program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)={0x44, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x3d}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x42890}, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x2c, 0x14, 0x1, 0x0, 0x0, {0xa, 0x9f, 0x0, 0xfd, r4}, [@IFA_LOCAL={0x14, 0x2, @empty}]}, 0x2c}}, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x2c, 0x14, 0x1, 0x0, 0x0, {0xa, 0x9f, 0x0, 0xfd, r4}, [@IFA_LOCAL={0x14, 0x2, @empty}]}, 0x2c}}, 0x0)
r5 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) (async)
setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
setsockopt(r6, 0x1, 0x10000000000009, &(0x7f0000000180)="00050002", 0x4) (async)
setsockopt(r6, 0x1, 0x10000000000009, &(0x7f0000000180)="00050002", 0x4)
connect$inet6(r6, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c)
r7 = syz_open_procfs(0x0, &(0x7f0000000580)='net/tcp6\x00')
preadv(r7, &(0x7f0000002800)=[{&(0x7f00000023c0)=""/203, 0xcb}, {&(0x7f00000024c0)=""/162, 0xa2}], 0x2, 0x7, 0x7fff)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000080)={'pcl818\x00', [0x5, 0x7, 0x3, 0xa, 0x12, 0x0, 0x1, 0x9, 0x1000, 0x1, 0xa, 0x1, 0x6, 0x4, 0x3, 0x8000, 0xfffffffd, 0x9, 0x200, 0x1, 0x3ff, 0x10000, 0x800, 0xe2df, 0x3, 0x5, 0x4, 0x4, 0x7, 0x2, 0x4]})

[   85.700949][ T5336] Bluetooth: hci0: command tx timeout
[   85.757729][ T5366] IPVS: sync thread started: state = MASTER, mcast_ifn = bond_slave_0, syncid = 1, id = 0
[   85.781486][ T5363] comedi comedi3: pcl818: I/O port conflict (0x5,16)
[   85.784407][ T5363] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI
[   85.789208][ T5363] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[   85.792663][ T5363] CPU: 0 UID: 0 PID: 5363 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.796482][ T5363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.801163][ T5363] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[   85.803700][ T5363] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f9 12 36 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 d8 12 36 f9 4d 8b 24 24 48 83 c3
[   85.813612][ T5363] RSP: 0018:ffffc9000d4979f8 EFLAGS: 00010206
[   85.816815][ T5363] RAX: 0000000000000005 RBX: ffff8880527f2680 RCX: ffff88801f124880
[   85.820398][ T5363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88803ea93800
[   85.823805][ T5363] RBP: 0000000000000001 R08: ffff88803ea9392f R09: 1ffff11007d52725
[   85.827209][ T5363] R10: dffffc0000000000 R11: ffffffff88ee71e0 R12: 0000000000000028
[   85.830718][ T5363] R13: dffffc0000000000 R14: ffff88803ea93800 R15: dffffc0000000000
[   85.834127][ T5363] FS:  00007f9ded2d66c0(0000) GS:ffff88808d20d000(0000) knlGS:0000000000000000
[   85.837961][ T5363] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.840710][ T5363] CR2: 0000200000002800 CR3: 0000000043650000 CR4: 0000000000352ef0
[   85.844066][ T5363] Call Trace:
[   85.845603][ T5363]  <TASK>
[   85.846789][ T5363]  pcl818_detach+0x66/0xd0
[   85.848699][ T5363]  comedi_device_detach_locked+0x175/0x750
[   85.851231][ T5363]  comedi_device_attach+0x5d4/0x720
[   85.853398][ T5363]  comedi_unlocked_ioctl+0x5ff/0x1020
[   85.855639][ T5363]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.858334][ T5363]  ? __lock_acquire+0xab9/0xd20
[   85.860496][ T5363]  ? __fget_files+0x2a/0x420
[   85.862578][ T5363]  ? __fget_files+0x2a/0x420
[   85.864625][ T5363]  ? __fget_files+0x3a0/0x420
[   85.866712][ T5363]  ? __fget_files+0x2a/0x420
[   85.868798][ T5363]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.871019][ T5363]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.873562][ T5363]  __se_sys_ioctl+0xf9/0x170
[   85.875565][ T5363]  do_syscall_64+0xfa/0x3b0
[   85.877673][ T5363]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.879932][ T5363]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.882556][ T5363]  ? clear_bhb_loop+0x60/0xb0
[   85.884731][ T5363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.887378][ T5363] RIP: 0033:0x7f9dec38ebe9
[   85.889371][ T5363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.897516][ T5363] RSP: 002b:00007f9ded2d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.901073][ T5363] RAX: ffffffffffffffda RBX: 00007f9dec5c5fa0 RCX: 00007f9dec38ebe9
[   85.904481][ T5363] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 000000000000000a
[   85.907699][ T5363] RBP: 00007f9dec411e19 R08: 0000000000000000 R09: 0000000000000000
[   85.910959][ T5363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.914190][ T5363] R13: 00007f9dec5c6038 R14: 00007f9dec5c5fa0 R15: 00007fff93e57f08
[   85.917494][ T5363]  </TASK>
[   85.918806][ T5363] Modules linked in:
[   85.920978][ T5363] ---[ end trace 0000000000000000 ]---
[   85.931264][ T5363] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[   85.933795][ T5363] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f9 12 36 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 d8 12 36 f9 4d 8b 24 24 48 83 c3
[   85.942823][ T5363] RSP: 0018:ffffc9000d4979f8 EFLAGS: 00010206
[   85.946006][ T5363] RAX: 0000000000000005 RBX: ffff8880527f2680 RCX: ffff88801f124880
[   85.949476][ T5363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88803ea93800
[   85.953429][ T5363] RBP: 0000000000000001 R08: ffff88803ea9392f R09: 1ffff11007d52725
[   85.956801][ T5363] R10: dffffc0000000000 R11: ffffffff88ee71e0 R12: 0000000000000028
[   85.960881][ T5363] R13: dffffc0000000000 R14: ffff88803ea93800 R15: dffffc0000000000
[   85.964329][ T5363] FS:  00007f9ded2d66c0(0000) GS:ffff88808d20d000(0000) knlGS:0000000000000000
[   85.968369][ T5363] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.971914][ T5363] CR2: 0000200000002800 CR3: 0000000043650000 CR4: 0000000000352ef0
[   85.975578][ T5363] Kernel panic - not syncing: Fatal exception
[   85.978624][ T5363] Kernel Offset: disabled
[   85.980585][ T5363] Rebooting in 86400 seconds..