program:
syz_80211_inject_frame(&(0x7f00000074c0), &(0x7f0000007500)=ANY=[@ANYBLOB="38100800ffffffffffff080213000001505050505050"], 0x18)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000100))
r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000002c00)=@raw={'raw\x00', 0x3c1, 0x3, 0x3b0, 0x1f8, 0xc8, 0x8, 0x0, 0x5803, 0x2e0, 0x2e8, 0x2e8, 0x2e0, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x190, 0x1f8, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x3}}, @common=@mh={{0x28}, {"df07"}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x10, 0x3, 0x4, 0x2, 'snmp_trap\x00', 'syz1\x00', {0x450d74d1}}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0xb, 0x800, 0x2, 0x6, 0x9, 0xcb, 0xb1, 0xff]}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x410)
ioctl$SNDCTL_DSP_GETODELAY(r3, 0x80045017, 0x0)
r5 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000300)={'pcl818\x00', [0x1, 0x5, 0xd09a, 0xffffffff, 0x3, 0xfffffffe, 0x20000004, 0x6, 0xffe, 0x4, 0xc, 0xbba9, 0x4, 0x9004, 0xffff, 0x80010, 0x5, 0x40000009, 0x8830, 0x30000, 0x10000, 0x8, 0x7fc, 0x101, 0x2, 0x8001, 0x6, 0x2, 0x4, 0x5, 0x70f]})
ioctl$COMEDI_INSN(r5, 0x8028640c, &(0x7f0000000000)={0x8000001, 0x0, 0x0, 0x3, 0x4})
r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r6, 0xc0884123, &(0x7f0000000000)={0x5, "06e810b09726fcdfad1d041c65b33cfa0df8f241299fa0fcea386b900a82379e73418a906deb7a33fbfd2215225117e7ccfc0ca31d703613073169818bd94a41", {0x5, 0x7}})
accept4$tipc(r0, &(0x7f0000000200)=@id, &(0x7f00000003c0)=0x10, 0x80800)
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x20000000000003a)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000911065000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)=ANY=[], 0x48)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000380)='dctcp', 0x5)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r9, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r9, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000002c0)=';', 0x1}], 0x1}}], 0x1, 0x10)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r8, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)
socket$phonet_pipe(0x23, 0x5, 0x2)

[   77.236030][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[   77.239425][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[   77.244455][   T47] Bluetooth: hci0: command tx timeout
[   77.286332][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   77.305583][ T5324] x_tables: ip6_tables: mh match: only valid for protocol 135
[   77.317526][ T5324] comedi comedi1: pcl818: I/O port conflict (0x1,16)
[   77.320162][ T5324] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI
[   77.324814][ T5324] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[   77.327902][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   77.331396][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.335903][ T5324] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[   77.338416][ T5324] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 c9 bc 6f f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 a8 bc 6f f9 4d 8b 24 24 48 83 c3
[   77.346706][ T5324] RSP: 0018:ffffc9000d5279d8 EFLAGS: 00010206
[   77.349286][ T5324] RAX: 0000000000000005 RBX: ffff888042097c80 RCX: 0000000000100000
[   77.352570][ T5324] RDX: ffffc9000df02000 RSI: 000000000000092b RDI: 000000000000092c
[   77.355960][ T5324] RBP: 0000000000000001 R08: ffff88803e42112f R09: 1ffff11007c84225
[   77.359341][ T5324] R10: dffffc0000000000 R11: ffffffff88b80650 R12: 0000000000000028
[   77.362791][ T5324] R13: dffffc0000000000 R14: ffff88803e421000 R15: dffffc0000000000
[   77.366213][ T5324] FS:  00007f934279a6c0(0000) GS:ffff88808d722000(0000) knlGS:0000000000000000
[   77.370101][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.372756][ T5324] CR2: 00007f9341ac4f58 CR3: 00000000421d5000 CR4: 0000000000352ef0
[   77.376052][ T5324] Call Trace:
[   77.377482][ T5324]  <TASK>
[   77.378690][ T5324]  pcl818_detach+0x66/0xd0
[   77.380465][ T5324]  comedi_device_detach_locked+0x178/0x750
[   77.382980][ T5324]  comedi_device_attach+0x5d4/0x720
[   77.385320][ T5324]  comedi_unlocked_ioctl+0x5ff/0x1020
[   77.388013][ T5324]  ? kasan_quarantine_put+0xdd/0x220
[   77.390191][ T5324]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   77.392484][ T5324]  ? __might_fault+0xb0/0x130
[   77.395022][ T5324]  ? __fget_files+0x2a/0x420
[   77.396844][ T5324]  ? __fget_files+0x3a0/0x420
[   77.398622][ T5324]  ? __fget_files+0x2a/0x420
[   77.400646][ T5324]  ? bpf_lsm_file_ioctl+0x9/0x20
[   77.402837][ T5324]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   77.405275][ T5324]  __se_sys_ioctl+0xfc/0x170
[   77.407332][ T5324]  do_syscall_64+0xfa/0xfa0
[   77.409388][ T5324]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.411712][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.415294][ T5324]  ? clear_bhb_loop+0x60/0xb0
[   77.417259][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.419976][ T5324] RIP: 0033:0x7f934198f7c9
[   77.421992][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.430448][ T5324] RSP: 002b:00007f934279a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   77.434059][ T5324] RAX: ffffffffffffffda RBX: 00007f9341be5fa0 RCX: 00007f934198f7c9
[   77.437666][ T5324] RDX: 0000200000000300 RSI: 0000000040946400 RDI: 000000000000000b
[   77.441061][ T5324] RBP: 00007f9341a13f91 R08: 0000000000000000 R09: 0000000000000000
[   77.444391][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.447904][ T5324] R13: 00007f9341be6038 R14: 00007f9341be5fa0 R15: 00007ffcb7c95ea8
[   77.451236][ T5324]  </TASK>
[   77.452408][ T5324] Modules linked in:
[   77.454626][ T5324] ---[ end trace 0000000000000000 ]---
[   77.462293][ T5324] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[   77.465183][ T5324] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 c9 bc 6f f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 a8 bc 6f f9 4d 8b 24 24 48 83 c3
[   77.474489][ T5324] RSP: 0018:ffffc9000d5279d8 EFLAGS: 00010206
[   77.477160][ T5324] RAX: 0000000000000005 RBX: ffff888042097c80 RCX: 0000000000100000
[   77.480706][ T5324] RDX: ffffc9000df02000 RSI: 000000000000092b RDI: 000000000000092c
[   77.485467][ T5324] RBP: 0000000000000001 R08: ffff88803e42112f R09: 1ffff11007c84225
[   77.490047][ T5324] R10: dffffc0000000000 R11: ffffffff88b80650 R12: 0000000000000028
[   77.494940][ T5324] R13: dffffc0000000000 R14: ffff88803e421000 R15: dffffc0000000000
[   77.498559][ T5324] FS:  00007f934279a6c0(0000) GS:ffff88808d722000(0000) knlGS:0000000000000000
[   77.502419][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.505770][ T5324] CR2: 00007f9342778fc8 CR3: 00000000421d5000 CR4: 0000000000352ef0
[   77.509340][ T5324] Kernel panic - not syncing: Fatal exception
[   77.512340][ T5324] Kernel Offset: disabled
[   77.514337][ T5324] Rebooting in 86400 seconds..