program: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x2) (async) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000280)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0x6) (async) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000240)) [ 84.615225][ T5304] Bluetooth: hci0: command tx timeout [ 84.715477][ T5331] Oops: general protection fault, probably for non-canonical address 0xdffffc000000005f: 0000 [#1] SMP KASAN NOPTI [ 84.720729][ T5331] KASAN: null-ptr-deref in range [0x00000000000002f8-0x00000000000002ff] [ 84.725241][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.729166][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.733863][ T5331] RIP: 0010:h5_recv+0x136/0x850 [ 84.736408][ T5331] Code: 03 48 89 44 24 50 48 89 4c 24 10 48 c1 e9 03 48 89 4c 24 20 48 89 d8 48 c1 e8 03 48 89 44 24 48 4c 89 64 24 58 48 8b 44 24 28 <42> 80 3c 30 00 74 08 4c 89 ef e8 fb ad bf f9 4d 8b 65 00 31 ff 4c [ 84.744979][ T5331] RSP: 0018:ffffc9000eb4fc60 EFLAGS: 00010202 [ 84.747687][ T5331] RAX: 000000000000005f RBX: 00000000000002e8 RCX: 000000000000005e [ 84.751164][ T5331] RDX: 000000000000005f RSI: 0000000000000001 RDI: 0000000000000000 [ 84.754623][ T5331] RBP: ffffc9000eb4fd68 R08: ffff888011cd9c1f R09: 1ffff1100239b383 [ 84.758116][ T5331] R10: dffffc0000000000 R11: ffffffff886eb1b0 R12: ffff888011cd9c10 [ 84.761388][ T5331] R13: 00000000000002f8 R14: dffffc0000000000 R15: ffffc9000eb4fe00 [ 84.764832][ T5331] FS: 00007f22b4e326c0(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000 [ 84.768914][ T5331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.771845][ T5331] CR2: 00007f22b3e708c0 CR3: 000000001273a000 CR4: 0000000000352ef0 [ 84.775440][ T5331] Call Trace: [ 84.777015][ T5331] [ 84.778348][ T5331] ? __pfx_h5_recv+0x10/0x10 [ 84.780427][ T5331] hci_uart_tty_receive+0x1f8/0x570 [ 84.782433][ T5331] ? __pfx_hci_uart_tty_receive+0x10/0x10 [ 84.784548][ T5331] tiocsti+0x218/0x2a0 [ 84.786118][ T5331] ? __pfx_tiocsti+0x10/0x10 [ 84.788325][ T5331] ? __fget_files+0x2a/0x420 [ 84.790325][ T5331] ? __fget_files+0x3a0/0x420 [ 84.792188][ T5331] ? __fget_files+0x2a/0x420 [ 84.794062][ T5331] tty_ioctl+0x626/0xde0 [ 84.795776][ T5331] ? __pfx_tty_ioctl+0x10/0x10 [ 84.797717][ T5331] __se_sys_ioctl+0xfc/0x170 [ 84.799680][ T5331] do_syscall_64+0xe2/0xf80 [ 84.801532][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.803708][ T5331] ? trace_irq_disable+0x37/0x100 [ 84.805600][ T5331] ? clear_bhb_loop+0x60/0xb0 [ 84.807393][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.809724][ T5331] RIP: 0033:0x7f22b3f9aeb9 [ 84.811402][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.818336][ T5331] RSP: 002b:00007f22b4e32028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.821441][ T5331] RAX: ffffffffffffffda RBX: 00007f22b4216090 RCX: 00007f22b3f9aeb9 [ 84.824339][ T5331] RDX: 0000200000000040 RSI: 0000000000005412 RDI: 0000000000000004 [ 84.827150][ T5331] RBP: 00007f22b4008c1f R08: 0000000000000000 R09: 0000000000000000 [ 84.830277][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.833346][ T5331] R13: 00007f22b4216128 R14: 00007f22b4216090 R15: 00007fffc9122e08 [ 84.836816][ T5331] [ 84.838163][ T5331] Modules linked in: [ 84.840166][ T5331] ---[ end trace 0000000000000000 ]--- [ 84.894612][ T5331] RIP: 0010:h5_recv+0x136/0x850 [ 84.896729][ T5331] Code: 03 48 89 44 24 50 48 89 4c 24 10 48 c1 e9 03 48 89 4c 24 20 48 89 d8 48 c1 e8 03 48 89 44 24 48 4c 89 64 24 58 48 8b 44 24 28 <42> 80 3c 30 00 74 08 4c 89 ef e8 fb ad bf f9 4d 8b 65 00 31 ff 4c [ 84.907185][ T5331] RSP: 0018:ffffc9000eb4fc60 EFLAGS: 00010202 [ 84.909890][ T5331] RAX: 000000000000005f RBX: 00000000000002e8 RCX: 000000000000005e [ 84.913297][ T5331] RDX: 000000000000005f RSI: 0000000000000001 RDI: 0000000000000000 [ 84.918728][ T5331] RBP: ffffc9000eb4fd68 R08: ffff888011cd9c1f R09: 1ffff1100239b383 [ 84.922329][ T5331] R10: dffffc0000000000 R11: ffffffff886eb1b0 R12: ffff888011cd9c10 [ 84.926134][ T5331] R13: 00000000000002f8 R14: dffffc0000000000 R15: ffffc9000eb4fe00 [ 84.929699][ T5331] FS: 00007f22b4e326c0(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000 [ 84.933513][ T5331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.936631][ T5331] CR2: 00007fe97c44dd20 CR3: 000000001273a000 CR4: 0000000000352ef0 [ 84.940032][ T5331] Kernel panic - not syncing: Fatal exception [ 84.942873][ T5331] Kernel Offset: disabled [ 84.944789][ T5331] Rebooting in 86400 seconds..