Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe000: 0000 [#1] SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x00000000ffff0000-0x00000000ffff0007]
CPU: 0 UID: 0 PID: 1099 Comm: kworker/u8:6 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: netns cleanup_net
RIP: 0010:ip6_mc_clear_src+0x89/0x5a0 net/ipv6/mcast.c:2599
Code: 49 bc 00 00 00 00 00 fc ff df 48 8d 45 10 49 89 c5 48 89 04 24 49 c1 ed 03 4d 01 e5 eb 32 e8 3e 55 88 f7 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 80 04 00 00 4c 8b 3b 48 8d 7b 30 48 89 de e8
RSP: 0018:ffffc90004067308 EFLAGS: 00010206
RAX: 000000001fffe000 RBX: 00000000ffff0000 RCX: ffffffff8a33c19b
RDX: ffff888028444880 RSI: ffffffff8a33c122 RDI: 0000000000000005
RBP: ffff88802af2f800 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
R13: ffffed10055e5f02 R14: ffff88802af2f828 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff888124765000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000002e5030 CR3: 000000002a0c0000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
mld_clear_delrec+0xfb/0x640 net/ipv6/mcast.c:826
ipv6_mc_destroy_dev+0x49/0x690 net/ipv6/mcast.c:2842
addrconf_ifdown.isra.0+0x13ef/0x1a90 net/ipv6/addrconf.c:4000
addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3780
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
call_netdevice_notifiers net/core/dev.c:2282 [inline]
unregister_netdevice_many_notify+0xf9a/0x26f0 net/core/dev.c:12076
unregister_netdevice_many net/core/dev.c:12139 [inline]
unregister_netdevice_queue+0x305/0x3f0 net/core/dev.c:11983
unregister_netdevice include/linux/netdevice.h:3379 [inline]
nsim_destroy+0x197/0x5d0 drivers/net/netdevsim/netdev.c:1068
__nsim_dev_port_del+0x189/0x240 drivers/net/netdevsim/dev.c:1428
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1440 [inline]
nsim_dev_reload_destroy+0x10a/0x4d0 drivers/net/netdevsim/dev.c:1661
nsim_dev_reload_down+0x6e/0xd0 drivers/net/netdevsim/dev.c:968
devlink_reload+0x1a1/0x7c0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1a0/0x2b0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:162 [inline]
ops_undo_list+0x187/0xab0 net/core/net_namespace.c:235
cleanup_net+0x408/0x890 net/core/net_namespace.c:686
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
kthread+0x3c5/0x780 kernel/kthread.c:464
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ip6_mc_clear_src+0x89/0x5a0 net/ipv6/mcast.c:2599
Code: 49 bc 00 00 00 00 00 fc ff df 48 8d 45 10 49 89 c5 48 89 04 24 49 c1 ed 03 4d 01 e5 eb 32 e8 3e 55 88 f7 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 80 04 00 00 4c 8b 3b 48 8d 7b 30 48 89 de e8
RSP: 0018:ffffc90004067308 EFLAGS: 00010206
RAX: 000000001fffe000 RBX: 00000000ffff0000 RCX: ffffffff8a33c19b
RDX: ffff888028444880 RSI: ffffffff8a33c122 RDI: 0000000000000005
RBP: ffff88802af2f800 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
R13: ffffed10055e5f02 R14: ffff88802af2f828 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff888124865000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000404030 CR3: 0000000034f3f000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
0: 49 bc 00 00 00 00 00 movabs $0xdffffc0000000000,%r12
7: fc ff df
a: 48 8d 45 10 lea 0x10(%rbp),%rax
e: 49 89 c5 mov %rax,%r13
11: 48 89 04 24 mov %rax,(%rsp)
15: 49 c1 ed 03 shr $0x3,%r13
19: 4d 01 e5 add %r12,%r13
1c: eb 32 jmp 0x50
1e: e8 3e 55 88 f7 call 0xf7885561
23: 48 89 d8 mov %rbx,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) <-- trapping instruction
2f: 0f 85 80 04 00 00 jne 0x4b5
35: 4c 8b 3b mov (%rbx),%r15
38: 48 8d 7b 30 lea 0x30(%rbx),%rdi
3c: 48 89 de mov %rbx,%rsi
3f: e8 .byte 0xe8