program:
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='configfs\x00', 0x16, 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000140)='./file0\x00')
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0xbfb, 0x2)
r1 = dup2(r0, r0)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f00000000c0)={0xf0f03f, 0x6e})
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
r3 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r3, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
getsockname$l2tp(r3, 0x0, &(0x7f00000000c0))
getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000)
r4 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000080)={'pcl818\x00', [0x9, 0x2166, 0x2, 0x101, 0x88d6, 0x4, 0x8, 0x10, 0xfffffffd, 0xffffffff, 0x200, 0xfff, 0x344, 0x6, 0x2, 0x20200, 0x9, 0x3, 0x3, 0x1, 0x4, 0x0, 0x400080, 0x4, 0x1, 0x1, 0x8, 0x61, 0x8, 0xf3, 0x1]})

[   86.465603][ T4671] Bluetooth: hci0: command tx timeout
[   86.580611][ T5327] comedi comedi3: pcl818: I/O port conflict (0x9,16)
[   86.595394][ T5327] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI
[   86.600469][ T5327] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[   86.604439][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.608350][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.613149][ T5327] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[   86.615899][ T5327] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 09 10 71 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 e8 0f 71 f9 4d 8b 24 24 48 83 c3
[   86.624481][ T5327] RSP: 0018:ffffc9000d2af9d8 EFLAGS: 00010206
[   86.627274][ T5327] RAX: 0000000000000005 RBX: ffff888043606180 RCX: 0000000000100000
[   86.631036][ T5327] RDX: ffffc9000e12a000 RSI: 0000000000000934 RDI: 0000000000000935
[   86.634772][ T5327] RBP: 0000000000000001 R08: ffff88803e1e512f R09: 1ffff11007c3ca25
[   86.638562][ T5327] R10: dffffc0000000000 R11: ffffffff88b62930 R12: 0000000000000028
[   86.642382][ T5327] R13: dffffc0000000000 R14: ffff88803e1e5000 R15: dffffc0000000000
[   86.646130][ T5327] FS:  00007fb3625f56c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   86.649982][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.652722][ T5327] CR2: 000055beb38ec660 CR3: 000000003de2a000 CR4: 0000000000352ef0
[   86.656148][ T5327] Call Trace:
[   86.657649][ T5327]  <TASK>
[   86.658970][ T5327]  pcl818_detach+0x66/0xd0
[   86.660938][ T5327]  comedi_device_detach_locked+0x178/0x750
[   86.663477][ T5327]  comedi_device_attach+0x5d4/0x720
[   86.665682][ T5327]  comedi_unlocked_ioctl+0x5ff/0x1020
[   86.668014][ T5327]  ? kasan_quarantine_put+0xdd/0x220
[   86.670385][ T5327]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   86.673191][ T5327]  ? __might_fault+0xb0/0x130
[   86.675354][ T5327]  ? __fget_files+0x2a/0x420
[   86.677522][ T5327]  ? __fget_files+0x3a0/0x420
[   86.679622][ T5327]  ? __fget_files+0x2a/0x420
[   86.681650][ T5327]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.683961][ T5327]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   86.686335][ T5327]  __se_sys_ioctl+0xfc/0x170
[   86.688408][ T5327]  do_syscall_64+0xfa/0xfa0
[   86.690427][ T5327]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.692682][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.695373][ T5327]  ? clear_bhb_loop+0x60/0xb0
[   86.697480][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.700138][ T5327] RIP: 0033:0x7fb36618f6c9
[   86.702189][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.710358][ T5327] RSP: 002b:00007fb3625f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.714005][ T5327] RAX: ffffffffffffffda RBX: 00007fb3663e5fa0 RCX: 00007fb36618f6c9
[   86.717505][ T5327] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000006
[   86.720816][ T5327] RBP: 00007fb366211f91 R08: 0000000000000000 R09: 0000000000000000
[   86.724239][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.727551][ T5327] R13: 00007fb3663e6038 R14: 00007fb3663e5fa0 R15: 00007ffff7be7628
[   86.731434][ T5327]  </TASK>
[   86.733138][ T5327] Modules linked in:
[   86.735411][ T5327] ---[ end trace 0000000000000000 ]---
[   86.743337][ T5327] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[   86.746553][ T5327] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 09 10 71 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 e8 0f 71 f9 4d 8b 24 24 48 83 c3
[   86.754392][ T5327] RSP: 0018:ffffc9000d2af9d8 EFLAGS: 00010206
[   86.757482][ T5327] RAX: 0000000000000005 RBX: ffff888043606180 RCX: 0000000000100000
[   86.760913][ T5327] RDX: ffffc9000e12a000 RSI: 0000000000000934 RDI: 0000000000000935
[   86.764494][ T5327] RBP: 0000000000000001 R08: ffff88803e1e512f R09: 1ffff11007c3ca25
[   86.768720][ T5327] R10: dffffc0000000000 R11: ffffffff88b62930 R12: 0000000000000028
[   86.772194][ T5327] R13: dffffc0000000000 R14: ffff88803e1e5000 R15: dffffc0000000000
[   86.776673][ T5327] FS:  00007fb3625f56c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   86.780787][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.783815][ T5327] CR2: 000055beb38ec660 CR3: 000000003de2a000 CR4: 0000000000352ef0
[   86.787834][ T5327] Kernel panic - not syncing: Fatal exception
[   86.790865][ T5327] Kernel Offset: disabled
[   86.792825][ T5327] Rebooting in 86400 seconds..