Oops: general protection fault, probably for non-canonical address 0xdffffc0000000018: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]
CPU: 2 UID: 0 PID: 6274 Comm: udevd Not tainted 6.15.0-rc4-syzkaller-00256-g95d3481af6dc #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__in6_dev_get include/net/addrconf.h:347 [inline]
RIP: 0010:ip6_ignore_linkdown include/net/addrconf.h:443 [inline]
RIP: 0010:find_match+0x136/0x15d0 net/ipv6/route.c:781
Code: 48 c1 ea 03 80 3c 02 00 0f 85 ac 11 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 7d 00 49 8d bf c0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 93 11 00 00 4d 8b bf c0 00 00 00 e8 94 17 50 01
RSP: 0018:ffffc90000537940 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000002 RCX: ffffffff8a192e3c
RDX: 0000000000000018 RSI: ffffffff8a192e7f RDI: 00000000000000c0
RBP: ffffc90000537a48 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802357a737
R13: ffff88802357a720 R14: 1ffff920000a6f37 R15: 0000000000000000
FS: 00007f24d7ac8280(0000) GS:ffff8880979ec000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000005671d4c0 CR3: 000000004f916000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:821
nexthop_for_each_fib6_nh+0x165/0x4a0 net/ipv4/nexthop.c:1515
__find_rr_leaf+0x6e5/0xe00 net/ipv6/route.c:862
find_rr_leaf net/ipv6/route.c:890 [inline]
rt6_select net/ipv6/route.c:934 [inline]
fib6_table_lookup+0x57c/0xa30 net/ipv6/route.c:2230
ip6_pol_route+0x1cc/0x1230 net/ipv6/route.c:2266
pol_lookup_func include/net/ip6_fib.h:616 [inline]
fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:125
ip6_route_output_flags_noref net/ipv6/route.c:2674 [inline]
ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2686
ip6_route_output include/net/ip6_route.h:93 [inline]
ip6_dst_lookup_tail.constprop.0+0xa52/0x2140 net/ipv6/ip6_output.c:1128
ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1259
udp_tunnel6_dst_lookup+0x2cd/0x4b0 net/ipv6/ip6_udp_tunnel.c:165
geneve6_xmit_skb drivers/net/geneve.c:957 [inline]
geneve_xmit+0x96e/0x5610 drivers/net/geneve.c:1043
__netdev_start_xmit include/linux/netdevice.h:5203 [inline]
netdev_start_xmit include/linux/netdevice.h:5212 [inline]
xmit_one net/core/dev.c:3776 [inline]
dev_hard_start_xmit+0x93/0x740 net/core/dev.c:3792
__dev_queue_xmit+0x7eb/0x43e0 net/core/dev.c:4629
dev_queue_xmit include/linux/netdevice.h:3350 [inline]
neigh_resolve_output net/core/neighbour.c:1512 [inline]
neigh_resolve_output+0x53a/0x940 net/core/neighbour.c:1492
neigh_output include/net/neighbour.h:539 [inline]
ip6_finish_output2+0xaeb/0x2020 net/ipv6/ip6_output.c:141
__ip6_finish_output net/ipv6/ip6_output.c:215 [inline]
ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0x1f9/0x540 net/ipv6/ip6_output.c:247
dst_output include/net/dst.h:459 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ndisc_send_skb+0xa91/0x1e40 net/ipv6/ndisc.c:513
ndisc_send_rs+0x129/0x670 net/ipv6/ndisc.c:723
addrconf_rs_timer+0x40d/0x840 net/ipv6/addrconf.c:4038
call_timer_fn+0x197/0x620 kernel/time/timer.c:1789
expire_timers kernel/time/timer.c:1840 [inline]
__run_timers+0x6ef/0x960 kernel/time/timer.c:2414
__run_timer_base kernel/time/timer.c:2426 [inline]
__run_timer_base kernel/time/timer.c:2418 [inline]
run_timer_base+0x114/0x190 kernel/time/timer.c:2435
run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2445
handle_softirqs+0x216/0x8e0 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:get_current arch/x86/include/asm/current.h:25 [inline]
RIP: 0010:lockdep_enabled kernel/locking/lockdep.c:124 [inline]
RIP: 0010:lock_release+0x68/0x2f0 kernel/locking/lockdep.c:5879
Code: 0f a3 05 bb 7b ed 0e 0f 82 b1 01 00 00 8b 3d 33 ab ed 0e 85 ff 0f 84 25 01 00 00 65 8b 05 18 d9 0b 12 85 c0 0f 85 16 01 00 00 <65> 4c 8b 35 98 9b 0b 12 41 8b b6 ec 0a 00 00 85 f6 0f 85 ff 00 00
RSP: 0018:ffffc900073379a8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffffff8e55ae00 RCX: ffffc900073379b4
RDX: 0000000000000000 RSI: ffffffff8bf46c20 RDI: 0000000000000001
RBP: ffffc90007337a50 R08: e3441304e2791359 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8214ca3a
R13: 0000000000000dc0 R14: 0000000000000060 R15: 0000000000000000
might_alloc include/linux/sched/mm.h:319 [inline]
slab_pre_alloc_hook mm/slub.c:4098 [inline]
slab_alloc_node mm/slub.c:4176 [inline]
kmem_cache_alloc_noprof+0x5a/0x3b0 mm/slub.c:4203
lsm_file_alloc security/security.c:733 [inline]
security_file_alloc+0x34/0x2b0 security/security.c:2858
init_file+0x93/0x4c0 fs/file_table.c:156
alloc_empty_file+0x73/0x1e0 fs/file_table.c:238
path_openat+0xe0/0x2d40 fs/namei.c:4025
do_filp_open+0x20b/0x470 fs/namei.c:4066
do_sys_openat2+0x11b/0x1d0 fs/open.c:1429
do_sys_open fs/open.c:1444 [inline]
__do_sys_openat fs/open.c:1460 [inline]
__se_sys_openat fs/open.c:1455 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1455
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x230 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f24d7b9bab9
Code: 00 00 00 44 8b 54 24 58 48 89 44 24 30 48 8d 44 24 40 48 89 44 24 38 64 8b 04 25 18 00 00 00 85 c0 75 21 b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 40 a3 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffda6a6aea0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffda6a6d000 RCX: 00007f24d7b9bab9
RDX: 0000000000080000 RSI: 00007f24d7d11dd8 RDI: 000000000000000b
RBP: 000055b095501db0 R08: 000055b09534fdd0 R09: 00007f24d7c76b20
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000b
R13: 00007f24d7d11dd8 R14: 0000000000080000 R15: 0000000000000001
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__in6_dev_get include/net/addrconf.h:347 [inline]
RIP: 0010:ip6_ignore_linkdown include/net/addrconf.h:443 [inline]
RIP: 0010:find_match+0x136/0x15d0 net/ipv6/route.c:781
Code: 48 c1 ea 03 80 3c 02 00 0f 85 ac 11 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 7d 00 49 8d bf c0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 93 11 00 00 4d 8b bf c0 00 00 00 e8 94 17 50 01
RSP: 0018:ffffc90000537940 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000002 RCX: ffffffff8a192e3c
RDX: 0000000000000018 RSI: ffffffff8a192e7f RDI: 00000000000000c0
RBP: ffffc90000537a48 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802357a737
R13: ffff88802357a720 R14: 1ffff920000a6f37 R15: 0000000000000000
FS: 00007f24d7ac8280(0000) GS:ffff8880979ec000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000005671d4c0 CR3: 000000004f916000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 48 c1 ea 03 shr $0x3,%rdx
4: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
8: 0f 85 ac 11 00 00 jne 0x11ba
e: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
15: fc ff df
18: 4d 8b 7d 00 mov 0x0(%r13),%r15
1c: 49 8d bf c0 00 00 00 lea 0xc0(%r15),%rdi
23: 48 89 fa mov %rdi,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 93 11 00 00 jne 0x11c7
34: 4d 8b bf c0 00 00 00 mov 0xc0(%r15),%r15
3b: e8 94 17 50 01 call 0x15017d4