================================================================== BUG: KASAN: user-memory-access in fib6_walk_continue+0x224/0x412 net/ipv6/ip6_fib.c:2077 Read of size 8 at addr 00000000000c202d by task syz-executor.1/2046 CPU: 0 PID: 2046 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [] __kasan_report mm/kasan/report.c:446 [inline] [] kasan_report+0x1de/0x1e0 mm/kasan/report.c:459 [] check_region_inline mm/kasan/generic.c:183 [inline] [] __asan_load8+0x6e/0x96 mm/kasan/generic.c:256 [] fib6_walk_continue+0x224/0x412 net/ipv6/ip6_fib.c:2077 [] fib6_walk+0xf4/0x1ce net/ipv6/ip6_fib.c:2160 [] fib6_clean_tree+0xd4/0x10e net/ipv6/ip6_fib.c:2240 [] __fib6_clean_all+0xd8/0x266 net/ipv6/ip6_fib.c:2256 [] fib6_clean_all net/ipv6/ip6_fib.c:2267 [inline] [] fib6_run_gc+0x118/0x25c net/ipv6/ip6_fib.c:2330 [] ndisc_netdev_event+0xce/0x3f0 net/ipv6/ndisc.c:1802 [] notifier_call_chain+0xb8/0x188 kernel/notifier.c:84 [] raw_notifier_call_chain+0x2a/0x38 kernel/notifier.c:392 [] call_netdevice_notifiers_info+0x9e/0x10c net/core/dev.c:1919 [] call_netdevice_notifiers_extack net/core/dev.c:1931 [inline] [] call_netdevice_notifiers net/core/dev.c:1945 [inline] [] dev_set_mac_address+0x218/0x25a net/core/dev.c:8400 [] dev_set_mac_address_user+0x3a/0x58 net/core/dev.c:8414 [] do_setlink+0xfb4/0x21c4 net/core/rtnetlink.c:2684 [] __rtnl_newlink+0x99e/0xfa0 net/core/rtnetlink.c:3412 [] rtnl_newlink+0x60/0x8c net/core/rtnetlink.c:3527 [] rtnetlink_rcv_msg+0x338/0x9a0 net/core/rtnetlink.c:5592 [] netlink_rcv_skb+0xf8/0x2be net/netlink/af_netlink.c:2494 [] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:5610 [] netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] [] netlink_unicast+0x40e/0x5fe net/netlink/af_netlink.c:1343 [] netlink_sendmsg+0x4e0/0x994 net/netlink/af_netlink.c:1919 [] sock_sendmsg_nosec net/socket.c:705 [inline] [] sock_sendmsg+0xa0/0xc4 net/socket.c:725 [] __sys_sendto+0x1f2/0x2e0 net/socket.c:2040 [] __do_sys_sendto net/socket.c:2052 [inline] [] sys_sendto+0x3e/0x52 net/socket.c:2048 [] ret_from_syscall+0x0/0x2 ================================================================== Unable to handle kernel paging request at virtual address 00000000000c202d Oops [#1] Modules linked in: CPU: 0 PID: 2046 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) epc : fib6_walk_continue+0x224/0x412 net/ipv6/ip6_fib.c:2077 ra : fib6_walk_continue+0x224/0x412 net/ipv6/ip6_fib.c:2077 epc : ffffffff82d770ae ra : ffffffff82d770ae sp : ffffaf802230a890 gp : ffffffff85863ac0 tp : ffffaf800bbfb080 t0 : ffffffff86bcb657 t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf802230a910 s1 : 00000000000c2015 a0 : 0000000000000001 a1 : 0000000000000003 a2 : 1ffff5f00177f611 a3 : ffffffff831afd3a a4 : 0000000000000000 a5 : ffffaf800bbfc080 a6 : 0000000000f00000 a7 : ffffaf805a9c8863 s2 : ffffaf802230a990 s3 : ffffffff84124c00 s4 : ffffffff84124c00 s5 : 0000000000000004 s6 : ffffaf802230a9b8 s7 : ffffffff84124cc0 s8 : ffffaf802230a9a8 s9 : ffffaf80100dfb80 s10: ffffaf80100dff00 s11: ffffaf802230a9a0 t3 : 0000000061736944 t4 : fffff5ef0b53910c t5 : fffff5ef0b53910d t6 : ffffaf802230a2d8 status: 0000000000000120 badaddr: 00000000000c202d cause: 000000000000000d [] fib6_walk+0xf4/0x1ce net/ipv6/ip6_fib.c:2160 [] fib6_clean_tree+0xd4/0x10e net/ipv6/ip6_fib.c:2240 [] __fib6_clean_all+0xd8/0x266 net/ipv6/ip6_fib.c:2256 [] fib6_clean_all net/ipv6/ip6_fib.c:2267 [inline] [] fib6_run_gc+0x118/0x25c net/ipv6/ip6_fib.c:2330 [] ndisc_netdev_event+0xce/0x3f0 net/ipv6/ndisc.c:1802 [] notifier_call_chain+0xb8/0x188 kernel/notifier.c:84 [] raw_notifier_call_chain+0x2a/0x38 kernel/notifier.c:392 [] call_netdevice_notifiers_info+0x9e/0x10c net/core/dev.c:1919 [] call_netdevice_notifiers_extack net/core/dev.c:1931 [inline] [] call_netdevice_notifiers net/core/dev.c:1945 [inline] [] dev_set_mac_address+0x218/0x25a net/core/dev.c:8400 [] dev_set_mac_address_user+0x3a/0x58 net/core/dev.c:8414 [] do_setlink+0xfb4/0x21c4 net/core/rtnetlink.c:2684 [] __rtnl_newlink+0x99e/0xfa0 net/core/rtnetlink.c:3412 [] rtnl_newlink+0x60/0x8c net/core/rtnetlink.c:3527 [] rtnetlink_rcv_msg+0x338/0x9a0 net/core/rtnetlink.c:5592 [] netlink_rcv_skb+0xf8/0x2be net/netlink/af_netlink.c:2494 [] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:5610 [] netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] [] netlink_unicast+0x40e/0x5fe net/netlink/af_netlink.c:1343 [] netlink_sendmsg+0x4e0/0x994 net/netlink/af_netlink.c:1919 [] sock_sendmsg_nosec net/socket.c:705 [inline] [] sock_sendmsg+0xa0/0xc4 net/socket.c:725 [] __sys_sendto+0x1f2/0x2e0 net/socket.c:2040 [] __do_sys_sendto net/socket.c:2052 [inline] [] sys_sendto+0x3e/0x52 net/socket.c:2048 [] ret_from_syscall+0x0/0x2 ---[ end trace 0000000000000000 ]---