program: r0 = fanotify_init(0x0, 0x0) r1 = msgget$private(0x0, 0x0) msgctl$MSG_INFO(r1, 0xc, &(0x7f00000003c0)=""/206) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$PIO_SCRNMAP(r3, 0x4b41, &(0x7f0000000980)="f794bce58201532249145a07a451ecd395808d872fc2a92292674c0067fa7492608ca665093c7b40fcb6ab634cabb42039c5a953a64761a7a2381eb76a06f35cd6099b17ff21ecd766e7e6ddd2b9958dbb7668d0161ee5d69ee9f4ec7ebfcd540a4274a377c35e72b9247632e04d66c8b02493ff2eb8ef487a5cadc0ea0b3d1934ab14f7b881968c18c35c59e02c98aa4fede3be2cbd917daeed8651704e111997a7205fc2661acf1811acbf72e3a1a28d5af1c201e9cfffd397ad0ad8baa8e4cb995990ddc93477b53f75af9bdd264037e0e2bd02696598cd41662c13e00d428727104294a3d92d88715487f11264577360757dc8e9c8b53d9eb87fb6b4de45e38e9e530beb829b730f3c6795d52d43f457b0ea91393698e1893aeb6a9172b1436f8ba98936167369d5de48610693e4c53b28dd806916562908eaed02740b0ef47a3e2b318de15dac8b41290bc3d5e1127595a31c88dbad719ba73a43a7942da4d6bfd219ba4ec355c92dbbe696f3136fe98bc2148abbe4ff777bbec7ba95d7a77671fcb54c469ee77dfb09cefe1031f6292c15860c507e44894f802ca18979a378e808be68ef11b67dd255efd1afd1aeafa880c0fbc1eb21676abb35e5e11e5792f346ddfe70af3f6430ac2b1552a2447efdf4a089f34dcad415d73cc535f08ccc30e748e5f2c76d12124f61e08db59503cbe571acf942d445b7c4409037e836a37b309c455a40d2d90868eedf9cab732bda3dcc864c33f2ddf71609563775c4e4e2ba1f0f13fb2779e7535cbe9fcfed58abc1d27dc46b485d30cf49a2cd22a9bc8fa18e9cad3b648138d7afde8e95afef0cb6ca0512e41464e40426295dcd75cf5b17a570ab25c2cba34c8c307b29ad325eef95c3dce02aa2c994b65a28539f164f95ff8fcbb79babdbc8697cdbce9d51ca184317f3e9d706356610c25be63b92412c3672e4b6662b662239c12e44ef0b49ff27a33f8efbaa695115bc25b91422521f431e6e7a0f98994a099cae9243ea9122ffcc46eb0ced241ab8682f864e5975b57637150b11272ef503d56f84de708a5da4da63a1b5f464829d73f9245cb6638d4c8b7b1154800429a7e233c44228657c1a6b452dd87fe4e12297c46745cdbbb80601fe0272678c92f330966e56a7a1e52485a8e13d8ea6fa33690026f7fe9a4064acab4ddc9de522e1adf940821f39588a5651ebda1d00ef8b8d2372234d4217a14ca185f351cc7ad9546d522426b9ec51dc098caffcb70eddfee2be9939dbe725ab3746b609ea2b9b493fee8fc7f3d0ff16e6f4c08599dd3d758bcf48db7cfba52474a074182f4029e5a36d5bd0355eb4122055520d66aacacdefd31bafde62b97567955729664fe709d095a39fe567aaff036ef28b5661059e745508b5e6476f456b2d6807f7f219c99a25af7a6efcc2c6b55a9561a75b978c4e12fcc67949c693ec191e874a53544c45a8d4043623890d779d78be3c3a0e89008a57366e427a8a1b8491082c0ff6743a08e643c15c42fa4ec8d7883ec9572821233a878eeacb174c16f44fdd07dbc11e962ac2e30cec5eee7f92946126b3199530e3fd50d69de59724c5e285efce2839979dfe8a0e9dee809362ea67d6d010c9313607e1d9fb65d83106965013cd7cced01644faae65ea167fa4e7d833ce686be9ab1f69816cac514b76f85c48bccb0a3abe54924701b7098905591c566987b2193cb6e8dbcf5f38e320f559f2db45f79d06799e73269656923721be1daa105d70acf334e4f775b69f19cd53c0dee16d11a7d3cd295e622f42339e6d07b474afd5b7f1a6a56fa67c1c85fc83e01dc6d13e1e45c5a0ed0522e8c488d85f0f7a0659ca26247a42f8888635120945d7bc1b4374e8586d0fc0762772b623e57725fb88625bf93893580660ef067e429fc6acff94c5e532c42eb8010a58d17a7ad5e67b4c8d503098686f42ff96bd0908e6ded85949796a42e2126fa3a9c3a887928f7f6459b6910f9bf0f3fbef7d5a06677e20d9d7ec055fa44615bfac91837dcda3c5ceb0845f5a1037f31d8a0abae1c8a9ee08e477f3d8be972b6877e8e8d6df3e2e88016c3494a23cfddad1d3f5aad6d9d73ff6a239b7d8ece7dfd70437f1be0390d6e161c41e5ddd0d9b214c5967e9ffec379fc333fadd6a7724b3ab913569b1b6ed23ce724ed202a45a62de97ed57e20ba5ed505bb88ffccf29eba74eae0c9aededfca87f16549a79112bd8c068e010aaf8b08dce7946667a128c740fe44b1224f85b2fc7b37aeedf2f69a83cae114baa03d157bbfe49b39cc1976116ceedd9a9c60d0eabc6b148d78954ab26c7c07dba8082b1da3e0f05e8013bd1cb920971350ec78bf4f45e67a478d0b8ba1cc19b75c226b5f98c5e63c87c3ab8d483288bb9a867c2b81cacba3a649cb46c459c64ce88b2bc71bd4990c9877fb0bdd477f88ceb58bb14d96fe25c0ded67b7100f77db2c120f092215369fe842a7a406740810df20cf9e9e8f09f27e2febd1b4c08e19d5d190c7af35dd81f474551bc2d3d3aa0ba1212fe04b28e16f81fb675d40a4700b7f6bd02a575c07fd76b9471ea0701ec28dc81fbaf0721cc583de8393a6a9a0668c6fcf166ce6d29ad04882d0c550bc9d2d94844430e58048654c53f0525dbaf7c5858e2ae2bd217d9d715db05de7029ca976c6627b65399845787edca02cf7ef8cadfcb1e9990c6062b4bba1ce1948e1a4fdf3d2c6953bfb0a81a888ae4ce51d66359bb56b85da5b9bb52fe01749fed1bb5e485192be53cefb7c579b30271f7f8d9a86e6d5adc49236172f422b18b05bd8e254da2c8c90604488b9a3b24f52d565c2fef7ecdf8606d196ee4aa08edb34e3a41ea41308318e659dae0b8594e1e8cc262e42e5a4c99f10b3699f58865dca5a30ead8e629fa0bfe2f37e36bc1db8f8395f9ed787790585869d2469b6e2c7177b30073675537d9d06c631ef877b01464c780f7a6d852f4c9bbd04196377f82c8508e2df37a82f3e72aaf6cd0b2885c60618f62aea70a33f3f782bca2084adec638d3612d8617845b345eb492698cefec052f565e4a8f244093278a778d19f3980cc3504c62ab3738231d9bb17812f86e73773a3841a8c76f1966f49bd245414d2ee816a34ab54303d763412bc24cd029775d92042f80eb2f114a4574daee2c8d3861372ead37193d5cdfefbfe698330cb32064df158dcc31101bc214e75e19615ab75c5f905856be8cb3b0e6165101eadc307c08db856b473a20d6973f3c49aa8442dbfc1f0966537df90503260e1087cbee3468b0b179bcbb03afdcf8ad344a986e69d0d5857ec00f7ae1bd779b3e8081d615a9063d79807473d7270857d0e403651001995682e09b7090d0b00c51129000c40a756ef74902ec823f7abe297d9041db8a8f178b2f5a54c3611214ca4997622bbd35838e3da353fe25b12b1ab80bbf1fc97b0f1203c326cd3417f4a663682230371efd7b7fbaf3e3eb6d153f8df3b7a81fb9890e14c30ab85155ca0bc6db59cbd3c5c752b46188c1282d5ff647efd9d8f73dc8c563adeeeb716bc97ada8aea4ad13b0d9acef9fead0807c73d300085e7fa1b10974dda99c90ffa05c54ffd0f22e239ecf30bee6ccbf9e4e70c60322ec33b5ca980e79ed551feb6becae3316a1888c1b23f7d82bf251db482e7f3dca51ac0f811f602755fb5fe2ecd13f7498f5a4956db5714af591a7099ab7ee39f26e91eda95a2162f80f86c08f023f613454bb5cb386736493bc8162e7b6781fd68e7ed05806d2681e658441b0941be777eb9521be870f501a1ef328d848c7e490ac980f40e54fba1c24b76d5c690e1390366f71c70d9ced405bd04b499bcf7f19516aaba12e5a62f26c39674c976a01c5566502aec7d05977facc19c339143993d8651eb4a228713161b2ab51d4bfc76463823866208598a3865788b5f62869dda36ad7c7245bdec94af251a0036b1a73abe29a2e380b1b4ce349c543b53f33714b26c977cefcb6f2f988e46b41084bdc532f2bb48d89132e44a2bece34c02446899c5c0dbf09c5c717e0bb6e78e9a134085304dc443061d37749d5d482f6dafa5efeba1ad99e3c75f3f30c19b965b141c2fc4a346dcdc37061737a9519aa739ee426bbe318ce4304f3eef243e02326f31d1989e7f3c292a30c250f14f54d92de14e8fd79aa97f6fe35f66cdcc040d545eb3d0bd6d8fc86e79e953cda6ab93474905004e9e50753e64d56e1105ac4df7b6a08b19b15be892b1663e549d4707e2f7e0f567b51cd8595be0bfd6677c28a6c5fabcd57987c6da113bcd55d0d657bb950fb3339966cc7f576d7c6c31c2caa9ce1254abf8f200b1cf801d3b5a8d2a684f5a77b3b0f743bb6c1f89675f012f4d03e87834ea3151543058c5ed3dfb005d96bc70ba81ab867f1d56b6f567bdd6ec8e3ad5d35aaae99a097a86d3f4178e1ffb3ba040e5121d9fe7466ea322972c7dd18728d795b8875093582418cefbc889d8588c6e232d7bb28804cdf57335cb125277041dfdaf0ea4556cf3710c31dfd88af1caa99481b289e02ff01d04469e69872aa56a2eaf58d88a54f8124cafa4343e7d8e656084bf4966e6f243f09dbfd992fed039b6d59ab0077b03e97887a9b5dea3a50c87d8dcceebf58148955cbe859b4afbded8ab1e79498d6e4362e5c6337045eeca2974298825881194e6b20f5b228d2b230d673ad13d5c21162928b460bf78cd67909e22277465f4e6b1fba97fce9f846430b58fc3682ebcbcf8a39b6cd354d3c2567144676f5b0ee33939714696b943d3c3da35bfe496e11558ed5ab1233cb6481918967e492f95860aa5bfc9de24dd84c196c6ebd4839baaf716cf41303e1ea5c76028b7e8219fd82953b98dbccb14d447b56060fdb3f1b041767a34ac1838e00e990b80236123da00a645205ebb3f8eec9b9fe9fd7e8c384d72f6435873cc52041277b718bb1693a8a7c3c0630320d4413dbbc5609e8f44de98d7ad1cfdbc02c59b06e9eff7a042ecabf7da8776422548b0030d913be7d19d6e8a9fd42a219587571b01d8b05b3a48703a25e640035c5af2e3a2717956b73f79f9586022dcca7482a69ea7ab6e27c3761f6a004b917fc27930d48db3ba922eb8dda160c4073a81080feaa427042339214a60668f2a4d4a1d4b56a23db1deba91f5075549eddc398f5a8d2d610213d8229728c377e7ae3a19c966ff666aef14340d0e2356d78d7b0452330a5deafbab2663d229a87209d618b45910ae0eddd429b14f4a2d86957fce357eb6b4a9586e1863096e81eb938af83415fba93517f18fc6405bfffc25a1093b86306b21aed07aefc7ca804a610b8b620a103cd3e48f71319c18ef714402bdef43ca2e930379aaaa2925201bb9b1d43f5b56e268ac73cb8482cc511fd7a7fa39e33c8159ec183bd812ca7a955044df30a555d1c2a8e9eca479a275a563e0193b498863bd4655fe528c57315b92a00e32ad1aab94e6ae6c2cfe0ea55718589f471cca0ffb4fefec3e79eb5ba3dfe59f815878126b6708ff54baa5555a53c273a571deb4d19790c9ec1795816dfa44746198ea4e782c3b8c8257a190de774c5c413eccf34d1cebbdb4dcaea7bb07430bc8bb62c61ae39e46933627fd6ac97a1b7f24b41e924717467047098d004970b58d1a1498ca0146c9c9864525c905ab20767d4590303fbcb058a4643983bdbc68f50f0acb1518c49fbb1f06e92511c233434b2bb015fc3848ffed672dc3b9fa631dedf7bbdfd57af3de56425d002953bc5463bd79bc6952b8ebe23d0ce00c7246e43761c8baa65e") r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f024}) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000180)={0x2, @pix_mp={0x8, 0x1000, 0x31303553, 0x3, 0x4, [{0x74, 0x6}, {0x600, 0x40bb}, {0x2}, {0x9, 0x2}, {0xc96, 0x8001}, {0xfffffff9, 0x7f}, {0x5, 0x1f5b}, {0x5}], 0x8, 0x0, 0x8, 0x0, 0x6}}) (async) r5 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r5, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x3, 0xffffffff, 0x403}}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f00000004c0)={0x1, 0x0, [{0x186, 0x0, 0x9}]}) (async) r9 = fcntl$dupfd(r2, 0x0, r2) fanotify_mark(r0, 0x200, 0x40000022, r9, &(0x7f0000000000)='./file0\x00') ioctl$TCFLSH(r9, 0x400455c8, 0x1) (async, rerun: 64) syz_usb_connect(0x2, 0x27d, 0x0, 0x0) (rerun: 64) ioctl$TIOCSTI(r9, 0x5412, &(0x7f0000000340)=0x9) close_range(r0, 0xffffffffffffffff, 0x0) [ 68.282030][ T5337] Bluetooth: hci0: command tx timeout [ 68.389245][ T5360] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000021: 0000 [#1] SMP KASAN NOPTI [ 68.396305][ T5360] KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] [ 68.399940][ T5360] CPU: 0 UID: 0 PID: 5360 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 68.403938][ T5360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.408708][ T5360] RIP: 0010:bcsp_recv+0x13d/0x1740 [ 68.410986][ T5360] Code: 89 4c 24 40 48 89 54 24 28 48 c1 ea 03 48 89 54 24 68 48 89 5c 24 20 48 c1 eb 03 48 89 5c 24 60 4c 89 7c 24 38 48 8b 44 24 58 <42> 80 3c 30 00 74 08 4c 89 ff e8 84 a6 b8 f9 49 8b 1f 31 ff 48 89 [ 68.419843][ T5360] RSP: 0018:ffffc9000d587c00 EFLAGS: 00010206 [ 68.423062][ T5360] RAX: 0000000000000021 RBX: 0000000000000030 RCX: 000000000000002f [ 68.427889][ T5360] RDX: 000000000000002f RSI: 0000000000000001 RDI: 0000000000000000 [ 68.431538][ T5360] RBP: ffffc9000d587d60 R08: ffff88803ff5181f R09: 1ffff11007fea303 [ 68.435031][ T5360] R10: dffffc0000000000 R11: ffffffff886c06e0 R12: 0000000000000001 [ 68.439618][ T5360] R13: ffffc9000d587e00 R14: dffffc0000000000 R15: 0000000000000108 [ 68.443455][ T5360] FS: 00007f991e8216c0(0000) GS:ffff88808d20c000(0000) knlGS:0000000000000000 [ 68.447147][ T5360] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.450010][ T5360] CR2: 00007f991e81ef70 CR3: 000000001a2cd000 CR4: 0000000000352ef0 [ 68.453458][ T5360] Call Trace: [ 68.455650][ T5360] [ 68.457582][ T5360] ? __pfx_bcsp_recv+0x10/0x10 [ 68.460176][ T5360] ? rcu_read_lock_any_held+0xb3/0x120 [ 68.462633][ T5360] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 68.465115][ T5360] ? tty_audit_push+0x7c/0x250 [ 68.467200][ T5360] hci_uart_tty_receive+0x194/0x220 [ 68.469512][ T5360] ? __pfx_hci_uart_tty_receive+0x10/0x10 [ 68.472255][ T5360] tiocsti+0x239/0x2c0 [ 68.475024][ T5360] ? __pfx_tiocsti+0x10/0x10 [ 68.477708][ T5360] ? __fget_files+0x2a/0x420 [ 68.479794][ T5360] ? __fget_files+0x3a0/0x420 [ 68.481976][ T5360] ? __fget_files+0x2a/0x420 [ 68.484096][ T5360] tty_ioctl+0x626/0xde0 [ 68.485978][ T5360] ? __pfx_tty_ioctl+0x10/0x10 [ 68.488292][ T5360] __se_sys_ioctl+0xfc/0x170 [ 68.491375][ T5360] do_syscall_64+0xfa/0x3b0 [ 68.494910][ T5360] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.497354][ T5360] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.500143][ T5360] ? clear_bhb_loop+0x60/0xb0 [ 68.502286][ T5360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.504908][ T5360] RIP: 0033:0x7f991d98ebe9 [ 68.507031][ T5360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.517158][ T5360] RSP: 002b:00007f991e821038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 68.521383][ T5360] RAX: ffffffffffffffda RBX: 00007f991dbc6180 RCX: 00007f991d98ebe9 [ 68.524549][ T5360] RDX: 0000200000000340 RSI: 0000000000005412 RDI: 000000000000000a [ 68.527974][ T5360] RBP: 00007f991da11e19 R08: 0000000000000000 R09: 0000000000000000 [ 68.531353][ T5360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.534908][ T5360] R13: 00007f991dbc6218 R14: 00007f991dbc6180 R15: 00007ffc29214428 [ 68.539299][ T5360] [ 68.541317][ T5360] Modules linked in: [ 68.544216][ T5360] ---[ end trace 0000000000000000 ]--- [ 68.559059][ T5360] RIP: 0010:bcsp_recv+0x13d/0x1740 [ 68.562029][ T5360] Code: 89 4c 24 40 48 89 54 24 28 48 c1 ea 03 48 89 54 24 68 48 89 5c 24 20 48 c1 eb 03 48 89 5c 24 60 4c 89 7c 24 38 48 8b 44 24 58 <42> 80 3c 30 00 74 08 4c 89 ff e8 84 a6 b8 f9 49 8b 1f 31 ff 48 89 [ 68.572816][ T5360] RSP: 0018:ffffc9000d587c00 EFLAGS: 00010206 [ 68.575709][ T5360] RAX: 0000000000000021 RBX: 0000000000000030 RCX: 000000000000002f [ 68.580154][ T5360] RDX: 000000000000002f RSI: 0000000000000001 RDI: 0000000000000000 [ 68.584610][ T5360] RBP: ffffc9000d587d60 R08: ffff88803ff5181f R09: 1ffff11007fea303 [ 68.589163][ T5360] R10: dffffc0000000000 R11: ffffffff886c06e0 R12: 0000000000000001 [ 68.592603][ T5360] R13: ffffc9000d587e00 R14: dffffc0000000000 R15: 0000000000000108 [ 68.596121][ T5360] FS: 00007f991e8216c0(0000) GS:ffff88808d20c000(0000) knlGS:0000000000000000 [ 68.600982][ T5360] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.620108][ T5360] CR2: 00007f991e81ef70 CR3: 000000001a2cd000 CR4: 0000000000352ef0 [ 68.624098][ T5360] Kernel panic - not syncing: Fatal exception [ 68.627348][ T5360] Kernel Offset: disabled [ 68.629296][ T5360] Rebooting in 86400 seconds..