general protection fault, probably for non-canonical address 0xdffffc000000003e: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000001f0-0x00000000000001f7] CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.16.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:dev_index_hash net/core/dev.c:222 [inline] RIP: 0010:dev_get_by_index_rcu+0x29/0x110 net/core/dev.c:885 Code: 00 55 41 57 41 56 53 41 89 f6 48 89 fb 49 bf 00 00 00 00 00 fc ff df e8 a5 6f 6c f9 48 81 c3 f0 01 00 00 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 48 e2 b6 f9 41 0f b6 ee 48 c1 e5 RSP: 0018:ffffc90000d27388 EFLAGS: 00010202 RAX: 000000000000003e RBX: 00000000000001f0 RCX: ffff888011fd8000 RDX: 0000000080000100 RSI: 0000000000000003 RDI: 0000000000000000 RBP: ffffc90000d27730 R08: ffffffff88221739 R09: ffffc90000d27358 R10: fffff520001a4e3c R11: 0000000000000000 R12: 0000000000000000 R13: ffff88801c8de100 R14: 0000000000000003 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2f223000 CR3: 000000002893a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000001000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ____bpf_clone_redirect net/core/filter.c:2410 [inline] bpf_clone_redirect+0x89/0x350 net/core/filter.c:2401 bpf_prog_bebbfe2050753572+0x56/0x42c __bpf_prog_run include/linux/filter.h:626 [inline] bpf_prog_run_xdp include/linux/filter.h:801 [inline] veth_xdp_rcv_skb+0xa45/0x1aa0 drivers/net/veth.c:775 veth_xdp_rcv drivers/net/veth.c:881 [inline] veth_poll+0x3fe/0x1260 drivers/net/veth.c:917 __napi_poll+0xbd/0x520 net/core/dev.c:7023 napi_poll net/core/dev.c:7090 [inline] net_rx_action+0x61c/0xf30 net/core/dev.c:7177 __do_softirq+0x392/0x7a3 kernel/softirq.c:558 run_ksoftirqd+0xc1/0x120 kernel/softirq.c:921 smpboot_thread_fn+0x533/0x9d0 kernel/smpboot.c:164 kthread+0x468/0x490 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 Modules linked in: ---[ end trace 7bdbb107db79086d ]--- RIP: 0010:dev_index_hash net/core/dev.c:222 [inline] RIP: 0010:dev_get_by_index_rcu+0x29/0x110 net/core/dev.c:885 Code: 00 55 41 57 41 56 53 41 89 f6 48 89 fb 49 bf 00 00 00 00 00 fc ff df e8 a5 6f 6c f9 48 81 c3 f0 01 00 00 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 48 e2 b6 f9 41 0f b6 ee 48 c1 e5 RSP: 0018:ffffc90000d27388 EFLAGS: 00010202 RAX: 000000000000003e RBX: 00000000000001f0 RCX: ffff888011fd8000 RDX: 0000000080000100 RSI: 0000000000000003 RDI: 0000000000000000 RBP: ffffc90000d27730 R08: ffffffff88221739 R09: ffffc90000d27358 R10: fffff520001a4e3c R11: 0000000000000000 R12: 0000000000000000 R13: ffff88801c8de100 R14: 0000000000000003 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2f223000 CR3: 000000002893a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000001000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 00 55 41 add %dl,0x41(%rbp) 3: 57 push %rdi 4: 41 56 push %r14 6: 53 push %rbx 7: 41 89 f6 mov %esi,%r14d a: 48 89 fb mov %rdi,%rbx d: 49 bf 00 00 00 00 00 movabs $0xdffffc0000000000,%r15 14: fc ff df 17: e8 a5 6f 6c f9 callq 0xf96c6fc1 1c: 48 81 c3 f0 01 00 00 add $0x1f0,%rbx 23: 48 89 d8 mov %rbx,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) <-- trapping instruction 2f: 74 08 je 0x39 31: 48 89 df mov %rbx,%rdi 34: e8 48 e2 b6 f9 callq 0xf9b6e281 39: 41 0f b6 ee movzbl %r14b,%ebp 3d: 48 rex.W 3e: c1 .byte 0xc1 3f: e5 .byte 0xe5