++}, at: [<ffffffff83557751>] n_tty_receive_buf_common+0x91/0x25a0
[ 2541.762819]  #3:  (&ldata->output_lock){+.+.}, at: [<ffffffff83558025>] n_tty_receive_buf_common+0x965/0x25a0
[ 2541.762824]  #4:  (&(&port->lock)->rlock){-.-.}, at: [<ffffffff83560f3b>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[ 2541.762830]  #5:  (console_lock){+.+.}, at: [<ffffffff814443a8>] vprintk_func+0x58/0x160
[ 2541.762835] 
05:49:11 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$TIOCGPTPEER(r0, 0x5441, 0x8000000000000001)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000140)={&(0x7f0000000080)="6edd49a922cf0568c3547f26eafaafba124cde346515ce369cc533e9419e363da3c128ecc94a17f2e4736b5ca8964aaa562a8ecc3f27bbc777e9c3aeb94870831eab50fc60b3fb2d50e6bb9d7d789f3c8aadb8c3596038bfb9094ccf37f9a5446b168e8f50fff2d06b964c925bf0f4ba885c6a08d6c85d09aa70216dccde36363031ef80245182ba2a158eab2fed573d1ca672e191ff6bfdaa7870c19cb44383f8d53ff8461bd9e1fbd3dbbfaea633099410", 0xb2})
ioctl$NBD_PRINT_DEBUG(0xffffffffffffffff, 0xab06)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000200)={0x0, 0x80000})
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000180)={0x0, 0x40, 0x1})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000}) (async)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x8000000000000001) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000140)={&(0x7f0000000080)="6edd49a922cf0568c3547f26eafaafba124cde346515ce369cc533e9419e363da3c128ecc94a17f2e4736b5ca8964aaa562a8ecc3f27bbc777e9c3aeb94870831eab50fc60b3fb2d50e6bb9d7d789f3c8aadb8c3596038bfb9094ccf37f9a5446b168e8f50fff2d06b964c925bf0f4ba885c6a08d6c85d09aa70216dccde36363031ef80245182ba2a158eab2fed573d1ca672e191ff6bfdaa7870c19cb44383f8d53ff8461bd9e1fbd3dbbfaea633099410", 0xb2}) (async)
ioctl$NBD_PRINT_DEBUG(0xffffffffffffffff, 0xab06) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000200)={0x0, 0x80000}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000180)={0x0, 0x40, 0x1}) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)

05:49:11 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000140), 0x8000000000004, 0x0)
write$snapshot(r0, &(0x7f0000000100)="ac0973ab8337f178c03a9183bbf73cab331c5ad99f", 0x15)
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000080))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000))
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f00000000c0)={0xffff, 0x0, 0x8, 0xfd68})

05:49:11 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x3, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x3, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:49:11 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12) (async)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0xffff, 0x2000)
socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000080)) (async)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000040)=0x3)

[ 2541.762836] stack backtrace:
[ 2541.762838] CPU: 1 PID: 29757 Comm: syz-executor.3 Not tainted 4.14.307-syzkaller #0
[ 2541.762841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
[ 2541.762842] Call Trace:
[ 2541.762843]  dump_stack+0x1b2/0x281
[ 2541.762845]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[ 2541.762846]  __lock_acquire+0x2e0e/0x3f20
[ 2541.762848]  ? trace_hardirqs_on+0x10/0x10
[ 2541.762849]  ? snprintf+0xd0/0xd0
[ 2541.762850]  ? console_unlock+0x34a/0xf20
[ 2541.762851]  lock_acquire+0x170/0x3f0
05:49:11 executing program 1:
syz_open_dev$audion(&(0x7f0000000140), 0x8000000000004, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f0000000140), 0x8000000000004, 0x0)
write$snapshot(r0, &(0x7f0000000100)="ac0973ab8337f178c03a9183bbf73cab331c5ad99f", 0x15)
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000080))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)) (async)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000))
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f00000000c0)={0xffff, 0x0, 0x8, 0xfd68})

05:49:11 executing program 1:
r0 = syz_open_dev$audion(&(0x7f0000000140), 0x8000000000004, 0x0)
write$snapshot(r0, &(0x7f0000000100)="ac0973ab8337f178c03a9183bbf73cab331c5ad99f", 0x15) (async)
ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, &(0x7f0000000080)) (async)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)) (async, rerun: 64)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async, rerun: 64)
ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f00000000c0)={0xffff, 0x0, 0x8, 0xfd68})

[ 2541.762853]  ? console_unlock+0x307/0xf20
[ 2541.762854]  console_unlock+0x36f/0xf20
[ 2541.762855]  ? console_unlock+0x307/0xf20
[ 2541.762857]  vprintk_emit+0x224/0x620
[ 2541.762858]  vprintk_func+0x58/0x160
[ 2541.762859]  printk+0x9e/0xbc
[ 2541.762860]  ? log_store.cold+0x16/0x16
[ 2541.762861]  ? ___ratelimit+0x2b5/0x510
[ 2541.762863]  should_fail.cold+0xdf/0x149
[ 2541.762864]  should_failslab+0xd6/0x130
[ 2541.762865]  __kmalloc+0x6d/0x400
[ 2541.762867]  ? tty_buffer_alloc+0xc0/0x270
[ 2541.762868]  tty_buffer_alloc+0xc0/0x270
05:49:12 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000000c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000080), 0x4, {0xa, 0x4e24, 0x10336619, @dev={0xfe, 0x80, '\x00', 0x19}, 0x4}}}, 0x38)
ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000000))
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:12 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x3, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x3, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

[ 2541.762870]  __tty_buffer_request_room+0x12c/0x290
[ 2541.762871]  tty_insert_flip_string_fixed_flag+0x8b/0x210
[ 2541.762873]  tty_insert_flip_string_and_push_buffer+0x3e/0x160
[ 2541.762874]  pty_write+0xc3/0xf0
[ 2541.762875]  tty_put_char+0xfe/0x120
[ 2541.762877]  ? dev_match_devt+0x80/0x80
[ 2541.762878]  ? pty_write_room+0xa9/0xd0
[ 2541.762879]  ? ptmx_open+0x300/0x300
[ 2541.762881]  __process_echoes+0x48c/0x8c0
[ 2541.762882]  n_tty_receive_buf_common+0x9a3/0x25a0
[ 2541.762884]  ? n_tty_receive_buf2+0x40/0x40
[ 2541.762885]  tty_ioctl+0xe8a/0x1430
[ 2541.762886]  ? tty_fasync+0x2c0/0x2c0
[ 2541.762888]  ? proc_fail_nth_write+0x7b/0x180
[ 2541.762889]  ? trace_hardirqs_on+0x10/0x10
[ 2541.762890]  ? fsnotify+0x974/0x11b0
[ 2541.762892]  ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 2541.762894]  ? debug_check_no_obj_freed+0x2c0/0x680
[ 2541.762895]  ? SyS_write+0x1b7/0x210
[ 2541.762896]  ? tty_fasync+0x2c0/0x2c0
[ 2541.762897]  do_vfs_ioctl+0x75a/0xff0
[ 2541.762899]  ? lock_acquire+0x170/0x3f0
[ 2541.762900]  ? ioctl_preallocate+0x1a0/0x1a0
[ 2541.762901]  ? __fget+0x265/0x3e0
[ 2541.762903]  ? do_vfs_ioctl+0xff0/0xff0
[ 2541.762904]  ? security_file_ioctl+0x83/0xb0
[ 2541.762905]  SyS_ioctl+0x7f/0xb0
[ 2541.762907]  ? do_vfs_ioctl+0xff0/0xff0
[ 2541.762908]  do_syscall_64+0x1d5/0x640
[ 2541.762909]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 2541.762911] RIP: 0033:0x7f295bc330f9
[ 2541.762912] RSP: 002b:00007f295a1a5168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2541.762916] RAX: ffffffffffffffda RBX: 00007f295bd52f80 RCX: 00007f295bc330f9
05:49:12 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)) (fail_nth: 2)

05:49:12 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000000c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000080), 0x4, {0xa, 0x4e24, 0x10336619, @dev={0xfe, 0x80, '\x00', 0x19}, 0x4}}}, 0x38) (async, rerun: 32)
ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000000)) (async, rerun: 32)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:12 executing program 4:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x480000, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5})
write$snapshot(r0, &(0x7f0000000100)="e84637d2e5d0ac36ad8e3a0821ca1b1754fc461c897ce0c7454a750985e217aae1408389bd3c14121e415eda5219a75037e54098e1743389874b470a4ca2bae18a2ff3a538e302e89cda8c0019609e06373ca0366ea8c8ca8a56bb4a966c0466cf8572520e0afc07c7a32f6bf4a22a6a7f699f67223fde29aa8fbced3b7c17fbc158c857f4e3935507d120d68e38f77c42acd0adf140d9808c538add7775f614dc49930a376a14ab1bcd1816d75314c9a93f4e97d14f1ee401d3fa1a97c1f869ebb7d0a5cb87fec4", 0xc8)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x9, 0x10, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:12 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$TIOCGPTPEER(r0, 0x5441, 0x8000000000000001) (async)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000140)={&(0x7f0000000080)="6edd49a922cf0568c3547f26eafaafba124cde346515ce369cc533e9419e363da3c128ecc94a17f2e4736b5ca8964aaa562a8ecc3f27bbc777e9c3aeb94870831eab50fc60b3fb2d50e6bb9d7d789f3c8aadb8c3596038bfb9094ccf37f9a5446b168e8f50fff2d06b964c925bf0f4ba885c6a08d6c85d09aa70216dccde36363031ef80245182ba2a158eab2fed573d1ca672e191ff6bfdaa7870c19cb44383f8d53ff8461bd9e1fbd3dbbfaea633099410", 0xb2}) (async)
ioctl$NBD_PRINT_DEBUG(0xffffffffffffffff, 0xab06) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000200)={0x0, 0x80000}) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000180)={0x0, 0x40, 0x1}) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:49:12 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0x0, 0x6})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = semget$private(0x0, 0x4, 0x321)
semctl$GETVAL(r0, 0x2, 0xc, &(0x7f0000000080)=""/178)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000140)={0x81, 0x3f, 0x2, 0x1d23, 0x7})

[ 2541.762918] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000004
[ 2541.762920] RBP: 00007f295a1a51d0 R08: 0000000000000000 R09: 0000000000000000
[ 2541.762922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2541.762924] R13: 00007ffc992f7b8f R14: 00007f295a1a5300 R15: 0000000000022000
05:49:12 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000000c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000080), 0x4, {0xa, 0x4e24, 0x10336619, @dev={0xfe, 0x80, '\x00', 0x19}, 0x4}}}, 0x38) (async, rerun: 64)
ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000000)) (async, rerun: 64)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:12 executing program 4:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x480000, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5})
write$snapshot(r0, &(0x7f0000000100)="e84637d2e5d0ac36ad8e3a0821ca1b1754fc461c897ce0c7454a750985e217aae1408389bd3c14121e415eda5219a75037e54098e1743389874b470a4ca2bae18a2ff3a538e302e89cda8c0019609e06373ca0366ea8c8ca8a56bb4a966c0466cf8572520e0afc07c7a32f6bf4a22a6a7f699f67223fde29aa8fbced3b7c17fbc158c857f4e3935507d120d68e38f77c42acd0adf140d9808c538add7775f614dc49930a376a14ab1bcd1816d75314c9a93f4e97d14f1ee401d3fa1a97c1f869ebb7d0a5cb87fec4", 0xc8)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x9, 0x10, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x480000, 0x0) (async)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) (async)
write$snapshot(r0, &(0x7f0000000100)="e84637d2e5d0ac36ad8e3a0821ca1b1754fc461c897ce0c7454a750985e217aae1408389bd3c14121e415eda5219a75037e54098e1743389874b470a4ca2bae18a2ff3a538e302e89cda8c0019609e06373ca0366ea8c8ca8a56bb4a966c0466cf8572520e0afc07c7a32f6bf4a22a6a7f699f67223fde29aa8fbced3b7c17fbc158c857f4e3935507d120d68e38f77c42acd0adf140d9808c538add7775f614dc49930a376a14ab1bcd1816d75314c9a93f4e97d14f1ee401d3fa1a97c1f869ebb7d0a5cb87fec4", 0xc8) (async)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x9, 0x10, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:49:12 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, 0x0, 0x12)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0xffff, 0x2000)
socket$nl_sock_diag(0x10, 0x3, 0x4) (async)
socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000080))
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000040)=0x3) (async)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000040)=0x3)

05:49:12 executing program 3:
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000080))
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000040))

05:49:12 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0x0, 0x6})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = semget$private(0x0, 0x4, 0x321)
semctl$GETVAL(r0, 0x2, 0xc, &(0x7f0000000080)=""/178)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000140)={0x81, 0x3f, 0x2, 0x1d23, 0x7})

05:49:12 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x10)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000))

05:49:12 executing program 4:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x480000, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5})
write$snapshot(r0, &(0x7f0000000100)="e84637d2e5d0ac36ad8e3a0821ca1b1754fc461c897ce0c7454a750985e217aae1408389bd3c14121e415eda5219a75037e54098e1743389874b470a4ca2bae18a2ff3a538e302e89cda8c0019609e06373ca0366ea8c8ca8a56bb4a966c0466cf8572520e0afc07c7a32f6bf4a22a6a7f699f67223fde29aa8fbced3b7c17fbc158c857f4e3935507d120d68e38f77c42acd0adf140d9808c538add7775f614dc49930a376a14ab1bcd1816d75314c9a93f4e97d14f1ee401d3fa1a97c1f869ebb7d0a5cb87fec4", 0xc8)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x9, 0x10, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x480000, 0x0) (async)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) (async)
write$snapshot(r0, &(0x7f0000000100)="e84637d2e5d0ac36ad8e3a0821ca1b1754fc461c897ce0c7454a750985e217aae1408389bd3c14121e415eda5219a75037e54098e1743389874b470a4ca2bae18a2ff3a538e302e89cda8c0019609e06373ca0366ea8c8ca8a56bb4a966c0466cf8572520e0afc07c7a32f6bf4a22a6a7f699f67223fde29aa8fbced3b7c17fbc158c857f4e3935507d120d68e38f77c42acd0adf140d9808c538add7775f614dc49930a376a14ab1bcd1816d75314c9a93f4e97d14f1ee401d3fa1a97c1f869ebb7d0a5cb87fec4", 0xc8) (async)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x9, 0x10, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:49:12 executing program 3:
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)) (async)
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000080))
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000040))

05:49:12 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x10)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000))

05:49:12 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0x0, 0x6}) (async)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0x0, 0x6})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = semget$private(0x0, 0x4, 0x321)
semctl$GETVAL(r0, 0x2, 0xc, &(0x7f0000000080)=""/178)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000140)={0x81, 0x3f, 0x2, 0x1d23, 0x7})

05:49:13 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000080)=0x76f)
r2 = syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x210401)
ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000140))
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
sendmsg$DCCPDIAG_GETSOCK(r3, &(0x7f0000001480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001440)={&(0x7f0000001340)={0xc8, 0x13, 0x400, 0x70bd2c, 0x25dfdbff, {0x22, 0xf9, 0xfb, 0x2, {0x4e22, 0x4e23, [0x9, 0x7db6, 0x400, 0x2], [0x5, 0x3, 0x7, 0x8], 0x0, [0xcb, 0x4]}, 0x6, 0x6}, [@INET_DIAG_REQ_BYTECODE={0x7b, 0x1, "ef77a21de75f9e135bd2018c4d2371b29ff101f7e450620b4fd46a7e189a863a57902ce3d7d0f5fe261825af886a58411afb6047ffe507f6ddf5279c85a17ce7498020bc433c8d561987879f45404b2181653a7e3e2d54f15c04ce51d49392916ce300a76e6aba567262a195070c2e734fb51cbf4de6af"}]}, 0xc8}, 0x1, 0x0, 0x0, 0x24000000}, 0x20008000)
r4 = syz_open_dev$audion(&(0x7f00000014c0), 0x9, 0x40000)
r5 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0)={r4}, 0xfffffffffffffff7)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$BLKALIGNOFF(r5, 0x127a, &(0x7f00000002c0))
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0)
r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000200), 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x7ff, 0xf7, 0x9, 0x8, 0xffffffffffffffff, 0x0, '\x00', 0x0, r7, 0x0, 0x1, 0x2, 0xc}, 0x48)
ioctl$BLKGETSIZE64(r6, 0x80081272, &(0x7f0000000180))
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r5, 0x3309)

05:49:13 executing program 4:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x288, 0x511800)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x1, 0x87a0002, 0x4})
ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0x2, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:13 executing program 3:
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)) (async)
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000080)) (async)
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000040))

05:49:13 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x10) (async, rerun: 64)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) (rerun: 64)

05:49:13 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = getpgid(0x0)
capset(&(0x7f0000000080)={0x20071026, r0}, &(0x7f00000000c0)={0xf04, 0x7, 0x76, 0xffffffff, 0xffffffff, 0xfffffffe})
r1 = getpgrp(r0)
getpgrp(r1)

05:49:13 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
r1 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r0}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$vcsa(&(0x7f0000000240), 0x8000000000000000, 0x202000)
r2 = syz_open_dev$vcsa(&(0x7f0000000140), 0x401abc, 0x3cbcc2)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r1, r2}, 0x10)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000180)={0x0, 0x80000, <r3=>0xffffffffffffffff})
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x10200, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r3, 0xc01064c2, &(0x7f0000000200)={0x0, 0x0, r4})
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r2, 0xffffffffffffffff, 0xb}, 0x10)
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x7, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0)
openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0)

05:49:13 executing program 4:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x288, 0x511800)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x1, 0x87a0002, 0x4})
ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0x2, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
syz_open_dev$dri(&(0x7f0000000000), 0x288, 0x511800) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x1, 0x87a0002, 0x4}) (async)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430) (async)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0x2, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:49:13 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f0000000000)={0x0, 0x7fffffff})
read$snapshot(r0, 0x0, 0x12)

05:49:13 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:13 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:13 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = getpgid(0x0)
capset(&(0x7f0000000080)={0x20071026, r0}, &(0x7f00000000c0)={0xf04, 0x7, 0x76, 0xffffffff, 0xffffffff, 0xfffffffe})
r1 = getpgrp(r0)
getpgrp(r1)

05:49:13 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
r1 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r0}, 0x10) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$vcsa(&(0x7f0000000240), 0x8000000000000000, 0x202000)
r2 = syz_open_dev$vcsa(&(0x7f0000000140), 0x401abc, 0x3cbcc2)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r1, r2}, 0x10)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000180)={0x0, 0x80000, <r3=>0xffffffffffffffff}) (async)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x10200, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r3, 0xc01064c2, &(0x7f0000000200)={0x0, 0x0, r4})
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r2, 0xffffffffffffffff, 0xb}, 0x10)
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x7, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0) (async)
openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0)

05:49:13 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000080)=0x76f) (async)
r2 = syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x210401)
ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000140)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
sendmsg$DCCPDIAG_GETSOCK(r3, &(0x7f0000001480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001440)={&(0x7f0000001340)={0xc8, 0x13, 0x400, 0x70bd2c, 0x25dfdbff, {0x22, 0xf9, 0xfb, 0x2, {0x4e22, 0x4e23, [0x9, 0x7db6, 0x400, 0x2], [0x5, 0x3, 0x7, 0x8], 0x0, [0xcb, 0x4]}, 0x6, 0x6}, [@INET_DIAG_REQ_BYTECODE={0x7b, 0x1, "ef77a21de75f9e135bd2018c4d2371b29ff101f7e450620b4fd46a7e189a863a57902ce3d7d0f5fe261825af886a58411afb6047ffe507f6ddf5279c85a17ce7498020bc433c8d561987879f45404b2181653a7e3e2d54f15c04ce51d49392916ce300a76e6aba567262a195070c2e734fb51cbf4de6af"}]}, 0xc8}, 0x1, 0x0, 0x0, 0x24000000}, 0x20008000) (async)
r4 = syz_open_dev$audion(&(0x7f00000014c0), 0x9, 0x40000)
r5 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0)={r4}, 0xfffffffffffffff7) (async)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$BLKALIGNOFF(r5, 0x127a, &(0x7f00000002c0)) (async)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0) (async)
r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000200), 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x7ff, 0xf7, 0x9, 0x8, 0xffffffffffffffff, 0x0, '\x00', 0x0, r7, 0x0, 0x1, 0x2, 0xc}, 0x48)
ioctl$BLKGETSIZE64(r6, 0x80081272, &(0x7f0000000180)) (async)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r5, 0x3309)

05:49:13 executing program 4:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x288, 0x511800)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x1, 0x87a0002, 0x4}) (async, rerun: 32)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430) (rerun: 32)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0x2, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:13 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:13 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = getpgid(0x0)
capset(&(0x7f0000000080)={0x20071026, r0}, &(0x7f00000000c0)={0xf04, 0x7, 0x76, 0xffffffff, 0xffffffff, 0xfffffffe}) (async)
capset(&(0x7f0000000080)={0x20071026, r0}, &(0x7f00000000c0)={0xf04, 0x7, 0x76, 0xffffffff, 0xffffffff, 0xfffffffe})
r1 = getpgrp(r0)
getpgrp(r1) (async)
getpgrp(r1)

05:49:13 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
r1 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r0}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
syz_open_dev$vcsa(&(0x7f0000000240), 0x8000000000000000, 0x202000)
r2 = syz_open_dev$vcsa(&(0x7f0000000140), 0x401abc, 0x3cbcc2)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r1, r2}, 0x10) (async, rerun: 32)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000180)={0x0, 0x80000, <r3=>0xffffffffffffffff}) (async, rerun: 32)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x10200, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r3, 0xc01064c2, &(0x7f0000000200)={0x0, 0x0, r4}) (async, rerun: 64)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r2, 0xffffffffffffffff, 0xb}, 0x10) (async, rerun: 64)
r5 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x7, 0x0)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, 0x0) (async, rerun: 64)
openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0) (rerun: 64)

05:49:13 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f0000000000)={0x0, 0x7fffffff}) (async)
read$snapshot(r0, 0x0, 0x12)

05:49:13 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000000))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000040)={<r2=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r2, 0x80000})

05:49:13 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = semget$private(0x0, 0x0, 0x100)
r1 = getpgid(0x0)
ptrace$pokeuser(0x6, r1, 0x40, 0x2)
semctl$SEM_STAT(r0, 0x1, 0x12, &(0x7f0000000080)=""/225)
r2 = semget$private(0x0, 0x4, 0x240)
r3 = getpgrp(r1)
sched_setparam(r3, &(0x7f00000001c0)=0xaaa0)
semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000200)=[0x101, 0x1, 0xfffa, 0x3b, 0x5])

05:49:13 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r2=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000000}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x28}, 0x1, 0x0, 0x0, 0x20008050}, 0x81)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:13 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x0)

05:49:13 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
syz_open_dev$ptys(0xc, 0x3, 0x0)

05:49:13 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000000)) (async)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000040)={<r2=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r2, 0x80000})

05:49:14 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000080)=0x76f) (async)
r2 = syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x210401)
ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000140)) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
sendmsg$DCCPDIAG_GETSOCK(r3, &(0x7f0000001480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001440)={&(0x7f0000001340)={0xc8, 0x13, 0x400, 0x70bd2c, 0x25dfdbff, {0x22, 0xf9, 0xfb, 0x2, {0x4e22, 0x4e23, [0x9, 0x7db6, 0x400, 0x2], [0x5, 0x3, 0x7, 0x8], 0x0, [0xcb, 0x4]}, 0x6, 0x6}, [@INET_DIAG_REQ_BYTECODE={0x7b, 0x1, "ef77a21de75f9e135bd2018c4d2371b29ff101f7e450620b4fd46a7e189a863a57902ce3d7d0f5fe261825af886a58411afb6047ffe507f6ddf5279c85a17ce7498020bc433c8d561987879f45404b2181653a7e3e2d54f15c04ce51d49392916ce300a76e6aba567262a195070c2e734fb51cbf4de6af"}]}, 0xc8}, 0x1, 0x0, 0x0, 0x24000000}, 0x20008000)
r4 = syz_open_dev$audion(&(0x7f00000014c0), 0x9, 0x40000)
r5 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0)={r4}, 0xfffffffffffffff7)
r6 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$BLKALIGNOFF(r5, 0x127a, &(0x7f00000002c0)) (async)
ioctl$KDFONTOP_SET_DEF(r6, 0x4b72, 0x0) (async)
r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000200), 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x7ff, 0xf7, 0x9, 0x8, 0xffffffffffffffff, 0x0, '\x00', 0x0, r7, 0x0, 0x1, 0x2, 0xc}, 0x48) (async)
ioctl$BLKGETSIZE64(r6, 0x80081272, &(0x7f0000000180)) (async)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r5, 0x3309)

05:49:14 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x0) (async)
syz_open_dev$ptys(0xc, 0x3, 0x0)

05:49:14 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = semget$private(0x0, 0x0, 0x100)
r1 = getpgid(0x0)
ptrace$pokeuser(0x6, r1, 0x40, 0x2)
semctl$SEM_STAT(r0, 0x1, 0x12, &(0x7f0000000080)=""/225)
r2 = semget$private(0x0, 0x4, 0x240)
r3 = getpgrp(r1)
sched_setparam(r3, &(0x7f00000001c0)=0xaaa0)
semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000200)=[0x101, 0x1, 0xfffa, 0x3b, 0x5])
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) (async)
semget$private(0x0, 0x0, 0x100) (async)
getpgid(0x0) (async)
ptrace$pokeuser(0x6, r1, 0x40, 0x2) (async)
semctl$SEM_STAT(r0, 0x1, 0x12, &(0x7f0000000080)=""/225) (async)
semget$private(0x0, 0x4, 0x240) (async)
getpgrp(r1) (async)
sched_setparam(r3, &(0x7f00000001c0)=0xaaa0) (async)
semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000200)=[0x101, 0x1, 0xfffa, 0x3b, 0x5]) (async)

05:49:14 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r2=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000000}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x28}, 0x1, 0x0, 0x0, 0x20008050}, 0x81)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:14 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000000))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000040)={<r2=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r2, 0x80000}) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r2, 0x80000})

05:49:14 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f0000000000)={0x0, 0x7fffffff}) (async)
read$snapshot(r0, 0x0, 0x12)

05:49:14 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x1, @any, 0x1bc, 0x2}, 0xe)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:14 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xff)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r3=>0xffffffffffffffff})
ioctl$VT_DISALLOCATE(r1, 0x5608)
ioctl$DRM_IOCTL_MAP_BUFS(r3, 0xc0186419, &(0x7f0000000280)={0x1, &(0x7f00000000c0)=""/136, &(0x7f0000000240)=[{0xdd4, 0x89, 0x42b1, &(0x7f0000000180)=""/137}]})
syz_open_dev$ttys(0xc, 0x2, 0x1)

05:49:14 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r2=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000000}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x28}, 0x1, 0x0, 0x0, 0x20008050}, 0x81)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00'}) (async)
sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000000}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x28}, 0x1, 0x0, 0x0, 0x20008050}, 0x81) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)

05:49:14 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = semget$private(0x0, 0x0, 0x100)
r1 = getpgid(0x0)
ptrace$pokeuser(0x6, r1, 0x40, 0x2)
semctl$SEM_STAT(r0, 0x1, 0x12, &(0x7f0000000080)=""/225)
r2 = semget$private(0x0, 0x4, 0x240)
r3 = getpgrp(r1)
sched_setparam(r3, &(0x7f00000001c0)=0xaaa0)
semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000200)=[0x101, 0x1, 0xfffa, 0x3b, 0x5])

05:49:14 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xff)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r3=>0xffffffffffffffff})
ioctl$VT_DISALLOCATE(r1, 0x5608)
ioctl$DRM_IOCTL_MAP_BUFS(r3, 0xc0186419, &(0x7f0000000280)={0x1, &(0x7f00000000c0)=""/136, &(0x7f0000000240)=[{0xdd4, 0x89, 0x42b1, &(0x7f0000000180)=""/137}]})
syz_open_dev$ttys(0xc, 0x2, 0x1)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
syz_open_dev$ptys(0xc, 0x3, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xff) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000}) (async)
ioctl$VT_DISALLOCATE(r1, 0x5608) (async)
ioctl$DRM_IOCTL_MAP_BUFS(r3, 0xc0186419, &(0x7f0000000280)={0x1, &(0x7f00000000c0)=""/136, &(0x7f0000000240)=[{0xdd4, 0x89, 0x42b1, &(0x7f0000000180)=""/137}]}) (async)
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)

05:49:14 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x1, @any, 0x1bc, 0x2}, 0xe)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:15 executing program 1:
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0xb0040)

05:49:15 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000240))
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000280), 0x8)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x5)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r3=>0x0})
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f00000002c0))
sendmsg$NL802154_CMD_NEW_SEC_KEY(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="b4000000", @ANYRES16=0x0, @ANYBLOB="020d2bbd7000fedbdf25170000000c000600030000000300000020002580050002000400000014000400af217f5b35302c8206d55f701d81df30600025802400030035895a7b2529284ea539ad5a925ce5fb676425dea1cb3c6baaba6ec39d180107140004005fff48f5fc8053ab4c8b6e170b170ef124000300a870ae89f1889ba0c461f69a10cafaf2825d9b56507d6d8fb442474d032ba0f20c000600030000000300000008000300", @ANYRES32=r3, @ANYBLOB="937adf14296730c7999c02fca4681d6e9a4683a2f7b59ce9691154a4c73390a8097cc87525c85807dd8c42d5ed46b96233cd86501cc2265dadc98b5525b10f6005215500518c203f92eba53ea61a5a2a7b0c7ee19970387f31770d2a0ee55a4bc22d697c44ea2c84dc21c793f991ce5aea9afe4795f4c10afbfae54c11c30662190145ddc8322990981ca76f4f4e197a84110cbff92ab80260e8cb3028660b2578f9c320ebdb6eebb289e80200c1ee891b48cfddb292dc23750338500e623e5ceaa1e9bda394c079195556c10f98d615bacb96a5f8ba9eadf7e1f6c914c9551e83b1fe6b764134"], 0xb4}, 0x1, 0x0, 0x0, 0x801}, 0x20008cc)

05:49:15 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xff)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r3=>0xffffffffffffffff})
ioctl$VT_DISALLOCATE(r1, 0x5608)
ioctl$DRM_IOCTL_MAP_BUFS(r3, 0xc0186419, &(0x7f0000000280)={0x1, &(0x7f00000000c0)=""/136, &(0x7f0000000240)=[{0xdd4, 0x89, 0x42b1, &(0x7f0000000180)=""/137}]})
syz_open_dev$ttys(0xc, 0x2, 0x1)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
syz_open_dev$ptys(0xc, 0x3, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xff) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000}) (async)
ioctl$VT_DISALLOCATE(r1, 0x5608) (async)
ioctl$DRM_IOCTL_MAP_BUFS(r3, 0xc0186419, &(0x7f0000000280)={0x1, &(0x7f00000000c0)=""/136, &(0x7f0000000240)=[{0xdd4, 0x89, 0x42b1, &(0x7f0000000180)=""/137}]}) (async)
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)

05:49:15 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) (async, rerun: 64)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) (rerun: 64)
connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x1, @any, 0x1bc, 0x2}, 0xe)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:15 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x0, 0x2}}, 0x20)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000140)={0x7, 0x3f, 0x1, 0x0, 0xb39})
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x2, r2, 0x10, 0x1, @ib={0x1b, 0x8, 0x4, {"76b59dc3ef62dae751fde1796266f362"}, 0x1000000000, 0xfff}}}, 0xa0)

05:49:15 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0xba000, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = getpgid(0x0)
mq_notify(r1, &(0x7f0000000100)={0x0, 0x2e, 0x0, @tid=r2})
read$snapshot(r0, 0x0, 0x12)
r3 = syz_open_dev$vcsa(&(0x7f0000000140), 0x80, 0x400302)
r4 = syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x400000)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, &(0x7f0000000080))
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f0000000040)={0x4000000, 0x10200, 0x2})

05:49:15 executing program 1:
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0xb0040)

05:49:15 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) (async)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000240))
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$ITER_CREATE(0x21, &(0x7f0000000280), 0x8) (async)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000280), 0x8)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x5)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r3=>0x0})
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f00000002c0))
sendmsg$NL802154_CMD_NEW_SEC_KEY(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="b4000000", @ANYRES16=0x0, @ANYBLOB="020d2bbd7000fedbdf25170000000c000600030000000300000020002580050002000400000014000400af217f5b35302c8206d55f701d81df30600025802400030035895a7b2529284ea539ad5a925ce5fb676425dea1cb3c6baaba6ec39d180107140004005fff48f5fc8053ab4c8b6e170b170ef124000300a870ae89f1889ba0c461f69a10cafaf2825d9b56507d6d8fb442474d032ba0f20c000600030000000300000008000300", @ANYRES32=r3, @ANYBLOB="937adf14296730c7999c02fca4681d6e9a4683a2f7b59ce9691154a4c73390a8097cc87525c85807dd8c42d5ed46b96233cd86501cc2265dadc98b5525b10f6005215500518c203f92eba53ea61a5a2a7b0c7ee19970387f31770d2a0ee55a4bc22d697c44ea2c84dc21c793f991ce5aea9afe4795f4c10afbfae54c11c30662190145ddc8322990981ca76f4f4e197a84110cbff92ab80260e8cb3028660b2578f9c320ebdb6eebb289e80200c1ee891b48cfddb292dc23750338500e623e5ceaa1e9bda394c079195556c10f98d615bacb96a5f8ba9eadf7e1f6c914c9551e83b1fe6b764134"], 0xb4}, 0x1, 0x0, 0x0, 0x801}, 0x20008cc) (async)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="b4000000", @ANYRES16=0x0, @ANYBLOB="020d2bbd7000fedbdf25170000000c000600030000000300000020002580050002000400000014000400af217f5b35302c8206d55f701d81df30600025802400030035895a7b2529284ea539ad5a925ce5fb676425dea1cb3c6baaba6ec39d180107140004005fff48f5fc8053ab4c8b6e170b170ef124000300a870ae89f1889ba0c461f69a10cafaf2825d9b56507d6d8fb442474d032ba0f20c000600030000000300000008000300", @ANYRES32=r3, @ANYBLOB="937adf14296730c7999c02fca4681d6e9a4683a2f7b59ce9691154a4c73390a8097cc87525c85807dd8c42d5ed46b96233cd86501cc2265dadc98b5525b10f6005215500518c203f92eba53ea61a5a2a7b0c7ee19970387f31770d2a0ee55a4bc22d697c44ea2c84dc21c793f991ce5aea9afe4795f4c10afbfae54c11c30662190145ddc8322990981ca76f4f4e197a84110cbff92ab80260e8cb3028660b2578f9c320ebdb6eebb289e80200c1ee891b48cfddb292dc23750338500e623e5ceaa1e9bda394c079195556c10f98d615bacb96a5f8ba9eadf7e1f6c914c9551e83b1fe6b764134"], 0xb4}, 0x1, 0x0, 0x0, 0x801}, 0x20008cc)

05:49:15 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0xba000, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
r2 = getpgid(0x0)
mq_notify(r1, &(0x7f0000000100)={0x0, 0x2e, 0x0, @tid=r2})
read$snapshot(r0, 0x0, 0x12) (async)
r3 = syz_open_dev$vcsa(&(0x7f0000000140), 0x80, 0x400302) (async)
r4 = syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x400000)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, &(0x7f0000000080)) (async)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f0000000040)={0x4000000, 0x10200, 0x2})

05:49:15 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSIG(r0, 0x40045436, 0x1e)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:15 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x110, 0x13, 0x100, 0x70bd2c, 0x25dfdbff, {0x3, 0xce, 0x6, 0x6c, {0x4e24, 0x4e23, [0xfff, 0x2, 0x8000], [0x3, 0x74000, 0x1, 0x1ff], 0x0, [0x5, 0x7fff]}, 0x4, 0x7}, [@INET_DIAG_REQ_BYTECODE={0x9e, 0x1, "7c2cc74d3e9071ab66ce997ec684427e7dc7ec43df0e1365233567d09135800a07b23cbcbb14ed8da831642f92ed47a9e314ee666250f0f0474b82c0f7a40e82839c7c42385bd4acb5917860bc81d9b9719f3e78c406d73e2186c0bd31b5f81b6030737c7dd97f06dd817840124a98cd513d67878b08b77ea9410e72d0949bf20dbe8c932002519ad996900e52a2a313b5790fec48595bc0bd8b"}, @INET_DIAG_REQ_BYTECODE={0x22, 0x1, "19f3f01cfab4b2c4ce3563eefc1fe198e591c5a0b5463c48b8b983e82262"}]}, 0x110}, 0x1, 0x0, 0x0, 0x80}, 0x14)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:15 executing program 1:
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0xb0040)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0xb0040) (async)

05:49:15 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSIG(r0, 0x40045436, 0x1e)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:15 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
r1 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r0}, 0x10)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r2}, 0x8)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000080)={0x3, 0x200, 0x1})
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8)

05:49:15 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSIG(r0, 0x40045436, 0x1e) (async)
ioctl$TIOCSIG(r0, 0x40045436, 0x1e)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:15 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000240)) (async, rerun: 32)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000280), 0x8)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x5)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r3=>0x0})
ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f00000002c0)) (async)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="b4000000", @ANYRES16=0x0, @ANYBLOB="020d2bbd7000fedbdf25170000000c000600030000000300000020002580050002000400000014000400af217f5b35302c8206d55f701d81df30600025802400030035895a7b2529284ea539ad5a925ce5fb676425dea1cb3c6baaba6ec39d180107140004005fff48f5fc8053ab4c8b6e170b170ef124000300a870ae89f1889ba0c461f69a10cafaf2825d9b56507d6d8fb442474d032ba0f20c000600030000000300000008000300", @ANYRES32=r3, @ANYBLOB="937adf14296730c7999c02fca4681d6e9a4683a2f7b59ce9691154a4c73390a8097cc87525c85807dd8c42d5ed46b96233cd86501cc2265dadc98b5525b10f6005215500518c203f92eba53ea61a5a2a7b0c7ee19970387f31770d2a0ee55a4bc22d697c44ea2c84dc21c793f991ce5aea9afe4795f4c10afbfae54c11c30662190145ddc8322990981ca76f4f4e197a84110cbff92ab80260e8cb3028660b2578f9c320ebdb6eebb289e80200c1ee891b48cfddb292dc23750338500e623e5ceaa1e9bda394c079195556c10f98d615bacb96a5f8ba9eadf7e1f6c914c9551e83b1fe6b764134"], 0xb4}, 0x1, 0x0, 0x0, 0x801}, 0x20008cc)

05:49:16 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x0, 0x2}}, 0x20)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000140)={0x7, 0x3f, 0x1, 0x0, 0xb39})
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x2, r2, 0x10, 0x1, @ib={0x1b, 0x8, 0x4, {"76b59dc3ef62dae751fde1796266f362"}, 0x1000000000, 0xfff}}}, 0xa0)
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x0, 0x2}}, 0x20) (async)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000140)={0x7, 0x3f, 0x1, 0x0, 0xb39}) (async)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x2, r2, 0x10, 0x1, @ib={0x1b, 0x8, 0x4, {"76b59dc3ef62dae751fde1796266f362"}, 0x1000000000, 0xfff}}}, 0xa0) (async)

05:49:16 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x110, 0x13, 0x100, 0x70bd2c, 0x25dfdbff, {0x3, 0xce, 0x6, 0x6c, {0x4e24, 0x4e23, [0xfff, 0x2, 0x8000], [0x3, 0x74000, 0x1, 0x1ff], 0x0, [0x5, 0x7fff]}, 0x4, 0x7}, [@INET_DIAG_REQ_BYTECODE={0x9e, 0x1, "7c2cc74d3e9071ab66ce997ec684427e7dc7ec43df0e1365233567d09135800a07b23cbcbb14ed8da831642f92ed47a9e314ee666250f0f0474b82c0f7a40e82839c7c42385bd4acb5917860bc81d9b9719f3e78c406d73e2186c0bd31b5f81b6030737c7dd97f06dd817840124a98cd513d67878b08b77ea9410e72d0949bf20dbe8c932002519ad996900e52a2a313b5790fec48595bc0bd8b"}, @INET_DIAG_REQ_BYTECODE={0x22, 0x1, "19f3f01cfab4b2c4ce3563eefc1fe198e591c5a0b5463c48b8b983e82262"}]}, 0x110}, 0x1, 0x0, 0x0, 0x80}, 0x14)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x110, 0x13, 0x100, 0x70bd2c, 0x25dfdbff, {0x3, 0xce, 0x6, 0x6c, {0x4e24, 0x4e23, [0xfff, 0x2, 0x8000], [0x3, 0x74000, 0x1, 0x1ff], 0x0, [0x5, 0x7fff]}, 0x4, 0x7}, [@INET_DIAG_REQ_BYTECODE={0x9e, 0x1, "7c2cc74d3e9071ab66ce997ec684427e7dc7ec43df0e1365233567d09135800a07b23cbcbb14ed8da831642f92ed47a9e314ee666250f0f0474b82c0f7a40e82839c7c42385bd4acb5917860bc81d9b9719f3e78c406d73e2186c0bd31b5f81b6030737c7dd97f06dd817840124a98cd513d67878b08b77ea9410e72d0949bf20dbe8c932002519ad996900e52a2a313b5790fec48595bc0bd8b"}, @INET_DIAG_REQ_BYTECODE={0x22, 0x1, "19f3f01cfab4b2c4ce3563eefc1fe198e591c5a0b5463c48b8b983e82262"}]}, 0x110}, 0x1, 0x0, 0x0, 0x80}, 0x14) (async)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)

05:49:16 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0xba000, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async, rerun: 64)
r2 = getpgid(0x0) (rerun: 64)
mq_notify(r1, &(0x7f0000000100)={0x0, 0x2e, 0x0, @tid=r2}) (async)
read$snapshot(r0, 0x0, 0x12) (async)
r3 = syz_open_dev$vcsa(&(0x7f0000000140), 0x80, 0x400302) (async)
r4 = syz_open_dev$audion(&(0x7f0000000000), 0x0, 0x400000)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, &(0x7f0000000080)) (async)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f0000000040)={0x4000000, 0x10200, 0x2})

05:49:16 executing program 3:
syz_open_pts(0xffffffffffffffff, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:16 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
r1 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r0}, 0x10)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r2}, 0x8)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000080)={0x3, 0x200, 0x1})
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r0}, 0x10) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r2}, 0x8) (async)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000080)={0x3, 0x200, 0x1}) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8) (async)

05:49:16 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r1, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000280)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r2, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000829bd7000fcdbdf25070000000a0004007770616e3400000008000300", @ANYRES32=r8, @ANYBLOB="a086f4da94162ca5b9c2fc268f1846cbe349bf1f97b6cfb50d4c11476eaef366180c9de629663d2c3c978607f74d9af9db47da4d58713e95bf364b4ee56fd3e2fe8f73e6"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x480c4}, 0x4014004)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:16 executing program 3:
syz_open_pts(0xffffffffffffffff, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:16 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x110, 0x13, 0x100, 0x70bd2c, 0x25dfdbff, {0x3, 0xce, 0x6, 0x6c, {0x4e24, 0x4e23, [0xfff, 0x2, 0x8000], [0x3, 0x74000, 0x1, 0x1ff], 0x0, [0x5, 0x7fff]}, 0x4, 0x7}, [@INET_DIAG_REQ_BYTECODE={0x9e, 0x1, "7c2cc74d3e9071ab66ce997ec684427e7dc7ec43df0e1365233567d09135800a07b23cbcbb14ed8da831642f92ed47a9e314ee666250f0f0474b82c0f7a40e82839c7c42385bd4acb5917860bc81d9b9719f3e78c406d73e2186c0bd31b5f81b6030737c7dd97f06dd817840124a98cd513d67878b08b77ea9410e72d0949bf20dbe8c932002519ad996900e52a2a313b5790fec48595bc0bd8b"}, @INET_DIAG_REQ_BYTECODE={0x22, 0x1, "19f3f01cfab4b2c4ce3563eefc1fe198e591c5a0b5463c48b8b983e82262"}]}, 0x110}, 0x1, 0x0, 0x0, 0x80}, 0x14) (async)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:16 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x40000)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:49:16 executing program 1:
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
r1 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r0}, 0x10)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r2}, 0x8)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000080)={0x3, 0x200, 0x1})
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8)

05:49:16 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r1, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000280)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r2, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000829bd7000fcdbdf25070000000a0004007770616e3400000008000300", @ANYRES32=r8, @ANYBLOB="a086f4da94162ca5b9c2fc268f1846cbe349bf1f97b6cfb50d4c11476eaef366180c9de629663d2c3c978607f74d9af9db47da4d58713e95bf364b4ee56fd3e2fe8f73e6"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x480c4}, 0x4014004) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:16 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x40000)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
read$snapshot(r0, 0x0, 0x0)

05:49:16 executing program 5:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000) (async)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x0, 0x2}}, 0x20)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000140)={0x7, 0x3f, 0x1, 0x0, 0xb39})
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x2, r2, 0x10, 0x1, @ib={0x1b, 0x8, 0x4, {"76b59dc3ef62dae751fde1796266f362"}, 0x1000000000, 0xfff}}}, 0xa0)

05:49:16 executing program 3:
syz_open_pts(0xffffffffffffffff, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:16 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r1, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000280)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r2, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000829bd7000fcdbdf25070000000a0004007770616e3400000008000300", @ANYRES32=r8, @ANYBLOB="a086f4da94162ca5b9c2fc268f1846cbe349bf1f97b6cfb50d4c11476eaef366180c9de629663d2c3c978607f74d9af9db47da4d58713e95bf364b4ee56fd3e2fe8f73e6"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x480c4}, 0x4014004)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r1, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000280)={'wpan0\x00'}) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r2, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r6, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000007c0)={'wpan0\x00'}) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000829bd7000fcdbdf25070000000a0004007770616e3400000008000300", @ANYRES32=r8, @ANYBLOB="a086f4da94162ca5b9c2fc268f1846cbe349bf1f97b6cfb50d4c11476eaef366180c9de629663d2c3c978607f74d9af9db47da4d58713e95bf364b4ee56fd3e2fe8f73e6"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x480c4}, 0x4014004) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)

05:49:16 executing program 4:
ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607)
semctl$IPC_INFO(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000240)=""/4096)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:16 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0xc00, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x180}, 0x800)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:16 executing program 0:
syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x40000)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
read$snapshot(r0, 0x0, 0x0)

05:49:16 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000040))
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000))
syz_open_pts(r0, 0x40000)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
syz_open_pts(r3, 0x20100)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x7)

05:49:16 executing program 4:
ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) (async)
ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607)
semctl$IPC_INFO(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000240)=""/4096)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:16 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x8, 0x408003)
read$snapshot(r0, 0x0, 0x12)

05:49:16 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0xe)
ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000080))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r1, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r2, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r2, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0x3}, @NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040040}, 0x40)

05:49:16 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0xc00, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x180}, 0x800) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)

05:49:16 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x8, 0x408003)
read$snapshot(r0, 0x0, 0x12)

05:49:17 executing program 4:
ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) (async)
semctl$IPC_INFO(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000240)=""/4096)
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:17 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000040))
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)) (async)
syz_open_pts(r0, 0x40000) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
syz_open_pts(r3, 0x20100)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x7)

05:49:17 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0xe)
ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000080))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r1, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r2, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r2, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0x3}, @NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040040}, 0x40)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) (async)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0xe) (async)
ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000080)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r1, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r2, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}}, 0x0) (async)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r2, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0x3}, @NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040040}, 0x40) (async)

05:49:17 executing program 0:
r0 = syz_open_dev$audion(&(0x7f0000000000), 0x8, 0x408003)
read$snapshot(r0, 0x0, 0x12)

05:49:17 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0xc00, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x180}, 0x800)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000540)={'wpan4\x00'}) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0xc00, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x180}, 0x800) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)

05:49:17 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0xb6, 0x9, 0x3ff, 0x500, r1, 0x7f, '\x00', 0x0, r0, 0x2, 0x0, 0x1, 0x6}, 0x48)
r2 = getuid()
semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000100)={{0x3, r2, 0xee00, 0xee00, 0x0, 0x1c0, 0xb7}, 0x3ff, 0x4})
ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, &(0x7f0000000000)={0x0, 0x6})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:49:17 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_RMFB(0xffffffffffffffff, 0xc00464af, &(0x7f0000000000)=0x6)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x1f)

05:49:17 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f0000000000), 0x9, 0x60000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000})
read$snapshot(r0, 0x0, 0x12)

05:49:17 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000040)) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000))
syz_open_pts(r0, 0x40000) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0) (async)
syz_open_pts(r3, 0x20100) (async)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x7)

05:49:17 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0xe)
ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000080))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r1, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r2, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r2, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0x3}, @NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040040}, 0x40)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) (async)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0xe) (async)
ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000080)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r1, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r2, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_MIN_BE={0x5, 0x11, 0x81}, @NL802154_ATTR_MAX_BE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}}, 0x0) (async)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r2, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0x3}, @NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040040}, 0x40) (async)

05:49:17 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$DRM_IOCTL_MODE_RMFB(0xffffffffffffffff, 0xc00464af, &(0x7f0000000000)=0x6)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x1f)

05:49:17 executing program 1:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x68801, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0}, 0x10)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
openat$cgroup_subtree(r1, &(0x7f0000000000), 0x2, 0x0)

05:49:17 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$DRM_IOCTL_MODE_RMFB(0xffffffffffffffff, 0xc00464af, &(0x7f0000000000)=0x6)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x1f)

05:49:17 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x1)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:17 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0xfffffffa, 0xffffffff, 0x0, 0x5})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:17 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ptrace$pokeuser(0x6, 0x0, 0x5, 0x401)
r1 = syz_open_pts(r0, 0x2000)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000000))

05:49:17 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0xfffffffa, 0xffffffff, 0x0, 0x5}) (async, rerun: 32)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)

05:49:18 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0xb6, 0x9, 0x3ff, 0x500, r1, 0x7f, '\x00', 0x0, r0, 0x2, 0x0, 0x1, 0x6}, 0x48) (async)
r2 = getuid()
semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000100)={{0x3, r2, 0xee00, 0xee00, 0x0, 0x1c0, 0xb7}, 0x3ff, 0x4}) (async)
ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, &(0x7f0000000000)={0x0, 0x6})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:49:18 executing program 1:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x68801, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0}, 0x10) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
openat$cgroup_subtree(r1, &(0x7f0000000000), 0x2, 0x0)

05:49:18 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x1)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:18 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
ptrace$pokeuser(0x6, 0x0, 0x5, 0x401) (async)
r1 = syz_open_pts(r0, 0x2000)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000000))

05:49:18 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0xfffffffa, 0xffffffff, 0x0, 0x5})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:18 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$vcsa(&(0x7f0000000000), 0x9, 0x60000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000}) (async)
read$snapshot(r0, 0x0, 0x12)

05:49:18 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:18 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10000})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:18 executing program 1:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x68801, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0}, 0x10) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
openat$cgroup_subtree(r1, &(0x7f0000000000), 0x2, 0x0)

05:49:18 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)=0x1)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040))

05:49:18 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
syz_open_dev$vcsa(&(0x7f0000000000), 0x9, 0x60000) (async)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000}) (async)
read$snapshot(r0, 0x0, 0x12)

05:49:18 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
ptrace$pokeuser(0x6, 0x0, 0x5, 0x401)
r1 = syz_open_pts(r0, 0x2000)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000000)) (async)
ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000000))

05:49:19 executing program 5:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r0, &(0x7f0000000340)=""/4096, 0x1000)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0xb6, 0x9, 0x3ff, 0x500, r1, 0x7f, '\x00', 0x0, r0, 0x2, 0x0, 0x1, 0x6}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0xb6, 0x9, 0x3ff, 0x500, r1, 0x7f, '\x00', 0x0, r0, 0x2, 0x0, 0x1, 0x6}, 0x48)
getuid() (async)
r2 = getuid()
semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000100)={{0x3, r2, 0xee00, 0xee00, 0x0, 0x1c0, 0xb7}, 0x3ff, 0x4})
ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, &(0x7f0000000000)={0x0, 0x6})
read$snapshot(r0, &(0x7f0000000040)=""/5, 0x5)

05:49:19 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)

05:49:19 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:19 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)=0x1)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040))

05:49:19 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000080))
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000000))

05:49:19 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x2000)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r1, 0x3309)
read$snapshot(r0, 0x0, 0x12)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r3 = syz_open_dev$audion(&(0x7f0000000080), 0x1, 0x480800)
ioctl$BLKRAGET(r3, 0x1263, &(0x7f0000000100))
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000040)={0x2, 0x1, 0x1, 0x1a, 0x7f, &(0x7f0000000200)="2cca994eefd1162fbbe39d38d567a0bd0fbedd1e1d944afc1c4b0b3fff22bd2a1688d506d8c63a2bb2dffd8a27d2559f6cab659dbb4296b8099147e651b1953a31dff29c1f4bb6b906936f80855607f91d3302b44f58125b52e5930f2521e5be95057e133fd98f3b8e82f4a49087d18a7a571ec21f40414aa289c85a387dd8866e0eb2e6b1edde7729a9075e80fe67bec871dbc56b6fe2a97c2a02fa14248539663924ff4d1a52212125bc099c3fff322404a1c806cb2f1a106e4aae44cf80ed16e8aaa58d3e54de483811e67bc7bf60e56fb03b7fa6e5f48f0ca9a3beb2577cabc92274d46e2d9edde231499e9fcbc186c75f2b1447796ec2eefd79491237d8a7d5ff9fab4f96b96a6dbe887c263c7a49bd6ae139af294b9799730d096f1e695d0b5c38502c2e9e29625ba5492e241cf24199498a025c09c528372d512723713b608526d4fa8498ad9cbcd511d3ac0b8f895e7e12f9de11daa892497e5277c1f2e5271ba82177d33388c1b4ee5d52739d7ebd525ecb8abc1317bc96d94e1b44267e5b65ebe085155880b4f519b580c1d246b4b74e9bbffd022890ab8db4d872efc4f44a933cf88ad6d6e7568c83f084ec3598db3b7ca956d9265705e9c1767cfb731d4b7aa7fca23ed01fd2152a8fe0e78e06e714d17c5d5bc3e0f0c24c1d2cba78819b4a365468da078f0e9554afd1dd75f3d6743478de2b29b9d746df696fd5b637cbe2f89e078d77c88732545f5d41bbb3512c3ea99517c1b0e8ab51d9657ea24b92f44d387362436fb6303d661440227e4d406e58d2f44a892081a09170e11cb0f44815b80a352e5530dd948923faa4682c185feb5b754773d19407b9d8d529d84d5029289af478e068b01e108680d00345b0f21e931e3ec8c1d7ac8868fb7285961898f63d9b11a1e3692fee87ef8c1b16a782988fa69f6605a7aef0b1a1c5e3d3030554c59172a9160194adf6a6f17944a3a5984a6f69e50c77724286896b48d8b4cab837d9cecae88dba4cf0d41a363d8cbbf19e2c072a574feeb1fdee9a75b8d5f249a607622160ef290ae69e963ded0a2ddfd192dc02a3331a8e160a027441f0c6559a03e832551745128d73767e3e971213af75d8260c57b2417646ec60418f811df2ce28a82caf6bb2bed52edecb39d942c87f0be62e6888ba11dd639753bc6e0d36b4269428c04d6217384048c43bc2837bf933a79f42146d31f8fa44137baf1855c833d0eff8d18103963f0a11fd7974c0336785e9d8cf886d91dc095471df9047f57ae412f0fcc87aaa95bc109874a2bb65d33ff20b8ca029e874b2f0112c1a452c637577d954ba803bff44f5cce1162f6d24bb27697856a0dbcd0d21651a78cbd3311dd46ac9e5df0547bda6a33f87cb4e9564a436a8ff726e2f7f211d11d04a1fe0fc440dd0af8444a352c35395f04bce970dae15c89cf9"})

05:49:19 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}) (async)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10000})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

05:49:19 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000080))
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000000))
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"}) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) (async)
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000080)) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000000)) (async)

05:49:19 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)=0x1)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040))
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
syz_open_dev$ptys(0xc, 0x3, 0x0) (async)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)=0x1) (async)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040)) (async)

05:49:19 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)

05:49:19 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = getpgid(0xffffffffffffffff)
capset(&(0x7f0000000400)={0x20071026, r0}, &(0x7f0000000440)={0x9, 0x0, 0x7, 0x6, 0x1b7, 0x80000000})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan4\x00', <r1=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r10, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r11}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r12=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r9, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000008c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='R@Q)', @ANYRES16=r11, @ANYBLOB="00082abd7000fcdbdf25070000000a0004007770616e3400000008000300", @ANYRES32=r12, @ANYBLOB], 0xfffffffffffffd0c}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r2, &(0x7f0000000380)={&(0x7f00000001c0), 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x10c, 0x0, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SEC_DEVKEY={0x7c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x8000}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x10000}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xf}, @NL802154_DEVKEY_ATTR_ID={0x48, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1f}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x2c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x28, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_SEC_DEVKEY={0x18, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0x10c}, 0x1, 0x0, 0x0, 0x4814}, 0x0)

05:49:19 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCMGET(r1, 0x5415, &(0x7f0000000040))
ioctl$TIOCL_UNBLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000000080))
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:20 executing program 5:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000001340)={0x2b4, 0x12, 0x0, 0x70bd28, 0x25dfdbff, {0x2a, 0x8, 0x4, 0x1e, {0x4e21, 0x4e23, [0xe5e5, 0x3, 0x8001, 0x100], [0x7, 0x8, 0x7ff, 0x8], 0x0, [0x401, 0x3]}, 0x4, 0x22}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0xcc, 0x1, "ff60708e855413e35318b2a5fdbc94888a19247da470a8a3398ab28170978b5b10716608febbaaefde0307eefa198ab7c31cd8853798cad39ef4d7b4474f06083514cfa9cc283e5977e570b85ced2cf2cd77a935b351a4b6c21f6a8aea958cdf6a4ebf43454e8deadfc83619dde02464760eba58cde75a01b8821a03269ca5c1d7b2009aa21164516206f3913af6a4bbf4cca3b2024cb07ebb4b61787e41af9ca09d9e9b9d6c0f63afea6359f61eafa220b323a85ddc6be52a19c3c2690654a77860430713797082"}, @INET_DIAG_REQ_BYTECODE={0x6b, 0x1, "e302e1d22b2cc8a72907f0709092d8b6c4c0d609678318f4c755085414c62c7e90deae6c75361b46dc6491a760f8a61f84891f6fb357df2fa803221b133d7ada185539a6f655ce0ab32077b4009298d96a3407a4b706ae6e2de7d16186a179a8ab1c362fa50624"}, @INET_DIAG_REQ_BYTECODE={0x9c, 0x1, "6e55c9e17c5243dd27677503d84d8fef94e0de26ac11c0778343f040c4f5131f048fb1eb903f59b030739dcb7ac24eb10746317a9092150d40cc7cb59241da2a3bb285720daf94e905837b5efcb0653bbd37505dffaa3f28a69fa6dec52c2373522857139944c4e41d9e07239017909e0f15cab9f13959dac8d7842b6bf090e7669154a4bd75c5cc1273bd5802da94cc243c2c78824574be"}, @INET_DIAG_REQ_BYTECODE={0x3b, 0x1, "165a5c51bce5f11a16868b1bfd3380edcee3f4470e095017064eb6f682094e5f94ce47cc8d47f6a6271228bdfd81fb97dce8da04adc6f8"}, @INET_DIAG_REQ_BYTECODE={0x51, 0x1, "b01ebef6e02d10e83369cc01fc6b38c1542874daa0284df85f20a5898a9e6a01df5af39e3eff8b1dbb372e4f7336eed99def20c98f98ecd0108c5a1357cce7417623e1920b0e4bffa6250c824f"}]}, 0x2b4}, 0x1, 0x0, 0x0, 0x4010}, 0x40000)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000080)={0x9ea6, <r4=>0x0, 0x10001})
ioctl$DRM_IOCTL_AGP_UNBIND(r3, 0x40106437, &(0x7f0000000100)={r4, 0x8})
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000000)=0x6)
read$snapshot(r1, &(0x7f0000000040)=""/5, 0x5)

05:49:20 executing program 4:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000080)) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000000))

05:49:20 executing program 1:
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040), 0x5b) (async)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) (async)

05:49:20 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0) (async)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCMGET(r1, 0x5415, &(0x7f0000000040)) (async)
ioctl$TIOCL_UNBLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000000080)) (async)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:20 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) (async)
r0 = getpgid(0xffffffffffffffff)
capset(&(0x7f0000000400)={0x20071026, r0}, &(0x7f0000000440)={0x9, 0x0, 0x7, 0x6, 0x1b7, 0x80000000}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan4\x00', <r1=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r10, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r11}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r12=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r9, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000008c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='R@Q)', @ANYRES16=r11, @ANYBLOB="00082abd7000fcdbdf25070000000a0004007770616e3400000008000300", @ANYRES32=r12, @ANYBLOB], 0xfffffffffffffd0c}, 0x1, 0x0, 0x0, 0x40840}, 0x0) (async, rerun: 64)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r2, &(0x7f0000000380)={&(0x7f00000001c0), 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x10c, 0x0, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SEC_DEVKEY={0x7c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x8000}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x10000}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xf}, @NL802154_DEVKEY_ATTR_ID={0x48, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1f}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x2c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x28, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_SEC_DEVKEY={0x18, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0x10c}, 0x1, 0x0, 0x0, 0x4814}, 0x0) (rerun: 64)

05:49:20 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x2000)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r1, 0x3309)
read$snapshot(r0, 0x0, 0x12) (async, rerun: 32)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async, rerun: 32)
r3 = syz_open_dev$audion(&(0x7f0000000080), 0x1, 0x480800)
ioctl$BLKRAGET(r3, 0x1263, &(0x7f0000000100))
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000040)={0x2, 0x1, 0x1, 0x1a, 0x7f, &(0x7f0000000200)="2cca994eefd1162fbbe39d38d567a0bd0fbedd1e1d944afc1c4b0b3fff22bd2a1688d506d8c63a2bb2dffd8a27d2559f6cab659dbb4296b8099147e651b1953a31dff29c1f4bb6b906936f80855607f91d3302b44f58125b52e5930f2521e5be95057e133fd98f3b8e82f4a49087d18a7a571ec21f40414aa289c85a387dd8866e0eb2e6b1edde7729a9075e80fe67bec871dbc56b6fe2a97c2a02fa14248539663924ff4d1a52212125bc099c3fff322404a1c806cb2f1a106e4aae44cf80ed16e8aaa58d3e54de483811e67bc7bf60e56fb03b7fa6e5f48f0ca9a3beb2577cabc92274d46e2d9edde231499e9fcbc186c75f2b1447796ec2eefd79491237d8a7d5ff9fab4f96b96a6dbe887c263c7a49bd6ae139af294b9799730d096f1e695d0b5c38502c2e9e29625ba5492e241cf24199498a025c09c528372d512723713b608526d4fa8498ad9cbcd511d3ac0b8f895e7e12f9de11daa892497e5277c1f2e5271ba82177d33388c1b4ee5d52739d7ebd525ecb8abc1317bc96d94e1b44267e5b65ebe085155880b4f519b580c1d246b4b74e9bbffd022890ab8db4d872efc4f44a933cf88ad6d6e7568c83f084ec3598db3b7ca956d9265705e9c1767cfb731d4b7aa7fca23ed01fd2152a8fe0e78e06e714d17c5d5bc3e0f0c24c1d2cba78819b4a365468da078f0e9554afd1dd75f3d6743478de2b29b9d746df696fd5b637cbe2f89e078d77c88732545f5d41bbb3512c3ea99517c1b0e8ab51d9657ea24b92f44d387362436fb6303d661440227e4d406e58d2f44a892081a09170e11cb0f44815b80a352e5530dd948923faa4682c185feb5b754773d19407b9d8d529d84d5029289af478e068b01e108680d00345b0f21e931e3ec8c1d7ac8868fb7285961898f63d9b11a1e3692fee87ef8c1b16a782988fa69f6605a7aef0b1a1c5e3d3030554c59172a9160194adf6a6f17944a3a5984a6f69e50c77724286896b48d8b4cab837d9cecae88dba4cf0d41a363d8cbbf19e2c072a574feeb1fdee9a75b8d5f249a607622160ef290ae69e963ded0a2ddfd192dc02a3331a8e160a027441f0c6559a03e832551745128d73767e3e971213af75d8260c57b2417646ec60418f811df2ce28a82caf6bb2bed52edecb39d942c87f0be62e6888ba11dd639753bc6e0d36b4269428c04d6217384048c43bc2837bf933a79f42146d31f8fa44137baf1855c833d0eff8d18103963f0a11fd7974c0336785e9d8cf886d91dc095471df9047f57ae412f0fcc87aaa95bc109874a2bb65d33ff20b8ca029e874b2f0112c1a452c637577d954ba803bff44f5cce1162f6d24bb27697856a0dbcd0d21651a78cbd3311dd46ac9e5df0547bda6a33f87cb4e9564a436a8ff726e2f7f211d11d04a1fe0fc440dd0af8444a352c35395f04bce970dae15c89cf9"})

05:49:20 executing program 1:
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(0xffffffffffffffff, 0xc00464be, &(0x7f0000000000))
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000080))
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x10221c46ecac4c9d}, 0x10)

05:49:20 executing program 3:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0) (async, rerun: 64)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) (rerun: 64)
ioctl$TIOCMGET(r1, 0x5415, &(0x7f0000000040)) (async)
ioctl$TIOCL_UNBLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000000080))
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

05:49:20 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x10000, 0xffffffff, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac99"})

05:49:20 executing program 1:
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(0xffffffffffffffff, 0xc00464be, &(0x7f0000000000)) (async)
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000080)) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x10221c46ecac4c9d}, 0x10)

05:49:20 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000))

05:49:20 executing program 2:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = getpgid(0xffffffffffffffff)
capset(&(0x7f0000000400)={0x20071026, r0}, &(0x7f0000000440)={0x9, 0x0, 0x7, 0x6, 0x1b7, 0x80000000})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan4\x00', <r1=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r10, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r11}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r12=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r9, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000008c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='R@Q)', @ANYRES16=r11, @ANYBLOB="00082abd7000fcdbdf25070000000a0004007770616e3400000008000300", @ANYRES32=r12, @ANYBLOB], 0xfffffffffffffd0c}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r2, &(0x7f0000000380)={&(0x7f00000001c0), 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x10c, 0x0, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SEC_DEVKEY={0x7c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x8000}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x10000}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xf}, @NL802154_DEVKEY_ATTR_ID={0x48, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1f}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x2c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x28, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x4}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_SEC_DEVKEY={0x18, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0x10c}, 0x1, 0x0, 0x0, 0x4814}, 0x0)

05:49:20 executing program 5:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000001340)={0x2b4, 0x12, 0x0, 0x70bd28, 0x25dfdbff, {0x2a, 0x8, 0x4, 0x1e, {0x4e21, 0x4e23, [0xe5e5, 0x3, 0x8001, 0x100], [0x7, 0x8, 0x7ff, 0x8], 0x0, [0x401, 0x3]}, 0x4, 0x22}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0xcc, 0x1, "ff60708e855413e35318b2a5fdbc94888a19247da470a8a3398ab28170978b5b10716608febbaaefde0307eefa198ab7c31cd8853798cad39ef4d7b4474f06083514cfa9cc283e5977e570b85ced2cf2cd77a935b351a4b6c21f6a8aea958cdf6a4ebf43454e8deadfc83619dde02464760eba58cde75a01b8821a03269ca5c1d7b2009aa21164516206f3913af6a4bbf4cca3b2024cb07ebb4b61787e41af9ca09d9e9b9d6c0f63afea6359f61eafa220b323a85ddc6be52a19c3c2690654a77860430713797082"}, @INET_DIAG_REQ_BYTECODE={0x6b, 0x1, "e302e1d22b2cc8a72907f0709092d8b6c4c0d609678318f4c755085414c62c7e90deae6c75361b46dc6491a760f8a61f84891f6fb357df2fa803221b133d7ada185539a6f655ce0ab32077b4009298d96a3407a4b706ae6e2de7d16186a179a8ab1c362fa50624"}, @INET_DIAG_REQ_BYTECODE={0x9c, 0x1, "6e55c9e17c5243dd27677503d84d8fef94e0de26ac11c0778343f040c4f5131f048fb1eb903f59b030739dcb7ac24eb10746317a9092150d40cc7cb59241da2a3bb285720daf94e905837b5efcb0653bbd37505dffaa3f28a69fa6dec52c2373522857139944c4e41d9e07239017909e0f15cab9f13959dac8d7842b6bf090e7669154a4bd75c5cc1273bd5802da94cc243c2c78824574be"}, @INET_DIAG_REQ_BYTECODE={0x3b, 0x1, "165a5c51bce5f11a16868b1bfd3380edcee3f4470e095017064eb6f682094e5f94ce47cc8d47f6a6271228bdfd81fb97dce8da04adc6f8"}, @INET_DIAG_REQ_BYTECODE={0x51, 0x1, "b01ebef6e02d10e83369cc01fc6b38c1542874daa0284df85f20a5898a9e6a01df5af39e3eff8b1dbb372e4f7336eed99def20c98f98ecd0108c5a1357cce7417623e1920b0e4bffa6250c824f"}]}, 0x2b4}, 0x1, 0x0, 0x0, 0x4010}, 0x40000) (async)
r1 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0)
read$snapshot(r1, &(0x7f0000000340)=""/4096, 0x1000) (async)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r3, 0x4b72, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000080)={0x9ea6, <r4=>0x0, 0x10001})
ioctl$DRM_IOCTL_AGP_UNBIND(r3, 0x40106437, &(0x7f0000000100)={r4, 0x8}) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000000)=0x6)
read$snapshot(r1, &(0x7f0000000040)=""/5, 0x5)

05:49:20 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000))

05:49:20 executing program 1:
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(0xffffffffffffffff, 0xc00464be, &(0x7f0000000000))
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000080))
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x10221c46ecac4c9d}, 0x10)
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(0xffffffffffffffff, 0xc00464be, &(0x7f0000000000)) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000080)) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x10221c46ecac4c9d}, 0x10) (async)

05:49:20 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0) (async)
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x10000, 0xffffffff, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac99"})

05:49:20 executing program 2:
r0 = getpgid(0x0)
ptrace$pokeuser(0x6, r0, 0x0, 0x0)
capset(&(0x7f0000000000)={0x19980330, r0}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x10001})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000540)={'wpan4\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000000c0)={'wpan3\x00', <r8=>0x0})
sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x16}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000001}, 0x54)

05:49:20 executing program 0:
r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x0) (async, rerun: 64)
r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x3, 0x2000) (rerun: 64)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r1, 0x3309)
read$snapshot(r0, 0x0, 0x12) (async, rerun: 64)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async, rerun: 64)
r3 = syz_open_dev$audion(&(0x7f0000000080), 0x1, 0x480800)
ioctl$BLKRAGET(r3, 0x1263, &(0x7f0000000100)) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000040)={0x2, 0x1, 0x1, 0x1a, 0x7f, &(0x7f0000000200)="2cca994eefd1162fbbe39d38d567a0bd0fbedd1e1d944afc1c4b0b3fff22bd2a1688d506d8c63a2bb2dffd8a27d2559f6cab659dbb4296b8099147e651b1953a31dff29c1f4bb6b906936f80855607f91d3302b44f58125b52e5930f2521e5be95057e133fd98f3b8e82f4a49087d18a7a571ec21f40414aa289c85a387dd8866e0eb2e6b1edde7729a9075e80fe67bec871dbc56b6fe2a97c2a02fa14248539663924ff4d1a52212125bc099c3fff322404a1c806cb2f1a106e4aae44cf80ed16e8aaa58d3e54de483811e67bc7bf60e56fb03b7fa6e5f48f0ca9a3beb2577cabc92274d46e2d9edde231499e9fcbc186c75f2b1447796ec2eefd79491237d8a7d5ff9fab4f96b96a6dbe887c263c7a49bd6ae139af294b9799730d096f1e695d0b5c38502c2e9e29625ba5492e241cf24199498a025c09c528372d512723713b608526d4fa8498ad9cbcd511d3ac0b8f895e7e12f9de11daa892497e5277c1f2e5271ba82177d33388c1b4ee5d52739d7ebd525ecb8abc1317bc96d94e1b44267e5b65ebe085155880b4f519b580c1d246b4b74e9bbffd022890ab8db4d872efc4f44a933cf88ad6d6e7568c83f084ec3598db3b7ca956d9265705e9c1767cfb731d4b7aa7fca23ed01fd2152a8fe0e78e06e714d17c5d5bc3e0f0c24c1d2cba78819b4a365468da078f0e9554afd1dd75f3d6743478de2b29b9d746df696fd5b637cbe2f89e078d77c88732545f5d41bbb3512c3ea99517c1b0e8ab51d9657ea24b92f44d387362436fb6303d661440227e4d406e58d2f44a892081a09170e11cb0f44815b80a352e5530dd948923faa4682c185feb5b754773d19407b9d8d529d84d5029289af478e068b01e108680d00345b0f21e931e3ec8c1d7ac8868fb7285961898f63d9b11a1e3692fee87ef8c1b16a782988fa69f6605a7aef0b1a1c5e3d3030554c59172a9160194adf6a6f17944a3a5984a6f69e50c77724286896b48d8b4cab837d9cecae88dba4cf0d41a363d8cbbf19e2c072a574feeb1fdee9a75b8d5f249a607622160ef290ae69e963ded0a2ddfd192dc02a3331a8e160a027441f0c6559a03e832551745128d73767e3e971213af75d8260c57b2417646ec60418f811df2ce28a82caf6bb2bed52edecb39d942c87f0be62e6888ba11dd639753bc6e0d36b4269428c04d6217384048c43bc2837bf933a79f42146d31f8fa44137baf1855c833d0eff8d18103963f0a11fd7974c0336785e9d8cf886d91dc095471df9047f57ae412f0fcc87aaa95bc109874a2bb65d33ff20b8ca029e874b2f0112c1a452c637577d954ba803bff44f5cce1162f6d24bb27697856a0dbcd0d21651a78cbd3311dd46ac9e5df0547bda6a33f87cb4e9564a436a8ff726e2f7f211d11d04a1fe0fc440dd0af8444a352c35395f04bce970dae15c89cf9"})

05:49:21 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, r1, 0x7}, 0x10)
ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000000)={0x80})

05:49:21 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) (async)
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x10000, 0xffffffff, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac99"})

05:49:21 executing program 3:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x1) (async)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000))

05:49:21 executing program 2:
r0 = getpgid(0x0)
ptrace$pokeuser(0x6, r0, 0x0, 0x0)
capset(&(0x7f0000000000)={0x19980330, r0}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x10001}) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000540)={'wpan4\x00'}) (async)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r6}, 0x14}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000007c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000900)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x28, r6, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000000c0)={'wpan3\x00', <r8=>0x0})
sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x16}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000001}, 0x54)

05:49:21 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, r1, 0x7}, 0x10)
ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000000)={0x80})
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r1, 0x4b72, 0x0) (async)
syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, 0x0) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, r1, 0x7}, 0x10) (async)
ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000000)={0x80}) (async)

05:49:21 executing program 4:
syz_open_dev$ttys(0xc, 0x2, 0x1)
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010026bd7000fddbdf25070000000800050001000000080001"], 0x50}}, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000200)={0x0, 0x0, 0xffff3d30, 0x0, 0x0, "b8564a1ce70d194bb84aa7016ae7a59d58ac91"})

05:49:21 executing program 5:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000001340)={0x2b4, 0x12, 0x0, 0x70bd28, 0x25dfdbff, {0x2a, 0x8, 0x4, 0x1e, {0x4e21, 0x4e23, [0xe5e5, 0x3, 0x8001, 0x100], [0x7, 0x8, 0x7ff, 0x8], 0x0, [0x401, 0x3]}, 0x4, 0x22}, [@INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0xcc, 0x1, "ff60708e855413e35318b2a5fdbc94888a19247da470a8a3398ab28170978b5b10716608febbaaefde0307eefa198ab7c31cd8853798cad39ef4d7b4474f06083514cfa9cc283e5977e570b85ced2cf2cd77a935b351a4b6c21f6a8aea958cdf6a4ebf43454e8deadfc83619dde02464760eba58cde75a01b8821a03269ca5c1d7b2009aa21164516206f3913af6a4bbf4cca3b2024cb07ebb4b61787e41af9ca09d9e9b9d6c0f63afea6359f61eafa220b323a85ddc6be52a19c3c2690654a77860430713797082"}, @INET_DIAG_REQ_BYTECODE={0x6b, 0x1, "e302e1d22b2cc8a72907f0709092d8b6c4c0d609678318f4c755085414c62c7e90deae6c