general protection fault, probably for non-canonical address 0xee4d31cc00000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: maybe wild-memory-access in range [0x7269ae6000000018-0x7269ae600000001f]
CPU: 0 PID: 5056 Comm: syz-executor.5 Not tainted 6.6.0-rc6-syzkaller-00029-g213f891525c2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
RIP: 0010:rb_next+0x82/0x130 lib/rbtree.c:505
Code: 00 00 00 00 fc ff df 48 8b 43 08 48 85 c0 74 5e 48 bb 00 00 00 00 00 fc ff df eb 03 48 89 d0 48 8d 78 10 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 75 58 48 8b 50 10 48 85 d2 75 e3 48 83 c4 08 5b 5d 41
RSP: 0018:ffffc90000007db8 EFLAGS: 00010017
RAX: 7269ae600000000f RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0e4d35cc00000003 RSI: ffffffff8a325f8c RDI: 7269ae600000001f
RBP: ffff8880b982c621 R08: 0000000000000006 R09: ffff8880b982c621
R10: ffff8880b982c270 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000000 R14: ffff8880b982b940 R15: 0000000000000000
FS: 0000555556858480(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558f68b58f68 CR3: 0000000016f13000 CR4: 0000000000350ef0
Call Trace:
rb_erase_cached include/linux/rbtree.h:124 [inline]
timerqueue_del+0xd4/0x140 lib/timerqueue.c:57
__remove_hrtimer+0x99/0x290 kernel/time/hrtimer.c:1119
__run_hrtimer kernel/time/hrtimer.c:1668 [inline]
__hrtimer_run_queues+0x55b/0xc10 kernel/time/hrtimer.c:1752
hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1814
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1063 [inline]
__sysvec_apic_timer_interrupt+0x105/0x3f0 arch/x86/kernel/apic/apic.c:1080
sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1074
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:console_flush_all+0x9e0/0xfb0 kernel/printk/printk.c:2972
Code: 06 61 23 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 b4 a6 1c 00 48 85 db 0f 85 97 03 00 00 e8 16 ab 1c 00 fb 48 8b 44 24 08 <48> 8b 14 24 0f b6 00 83 e2 07 38 d0 7f 08 84 c0 0f 85 08 05 00 00
RSP: 0018:ffffc9000438ee38 EFLAGS: 00000293
RAX: fffff52000871df2 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888024d18000 RSI: ffffffff816b1f2a RDI: 0000000000000007
RBP: dffffc0000000000 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 205d363530355420 R12: ffffffff8d6dcd40
R13: 0000000000000000 R14: ffffffff8d6dcd98 R15: 0000000000000001
console_unlock+0x10c/0x260 kernel/printk/printk.c:3035
vprintk_emit+0x17f/0x5f0 kernel/printk/printk.c:2307
vprintk+0x7b/0x90 kernel/printk/printk_safe.c:45
_printk+0xc8/0x100 kernel/printk/printk.c:2332
batadv_check_known_mac_addr+0x21f/0x440 net/batman-adv/hard-interface.c:526
batadv_hard_if_event+0x1048/0x1660 net/batman-adv/hard-interface.c:998
notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
call_netdevice_notifiers_info+0xb9/0x130 net/core/dev.c:1970
call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
call_netdevice_notifiers net/core/dev.c:2022 [inline]
dev_set_mac_address+0x36f/0x4a0 net/core/dev.c:8864
dev_set_mac_address_user+0x30/0x50 net/core/dev.c:8878
do_setlink+0x6e9/0x3fa0 net/core/rtnetlink.c:2828
__rtnl_newlink+0xc1d/0x1940 net/core/rtnetlink.c:3671
rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3718
rtnetlink_rcv_msg+0x3c4/0xdf0 net/core/rtnetlink.c:6444
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2545
netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
netlink_unicast+0x536/0x810 net/netlink/af_netlink.c:1368
netlink_sendmsg+0x93c/0xe40 net/netlink/af_netlink.c:1910
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0xd5/0x180 net/socket.c:745
__sys_sendto+0x255/0x340 net/socket.c:2194
__do_sys_sendto net/socket.c:2206 [inline]
__se_sys_sendto net/socket.c:2202 [inline]
__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2202
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f454687e7dc
Code: Unable to access opcode bytes at 0x7f454687e7b2.
RSP: 002b:00007ffdd4396900 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f45474c4620 RCX: 00007f454687e7dc
RDX: 000000000000002c RSI: 00007f45474c4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffdd4396954 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 0000000000000000 R14: 00007f45474c4670 R15: 0000000000000000
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rb_next+0x82/0x130 lib/rbtree.c:505
Code: 00 00 00 00 fc ff df 48 8b 43 08 48 85 c0 74 5e 48 bb 00 00 00 00 00 fc ff df eb 03 48 89 d0 48 8d 78 10 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 75 58 48 8b 50 10 48 85 d2 75 e3 48 83 c4 08 5b 5d 41
RSP: 0018:ffffc90000007db8 EFLAGS: 00010017
RAX: 7269ae600000000f RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0e4d35cc00000003 RSI: ffffffff8a325f8c RDI: 7269ae600000001f
RBP: ffff8880b982c621 R08: 0000000000000006 R09: ffff8880b982c621
R10: ffff8880b982c270 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000000 R14: ffff8880b982b940 R15: 0000000000000000
FS: 0000555556858480(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f454687e7b2 CR3: 0000000016f13000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess), 7 bytes skipped:
0: 48 8b 43 08 mov 0x8(%rbx),%rax
4: 48 85 c0 test %rax,%rax
7: 74 5e je 0x67
9: 48 bb 00 00 00 00 00 movabs $0xdffffc0000000000,%rbx
10: fc ff df
13: eb 03 jmp 0x18
15: 48 89 d0 mov %rdx,%rax
18: 48 8d 78 10 lea 0x10(%rax),%rdi
1c: 48 89 fa mov %rdi,%rdx
1f: 48 c1 ea 03 shr $0x3,%rdx
* 23: 80 3c 1a 00 cmpb $0x0,(%rdx,%rbx,1) <-- trapping instruction
27: 75 58 jne 0x81
29: 48 8b 50 10 mov 0x10(%rax),%rdx
2d: 48 85 d2 test %rdx,%rdx
30: 75 e3 jne 0x15
32: 48 83 c4 08 add $0x8,%rsp
36: 5b pop %rbx
37: 5d pop %rbp
38: 41 rex.B