program: r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'dt2815\x00', [0x7d, 0x14, 0x2, 0xa, 0x14000000, 0x0, 0x800007, 0x2, 0x1000, 0x7ffe, 0x80002, 0x1, 0x400, 0x2, 0xc47e, 0x1, 0x83, 0x9, 0x34d, 0x4, 0x13ff, 0x9, 0x8, 0xe25f, 0xaa14, 0x1, 0x4, 0x0, 0x7, 0xf58, 0x6]}) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000140)={0x8000001, 0x0, 0x0, 0x0, 0x80000000}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000740)='/proc/bus/input/handlers\x00', 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@getstats={0x1c, 0x5e, 0xfbfc8ffb54bbfb0f, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x5}}, 0x1c}, 0x1, 0x0, 0x0, 0x4048885}, 0x44040) openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) (async) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'dt2815\x00', [0x7d, 0x14, 0x2, 0xa, 0x14000000, 0x0, 0x800007, 0x2, 0x1000, 0x7ffe, 0x80002, 0x1, 0x400, 0x2, 0xc47e, 0x1, 0x83, 0x9, 0x34d, 0x4, 0x13ff, 0x9, 0x8, 0xe25f, 0xaa14, 0x1, 0x4, 0x0, 0x7, 0xf58, 0x6]}) (async) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000140)={0x8000001, 0x0, 0x0, 0x0, 0x80000000}) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000740)='/proc/bus/input/handlers\x00', 0x0, 0x0) (async) socket(0x10, 0x3, 0x0) (async) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10) (async) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@getstats={0x1c, 0x5e, 0xfbfc8ffb54bbfb0f, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x5}}, 0x1c}, 0x1, 0x0, 0x0, 0x4048885}, 0x44040) (async) [ 74.441994][ T5315] Bluetooth: hci0: command tx timeout [ 74.486645][ T5336] BUG: unable to handle page fault for address: fffffffffffffff0 [ 74.493578][ T5336] #PF: supervisor write access in kernel mode [ 74.496060][ T5336] #PF: error_code(0x0002) - not-present page [ 74.498830][ T5336] PGD e14b067 P4D e14b067 PUD e14d067 PMD 0 [ 74.501657][ T5336] Oops: Oops: 0002 [#1] SMP KASAN NOPTI [ 74.504150][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.508264][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.513017][ T5336] RIP: 0010:dt2815_attach+0x5a3/0x8f0 [ 74.515667][ T5336] Code: e6 83 e6 60 31 ff e8 0c 7d e3 f8 41 83 e4 60 74 35 e8 c1 78 e3 f8 42 80 3c 2b 00 74 08 4c 89 ff e8 32 0b 4c f9 41 8b 17 ff c2 <31> 66 90 83 fd 63 75 1e e9 96 00 00 00 e8 9b 78 e3 f8 83 fd 63 75 [ 74.523433][ T5336] RSP: 0018:ffffc9000cb77a78 EFLAGS: 00010206 [ 74.525758][ T5336] RAX: ffffffff88df2f7f RBX: 1ffff1100808cf3a RCX: ffff8880406ec980 [ 74.529014][ T5336] RDX: 000000000000007e RSI: 0000000000000060 RDI: 0000000000000000 [ 74.532497][ T5336] RBP: 0000000000000001 R08: ffff8880406ec980 R09: 0000000000000002 [ 74.535964][ T5336] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000060 [ 74.539453][ T5336] R13: dffffc0000000000 R14: ffffc9000cb77bc0 R15: ffff8880404679d0 [ 74.543000][ T5336] FS: 00007f916681c6c0(0000) GS:ffff88808cf1d000(0000) knlGS:0000000000000000 [ 74.546718][ T5336] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.549563][ T5336] CR2: fffffffffffffff0 CR3: 0000000037d4b000 CR4: 0000000000352ef0 [ 74.553348][ T5336] Call Trace: [ 74.554920][ T5336] [ 74.556235][ T5336] comedi_device_attach+0x51f/0x720 [ 74.558544][ T5336] comedi_unlocked_ioctl+0x701/0x1240 [ 74.560877][ T5336] ? kasan_quarantine_put+0xbb/0x1f0 [ 74.563362][ T5336] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 74.566169][ T5336] ? do_futex+0x333/0x420 [ 74.567987][ T5336] ? __fget_files+0x2a/0x420 [ 74.570081][ T5336] ? __fget_files+0x2a/0x420 [ 74.572128][ T5336] ? __fget_files+0x3a0/0x420 [ 74.574183][ T5336] ? __fget_files+0x2a/0x420 [ 74.576180][ T5336] ? bpf_lsm_file_ioctl+0x9/0x20 [ 74.578393][ T5336] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 74.580921][ T5336] __se_sys_ioctl+0xfc/0x170 [ 74.582917][ T5336] do_syscall_64+0xe2/0xf80 [ 74.584922][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.587495][ T5336] ? trace_irq_disable+0x37/0x100 [ 74.589763][ T5336] ? clear_bhb_loop+0x60/0xb0 [ 74.591775][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.594294][ T5336] RIP: 0033:0x7f916599acb9 [ 74.596230][ T5336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.604292][ T5336] RSP: 002b:00007f916681c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.607801][ T5336] RAX: ffffffffffffffda RBX: 00007f9165c15fa0 RCX: 00007f916599acb9 [ 74.611315][ T5336] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003 [ 74.614668][ T5336] RBP: 00007f9165a08bf7 R08: 0000000000000000 R09: 0000000000000000 [ 74.618078][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.621657][ T5336] R13: 00007f9165c16038 R14: 00007f9165c15fa0 R15: 00007ffe5ec97e28 [ 74.624950][ T5336] [ 74.626313][ T5336] Modules linked in: [ 74.628015][ T5336] CR2: fffffffffffffff0 [ 74.629796][ T5336] ---[ end trace 0000000000000000 ]--- [ 74.632072][ T5336] RIP: 0010:dt2815_attach+0x5a3/0x8f0 [ 74.634254][ T5336] Code: e6 83 e6 60 31 ff e8 0c 7d e3 f8 41 83 e4 60 74 35 e8 c1 78 e3 f8 42 80 3c 2b 00 74 08 4c 89 ff e8 32 0b 4c f9 41 8b 17 ff c2 <31> 66 90 83 fd 63 75 1e e9 96 00 00 00 e8 9b 78 e3 f8 83 fd 63 75 [ 74.642442][ T5336] RSP: 0018:ffffc9000cb77a78 EFLAGS: 00010206 [ 74.645209][ T5336] RAX: ffffffff88df2f7f RBX: 1ffff1100808cf3a RCX: ffff8880406ec980 [ 74.648812][ T5336] RDX: 000000000000007e RSI: 0000000000000060 RDI: 0000000000000000 [ 74.652181][ T5336] RBP: 0000000000000001 R08: ffff8880406ec980 R09: 0000000000000002 [ 74.655526][ T5336] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000060 [ 74.658797][ T5336] R13: dffffc0000000000 R14: ffffc9000cb77bc0 R15: ffff8880404679d0 [ 74.661912][ T5336] FS: 00007f916681c6c0(0000) GS:ffff88808cf1d000(0000) knlGS:0000000000000000 [ 74.665675][ T5336] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.668925][ T5336] CR2: fffffffffffffff0 CR3: 0000000037d4b000 CR4: 0000000000352ef0 [ 74.672806][ T5336] Kernel panic - not syncing: Fatal exception [ 74.675782][ T5336] Kernel Offset: disabled [ 74.677597][ T5336] Rebooting in 86400 seconds..