general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 6.2.0-rc1-syzkaller-00084-gc8451c141e07 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:taprio_dequeue+0x1ff/0xa20 net/sched/sch_taprio.c:579 Code: 24 18 e8 a4 11 82 f9 48 8b 44 24 10 80 38 00 0f 85 7b 07 00 00 48 8b 93 c0 02 00 00 49 63 c5 4c 8d 24 c2 4c 89 e0 48 c1 e8 03 <80> 3c 28 00 0f 85 4f 07 00 00 4d 8b 24 24 4d 85 e4 0f 84 51 03 00 RSP: 0018:ffffc900001b7ce0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88807edb9000 RCX: 0000000000000100 RDX: 0000000000000000 RSI: ffffffff87ff409c RDI: 0000000000000005 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000010 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8880200b4400 R15: 0000000000000832 FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32c2a000 CR3: 000000002f29d000 CR4: 00000000003506e0 Call Trace: dequeue_skb net/sched/sch_generic.c:292 [inline] qdisc_restart net/sched/sch_generic.c:397 [inline] __qdisc_run+0x1b2/0x1750 net/sched/sch_generic.c:415 qdisc_run include/net/pkt_sched.h:126 [inline] qdisc_run include/net/pkt_sched.h:123 [inline] net_tx_action+0x792/0xe40 net/core/dev.c:5079 __do_softirq+0x1fb/0xadc kernel/softirq.c:571 run_ksoftirqd kernel/softirq.c:934 [inline] run_ksoftirqd+0x31/0x60 kernel/softirq.c:926 smpboot_thread_fn+0x659/0xa20 kernel/smpboot.c:164 kthread+0x2e8/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:taprio_dequeue+0x1ff/0xa20 net/sched/sch_taprio.c:579 Code: 24 18 e8 a4 11 82 f9 48 8b 44 24 10 80 38 00 0f 85 7b 07 00 00 48 8b 93 c0 02 00 00 49 63 c5 4c 8d 24 c2 4c 89 e0 48 c1 e8 03 <80> 3c 28 00 0f 85 4f 07 00 00 4d 8b 24 24 4d 85 e4 0f 84 51 03 00 RSP: 0018:ffffc900001b7ce0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88807edb9000 RCX: 0000000000000100 RDX: 0000000000000000 RSI: ffffffff87ff409c RDI: 0000000000000005 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000010 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8880200b4400 R15: 0000000000000832 FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32c2a000 CR3: 000000002f29d000 CR4: 00000000003506e0 ---------------- Code disassembly (best guess): 0: 24 18 and $0x18,%al 2: e8 a4 11 82 f9 callq 0xf98211ab 7: 48 8b 44 24 10 mov 0x10(%rsp),%rax c: 80 38 00 cmpb $0x0,(%rax) f: 0f 85 7b 07 00 00 jne 0x790 15: 48 8b 93 c0 02 00 00 mov 0x2c0(%rbx),%rdx 1c: 49 63 c5 movslq %r13d,%rax 1f: 4c 8d 24 c2 lea (%rdx,%rax,8),%r12 23: 4c 89 e0 mov %r12,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 80 3c 28 00 cmpb $0x0,(%rax,%rbp,1) <-- trapping instruction 2e: 0f 85 4f 07 00 00 jne 0x783 34: 4d 8b 24 24 mov (%r12),%r12 38: 4d 85 e4 test %r12,%r12 3b: 0f .byte 0xf 3c: 84 51 03 test %dl,0x3(%rcx)