./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2593594187 <...> Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts. execve("./syz-executor2593594187", ["./syz-executor2593594187"], 0x7ffd32e90700 /* 10 vars */) = 0 brk(NULL) = 0x5555568b8000 brk(0x5555568b8c40) = 0x5555568b8c40 arch_prctl(ARCH_SET_FS, 0x5555568b8300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2593594187", 4096) = 28 brk(0x5555568d9c40) = 0x5555568d9c40 brk(0x5555568da000) = 0x5555568da000 mprotect(0x7f75a99db000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=[{cmsg_len=24, cmsg_level=SOL_RXRPC, cmsg_type=0x1}], msg_controllen=24, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) socket(AF_RXRPC, SOCK_DGRAM, 2) = 3 connect(3, {sa_family=AF_RXRPC, srx_service=0 /* ???_SERVICE */, transport_type=SOCK_DGRAM, transport_len=28, transport={sin6={sin6_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}}}, 36) = 0 sendmmsg(3, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=[{cmsg_len=24, cmsg_level=SOL_RXRPC, cmsg_type=0x1}], msg_controllen=24, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, ...], 891, MSG_NOSIGNAL|MSG_MORE) = 1 exit_group(0) = ? syzkaller login: [ 53.033115][ T3604] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 53.044861][ T3604] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 53.053260][ T3604] CPU: 1 PID: 3604 Comm: syz-executor259 Not tainted 6.1.0-rc3-syzkaller-00887-g0c9ef08a4d0f #0 [ 53.063653][ T3604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 53.073779][ T3604] RIP: 0010:udpv6_sendmsg+0xd0a/0x2c70 [ 53.079247][ T3604] Code: 48 8b 85 98 fd ff ff 48 85 c0 0f 85 2a f8 ff ff e8 5b 46 5a f9 48 8b 95 c0 fd ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 40 1e 00 00 48 8b 85 c0 fd ff ff 48 8d 78 08 48 [ 53.098842][ T3604] RSP: 0018:ffffc900039cf7f0 EFLAGS: 00010246 [ 53.104891][ T3604] RAX: dffffc0000000000 RBX: 000000000000001c RCX: 0000000000000000 [ 53.112848][ T3604] RDX: 0000000000000000 RSI: ffffffff88226bc5 RDI: 0000000000000007 [ 53.120892][ T3604] RBP: ffffc900039cfa90 R08: 0000000000000007 R09: 0000000000000000 [ 53.128851][ T3604] R10: 0000000000000000 R11: 1ffffffff20252f2 R12: ffff888017b65e40 [ 53.136809][ T3604] R13: ffff88802523793c R14: ffff888017b65e52 R15: ffffc900039cfb20 [ 53.144766][ T3604] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 53.153684][ T3604] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.160253][ T3604] CR2: 00007f43201f5a70 CR3: 000000000bc8e000 CR4: 00000000003506e0 [ 53.168211][ T3604] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.176168][ T3604] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.184121][ T3604] Call Trace: [ 53.187395][ T3604] [ 53.190314][ T3604] ? lockdep_unlock+0x11b/0x290 [ 53.195151][ T3604] ? __lock_acquire+0x2567/0x56d0 [ 53.200165][ T3604] ? udp_v6_push_pending_frames+0x200/0x200 [ 53.206053][ T3604] ? __lock_acquire+0xbc3/0x56d0 [ 53.210980][ T3604] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 53.216945][ T3604] ? find_held_lock+0x2d/0x110 [ 53.221698][ T3604] ? mark_lock.part.0+0xee/0x1910 [ 53.226709][ T3604] ? find_held_lock+0x2d/0x110 [ 53.231463][ T3604] ? lock_chain_count+0x20/0x20 [ 53.236302][ T3604] rxrpc_send_abort_packet+0x73b/0x860 [ 53.241760][ T3604] ? rxrpc_transmit_ack_packets+0x8e0/0x8e0 [ 53.247644][ T3604] ? find_held_lock+0x2d/0x110 [ 53.252398][ T3604] ? __local_bh_enable_ip+0xa0/0x120 [ 53.257673][ T3604] ? rxrpc_abort_call+0x4c/0x60 [ 53.262514][ T3604] ? __local_bh_enable_ip+0xa0/0x120 [ 53.267789][ T3604] rxrpc_release_calls_on_socket+0x211/0x300 [ 53.273764][ T3604] rxrpc_release+0x263/0x5a0 [ 53.278345][ T3604] __sock_release+0xcd/0x280 [ 53.282944][ T3604] sock_close+0x18/0x20 [ 53.287121][ T3604] __fput+0x27c/0xa90 [ 53.291095][ T3604] ? __sock_release+0x280/0x280 [ 53.295947][ T3604] task_work_run+0x16b/0x270 [ 53.300539][ T3604] ? task_work_cancel+0x30/0x30 [ 53.305383][ T3604] ? do_raw_spin_unlock+0x171/0x230 [ 53.310572][ T3604] do_exit+0xb35/0x2a20 [ 53.314714][ T3604] ? lock_downgrade+0x6e0/0x6e0 [ 53.319551][ T3604] ? do_raw_spin_lock+0x120/0x2a0 [ 53.324563][ T3604] ? mm_update_next_owner+0x7b0/0x7b0 [ 53.329919][ T3604] ? rwlock_bug.part.0+0x90/0x90 [ 53.334942][ T3604] ? _raw_spin_unlock_irq+0x1f/0x40 [ 53.340127][ T3604] do_group_exit+0xd0/0x2a0 [ 53.344624][ T3604] __x64_sys_exit_group+0x3a/0x50 [ 53.349908][ T3604] do_syscall_64+0x35/0xb0 [ 53.354329][ T3604] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.360225][ T3604] RIP: 0033:0x7f75a996d749 [ 53.364638][ T3604] Code: Unable to access opcode bytes at 0x7f75a996d71f. [ 53.371636][ T3604] RSP: 002b:00007ffe9d8ec9e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 53.380047][ T3604] RAX: ffffffffffffffda RBX: 00007f75a99e1270 RCX: 00007f75a996d749 [ 53.388019][ T3604] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 53.395980][ T3604] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 53.403936][ T3604] R10: 000000000000c000 R11: 0000000000000246 R12: 00007f75a99e1270 [ 53.411891][ T3604] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 53.419854][ T3604] [ 53.422859][ T3604] Modules linked in: [ 53.426786][ T2766] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#2] PREEMPT SMP KASAN [ 53.427525][ T3604] ---[ end trace 0000000000000000 ]--- [ 53.438499][ T2766] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 53.438516][ T2766] CPU: 0 PID: 2766 Comm: kworker/u5:1 Tainted: G D 6.1.0-rc3-syzkaller-00887-g0c9ef08a4d0f #0 [ 53.438541][ T2766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 53.443970][ T3604] RIP: 0010:udpv6_sendmsg+0xd0a/0x2c70 [ 53.452355][ T2766] Workqueue: krxrpcd rxrpc_peer_keepalive_worker [ 53.464330][ T3604] Code: 48 8b 85 98 fd ff ff 48 85 c0 0f 85 2a f8 ff ff e8 5b 46 5a f9 48 8b 95 c0 fd ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 40 1e 00 00 48 8b 85 c0 fd ff ff 48 8d 78 08 48 [ 53.474347][ T2766] RIP: 0010:udpv6_sendmsg+0xd0a/0x2c70 [ 53.479793][ T3604] RSP: 0018:ffffc900039cf7f0 EFLAGS: 00010246 [ 53.486119][ T2766] Code: 48 8b 85 98 fd ff ff 48 85 c0 0f 85 2a f8 ff ff e8 5b 46 5a f9 48 8b 95 c0 fd ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 40 1e 00 00 48 8b 85 c0 fd ff ff 48 8d 78 08 48 [ 53.486142][ T2766] RSP: 0018:ffffc9000c54f7d8 EFLAGS: 00010246 [ 53.486159][ T2766] RAX: dffffc0000000000 RBX: 000000000000001c RCX: 0000000000000000 [ 53.486172][ T2766] RDX: 0000000000000000 RSI: ffffffff88226bc5 RDI: 0000000000000007 [ 53.486186][ T2766] RBP: ffffc9000c54fa78 R08: 0000000000000007 R09: 0000000000000000 [ 53.486198][ T2766] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888017b65e40 [ 53.486210][ T2766] R13: ffff88802523793c R14: ffff888017b65e52 R15: ffffc9000c54fb00 [ 53.582874][ T2766] FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 53.591900][ T2766] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.598490][ T2766] CR2: 00007f75a99b1a58 CR3: 000000007a907000 CR4: 00000000003506f0 [ 53.606465][ T2766] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.614434][ T2766] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.622407][ T2766] Call Trace: [ 53.625684][ T2766] [ 53.628618][ T2766] ? mark_lock.part.0+0xee/0x1910 [ 53.633657][ T2766] ? udp_v6_push_pending_frames+0x200/0x200 [ 53.639575][ T2766] ? lock_chain_count+0x20/0x20 [ 53.644438][ T2766] ? __lock_acquire+0x166e/0x56d0 [ 53.649479][ T2766] ? __lock_acquire+0xbc3/0x56d0 [ 53.654421][ T2766] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 53.660414][ T2766] rxrpc_send_keepalive+0x3db/0x470 [ 53.665624][ T2766] ? rxrpc_reject_packets+0x660/0x660 [ 53.671020][ T2766] ? rxrpc_peer_keepalive_worker+0x62b/0xc10 [ 53.677013][ T2766] ? lock_downgrade+0x6e0/0x6e0 [ 53.681869][ T2766] ? rxrpc_get_peer_maybe+0x1be/0x250 [ 53.687252][ T2766] ? lock_downgrade+0x6e0/0x6e0 [ 53.692204][ T2766] ? __local_bh_enable_ip+0xa0/0x120 [ 53.697502][ T2766] rxrpc_peer_keepalive_worker+0x7cd/0xc10 [ 53.703327][ T2766] ? rxrpc_error_report+0x1390/0x1390 [ 53.708723][ T2766] ? read_word_at_a_time+0xe/0x20 [ 53.713758][ T2766] ? strscpy+0xa1/0x2a0 [ 53.717937][ T2766] process_one_work+0x9bf/0x1710 [ 53.722889][ T2766] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 53.728283][ T2766] ? rwlock_bug.part.0+0x90/0x90 [ 53.733233][ T2766] worker_thread+0x665/0x1080 [ 53.737939][ T2766] ? __kthread_parkme+0x15f/0x220 [ 53.742974][ T2766] ? process_one_work+0x1710/0x1710 [ 53.748271][ T2766] kthread+0x2e4/0x3a0 [ 53.752350][ T2766] ? kthread_complete_and_exit+0x40/0x40 [ 53.757995][ T2766] ret_from_fork+0x1f/0x30 [ 53.762433][ T2766] [ 53.765448][ T2766] Modules linked in: [ 53.769485][ T2766] ---[ end trace 0000000000000000 ]--- [ 53.775067][ T2766] RIP: 0010:udpv6_sendmsg+0xd0a/0x2c70 [ 53.777343][ T3604] [ 53.780549][ T2766] Code: 48 8b 85 98 fd ff ff 48 85 c0 0f 85 2a f8 ff ff e8 5b 46 5a f9 48 8b 95 c0 fd ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 40 1e 00 00 48 8b 85 c0 fd ff ff 48 8d 78 08 48 [ 53.782861][ T3604] RAX: dffffc0000000000 RBX: 000000000000001c RCX: 0000000000000000 [ 53.802502][ T2766] RSP: 0018:ffffc900039cf7f0 EFLAGS: 00010246 [ 53.810931][ T3604] RDX: 0000000000000000 RSI: ffffffff88226bc5 RDI: 0000000000000007 [ 53.816597][ T2766] RAX: dffffc0000000000 RBX: 000000000000001c RCX: 0000000000000000 [ 53.824828][ T3604] RBP: ffffc900039cfa90 R08: 0000000000000007 R09: 0000000000000000 [ 53.832539][ T2766] RDX: 0000000000000000 RSI: ffffffff88226bc5 RDI: 0000000000000007 [ 53.840783][ T3604] R10: 0000000000000000 R11: 1ffffffff20252f2 R12: ffff888017b65e40 [ 53.848510][ T2766] RBP: ffffc900039cfa90 R08: 0000000000000007 R09: 0000000000000000 [ 53.856722][ T3604] R13: ffff88802523793c R14: ffff888017b65e52 R15: ffffc900039cfb20 [ 53.864528][ T2766] R10: 0000000000000000 R11: 1ffffffff20252f2 R12: ffff888017b65e40 [ 53.872625][ T3604] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 53.880462][ T2766] R13: ffff88802523793c R14: ffff888017b65e52 R15: ffffc900039cfb20 [ 53.889723][ T3604] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.897401][ T2766] FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 53.904125][ T3604] CR2: 000055e3f57d0028 CR3: 000000002747f000 CR4: 00000000003506e0 [ 53.912888][ T2766] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.921187][ T3604] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.927425][ T2766] CR2: 00007f75a99b1a58 CR3: 000000007a907000 CR4: 00000000003506f0 [ 53.935786][ T3604] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.943539][ T2766] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.951974][ T3604] Kernel panic - not syncing: Fatal exception [ 53.959909][ T3604] Kernel Offset: disabled [ 53.970366][ T3604] Rebooting in 86400 seconds..