program: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f0000000440), 0x10) listen(r2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000180)={0x5, 0xfffffffe}, 0x8) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0) [ 69.913115][ T5305] Bluetooth: hci0: command tx timeout [ 69.997366][ T5320] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 70.002723][ T5320] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [ 70.006241][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 70.010484][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.015321][ T5320] RIP: 0010:__lock_acquire+0x6a/0x2100 [ 70.019378][ T5320] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d eb e2 80 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 78 38 8b 00 48 be 00 00 00 00 00 fc [ 70.026881][ T5320] RSP: 0018:ffffc9000d377770 EFLAGS: 00010006 [ 70.029563][ T5320] RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000000 [ 70.032786][ T5320] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000018 [ 70.036184][ T5320] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001 [ 70.039755][ T5320] R10: dffffc0000000000 R11: fffffbfff2036c0f R12: ffff888000b9a440 [ 70.043645][ T5320] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000018 [ 70.046823][ T5320] FS: 00007fced77886c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 70.050501][ T5320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.053275][ T5320] CR2: 0000000000000000 CR3: 0000000042782000 CR4: 0000000000352ef0 [ 70.056917][ T5320] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.060681][ T5320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.063885][ T5320] Call Trace: [ 70.065266][ T5320] [ 70.066534][ T5320] ? __die_body+0x5f/0xb0 [ 70.068442][ T5320] ? die_addr+0xb0/0xe0 [ 70.070283][ T5320] ? exc_general_protection+0x3dd/0x5d0 [ 70.073068][ T5320] ? asm_exc_general_protection+0x26/0x30 [ 70.075808][ T5320] ? __lock_acquire+0x6a/0x2100 [ 70.078018][ T5320] ? mark_lock+0x9a/0x360 [ 70.079781][ T5320] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.082215][ T5320] lock_acquire+0x1ed/0x550 [ 70.084167][ T5320] ? add_wait_queue+0x46/0x180 [ 70.086186][ T5320] ? __pfx_lock_acquire+0x10/0x10 [ 70.088587][ T5320] ? queue_work_on+0x25f/0x380 [ 70.091213][ T5320] ? __pfx_queue_work_on+0x10/0x10 [ 70.094051][ T5320] ? __local_bh_enable_ip+0x168/0x200 [ 70.096646][ T5320] ? preempt_schedule_notrace_thunk+0x1a/0x30 [ 70.099290][ T5320] ? trace_irq_disable+0x2c/0x120 [ 70.101078][ T5320] _raw_spin_lock_irqsave+0xd5/0x120 [ 70.103081][ T5320] ? add_wait_queue+0x46/0x180 [ 70.105008][ T5320] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 70.107814][ T5320] ? virtio_transport_send_pkt_info+0xd13/0x10b0 [ 70.110373][ T5320] add_wait_queue+0x46/0x180 [ 70.112116][ T5320] virtio_transport_release+0x4c4/0xce0 [ 70.114338][ T5320] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 70.116744][ T5320] ? __pfx_virtio_transport_release+0x10/0x10 [ 70.119029][ T5320] ? __pfx_woken_wake_function+0x10/0x10 [ 70.121057][ T5320] ? __local_bh_enable_ip+0x168/0x200 [ 70.122925][ T5320] ? __vsock_release+0xa4/0x4f0 [ 70.124671][ T5320] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 70.126711][ T5320] ? __vsock_release+0x2c/0x4f0 [ 70.128938][ T5320] ? do_raw_spin_unlock+0x58/0x8b0 [ 70.131435][ T5320] ? __vsock_release+0x3b/0x4f0 [ 70.133198][ T5320] __vsock_release+0xf1/0x4f0 [ 70.135090][ T5320] vsock_release+0x97/0x100 [ 70.136896][ T5320] sock_close+0xbc/0x240 [ 70.138419][ T5320] ? __pfx_sock_close+0x10/0x10 [ 70.140185][ T5320] __fput+0x3e9/0x9f0 [ 70.141733][ T5320] task_work_run+0x24f/0x310 [ 70.143807][ T5320] ? _raw_spin_unlock+0x28/0x50 [ 70.146089][ T5320] ? __pfx_task_work_run+0x10/0x10 [ 70.148497][ T5320] ? syscall_exit_to_user_mode+0xa3/0x340 [ 70.150554][ T5320] syscall_exit_to_user_mode+0x13f/0x340 [ 70.152441][ T5320] do_syscall_64+0x100/0x230 [ 70.154140][ T5320] ? clear_bhb_loop+0x35/0x90 [ 70.155844][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.158065][ T5320] RIP: 0033:0x7fced698cde9 [ 70.159488][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.165852][ T5320] RSP: 002b:00007fced7788038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 70.168993][ T5320] RAX: 0000000000000000 RBX: 00007fced6ba5fa0 RCX: 00007fced698cde9 [ 70.171828][ T5320] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 70.174839][ T5320] RBP: 00007fced6a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 70.177700][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.180846][ T5320] R13: 0000000000000000 R14: 00007fced6ba5fa0 R15: 00007ffc6cee9798 [ 70.184346][ T5320] [ 70.185705][ T5320] Modules linked in: [ 70.187379][ T5320] ---[ end trace 0000000000000000 ]--- [ 70.189495][ T5320] RIP: 0010:__lock_acquire+0x6a/0x2100 [ 70.191478][ T5320] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d eb e2 80 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 78 38 8b 00 48 be 00 00 00 00 00 fc [ 70.198119][ T5320] RSP: 0018:ffffc9000d377770 EFLAGS: 00010006 [ 70.200622][ T5320] RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000000 [ 70.204635][ T5320] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000018 [ 70.208373][ T5320] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001 [ 70.211159][ T5320] R10: dffffc0000000000 R11: fffffbfff2036c0f R12: ffff888000b9a440 [ 70.213684][ T5320] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000018 [ 70.216127][ T5320] FS: 00007fced77886c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 70.219062][ T5320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.221183][ T5320] CR2: 0000000000000000 CR3: 0000000042782000 CR4: 0000000000352ef0 [ 70.223988][ T5320] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.227058][ T5320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.229995][ T5320] Kernel panic - not syncing: Fatal exception [ 70.232158][ T5320] Kernel Offset: disabled [ 70.233472][ T5320] Rebooting in 86400 seconds..