program: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 32) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400adfd8a987e40da2e6a262b", 0x11}], 0x1) (rerun: 32) socket$inet6(0xa, 0x1, 0x100) (async, rerun: 64) close(r2) (rerun: 64) socket$netlink(0x10, 0x3, 0x4) (async) write$binfmt_misc(r1, &(0x7f0000000280), 0xff36) (async, rerun: 32) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) (rerun: 32) readv(r2, &(0x7f0000001480)=[{&(0x7f0000000100)=""/145, 0x91}, {&(0x7f0000000240)=""/219, 0xdb}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/171, 0xab}, {&(0x7f0000000000)=""/94, 0x5e}, {&(0x7f00000001c0)=""/54, 0x36}, {&(0x7f0000001400)=""/101, 0x65}], 0x7) [ 68.561772][ T5307] Bluetooth: hci0: command tx timeout [ 68.625292][ T5321] Oops: general protection fault, probably for non-canonical address 0xdffffc00000a2403: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 68.630037][ T5321] KASAN: probably user-memory-access in range [0x0000000000512018-0x000000000051201f] [ 68.633480][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 68.637089][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.641080][ T5321] RIP: 0010:smc_diag_dump_proto+0x6d9/0x3270 [ 68.643399][ T5321] Code: 80 3c 2c 00 74 08 48 89 df e8 c3 97 86 f6 48 89 5c 24 30 48 8b 1b 48 85 db 0f 84 2d 02 00 00 48 83 c3 18 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 98 97 86 f6 48 8b 44 24 28 4c 8d [ 68.650306][ T5321] RSP: 0018:ffffc9000d3e6b20 EFLAGS: 00010206 [ 68.652571][ T5321] RAX: 00000000000a2403 RBX: 0000000000512018 RCX: ffff888000382440 [ 68.655407][ T5321] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 [ 68.658129][ T5321] RBP: ffffc9000d3e6fb0 R08: ffffffff89cc3c42 R09: 1ffff1100a627c0b [ 68.660952][ T5321] R10: dffffc0000000000 R11: ffffed100a627c0c R12: 1ffff1100a627cab [ 68.663885][ T5321] R13: dffffc0000000000 R14: ffff88805313e000 R15: ffff888053150010 [ 68.666761][ T5321] FS: 00007fd0b60576c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 68.669880][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.672106][ T5321] CR2: 00005555748207c8 CR3: 00000000401f8000 CR4: 0000000000352ef0 [ 68.674847][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.677565][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.680282][ T5321] Call Trace: [ 68.681563][ T5321] [ 68.682721][ T5321] ? __die_body+0x5f/0xb0 [ 68.684458][ T5321] ? die_addr+0xb0/0xe0 [ 68.686045][ T5321] ? exc_general_protection+0x3dd/0x5d0 [ 68.688163][ T5321] ? asm_exc_general_protection+0x26/0x30 [ 68.690219][ T5321] ? sock_diag_save_cookie+0x42/0xd0 [ 68.692058][ T5321] ? smc_diag_dump_proto+0x6d9/0x3270 [ 68.694044][ T5321] ? __lock_acquire+0x1397/0x2100 [ 68.695865][ T5321] ? __pfx_smc_diag_dump_proto+0x10/0x10 [ 68.697887][ T5321] ? __lruvec_stat_mod_folio+0x7d/0x300 [ 68.699860][ T5321] ? __phys_addr+0xba/0x170 [ 68.701499][ T5321] ? __kasan_kmalloc_large+0x8a/0xa0 [ 68.703361][ T5321] ? rcu_is_watching+0x15/0xb0 [ 68.705047][ T5321] ? rcu_is_watching+0x15/0xb0 [ 68.706830][ T5321] ? trace_kmalloc+0x1f/0xd0 [ 68.708490][ T5321] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 68.710941][ T5321] ? __build_skb_around+0x245/0x3d0 [ 68.712869][ T5321] ? __alloc_skb+0x28f/0x440 [ 68.714536][ T5321] ? __pfx___alloc_skb+0x10/0x10 [ 68.716282][ T5321] smc_diag_dump+0x59/0xa0 [ 68.717982][ T5321] netlink_dump+0x64d/0xe10 [ 68.719617][ T5321] ? __pfx_netlink_dump+0x10/0x10 [ 68.721333][ T5321] __netlink_dump_start+0x5a2/0x790 [ 68.723093][ T5321] smc_diag_handler_dump+0x1ab/0x250 [ 68.724898][ T5321] ? __pfx_smc_diag_handler_dump+0x10/0x10 [ 68.727064][ T5321] ? __pfx_smc_diag_dump+0x10/0x10 [ 68.728754][ T5321] ? sock_diag_lock_handler+0x19/0x280 [ 68.730720][ T5321] ? __pfx_smc_diag_handler_dump+0x10/0x10 [ 68.732707][ T5321] sock_diag_rcv_msg+0x3dc/0x5f0 [ 68.734361][ T5321] netlink_rcv_skb+0x1e3/0x430 [ 68.735984][ T5321] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 68.737834][ T5321] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 68.739557][ T5321] ? netlink_deliver_tap+0x2e/0x1b0 [ 68.741333][ T5321] netlink_unicast+0x7f6/0x990 [ 68.743141][ T5321] ? __pfx_netlink_unicast+0x10/0x10 [ 68.745155][ T5321] ? __virt_addr_valid+0x45f/0x530 [ 68.747076][ T5321] ? __phys_addr_symbol+0x2f/0x70 [ 68.748984][ T5321] ? __check_object_size+0x47a/0x730 [ 68.750892][ T5321] netlink_sendmsg+0x8e4/0xcb0 [ 68.752570][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.754377][ T5321] ? aa_sock_msg_perm+0x91/0x160 [ 68.756154][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.758090][ T5321] __sock_sendmsg+0x221/0x270 [ 68.759716][ T5321] sock_sendmsg+0x134/0x200 [ 68.761412][ T5321] ? __pfx_sock_sendmsg+0x10/0x10 [ 68.763312][ T5321] ? iov_iter_bvec+0x4e/0x180 [ 68.764964][ T5321] splice_to_socket+0xa10/0x10b0 [ 68.766961][ T5321] ? __pfx_lock_release+0x10/0x10 [ 68.768982][ T5321] ? __pfx_splice_to_socket+0x10/0x10 [ 68.771399][ T5321] ? __lock_acquire+0x1397/0x2100 [ 68.773839][ T5321] ? fsnotify_pre_content+0x3ce/0x5b0 [ 68.776317][ T5321] ? rw_verify_area+0x239/0x630 [ 68.778546][ T5321] ? __pfx_splice_to_socket+0x10/0x10 [ 68.781046][ T5321] do_splice+0xd68/0x18b0 [ 68.783092][ T5321] ? __fget_files+0x2a/0x410 [ 68.785072][ T5321] ? __pfx_lock_release+0x10/0x10 [ 68.786907][ T5321] ? do_futex+0x33b/0x560 [ 68.788176][ T5321] ? pipe_clear_nowait+0x196/0x220 [ 68.789740][ T5321] ? __pfx_do_splice+0x10/0x10 [ 68.791551][ T5321] ? __fget_files+0x2a/0x410 [ 68.793224][ T5321] __se_sys_splice+0x2e0/0x450 [ 68.794896][ T5321] ? __pfx___se_sys_splice+0x10/0x10 [ 68.796834][ T5321] ? do_syscall_64+0x100/0x230 [ 68.798560][ T5321] ? __x64_sys_splice+0x21/0xf0 [ 68.800435][ T5321] do_syscall_64+0xf3/0x230 [ 68.802100][ T5321] ? clear_bhb_loop+0x35/0x90 [ 68.803753][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.805868][ T5321] RIP: 0033:0x7fd0b518cd29 [ 68.807539][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.814281][ T5321] RSP: 002b:00007fd0b6057038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 68.817338][ T5321] RAX: ffffffffffffffda RBX: 00007fd0b53a6080 RCX: 00007fd0b518cd29 [ 68.820084][ T5321] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 68.822948][ T5321] RBP: 00007fd0b520e2a0 R08: 0000000080000001 R09: 0000000000000000 [ 68.825871][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.829004][ T5321] R13: 0000000000000000 R14: 00007fd0b53a6080 R15: 00007ffe653117e8 [ 68.831945][ T5321] [ 68.833153][ T5321] Modules linked in: [ 68.835153][ T5321] ---[ end trace 0000000000000000 ]--- [ 68.837100][ T5321] RIP: 0010:smc_diag_dump_proto+0x6d9/0x3270 [ 68.839392][ T5321] Code: 80 3c 2c 00 74 08 48 89 df e8 c3 97 86 f6 48 89 5c 24 30 48 8b 1b 48 85 db 0f 84 2d 02 00 00 48 83 c3 18 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 98 97 86 f6 48 8b 44 24 28 4c 8d [ 68.846517][ T5321] RSP: 0018:ffffc9000d3e6b20 EFLAGS: 00010206 [ 68.848903][ T5321] RAX: 00000000000a2403 RBX: 0000000000512018 RCX: ffff888000382440 [ 68.851935][ T5321] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 [ 68.854941][ T5321] RBP: ffffc9000d3e6fb0 R08: ffffffff89cc3c42 R09: 1ffff1100a627c0b [ 68.857960][ T5321] R10: dffffc0000000000 R11: ffffed100a627c0c R12: 1ffff1100a627cab [ 68.861041][ T5321] R13: dffffc0000000000 R14: ffff88805313e000 R15: ffff888053150010 [ 68.864052][ T5321] FS: 00007fd0b60576c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 68.867482][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.870229][ T5321] CR2: 00005555748207c8 CR3: 00000000401f8000 CR4: 0000000000352ef0 [ 68.873301][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.876212][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.879169][ T5321] Kernel panic - not syncing: Fatal exception [ 68.881729][ T5321] Kernel Offset: disabled [ 68.883400][ T5321] Rebooting in 86400 seconds..