program: r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246) r4 = dup(r3) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f0000000140)={'pcl818\x00', [0xec, 0x2168, 0x3, 0xc, 0x88d2, 0x8f, 0x9, 0x10, 0x2, 0xffffffff, 0x1ff, 0x8, 0x344, 0x4, 0x7, 0x1, 0x40000009, 0x3, 0x0, 0xffffffff, 0x100, 0x3, 0x80, 0x0, 0x1, 0x1, 0xb0c4, 0x1c, 0x8, 0x7, 0xecf]}) syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x43, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000140)={0xffffffffffffffff}, 0x106, 0x6}}, 0x20) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, &(0x7f00000002c0)) write$RDMA_USER_CM_CMD_BIND_IP(r4, &(0x7f0000000280)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0xb, @local, 0xfffffff6}, r8}}, 0x30) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000002060500000000000000000000000000050001adbf00000005000100060000000500050007000000050004001b0100000500e5ff070000000c000300686173683a697000101782dcb7bb4d58571a15e234bfd2d9f7986dbbe8b9a13b03fd4e2e5edc8d1853e021e7cd526eea034c4129aaf67cb07ae1342ee05e892a1edeecea7092cb7921f5d8780bc027d98f6ea51ba96a716494228e4a1f61b6bb54fb205a4e8f14e4973336fd67c3cf537153f9ce515e268478a3cff8996e1d2c615dd5ecdbe291853b3e49ea3d97b83dc7ea6c3a0c7baa966e1bdab54d7549b2bc1dbbcb74a085403c51183455424757e3d0bcd74ecc671995c5537e0898d18d13a27e838c3b369e0dc03afc68d1779a46a9c23966f7247164437ffe7e7df6016b937bf02e141921e44cb5fe828104bc60672619e886a976f78111c4b0420ff20c0a348b448f51a4fafe61e10d668f1f75d8b943a93b9541daecc5d9c791b0b9d226569956f8e7fc272d49da08977345b5d020b69acba81d9c86ec62562b7299c09b890f4bd0ccbed297d8fac06939abab00e37d396a5426dcda8e59881c456a7a5249a45d92b1c9428ef72e77e303be74bd638ff8f421d083f707054bd06372e5776d267a4e18462adb12a28aa9b5c9792d2e859f9287f13a8a29d750fede2343301e8e0c4c4acca9e50d64060f2095957dc812385b001293eff4403c"], 0x48}}, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0xc018aec0, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYRESOCT=r2], 0x38}, 0x1, 0x0, 0x0, 0x188c5}, 0x4000880) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r11 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0xf0ffffff}, 0x0) r12 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r12, 0x40946400, &(0x7f0000000300)={'pcl711\x00', [0x2f00, 0xd, 0xd09a, 0x3d, 0x3, 0xfffffffe, 0x20000004, 0x9, 0xffe, 0x9, 0xbc7, 0x1, 0x4, 0x4, 0xffff, 0x100006, 0x5, 0x5, 0x830, 0x30000, 0x10000, 0x9, 0x800, 0xe2df, 0x1000002, 0x8001, 0x7, 0x3, 0x4, 0x5, 0x470f]}) r13 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r13, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e30, @multicast2}, 0x10) connect$inet(r13, &(0x7f0000000200)={0x2, 0x0, @remote}, 0x10) [ 87.608118][ T5300] Bluetooth: hci0: command tx timeout [ 87.740422][ T5324] comedi comedi3: pcl818: I/O port conflict (0xec,16) [ 87.749963][ T5324] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI [ 87.754716][ T5324] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 87.758274][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 87.762071][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.766599][ T5324] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 87.769334][ T5324] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 09 10 71 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 e8 0f 71 f9 4d 8b 24 24 48 83 c3 [ 87.777745][ T5324] RSP: 0018:ffffc9000d2179d8 EFLAGS: 00010206 [ 87.780558][ T5324] RAX: 0000000000000005 RBX: ffff888041e99e80 RCX: 0000000000100000 [ 87.784043][ T5324] RDX: ffffc9000dfaa000 RSI: 0000000000000953 RDI: 0000000000000954 [ 87.787561][ T5324] RBP: 0000000000000001 R08: ffff88803e2e092f R09: 1ffff11007c5c125 [ 87.791001][ T5324] R10: dffffc0000000000 R11: ffffffff88b62930 R12: 0000000000000028 [ 87.794423][ T5324] R13: dffffc0000000000 R14: ffff88803e2e0800 R15: dffffc0000000000 [ 87.797940][ T5324] FS: 00007f54bbc7a6c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000 [ 87.801997][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.805055][ T5324] CR2: 00007f6516873636 CR3: 0000000043302000 CR4: 0000000000352ef0 [ 87.809096][ T5324] Call Trace: [ 87.810652][ T5324] [ 87.812053][ T5324] pcl818_detach+0x66/0xd0 [ 87.814083][ T5324] comedi_device_detach_locked+0x178/0x750 [ 87.816619][ T5324] comedi_device_attach+0x5d4/0x720 [ 87.819065][ T5324] comedi_unlocked_ioctl+0x5ff/0x1020 [ 87.821592][ T5324] ? kasan_quarantine_put+0xdd/0x220 [ 87.824015][ T5324] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 87.826592][ T5324] ? __might_fault+0xb0/0x130 [ 87.828704][ T5324] ? __fget_files+0x2a/0x420 [ 87.830911][ T5324] ? __fget_files+0x3a0/0x420 [ 87.833001][ T5324] ? __fget_files+0x2a/0x420 [ 87.835150][ T5324] ? bpf_lsm_file_ioctl+0x9/0x20 [ 87.837427][ T5324] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 87.840209][ T5324] __se_sys_ioctl+0xfc/0x170 [ 87.842303][ T5324] do_syscall_64+0xfa/0xfa0 [ 87.844438][ T5324] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.846882][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.849703][ T5324] ? clear_bhb_loop+0x60/0xb0 [ 87.851851][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.854579][ T5324] RIP: 0033:0x7f54bad8f6c9 [ 87.856599][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.865521][ T5324] RSP: 002b:00007f54bbc7a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.869461][ T5324] RAX: ffffffffffffffda RBX: 00007f54bafe5fa0 RCX: 00007f54bad8f6c9 [ 87.872965][ T5324] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 000000000000000a [ 87.876494][ T5324] RBP: 00007f54bae11f91 R08: 0000000000000000 R09: 0000000000000000 [ 87.879866][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.883030][ T5324] R13: 00007f54bafe6038 R14: 00007f54bafe5fa0 R15: 00007ffd879152e8 [ 87.886276][ T5324] [ 87.887690][ T5324] Modules linked in: [ 87.889865][ T5324] ---[ end trace 0000000000000000 ]--- [ 87.996081][ T5324] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 87.998660][ T5324] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 09 10 71 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 e8 0f 71 f9 4d 8b 24 24 48 83 c3 [ 88.053532][ T5324] RSP: 0018:ffffc9000d2179d8 EFLAGS: 00010206 [ 88.056263][ T5324] RAX: 0000000000000005 RBX: ffff888041e99e80 RCX: 0000000000100000 [ 88.059812][ T5324] RDX: ffffc9000dfaa000 RSI: 0000000000000953 RDI: 0000000000000954 [ 88.093771][ T5324] RBP: 0000000000000001 R08: ffff88803e2e092f R09: 1ffff11007c5c125 [ 88.096985][ T5324] R10: dffffc0000000000 R11: ffffffff88b62930 R12: 0000000000000028 [ 88.100632][ T5324] R13: dffffc0000000000 R14: ffff88803e2e0800 R15: dffffc0000000000 [ 88.128277][ T5324] FS: 00007f54bbc7a6c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000 [ 88.139354][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.150499][ T5324] CR2: 00007f54bbb1d680 CR3: 0000000043302000 CR4: 0000000000352ef0 [ 88.154386][ T5324] Kernel panic - not syncing: Fatal exception [ 88.157379][ T5324] Kernel Offset: disabled [ 88.159617][ T5324] Rebooting in 86400 seconds..