general protection fault, probably for non-canonical address 0xed8670bbed8674bb: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: maybe wild-memory-access in range [0x6c33a5df6c33a5d8-0x6c33a5df6c33a5df] CPU: 0 PID: 5144 Comm: kworker/0:5 Not tainted 6.9.0-rc5-syzkaller-00036-g9d1ddab261f3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: events linkwatch_event RIP: 0010:igmp6_group_added+0x97/0x480 net/ipv6/mcast.c:670 Code: d8 00 f8 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 0f 85 a0 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 10 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 74 03 00 00 48 8d 7b 01 4d 8b 2c 24 48 b8 00 00 RSP: 0018:ffffc9000394f8a8 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: ffff88802f130c00 RCX: ffffffff898c5103 RDX: 0d8674bbed8674bb RSI: ffffffff898cea10 RDI: ffff88802f130c00 RBP: 1ffff92000729f17 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000003 R12: 6c33a5df6c33a5df R13: dffffc0000000000 R14: ffff88802f130c10 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31526000 CR3: 0000000062a00000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ipv6_mc_up+0x1f6/0x3e0 net/ipv6/mcast.c:2754 ipv6_find_idev+0x174/0x220 net/ipv6/addrconf.c:499 addrconf_add_dev+0x31/0x1c0 net/ipv6/addrconf.c:2557 addrconf_dev_config net/ipv6/addrconf.c:3480 [inline] addrconf_init_auto_addrs+0x380/0x820 net/ipv6/addrconf.c:3568 addrconf_notify+0x6ef/0x19e0 net/ipv6/addrconf.c:3741 notifier_call_chain+0xb9/0x410 kernel/notifier.c:93 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1950 netdev_state_change net/core/dev.c:1332 [inline] netdev_state_change+0x115/0x150 net/core/dev.c:1325 linkwatch_do_dev+0x12b/0x160 net/core/link_watch.c:177 __linkwatch_run_queue+0x233/0x690 net/core/link_watch.c:234 linkwatch_event+0x8f/0xc0 net/core/link_watch.c:277 process_one_work+0x9a9/0x1ac0 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:igmp6_group_added+0x97/0x480 net/ipv6/mcast.c:670 Code: d8 00 f8 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 0f 85 a0 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 10 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 74 03 00 00 48 8d 7b 01 4d 8b 2c 24 48 b8 00 00 RSP: 0018:ffffc9000394f8a8 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: ffff88802f130c00 RCX: ffffffff898c5103 RDX: 0d8674bbed8674bb RSI: ffffffff898cea10 RDI: ffff88802f130c00 RBP: 1ffff92000729f17 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000003 R12: 6c33a5df6c33a5df R13: dffffc0000000000 R14: ffff88802f130c10 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020001480 CR3: 0000000020546000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: d8 00 fadds (%rax) 2: f8 clc 3: 4c 89 f0 mov %r14,%rax 6: 48 c1 e8 03 shr $0x3,%rax a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) f: 0f 85 a0 03 00 00 jne 0x3b5 15: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 1c: fc ff df 1f: 4c 8b 63 10 mov 0x10(%rbx),%r12 23: 4c 89 e2 mov %r12,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 74 03 00 00 jne 0x3a8 34: 48 8d 7b 01 lea 0x1(%rbx),%rdi 38: 4d 8b 2c 24 mov (%r12),%r13 3c: 48 rex.W 3d: b8 .byte 0xb8