IPVS: ftp: loaded support on port[0] = 21 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access kobject: 'ip6tnl0' (00000000f344758f): kobject_uevent_env general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 21504 Comm: syz-executor.2 Not tainted 5.0.0+ #97 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kobject: 'ip6tnl0' (00000000f344758f): fill_kobj_path: path = '/devices/virtual/net/ip6tnl0' RIP: 0010:rt_cache_valid+0x33/0x190 net/ipv4/route.c:1513 Code: 31 e4 53 48 89 fb e8 fc a1 9c fb 48 85 db 74 4f e8 f2 a1 9c fb 48 8d 7b 3a 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 07 RSP: 0018:ffff8880ae907798 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0000000000002178 RCX: ffffffff85d45f21 RDX: 0000000000000436 RSI: ffffffff85d3147e RDI: 00000000000021b2 RBP: ffff8880ae9077b0 R08: ffff88806791a140 R09: ffffed1015d25bd0 R10: ffffed1015d25bcf R11: ffff8880ae92de7b R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000002178 R15: ffff8880a673aa40 FS: 00007f0cd1d72700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 kobject: 'queues' (00000000c38514fc): kobject_add_internal: parent: 'ip6tnl0', set: '' CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000021000000 CR3: 0000000095257000 CR4: 00000000001406e0 Call Trace: __mkroute_output net/ipv4/route.c:2268 [inline] ip_route_output_key_hash_rcu+0x89d/0x30e0 net/ipv4/route.c:2500 ip_route_output_key_hash+0x212/0x380 net/ipv4/route.c:2329 kobject: 'queues' (00000000c38514fc): kobject_uevent_env kobject: 'queues' (00000000c38514fc): kobject_uevent_env: filter function caused the event to drop! __ip_route_output_key include/net/route.h:124 [inline] ip_route_output_flow+0x28/0xc0 net/ipv4/route.c:2584 kobject: 'rx-0' (000000004b8e8e10): kobject_add_internal: parent: 'queues', set: 'queues' ip_route_output_key include/net/route.h:134 [inline] tipc_udp_xmit.isra.0+0x565/0xcc0 net/tipc/udp_media.c:173 kobject: 'rx-0' (000000004b8e8e10): kobject_uevent_env tipc_udp_send_msg+0x295/0x4a0 net/tipc/udp_media.c:247 kobject: 'rx-0' (000000004b8e8e10): fill_kobj_path: path = '/devices/virtual/net/ip6tnl0/queues/rx-0' tipc_bearer_xmit_skb+0x172/0x360 net/tipc/bearer.c:503 tipc_disc_timeout+0x933/0xd60 net/tipc/discover.c:332 call_timer_fn+0x190/0x720 kernel/time/timer.c:1325 kobject: 'tx-0' (00000000c968079a): kobject_add_internal: parent: 'queues', set: 'queues' expire_timers kernel/time/timer.c:1362 [inline] __run_timers kernel/time/timer.c:1681 [inline] __run_timers kernel/time/timer.c:1649 [inline] run_timer_softirq+0x652/0x1700 kernel/time/timer.c:1694 __do_softirq+0x266/0x95a kernel/softirq.c:292 kobject: 'tx-0' (00000000c968079a): kobject_uevent_env invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x180/0x1d0 kernel/softirq.c:413 kobject: 'tx-0' (00000000c968079a): fill_kobj_path: path = '/devices/virtual/net/ip6tnl0/queues/tx-0' exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x14a/0x570 arch/x86/kernel/apic/apic.c:1062 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807 RIP: 0010:memory_is_nonzero mm/kasan/generic.c:121 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:135 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:166 [inline] RIP: 0010:check_memory_region_inline mm/kasan/generic.c:182 [inline] RIP: 0010:check_memory_region+0xa0/0x190 mm/kasan/generic.c:191 Code: c1 49 c1 f8 03 45 85 c0 0f 84 fb 00 00 00 41 83 e8 01 4e 8d 44 c0 08 eb 0d 48 83 c0 08 4c 39 c0 0f 84 8f 00 00 00 48 83 38 00 <74> ed 4c 8d 40 08 eb 09 48 83 c0 01 49 39 c0 74 0a 80 38 00 74 f2 kobject: 'ip6gre0' (00000000c2bde219): kobject_add_internal: parent: 'net', set: 'devices' RSP: 0018:ffff88808a55fb18 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: fffff52003085c10 RBX: fffff5200311f209 RCX: ffffffff832a3a00 RDX: 0000000000000001 RSI: 00000000018b9084 RDI: ffffc9001703ffc0 RBP: ffff88808a55fb30 R08: fffff5200311f208 R09: 0000000000317211 kobject: 'ip6gre0' (00000000c2bde219): kobject_uevent_env R10: fffff5200311f208 R11: ffffc900188f9043 R12: fffff52002e07ff8 R13: 00000000018b9084 R14: 0000000000000000 R15: 00007ffffffff000 memset+0x24/0x40 mm/kasan/common.c:113 kobject: 'ip6gre0' (00000000c2bde219): fill_kobj_path: path = '/devices/virtual/net/ip6gre0' memset include/linux/string.h:337 [inline] _copy_from_user+0x130/0x150 lib/usercopy.c:16 copy_from_user include/linux/uaccess.h:144 [inline] vmemdup_user+0x4f/0xb0 mm/util.c:183 __sctp_setsockopt_connectx+0x45/0x1a0 net/sctp/socket.c:1332 sctp_setsockopt_connectx net/sctp/socket.c:1381 [inline] sctp_setsockopt net/sctp/socket.c:4624 [inline] sctp_setsockopt+0x22fd/0x68a0 net/sctp/socket.c:4581 kobject: 'queues' (00000000479fe290): kobject_add_internal: parent: 'ip6gre0', set: '' sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:3120 __sys_setsockopt+0x180/0x280 net/socket.c:1923 kobject: 'queues' (00000000479fe290): kobject_uevent_env kobject: 'queues' (00000000479fe290): kobject_uevent_env: filter function caused the event to drop! __do_sys_setsockopt net/socket.c:1934 [inline] __se_sys_setsockopt net/socket.c:1931 [inline] __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1931 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 kobject: 'rx-0' (00000000999656c6): kobject_add_internal: parent: 'queues', set: 'queues' entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457f29 Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f0cd1d71c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457f29 RDX: 000000000000006e RSI: 0000000000000084 RDI: 0000000000000005 RBP: 000000000073bfa0 R08: fb01cbdd028b9044 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 00007f0cd1d726d4 R13: 00000000004cca98 R14: 00000000004da818 R15: 00000000ffffffff Modules linked in: kobject: 'rx-0' (00000000999656c6): kobject_uevent_env ---[ end trace 014f54b0fcf7632a ]--- kobject: 'rx-0' (00000000999656c6): fill_kobj_path: path = '/devices/virtual/net/ip6gre0/queues/rx-0' RIP: 0010:rt_cache_valid+0x33/0x190 net/ipv4/route.c:1513 Code: 31 e4 53 48 89 fb e8 fc a1 9c fb 48 85 db 74 4f e8 f2 a1 9c fb 48 8d 7b 3a 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 07 RSP: 0018:ffff8880ae907798 EFLAGS: 00010206 kobject: 'tx-0' (00000000cd2fcf64): kobject_add_internal: parent: 'queues', set: 'queues' RAX: dffffc0000000000 RBX: 0000000000002178 RCX: ffffffff85d45f21 RDX: 0000000000000436 RSI: ffffffff85d3147e RDI: 00000000000021b2 RBP: ffff8880ae9077b0 R08: ffff88806791a140 R09: ffffed1015d25bd0 R10: ffffed1015d25bcf R11: ffff8880ae92de7b R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000002178 R15: ffff8880a673aa40 kobject: 'tx-0' (00000000cd2fcf64): kobject_uevent_env FS: 00007f0cd1d72700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000021000000 CR3: 0000000095257000 CR4: 00000000001406e0