general protection fault, probably for non-canonical address 0xed8670bbed8674bb: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: maybe wild-memory-access in range [0x6c33a5df6c33a5d8-0x6c33a5df6c33a5df]
CPU: 0 PID: 5144 Comm: kworker/0:5 Not tainted 6.9.0-rc5-syzkaller-00036-g9d1ddab261f3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: events linkwatch_event
RIP: 0010:igmp6_group_added+0x97/0x480 net/ipv6/mcast.c:670
Code: d8 00 f8 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 0f 85 a0 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 10 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 74 03 00 00 48 8d 7b 01 4d 8b 2c 24 48 b8 00 00
RSP: 0018:ffffc9000394f8a8 EFLAGS: 00010207
RAX: dffffc0000000000 RBX: ffff88802f130c00 RCX: ffffffff898c5103
RDX: 0d8674bbed8674bb RSI: ffffffff898cea10 RDI: ffff88802f130c00
RBP: 1ffff92000729f17 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000003 R12: 6c33a5df6c33a5df
R13: dffffc0000000000 R14: ffff88802f130c10 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31526000 CR3: 0000000062a00000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ipv6_mc_up+0x1f6/0x3e0 net/ipv6/mcast.c:2754
ipv6_find_idev+0x174/0x220 net/ipv6/addrconf.c:499
addrconf_add_dev+0x31/0x1c0 net/ipv6/addrconf.c:2557
addrconf_dev_config net/ipv6/addrconf.c:3480 [inline]
addrconf_init_auto_addrs+0x380/0x820 net/ipv6/addrconf.c:3568
addrconf_notify+0x6ef/0x19e0 net/ipv6/addrconf.c:3741
notifier_call_chain+0xb9/0x410 kernel/notifier.c:93
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1950
netdev_state_change net/core/dev.c:1332 [inline]
netdev_state_change+0x115/0x150 net/core/dev.c:1325
linkwatch_do_dev+0x12b/0x160 net/core/link_watch.c:177
__linkwatch_run_queue+0x233/0x690 net/core/link_watch.c:234
linkwatch_event+0x8f/0xc0 net/core/link_watch.c:277
process_one_work+0x9a9/0x1ac0 kernel/workqueue.c:3254
process_scheduled_works kernel/workqueue.c:3335 [inline]
worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416
kthread+0x2c1/0x3a0 kernel/kthread.c:388
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:igmp6_group_added+0x97/0x480 net/ipv6/mcast.c:670
Code: d8 00 f8 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 0f 85 a0 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 10 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 74 03 00 00 48 8d 7b 01 4d 8b 2c 24 48 b8 00 00
RSP: 0018:ffffc9000394f8a8 EFLAGS: 00010207
RAX: dffffc0000000000 RBX: ffff88802f130c00 RCX: ffffffff898c5103
RDX: 0d8674bbed8674bb RSI: ffffffff898cea10 RDI: ffff88802f130c00
RBP: 1ffff92000729f17 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000003 R12: 6c33a5df6c33a5df
R13: dffffc0000000000 R14: ffff88802f130c10 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001480 CR3: 0000000020546000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: d8 00 fadds (%rax)
2: f8 clc
3: 4c 89 f0 mov %r14,%rax
6: 48 c1 e8 03 shr $0x3,%rax
a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1)
f: 0f 85 a0 03 00 00 jne 0x3b5
15: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
1c: fc ff df
1f: 4c 8b 63 10 mov 0x10(%rbx),%r12
23: 4c 89 e2 mov %r12,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 74 03 00 00 jne 0x3a8
34: 48 8d 7b 01 lea 0x1(%rbx),%rdi
38: 4d 8b 2c 24 mov (%r12),%r13
3c: 48 rex.W
3d: b8 .byte 0xb8