program: creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) (async) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000b00)={[{@user_xattr}, {@nodioread_nolock}, {@nodelalloc}]}, 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=") perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xa4, 0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_config_ext={0xfffffffffffffffb, 0x7}, 0x1884, 0xfff, 0xfffffffc, 0x3, 0x0, 0xfffbfffd, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) r0 = open$dir(0x0, 0x0, 0x1) creat(&(0x7f0000000580)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8) socket$pppoe(0x18, 0x1, 0x0) (async) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) (async) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90) openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246) r4 = dup(r3) ioctl$PPPIOCCONNECT(r4, 0x40047435, &(0x7f00000002c0)=0x2) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000001f00)) sendmmsg(r1, &(0x7f0000009140)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x100001b, 0x12, r0, 0x100000000) syz_init_net_socket$llc(0x1a, 0x801, 0x0) (async) r5 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r5, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) connect$llc(r5, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x10) (async) connect$llc(r5, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x10) syz_init_net_socket$llc(0x1a, 0x1, 0x0) (async) r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r6, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) r7 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f0000000140)={'pcl818\x00', [0xfffffffb, 0x2166, 0x2, 0x100000, 0x88d6, 0x8f, 0xfffffffd, 0x100010, 0x1000002, 0xffffffbf, 0x200, 0x6, 0x8, 0x1, 0x8, 0x7, 0x9, 0x68c, 0x3, 0x101, 0x100, 0x3, 0x80, 0x5, 0xb, 0x1, 0x5721, 0x7db, 0x0, 0x7]}) syz_emit_ethernet(0x1f, &(0x7f0000000140)=ANY=[@ANYBLOB="2105000b1e85b11c60b11300001142"], 0x0) (async) syz_emit_ethernet(0x1f, &(0x7f0000000140)=ANY=[@ANYBLOB="2105000b1e85b11c60b11300001142"], 0x0) [ 86.077650][ T5345] loop0: detected capacity change from 0 to 512 [ 86.138438][ T5345] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.167617][ T5345] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.195810][ T5345] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.296281][ T5345] comedi comedi3: pcl818: I/O port conflict (0xfffffffffffffffb,16) [ 86.299828][ T5345] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI [ 86.305167][ T5345] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 86.308849][ T5345] CPU: 0 UID: 0 PID: 5345 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.312808][ T5345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.317553][ T5345] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 86.320082][ T5345] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 a9 e0 6d f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 88 e0 6d f9 4d 8b 24 24 48 83 c3 [ 86.328562][ T5345] RSP: 0018:ffffc9000d4ef9d8 EFLAGS: 00010206 [ 86.331305][ T5345] RAX: 0000000000000005 RBX: ffff88803f19dd00 RCX: ffff888000d88000 [ 86.334856][ T5345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88803e5fb000 [ 86.338358][ T5345] RBP: 0000000000000001 R08: ffff88803e5fb12f R09: 1ffff11007cbf625 [ 86.341877][ T5345] R10: dffffc0000000000 R11: ffffffff88bad640 R12: 0000000000000028 [ 86.345417][ T5345] R13: dffffc0000000000 R14: ffff88803e5fb000 R15: dffffc0000000000 [ 86.348892][ T5345] FS: 00007f162a41b6c0(0000) GS:ffff88808d68a000(0000) knlGS:0000000000000000 [ 86.352791][ T5345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.355750][ T5345] CR2: 00007f162a3d8fc8 CR3: 0000000043847000 CR4: 0000000000352ef0 [ 86.359308][ T5345] Call Trace: [ 86.360841][ T5345] [ 86.362190][ T5345] pcl818_detach+0x66/0xd0 [ 86.364253][ T5345] comedi_device_detach_locked+0x178/0x750 [ 86.366882][ T5345] comedi_device_attach+0x5d4/0x720 [ 86.369231][ T5345] comedi_unlocked_ioctl+0x5ff/0x1020 [ 86.371671][ T5345] ? kasan_quarantine_put+0xdd/0x220 [ 86.374109][ T5345] ? lockdep_hardirqs_on+0x98/0x140 [ 86.376424][ T5345] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 86.378994][ T5345] ? do_futex+0x395/0x420 [ 86.380949][ T5345] ? __fget_files+0x2a/0x420 [ 86.382976][ T5345] ? __fget_files+0x3a0/0x420 [ 86.385132][ T5345] ? __fget_files+0x2a/0x420 [ 86.387202][ T5345] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.389379][ T5345] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 86.392059][ T5345] __se_sys_ioctl+0xfc/0x170 [ 86.394112][ T5345] do_syscall_64+0xfa/0xf80 [ 86.396129][ T5345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.398727][ T5345] ? clear_bhb_loop+0x60/0xb0 [ 86.400826][ T5345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.403433][ T5345] RIP: 0033:0x7f162958f7c9 [ 86.405454][ T5345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.413552][ T5345] RSP: 002b:00007f162a41b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.417199][ T5345] RAX: ffffffffffffffda RBX: 00007f16297e5fa0 RCX: 00007f162958f7c9 [ 86.420584][ T5345] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 000000000000000f [ 86.424001][ T5345] RBP: 00007f1629613f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.427311][ T5345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.430634][ T5345] R13: 00007f16297e6038 R14: 00007f16297e5fa0 R15: 00007ffdcbe457f8 [ 86.433941][ T5345] [ 86.435240][ T5345] Modules linked in: [ 86.437333][ T5345] ---[ end trace 0000000000000000 ]--- [ 86.450190][ T5345] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 86.455852][ T5345] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 a9 e0 6d f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 88 e0 6d f9 4d 8b 24 24 48 83 c3 [ 86.465992][ T5345] RSP: 0018:ffffc9000d4ef9d8 EFLAGS: 00010206 [ 86.469333][ T5345] RAX: 0000000000000005 RBX: ffff88803f19dd00 RCX: ffff888000d88000 [ 86.473351][ T5345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88803e5fb000 [ 86.477200][ T5322] Bluetooth: hci0: command tx timeout [ 86.479417][ T5345] RBP: 0000000000000001 R08: ffff88803e5fb12f R09: 1ffff11007cbf625 [ 86.482911][ T5345] R10: dffffc0000000000 R11: ffffffff88bad640 R12: 0000000000000028 [ 86.486747][ T5345] R13: dffffc0000000000 R14: ffff88803e5fb000 R15: dffffc0000000000 [ 86.490320][ T5345] FS: 00007f162a41b6c0(0000) GS:ffff88808d68a000(0000) knlGS:0000000000000000 [ 86.494663][ T5345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.497666][ T5345] CR2: 000055bd10301168 CR3: 0000000043847000 CR4: 0000000000352ef0 [ 86.501248][ T5345] Kernel panic - not syncing: Fatal exception [ 86.504343][ T5345] Kernel Offset: disabled [ 86.506313][ T5345] Rebooting in 86400 seconds..