Extracting prog: 7m46.481866021s
Minimizing prog: 23m45.634956463s
Simplifying prog options: 0s
Extracting C: 1m44.285562986s
Simplifying C: 9m54.481963905s


extracting reproducer from 40 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 45s
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'comedi_parport\x00', [0xf0, 0x80008000, 0x1, 0xa, 0x0, 0x0, 0x10000001, 0x1, 0x1000, 0x1, 0x8, 0x1, 0x6, 0x4, 0xffff, 0x6, 0xffffffa7, 0x9, 0xfffffffd, 0x5, 0x3ff, 0x10000, 0x800, 0xe2df, 0x9, 0xff, 0x0, 0x3, 0x7, 0x5, 0x5]})

program did not crash
single: failed to extract reproducer
bisect: bisecting 40 programs with base timeout 45s
testing program (duration=55s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [20, 12, 14, 26, 7, 17, 17, 8, 20, 28, 10, 4, 23, 5, 2, 15, 3, 3, 28, 15, 28, 3, 3, 2, 16, 3, 3, 2, 4, 2, 17, 3, 17, 3, 3, 7, 4, 2, 5, 2]
detailed listing:
executing program 1:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETLED(r0, 0x4b32, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
syz_emit_ethernet(0x56, &(0x7f00000002c0)=ANY=[], 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r3 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$HIDIOCSREPORT(r3, 0x81044804, &(0x7f0000000400)={0x1, 0x1})
syz_usb_control_io(r2, &(0x7f0000000440)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x7, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
executing program 1:
r0 = syz_io_uring_setup(0x1370, &(0x7f00000000c0)={0x0, 0x49fa, 0x0, 0x0, 0x4e}, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[r0], 0x1})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
write$dsp(r3, &(0x7f0000000200)='m', 0x1)
r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000100))
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0)
executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
socket(0xa, 0x2, 0x2)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, 0xffffffffffffffff)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{}, &(0x7f0000000340), &(0x7f0000000240)=r5}, 0xffffffb6)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x400}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
fchmodat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x1)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x200800, 0x8)
fcntl$getflags(r7, 0x1)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000100)={'macvtap0\x00', 0x1000})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2}, 0x18)
readv(r1, &(0x7f00000003c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000800)=""/196, 0xc4}], 0x4)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, 0x0, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x200008e0)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
futex(0x0, 0x82, 0x3, 0x0, 0x0, 0xc5fffffd)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000380), 0x5}, 0x38)
r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r4, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}, {0x0, 0x900}], 0x2)
executing program 32:
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
futex(0x0, 0x82, 0x3, 0x0, 0x0, 0xc5fffffd)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000380), 0x5}, 0x38)
r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r4, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}, {0x0, 0x900}], 0x2)
executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})
executing program 2:
openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x84540, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000040)='GPL\x00'}, 0x80)
fcntl$dupfd(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
readv(0xffffffffffffffff, &(0x7f00000007c0), 0x0)
prlimit64(0x0, 0x2, 0x0, 0x0)
syncfs(r3)
mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c00028005000100000009002400028014000180080001000000010908000200ac1e00010c000280050001000000000044000f800800014000000006080003400000002b080003400000000808000240000000400800014000000000fb0001400000000708000140"], 0xa8}}, 0x0)
executing program 2:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002)
sched_setscheduler(r1, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r6 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
fchdir(r7)
r8 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r8, 0x2007ffb)
sendfile(r8, r8, 0x0, 0x1000000201005)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10)
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000023106a053103000000000001090224000100007e1109040002010300010009210000000122f80409058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x1e, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000006c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x100000, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}}, 0x4)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
executing program 2:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000040)="f8", 0x1}], 0x1, 0x0)
close(r1)
socket$inet6_udp(0xa, 0x2, 0x0)
splice(r0, 0x0, r1, 0x0, 0x10500, 0x0)
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x70, 0x0, 0x1, 0x401, 0x11, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000081}, 0x0)
executing program 2:
socket$netlink(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05000000040000000400000004"], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x3, 0x17, &(0x7f0000000880)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x76}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000013c0)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x3}}]}}, 0x0, 0x3e}, 0x28)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
fdatasync(0xffffffffffffffff)
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000010000008500000086000000bf91000000000000b7020000000000008500000085000000b70000000000010095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x18000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0xd28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000005e000101"], 0x1c}], 0x1}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.current\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000040)=0x1130418, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x8, 0x0, 0x0, 0x0, 0xa3c, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r7, 0x13)
tkill(r7, 0x12)
waitid(0x1, r7, 0x0, 0x8, &(0x7f0000000340))
executing program 33:
socket$netlink(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05000000040000000400000004"], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x3, 0x17, &(0x7f0000000880)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x76}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
executing program 34:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000010000008500000086000000bf91000000000000b7020000000000008500000085000000b70000000000010095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x18000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0xd28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000005e000101"], 0x1c}], 0x1}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.current\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000040)=0x1130418, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x8, 0x0, 0x0, 0x0, 0xa3c, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r7, 0x13)
tkill(r7, 0x12)
waitid(0x1, r7, 0x0, 0x8, &(0x7f0000000340))
executing program 3:
r0 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0xff04}], 0x1}, 0x0)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000300)="e0", 0x19ffd}], 0x1}, 0xccff)
executing program 3:
r0 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0xff04}], 0x1}, 0x0)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000300)="e0", 0x19ffd}], 0x1}, 0xccff)
executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xa0}}, 0x0)
executing program 4:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r3}, &(0x7f0000001c00), 0x0}, 0x20)
unshare(0x64000600)
executing program 3:
r0 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0xff04}], 0x1}, 0x0)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000300)="e0", 0x19ffd}], 0x1}, 0xccff)
executing program 3:
r0 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0xff04}], 0x1}, 0x0)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000300)="e0", 0x19ffd}], 0x1}, 0xccff)
executing program 4:
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
ioctl$SIOCSIFHWADDR(r0, 0x541b, &(0x7f0000000180)={'veth0_virt_wifi\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}})
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x74, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x44, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}, 0x0, @random=0x7, 0x1, @void, @void, @val={0x3, 0x1, 0xb3}, @val={0x4, 0x6, {0xf0, 0x2, 0x7f, 0xa706}}, @val={0x6, 0x2, 0x6}, @void, @val={0x25, 0x3, {0x1, 0x8c, 0x8}}, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}, @NL80211_ATTR_IE={0x4}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x74}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x1, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2180}, [@IFLA_IFNAME={0x14, 0x3, 'wlan0\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0xffffffff, 0xec5, 0x1}}]}]}]}, 0x4c}}, 0x0)
executing program 4:
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
executing program 3:
r0 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0xff04}], 0x1}, 0x0)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000300)="e0", 0x19ffd}], 0x1}, 0xccff)
executing program 35:
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
executing program 3:
r0 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0xff04}], 0x1}, 0x0)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000300)="e0", 0x19ffd}], 0x1}, 0xccff)
executing program 5:
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="1400000016000b63d25a80648c2594f90b24fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000100)=""/189, 0xbd}, {&(0x7f0000000480)=""/177, 0xb1}, {&(0x7f0000002d80)=""/181, 0xb5}, {&(0x7f0000003100)=""/4081, 0xff1}, {&(0x7f00000002c0)=""/169, 0xa9}, {&(0x7f00000003c0)=""/138, 0x8a}, {&(0x7f0000000d40)=""/4090, 0xffa}, {&(0x7f0000000580)=""/234, 0xea}, {&(0x7f00000007c0)=""/42, 0x2a}, {&(0x7f0000000540)=""/47, 0x2f}, {&(0x7f0000000680)=""/195, 0xc3}, {&(0x7f0000000780)=""/39, 0x27}, {&(0x7f00000008c0)=""/255, 0xff}], 0xd}, 0x20)
executing program 5:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg(r0, &(0x7f000000bb80)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)="a3c44c02cecf808a525c6357780cc11152a16010fe0f71c7ddc58732ec3f143ec9f7cc7a", 0x24}, {&(0x7f0000000380)="0dcf6bddc9d997d0f65674cbc9936a92926b9e9461ed93d64083b512bd4d97ea4f79981781d83c7ae02372d7c6448b83c6e26031776f66539c316440da7ac17467d6898051a2cec42292e51b207f5b0f1635662bc1514484cdc48bb625c23b50b25dcf77e0b8feb079c0d3bec6e14f4170950dbe095a3aec8dc02b9bbc6fa76e6541fd67fa249bc16f0f4e292db6394b604ed0b0a01b658d74e07468dfa043e9c6f953d9cceb2ac7af83bfff3c7b818a84806bb2f7669e2c250db6c6cf142390dda419b207d6bd3f26504c81", 0xcc}, {&(0x7f0000000600)="d7b3e0477ac2c7c1be5a8d3a8a3c2b9b1b2e92ae515026c282c0151696c190dc5cc2f924f0d5ad5dc0a5efc4454d5fc6fa64711c2624fcdd90a0a0ae7b14e4c8dcb9c0195b0c8706e505db11e9d7ad9cc82299983c78a18fc25bd15b113f6cfd0fae5f5247369b4d25339116a17b6abe990b94fc2ccc324c70f16f21afef802a4646642b5db0b9cb0f7bac7c5181cec057ba559ecc142bdb493abacb2e0faf2d110245493a15b04ef7b99374005a2b01bdcd62f74b53aa8be7e542f8fd79f05dc2890ff683cf2bcc14dc41b7980a", 0xce}, {&(0x7f0000000700)="42147a5298dad0068a587386479d6067b91478775ec6710f9c4f63bd8cfcea6cc3c8bb410df56dff47bf0b3d7d2be9dc1af3ee9a0fb71228104855ad8c2084042c76bf940472c55fc5a69fe6f05bb6032ff9d06e198c9d7c59e91d80e9651d8460982da9d01d0c38149e8effad668b64fe91ba8756071c965c9120b80b9d5a1e674ed9b44ecaa0b002b38a37514bcec913167727b89df0b3", 0x98}, {&(0x7f0000000840)="0fec87610bc3aac0435d5f77d4f2279f8adb8677d01c2e180b468a3ae83b9b81184c3716b241f437478ac166f07846e4ec6152c358e9ffbaa7011ccdefcc897ba7997c8a9a5cca13512b2f1a2c6b3b44e5aec89f2d936fbbb9fd28194a83d3783a65c499129048259df0eea7c25cd718668274cfa83f3ba3dd5e9ecb150f994883ed13c4888c592f5d77ead0700e2a9edc3e5b01d187c59b48e1fabf725ac7ac249a4f1d175be9beaa7881385e", 0xad}], 0x5}}, {{0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000f00)="c54dc9f9986c25c22d706fe0b04c3e2535f0951a30346d07b016028a519e46002b0071cb1a71ef9f99d545d007dd079f418cef53865b1fa2c7f397ea0f4030a542fb690343571fbd0a9ddfaa4fe8bdb884b122ca9834226b87ae88d298a7fee2b595e5327751ca", 0x67}, {&(0x7f0000000f80)="1f7344d15077e3cc38040be56e163aa9c895ccee37c8", 0x16}, {&(0x7f0000000540)="20d89c5eec800952682751638771648d25a662e7e1b9e625e330", 0x1a}, {&(0x7f0000001040)="ff189d1cb111ff748a547869ebed312ab684f4ed819d6e2036c742f1c6", 0x1d}], 0x4}}, {{0x0, 0x0, &(0x7f0000002fc0)=[{&(0x7f00000029c0)="312b1f5560e5b3f1095fafdabc4a9cff40c4da7af327fca27ca37a058180c65599f216c3300525e189b3d5e37f09f1fe9afa96ad4cfc13239579c25f60303869cb0365f639c8f0b455de9df699c729d9a69a7f3bf7340504d12225d3204bd955dd537fbb739c9aa47863256930cdc6e42d3f887522fb03903f7c0bc871cfd71369a2be", 0x83}, {&(0x7f0000002a80)="be54530b8429459f651add678560cb1433010b16fc7310bd661ecef3da3f40aa3d3e1e73f839f52105721957a4e5f9cc8b0a3a7177bcaf6229511174f7a7aa91edb809cc0d31e49b7b3e7dfcafd1609f2d2a", 0x52}, {&(0x7f0000001280)="5a7b9afd4074094d9b589330df19275722eb76fe008230cac67f85c3c1daa001e9608ba49b1563e29a1f9b3a0bbead324d9aaf", 0x33}, {&(0x7f0000002b00)="d2e1cf6abe895bca42bed92547d9217699d0a0adf4fb4abd018edcf3de8e0e2922f5340e0bc0d1c3602e0654e8851c826bb4adc22ffb70d9dedce68acb6ea7516402f68f456832ce005b218eb88bb660e61fff20efe1c0820bab1f17e229cc374297677f0190f3dc740e4ce2385e7c3d99ac4ea48c0054254a4ba359c993d75e9b1037059a6d787c343e50e93c76e00353ed11b388306b32c1ed406cc85aa98ee61df7e7620b0e8ace320c3dfc9ded91ab57bafae9456f944fab44a68f931aefc1e64f14b1772ee02b7aae7243e0cc7aaa1bd48dddaea2e23747c0d7cab4f8104fd8b1dd8189376c1b24ff8586d84b", 0xef}, {&(0x7f0000002c00)="c550f26bff4bb6df6fe8c397c5f567c3c45a2d339f498088d19d3f3132b187645180f108bbd901ca27cdc27cd69d7d9e413936d9bdbd8802b212ed32331432310d771e61839d42c1c71c9bd1216018b5ebc4083618f3ffeef443ef189c5b61529305a988e3c17bc46ae64202d200b809f9ecfc3c6878f132d67473e5660ce7ddce0bc839add0e31e4f5fb45682b46e5c2e8a10268cc58de4376412435d17f784bcb1d83759f2e2d6ae048c7d9a421ec047151d2a81c16f4b87753f579516397c8413108cafe8f976f40ee16326beae484d28ba45803aa3", 0xd7}, {&(0x7f0000002d00)="8c16d05079c32c8d219618dd2bbd44d3ff6a49e0aaab594d46e92a3ee86dfb8358b75483eda1cc5e130373647395bbcc61c9c2", 0x33}], 0x6}}], 0x3, 0x8800)
executing program 5:
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000)
writev(r1, &(0x7f0000003480)=[{&(0x7f00000021c0)="81", 0x1}], 0x1)
executing program 5:
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000024c0), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000540)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x28, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
executing program 5:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'comedi_parport\x00', [0xf0, 0x80008000, 0x1, 0xa, 0x0, 0x0, 0x10000001, 0x1, 0x1000, 0x1, 0x8, 0x1, 0x6, 0x4, 0xffff, 0x6, 0xffffffa7, 0x9, 0xfffffffd, 0x5, 0x3ff, 0x10000, 0x800, 0xe2df, 0x9, 0xff, 0x0, 0x3, 0x7, 0x5, 0x5]})

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 5m0s
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'comedi_parport\x00', [0xf0, 0x80008000, 0x1, 0xa, 0x0, 0x0, 0x10000001, 0x1, 0x1000, 0x1, 0x8, 0x1, 0x6, 0x4, 0xffff, 0x6, 0xffffffa7, 0x9, 0xfffffffd, 0x5, 0x3ff, 0x10000, 0x800, 0xe2df, 0x9, 0xff, 0x0, 0x3, 0x7, 0x5, 0x5]})

program crashed: BUG: unable to handle kernel paging request in parport_attach
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi
detailed listing:
executing program 0:
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000080)={'comedi_parport\x00', [0xf0, 0x80008000, 0x1, 0xa, 0x0, 0x0, 0x10000001, 0x1, 0x1000, 0x1, 0x8, 0x1, 0x6, 0x4, 0xffff, 0x6, 0xffffffa7, 0x9, 0xfffffffd, 0x5, 0x3ff, 0x10000, 0x800, 0xe2df, 0x9, 0xff, 0x0, 0x3, 0x7, 0x5, 0x5]})

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, 0x0, 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'comedi_parport\x00', [0xf0, 0x80008000, 0x1, 0xa, 0x0, 0x0, 0x10000001, 0x1, 0x1000, 0x1, 0x8, 0x1, 0x6, 0x4, 0xffff, 0x6, 0xffffffa7, 0x9, 0xfffffffd, 0x5, 0x3ff, 0x10000, 0x800, 0xe2df, 0x9, 0xff, 0x0, 0x3, 0x7, 0x5, 0x5]})

program did not crash
testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
program crashed: BUG: unable to handle kernel paging request in parport_attach
simplifying C reproducer
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
program crashed: BUG: unable to handle kernel paging request in parport_attach
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
program crashed: BUG: unable to handle kernel paging request in parport_attach
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
program crashed: BUG: unable to handle kernel paging request in parport_attach
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
program crashed: BUG: unable to handle kernel paging request in parport_attach
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
program crashed: BUG: unable to handle kernel paging request in parport_attach
testing compiled C program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
program crashed: BUG: unable to handle kernel paging request in parport_attach
testing program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'comedi_parport\x00', [0xf0, 0x80008000, 0x1, 0xa, 0x0, 0x0, 0x10000001, 0x1, 0x1000, 0x1, 0x8, 0x1, 0x6, 0x4, 0xffff, 0x6, 0xffffffa7, 0x9, 0xfffffffd, 0x5, 0x3ff, 0x10000, 0x800, 0xe2df, 0x9, 0xff, 0x0, 0x3, 0x7, 0x5, 0x5]})

program crashed: BUG: unable to handle kernel paging request in parport_attach
validation run: crashed=true
testing program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'comedi_parport\x00', [0xf0, 0x80008000, 0x1, 0xa, 0x0, 0x0, 0x10000001, 0x1, 0x1000, 0x1, 0x8, 0x1, 0x6, 0x4, 0xffff, 0x6, 0xffffffa7, 0x9, 0xfffffffd, 0x5, 0x3ff, 0x10000, 0x800, 0xe2df, 0x9, 0xff, 0x0, 0x3, 0x7, 0x5, 0x5]})

program crashed: BUG: unable to handle kernel paging request in parport_attach
validation run: crashed=true
testing program (duration=5m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'comedi_parport\x00', [0xf0, 0x80008000, 0x1, 0xa, 0x0, 0x0, 0x10000001, 0x1, 0x1000, 0x1, 0x8, 0x1, 0x6, 0x4, 0xffff, 0x6, 0xffffffa7, 0x9, 0xfffffffd, 0x5, 0x3ff, 0x10000, 0x800, 0xe2df, 0x9, 0xff, 0x0, 0x3, 0x7, 0x5, 0x5]})

program crashed: BUG: unable to handle kernel paging request in parport_attach
validation run: crashed=true
reproducing took 51m49.899818314s
repro crashed as (corrupted=false):
8<--- cut here ---
Unable to handle kernel paging request at virtual address fee000f0 when write
[fee000f0] *pgd=80000080007003, *pmd=00000000
Internal error: Oops: a06 [#1] SMP ARM
Modules linked in:
CPU: 0 UID: 0 PID: 4088 Comm: syz.2.16 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT 
Hardware name: ARM-Versatile Express
PC is at __raw_writeb arch/arm/include/asm/io.h:88 [inline]
PC is at parport_attach drivers/comedi/drivers/comedi_parport.c:289 [inline]
PC is at parport_attach+0x174/0x1d0 drivers/comedi/drivers/comedi_parport.c:224
LR is at parport_attach drivers/comedi/drivers/comedi_parport.c:289 [inline]
LR is at parport_attach+0x164/0x1d0 drivers/comedi/drivers/comedi_parport.c:224
pc : [<81398ba8>]    lr : [<81398b98>]    psr: 60000013
sp : e05e1d38  ip : e05e1d38  fp : e05e1d5c
r10: 82b15078  r9 : 00000003  r8 : 841493c0
r7 : e05e1d98  r6 : 841493c0  r5 : 00000000  r4 : 00000000
r3 : fee000f0  r2 : 81e14f0c  r1 : 00000001  r0 : 81398818
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 85588d40  DAC: fffffffd
Register r0 information: non-slab/vmalloc memory
Register r1 information: non-paged memory
Register r2 information: non-slab/vmalloc memory
Register r3 information: 0-page vmalloc region starting at 0xfee00000 allocated at pci_reserve_io+0x0/0x38 arch/arm/mm/mmu.c:1055
Register r4 information: NULL pointer
Register r5 information: NULL pointer
Register r6 information: slab kmalloc-192 start 841493c0 pointer offset 0 size 192
Register r7 information: 2-page vmalloc region starting at 0xe05e0000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2599
Register r8 information: slab kmalloc-192 start 841493c0 pointer offset 0 size 192
Register r9 information: non-paged memory
Register r10 information: non-slab/vmalloc memory
Register r11 information: 2-page vmalloc region starting at 0xe05e0000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2599
Register r12 information: 2-page vmalloc region starting at 0xe05e0000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2599
Process syz.2.16 (pid: 4088, stack limit = 0xe05e0000)
Stack: (0xe05e1d38 to 0xe05e2000)
1d20:                                                       823f88f8 841493c0
1d40: 829c4b18 829c4b18 81e153cc 00000000 e05e1d94 e05e1d60 81394c60 81398a40
1d60: b5403587 00000000 83308000 20000080 841493c0 b5403587 20000080 83308000
1d80: 40946400 00000003 e05e1e4c e05e1d98 813908f0 81394b68 656d6f63 705f6964
1da0: 6f707261 00007472 00000000 000000f0 80008000 00000001 0000000a 00000000
1dc0: 00000000 10000001 00000001 00001000 00000001 00000008 00000001 00000006
1de0: 00000004 0000ffff 00000006 ffffffa7 00000009 fffffffd 00000005 000003ff
1e00: 00010000 00000800 0000e2df 00000009 000000ff 00000000 00000003 00000007
1e20: 00000005 00000005 00000000 444c0355 00000000 84fb0240 841493c0 20000080
1e40: e05e1f14 e05e1e50 813918a4 81390824 00000000 00000000 00000000 444c0355
1e60: 00000000 00000000 8246a3fc 0000005f 83ff3458 841493f0 8419275c 83308000
1e80: e05e1ee4 e05e1e90 8079688c 8078cb7c 00000064 00000001 00000000 e05e1eac
1ea0: 84e83490 8357be58 00006400 0000000b e05e1ea0 00000000 00000000 444c0355
1ec0: 84fb0240 40946400 20000080 20000080 00000003 84fb0240 e05e1ef4 e05e1ee8
1ee0: 807969ac 444c0355 e05e1f14 40946400 00000000 84fb0240 20000080 00000003
1f00: 84fb0240 83308000 e05e1fa4 e05e1f18 8056f16c 813912d4 e05e1f4c e05e1f28
1f20: 80349a98 8034cdb4 81a2db68 81a2da38 e05e1f54 e05e1f40 8026203c 7ead2920
1f40: e05e1fa4 e05e1f50 8034a2e0 803499a4 00000000 7ead2920 ffffffff 80234128
1f60: 00000000 00000000 00000000 00000000 00000000 444c0355 e05e1fac 00000000
1f80: 00000000 002f6300 00000036 8020029c 83308000 00000036 00000000 e05e1fa8
1fa0: 80200060 8056f048 00000000 00000000 00000003 40946400 20000080 00000000
1fc0: 00000000 00000000 002f6300 00000036 00000000 002f62d4 0000047b 00000000
1fe0: 7ead2780 7ead2770 000193a4 00131f40 60000010 00000003 00000000 00000000
Call trace: 
[<81398a34>] (parport_attach) from [<81394c60>] (comedi_device_attach+0x104/0x240 drivers/comedi/drivers.c:996)
 r6:00000000 r5:81e153cc r4:829c4b18
[<81394b5c>] (comedi_device_attach) from [<813908f0>] (do_devconfig_ioctl+0xd8/0x1e0 drivers/comedi/comedi_fops.c:855)
 r10:00000003 r9:40946400 r8:83308000 r7:20000080 r6:b5403587 r5:841493c0
 r4:20000080
[<81390818>] (do_devconfig_ioctl) from [<813918a4>] (comedi_unlocked_ioctl+0x5dc/0x1b94 drivers/comedi/comedi_fops.c:2136)
 r6:20000080 r5:841493c0 r4:84fb0240
[<813912c8>] (comedi_unlocked_ioctl) from [<8056f16c>] (vfs_ioctl fs/ioctl.c:51 [inline])
[<813912c8>] (comedi_unlocked_ioctl) from [<8056f16c>] (do_vfs_ioctl fs/ioctl.c:861 [inline])
[<813912c8>] (comedi_unlocked_ioctl) from [<8056f16c>] (__do_sys_ioctl fs/ioctl.c:905 [inline])
[<813912c8>] (comedi_unlocked_ioctl) from [<8056f16c>] (sys_ioctl+0x130/0xdc8 fs/ioctl.c:893)
 r10:83308000 r9:84fb0240 r8:00000003 r7:20000080 r6:84fb0240 r5:00000000
 r4:40946400
[<8056f03c>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xe05e1fa8 to 0xe05e1ff0)
1fa0:                   00000000 00000000 00000003 40946400 20000080 00000000
1fc0: 00000000 00000000 002f6300 00000036 00000000 002f62d4 0000047b 00000000
1fe0: 7ead2780 7ead2770 000193a4 00131f40
 r10:00000036 r9:83308000 r8:8020029c r7:00000036 r6:002f6300 r5:00000000
 r4:00000000
Code: e596306c e3a04000 e7f33053 e2433612 (e5c34000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e596306c 	ldr	r3, [r6, #108]	@ 0x6c
   4:	e3a04000 	mov	r4, #0
   8:	e7f33053 	ubfx	r3, r3, #0, #20
   c:	e2433612 	sub	r3, r3, #18874368	@ 0x1200000
* 10:	e5c34000 	strb	r4, [r3] <-- trapping instruction

final repro crashed as (corrupted=false):
8<--- cut here ---
Unable to handle kernel paging request at virtual address fee000f0 when write
[fee000f0] *pgd=80000080007003, *pmd=00000000
Internal error: Oops: a06 [#1] SMP ARM
Modules linked in:
CPU: 0 UID: 0 PID: 4088 Comm: syz.2.16 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT 
Hardware name: ARM-Versatile Express
PC is at __raw_writeb arch/arm/include/asm/io.h:88 [inline]
PC is at parport_attach drivers/comedi/drivers/comedi_parport.c:289 [inline]
PC is at parport_attach+0x174/0x1d0 drivers/comedi/drivers/comedi_parport.c:224
LR is at parport_attach drivers/comedi/drivers/comedi_parport.c:289 [inline]
LR is at parport_attach+0x164/0x1d0 drivers/comedi/drivers/comedi_parport.c:224
pc : [<81398ba8>]    lr : [<81398b98>]    psr: 60000013
sp : e05e1d38  ip : e05e1d38  fp : e05e1d5c
r10: 82b15078  r9 : 00000003  r8 : 841493c0
r7 : e05e1d98  r6 : 841493c0  r5 : 00000000  r4 : 00000000
r3 : fee000f0  r2 : 81e14f0c  r1 : 00000001  r0 : 81398818
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 85588d40  DAC: fffffffd
Register r0 information: non-slab/vmalloc memory
Register r1 information: non-paged memory
Register r2 information: non-slab/vmalloc memory
Register r3 information: 0-page vmalloc region starting at 0xfee00000 allocated at pci_reserve_io+0x0/0x38 arch/arm/mm/mmu.c:1055
Register r4 information: NULL pointer
Register r5 information: NULL pointer
Register r6 information: slab kmalloc-192 start 841493c0 pointer offset 0 size 192
Register r7 information: 2-page vmalloc region starting at 0xe05e0000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2599
Register r8 information: slab kmalloc-192 start 841493c0 pointer offset 0 size 192
Register r9 information: non-paged memory
Register r10 information: non-slab/vmalloc memory
Register r11 information: 2-page vmalloc region starting at 0xe05e0000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2599
Register r12 information: 2-page vmalloc region starting at 0xe05e0000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2599
Process syz.2.16 (pid: 4088, stack limit = 0xe05e0000)
Stack: (0xe05e1d38 to 0xe05e2000)
1d20:                                                       823f88f8 841493c0
1d40: 829c4b18 829c4b18 81e153cc 00000000 e05e1d94 e05e1d60 81394c60 81398a40
1d60: b5403587 00000000 83308000 20000080 841493c0 b5403587 20000080 83308000
1d80: 40946400 00000003 e05e1e4c e05e1d98 813908f0 81394b68 656d6f63 705f6964
1da0: 6f707261 00007472 00000000 000000f0 80008000 00000001 0000000a 00000000
1dc0: 00000000 10000001 00000001 00001000 00000001 00000008 00000001 00000006
1de0: 00000004 0000ffff 00000006 ffffffa7 00000009 fffffffd 00000005 000003ff
1e00: 00010000 00000800 0000e2df 00000009 000000ff 00000000 00000003 00000007
1e20: 00000005 00000005 00000000 444c0355 00000000 84fb0240 841493c0 20000080
1e40: e05e1f14 e05e1e50 813918a4 81390824 00000000 00000000 00000000 444c0355
1e60: 00000000 00000000 8246a3fc 0000005f 83ff3458 841493f0 8419275c 83308000
1e80: e05e1ee4 e05e1e90 8079688c 8078cb7c 00000064 00000001 00000000 e05e1eac
1ea0: 84e83490 8357be58 00006400 0000000b e05e1ea0 00000000 00000000 444c0355
1ec0: 84fb0240 40946400 20000080 20000080 00000003 84fb0240 e05e1ef4 e05e1ee8
1ee0: 807969ac 444c0355 e05e1f14 40946400 00000000 84fb0240 20000080 00000003
1f00: 84fb0240 83308000 e05e1fa4 e05e1f18 8056f16c 813912d4 e05e1f4c e05e1f28
1f20: 80349a98 8034cdb4 81a2db68 81a2da38 e05e1f54 e05e1f40 8026203c 7ead2920
1f40: e05e1fa4 e05e1f50 8034a2e0 803499a4 00000000 7ead2920 ffffffff 80234128
1f60: 00000000 00000000 00000000 00000000 00000000 444c0355 e05e1fac 00000000
1f80: 00000000 002f6300 00000036 8020029c 83308000 00000036 00000000 e05e1fa8
1fa0: 80200060 8056f048 00000000 00000000 00000003 40946400 20000080 00000000
1fc0: 00000000 00000000 002f6300 00000036 00000000 002f62d4 0000047b 00000000
1fe0: 7ead2780 7ead2770 000193a4 00131f40 60000010 00000003 00000000 00000000
Call trace: 
[<81398a34>] (parport_attach) from [<81394c60>] (comedi_device_attach+0x104/0x240 drivers/comedi/drivers.c:996)
 r6:00000000 r5:81e153cc r4:829c4b18
[<81394b5c>] (comedi_device_attach) from [<813908f0>] (do_devconfig_ioctl+0xd8/0x1e0 drivers/comedi/comedi_fops.c:855)
 r10:00000003 r9:40946400 r8:83308000 r7:20000080 r6:b5403587 r5:841493c0
 r4:20000080
[<81390818>] (do_devconfig_ioctl) from [<813918a4>] (comedi_unlocked_ioctl+0x5dc/0x1b94 drivers/comedi/comedi_fops.c:2136)
 r6:20000080 r5:841493c0 r4:84fb0240
[<813912c8>] (comedi_unlocked_ioctl) from [<8056f16c>] (vfs_ioctl fs/ioctl.c:51 [inline])
[<813912c8>] (comedi_unlocked_ioctl) from [<8056f16c>] (do_vfs_ioctl fs/ioctl.c:861 [inline])
[<813912c8>] (comedi_unlocked_ioctl) from [<8056f16c>] (__do_sys_ioctl fs/ioctl.c:905 [inline])
[<813912c8>] (comedi_unlocked_ioctl) from [<8056f16c>] (sys_ioctl+0x130/0xdc8 fs/ioctl.c:893)
 r10:83308000 r9:84fb0240 r8:00000003 r7:20000080 r6:84fb0240 r5:00000000
 r4:40946400
[<8056f03c>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xe05e1fa8 to 0xe05e1ff0)
1fa0:                   00000000 00000000 00000003 40946400 20000080 00000000
1fc0: 00000000 00000000 002f6300 00000036 00000000 002f62d4 0000047b 00000000
1fe0: 7ead2780 7ead2770 000193a4 00131f40
 r10:00000036 r9:83308000 r8:8020029c r7:00000036 r6:002f6300 r5:00000000
 r4:00000000
Code: e596306c e3a04000 e7f33053 e2433612 (e5c34000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e596306c 	ldr	r3, [r6, #108]	@ 0x6c
   4:	e3a04000 	mov	r4, #0
   8:	e7f33053 	ubfx	r3, r3, #0, #20
   c:	e2433612 	sub	r3, r3, #18874368	@ 0x1200000
* 10:	e5c34000 	strb	r4, [r3] <-- trapping instruction