program: socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x104100, 0x0) (async) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x104100, 0x0) ioctl$COMEDI_SUBDINFO(r1, 0x80486402, &(0x7f0000000080)) (async) ioctl$COMEDI_SUBDINFO(r1, 0x80486402, &(0x7f0000000080)) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000940)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000940)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000280)='.request_key_auth\x00', &(0x7f00000002c0)=@keyring={'key_or_keyring:', r2}) dup(r0) (async) r3 = dup(r0) recvmmsg(r3, &(0x7f0000003380)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001380)=""/4096, 0x1000}, {&(0x7f0000000980)=""/113, 0x71}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x400000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x7, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x24}, 0x0, 0x0, 0xffffffffffffffff, 0x2) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5) r6 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x20) (async) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x20) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) (async) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x54, r8, 0x1, 0x0, 0x25dfdbfc, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}}}, {0x14, 0x2, @in={0x2, 0x0, @empty}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_ADD(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d00)={0x60, r8, 0x4c1dad3e3d6a7499, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}}, {0x20, 0x2, @in6={0x63, 0x4e20, 0x4, @empty, 0x4}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000080}, 0x20000000) (async) sendmsg$TIPC_NL_BEARER_ADD(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d00)={0x60, r8, 0x4c1dad3e3d6a7499, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}}, {0x20, 0x2, @in6={0x63, 0x4e20, 0x4, @empty, 0x4}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000080}, 0x20000000) perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x400000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x24}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r9 = inotify_init1(0x80800) ioctl$int_out(r9, 0x5460, 0x0) r10 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r10, 0x40946400, &(0x7f0000000200)={'c6xdigio\x00', [0x14000, 0x6, 0x2, 0x6, 0x6, 0x1ff, 0x0, 0x9, 0xd7, 0x7, 0x3, 0x8, 0xfffffffe, 0xf408, 0x3, 0x0, 0xa, 0x5, 0x4, 0x6, 0x79b, 0x5, 0x9, 0xa7b1, 0x0, 0x9, 0x7, 0xf7f, 0x4d, 0x9, 0xad5]}) [ 85.204966][ T4681] Bluetooth: hci0: command tx timeout [ 85.382216][ T5339] tipc: Started in network mode [ 85.402949][ T5339] tipc: Node identity ac14142f, cluster identity 4711 [ 85.407009][ T5339] tipc: New replicast peer: 0.0.0.0 [ 85.433712][ T5339] tipc: Enabled bearer , priority 10 [ 85.448180][ T5339] comedi comedi3: c6xdigio: I/O port conflict (0x14000,3) [ 85.451958][ T5339] ------------[ cut here ]------------ [ 85.454934][ T5339] Unexpected driver unregister! [ 85.457414][ T5339] WARNING: drivers/base/driver.c:273 at 0x0, CPU#0: syz.0.0/5339 [ 85.461040][ T5339] Modules linked in: [ 85.463692][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.468415][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.473773][ T5339] RIP: 0010:driver_unregister+0x8d/0xa0 [ 85.476356][ T5339] Code: 73 68 4c 89 f7 e8 93 e4 97 fc 48 89 df 5b 41 5e 41 5f e9 96 52 ff ff e8 e1 81 f2 fb eb 05 e8 da 81 f2 fb 48 8d 3d 53 39 be 09 <67> 48 0f b9 3a 5b 41 5e 41 5f c3 cc cc cc cc cc cc cc cc 90 90 90 [ 85.484940][ T5339] RSP: 0018:ffffc9000d49fa20 EFLAGS: 00010293 [ 85.487806][ T5339] RAX: ffffffff85ceedd6 RBX: ffffffff8f1da080 RCX: ffff888000f94980 [ 85.491654][ T5339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8f8d2730 [ 85.495619][ T5339] RBP: 0000000000000001 R08: ffff88803e91512f R09: 1ffff11007d22a25 [ 85.500637][ T5339] R10: dffffc0000000000 R11: ffffffff88c01520 R12: ffff88803e915038 [ 85.505290][ T5339] R13: ffffffff8f1d9fd0 R14: 0000000000000000 R15: dffffc0000000000 [ 85.508993][ T5339] FS: 00007f7348bb96c0(0000) GS:ffff88808d679000(0000) knlGS:0000000000000000 [ 85.513095][ T5339] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.515756][ T5339] CR2: 000055d90297b660 CR3: 0000000012298000 CR4: 0000000000352ef0 [ 85.519818][ T5339] Call Trace: [ 85.521440][ T5339] [ 85.522985][ T5339] comedi_device_detach_locked+0x178/0x750 [ 85.525496][ T5339] comedi_device_attach+0x5d4/0x720 [ 85.527507][ T5339] comedi_unlocked_ioctl+0x5ff/0x1020 [ 85.529716][ T5339] ? kasan_quarantine_put+0xdd/0x220 [ 85.532103][ T5339] ? lockdep_hardirqs_on+0x98/0x140 [ 85.534843][ T5339] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 85.538285][ T5339] ? do_futex+0x395/0x420 [ 85.541032][ T5339] ? __fget_files+0x2a/0x420 [ 85.544830][ T5339] ? __fget_files+0x3a0/0x420 [ 85.546929][ T5339] ? __fget_files+0x2a/0x420 [ 85.548966][ T5339] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.551123][ T5339] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 85.554257][ T5339] __se_sys_ioctl+0xfc/0x170 [ 85.556089][ T5339] do_syscall_64+0xfa/0xf80 [ 85.558181][ T5339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.561055][ T5339] ? clear_bhb_loop+0x60/0xb0 [ 85.563207][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.566089][ T5339] RIP: 0033:0x7f7347d8f7c9 [ 85.568489][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.577716][ T5339] RSP: 002b:00007f7348bb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.581244][ T5339] RAX: ffffffffffffffda RBX: 00007f7347fe6090 RCX: 00007f7347d8f7c9 [ 85.584565][ T5339] RDX: 0000200000000200 RSI: 0000000040946400 RDI: 000000000000000f [ 85.588109][ T5339] RBP: 00007f7347e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.591847][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.595197][ T5339] R13: 00007f7347fe6128 R14: 00007f7347fe6090 R15: 00007ffeeabcd8b8 [ 85.598444][ T5339] [ 85.599702][ T5339] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.602864][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.607670][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.612830][ T5339] Call Trace: [ 85.614432][ T5339] [ 85.615771][ T5339] dump_stack_lvl+0x99/0x250 [ 85.617910][ T5339] ? __asan_memcpy+0x40/0x70 [ 85.619961][ T5339] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.622269][ T5339] ? __pfx__printk+0x10/0x10 [ 85.624552][ T5339] vpanic+0x237/0x6d0 [ 85.626337][ T5339] ? __pfx_vpanic+0x10/0x10 [ 85.628708][ T5339] ? is_bpf_text_address+0x292/0x2b0 [ 85.631391][ T5339] ? is_bpf_text_address+0x26/0x2b0 [ 85.633925][ T5339] panic+0xb9/0xc0 [ 85.635660][ T5339] ? __pfx_panic+0x10/0x10 [ 85.637909][ T5339] __warn+0x317/0x4b0 [ 85.639542][ T5339] __report_bug+0x288/0x500 [ 85.641634][ T5339] ? check_path+0x21/0x40 [ 85.643988][ T5339] ? __pfx___report_bug+0x10/0x10 [ 85.646464][ T5339] ? lockdep_unlock+0x89/0x120 [ 85.648893][ T5339] ? __pfx_dev_printk_emit+0x10/0x10 [ 85.651269][ T5339] report_bug_entry+0x16a/0x220 [ 85.653639][ T5339] ? driver_unregister+0x8d/0xa0 [ 85.655949][ T5339] ? driver_unregister+0x92/0xa0 [ 85.658311][ T5339] handle_bug+0xca/0x200 [ 85.660314][ T5339] exc_invalid_op+0x1a/0x50 [ 85.662214][ T5339] asm_exc_invalid_op+0x1a/0x20 [ 85.664293][ T5339] RIP: 0010:driver_unregister+0x8d/0xa0 [ 85.666861][ T5339] Code: 73 68 4c 89 f7 e8 93 e4 97 fc 48 89 df 5b 41 5e 41 5f e9 96 52 ff ff e8 e1 81 f2 fb eb 05 e8 da 81 f2 fb 48 8d 3d 53 39 be 09 <67> 48 0f b9 3a 5b 41 5e 41 5f c3 cc cc cc cc cc cc cc cc 90 90 90 [ 85.675541][ T5339] RSP: 0018:ffffc9000d49fa20 EFLAGS: 00010293 [ 85.678453][ T5339] RAX: ffffffff85ceedd6 RBX: ffffffff8f1da080 RCX: ffff888000f94980 [ 85.682385][ T5339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8f8d2730 [ 85.686025][ T5339] RBP: 0000000000000001 R08: ffff88803e91512f R09: 1ffff11007d22a25 [ 85.689440][ T5339] R10: dffffc0000000000 R11: ffffffff88c01520 R12: ffff88803e915038 [ 85.692914][ T5339] R13: ffffffff8f1d9fd0 R14: 0000000000000000 R15: dffffc0000000000 [ 85.696958][ T5339] ? __pfx_c6xdigio_detach+0x10/0x10 [ 85.699513][ T5339] ? driver_unregister+0x86/0xa0 [ 85.701615][ T5339] comedi_device_detach_locked+0x178/0x750 [ 85.704240][ T5339] comedi_device_attach+0x5d4/0x720 [ 85.706759][ T5339] comedi_unlocked_ioctl+0x5ff/0x1020 [ 85.709139][ T5339] ? kasan_quarantine_put+0xdd/0x220 [ 85.711511][ T5339] ? lockdep_hardirqs_on+0x98/0x140 [ 85.713839][ T5339] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 85.716453][ T5339] ? do_futex+0x395/0x420 [ 85.718458][ T5339] ? __fget_files+0x2a/0x420 [ 85.720576][ T5339] ? __fget_files+0x3a0/0x420 [ 85.722822][ T5339] ? __fget_files+0x2a/0x420 [ 85.725463][ T5339] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.727971][ T5339] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 85.730429][ T5339] __se_sys_ioctl+0xfc/0x170 [ 85.732367][ T5339] do_syscall_64+0xfa/0xf80 [ 85.734297][ T5339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.736956][ T5339] ? clear_bhb_loop+0x60/0xb0 [ 85.739226][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.742192][ T5339] RIP: 0033:0x7f7347d8f7c9 [ 85.744563][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.753166][ T5339] RSP: 002b:00007f7348bb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.756817][ T5339] RAX: ffffffffffffffda RBX: 00007f7347fe6090 RCX: 00007f7347d8f7c9 [ 85.760640][ T5339] RDX: 0000200000000200 RSI: 0000000040946400 RDI: 000000000000000f [ 85.764416][ T5339] RBP: 00007f7347e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.767973][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.771508][ T5339] R13: 00007f7347fe6128 R14: 00007f7347fe6090 R15: 00007ffeeabcd8b8 [ 85.774794][ T5339] [ 85.776554][ T5339] Kernel Offset: disabled [ 85.778303][ T5339] Rebooting in 86400 seconds..