==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]
BUG: KASAN: null-ptr-deref in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
BUG: KASAN: null-ptr-deref in smc_tcp_syn_recv_sock+0xa7/0x560 net/smc/af_smc.c:134
Read of size 4 at addr 0000000000000adc by task syz.3.3075/20271

CPU: 1 UID: 0 PID: 20271 Comm: syz.3.3075 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
Tainted: [U]=USER, [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 kasan_report+0xdf/0x1a0 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:186 [inline]
 kasan_check_range+0x10f/0x1e0 mm/kasan/generic.c:200
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
 smc_tcp_syn_recv_sock+0xa7/0x560 net/smc/af_smc.c:134
 tcp_check_req+0xab4/0x28c0 net/ipv4/tcp_minisocks.c:910
 tcp_v4_rcv+0x1331/0x4d50 net/ipv4/tcp_ipv4.c:2247
 ip_protocol_deliver_rcu+0xba/0x4d0 net/ipv4/ip_input.c:207
 ip_local_deliver_finish+0x3f2/0x6e0 net/ipv4/ip_input.c:241
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ip_local_deliver+0x19a/0x1f0 net/ipv4/ip_input.c:262
 dst_input include/net/dst.h:474 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:453 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ip_rcv+0x2d9/0x5d0 net/ipv4/ip_input.c:573
 __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:6152
 __netif_receive_skb+0x1f/0x120 net/core/dev.c:6265
 process_backlog+0x37a/0x1580 net/core/dev.c:6617
 __napi_poll.constprop.0+0xaf/0x450 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0xa40/0xf20 net/core/dev.c:7896
 handle_softirqs+0x1ea/0x910 kernel/softirq.c:622
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0xac/0xe0 kernel/softirq.c:510
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x120 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:936 [inline]
 __dev_queue_xmit+0x7f1/0x46f0 net/core/dev.c:4859
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 neigh_hh_output include/net/neighbour.h:540 [inline]
 neigh_output include/net/neighbour.h:554 [inline]
 ip_finish_output2+0xf34/0x24b0 net/ipv4/ip_output.c:237
 __ip_finish_output.part.0+0x444/0x6f0 net/ipv4/ip_output.c:315
 __ip_finish_output net/ipv4/ip_output.c:303 [inline]
 ip_finish_output net/ipv4/ip_output.c:325 [inline]
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0x39b/0xec0 net/ipv4/ip_output.c:438
 dst_output include/net/dst.h:464 [inline]
 ip_local_out net/ipv4/ip_output.c:131 [inline]
 __ip_queue_xmit+0x1b73/0x22b0 net/ipv4/ip_output.c:534
 __tcp_transmit_skb+0x2c62/0x43c0 net/ipv4/tcp_output.c:1631
 tcp_transmit_skb net/ipv4/tcp_output.c:1649 [inline]
 tcp_write_xmit+0x12a2/0x86f0 net/ipv4/tcp_output.c:3002
 __tcp_push_pending_frames+0xaf/0x3b0 net/ipv4/tcp_output.c:3185
 tcp_send_fin+0x11f/0x10f0 net/ipv4/tcp_output.c:3808
 __tcp_close+0xa0d/0x1110 net/ipv4/tcp.c:3206
 tcp_close+0x28/0x110 net/ipv4/tcp.c:3297
 inet_release+0xed/0x200 net/ipv4/af_inet.c:437
 __sock_release+0xb3/0x260 net/socket.c:662
 sock_close+0x1c/0x30 net/socket.c:1455
 __fput+0x3ff/0xb40 fs/file_table.c:468
 task_work_run+0x150/0x240 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:44 [inline]
 exit_to_user_mode_loop+0x100/0x4b0 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x4ea/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efd5d39aeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007efd5e21c028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007efd5d616090 RCX: 00007efd5d39aeb9
RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002
RBP: 00007efd5d408c1f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007efd5d616128 R14: 00007efd5d616090 R15: 00007ffd3e822938
 </TASK>
==================================================================