Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 UID: 0 PID: 16232 Comm: kworker/1:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_power_efficient neigh_periodic_work
RIP: 0010:nexthop_is_blackhole+0x23/0x2c0 include/net/nexthop.h:370
Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 48 89 fb 49 bf 00 00 00 00 00 fc ff df e8 c8 d5 b8 f7 4c 8d 73 66 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 18 02 00 00 41 80 3e 00 74 41 48 83 eb
RSP: 0018:ffffc90000a08218 EFLAGS: 00010203
RAX: 000000000000000d RBX: 0000000000000008 RCX: ffff88802e190000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000008
RBP: ffffc90000a08398 R08: ffffc90000a084c0 R09: ffffc90000a084d0
R10: ffffc90000a08320 R11: fffff52000141066 R12: 1ffffffff339ccd0
R13: ffffffff99ce66d0 R14: 000000000000006e R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8881261f9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffd66f0000 CR3: 000000004bbb8000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __find_rr_leaf+0x428/0x6d0 net/ipv6/route.c:855
 find_rr_leaf net/ipv6/route.c:899 [inline]
 rt6_select net/ipv6/route.c:934 [inline]
 fib6_table_lookup+0x53f/0xa80 net/ipv6/route.c:2230
 ip6_pol_route+0x222/0x1180 net/ipv6/route.c:2266
 pol_lookup_func include/net/ip6_fib.h:616 [inline]
 fib6_rule_lookup+0x52f/0x6f0 net/ipv6/fib6_rules.c:120
 ip6_route_input_lookup net/ipv6/route.c:2335 [inline]
 ip6_route_input+0x6ce/0xa50 net/ipv6/route.c:2631
 ip6_rcv_finish+0x141/0x2d0 net/ipv6/ip6_input.c:77
 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:314
 __netif_receive_skb_one_core net/core/dev.c:5887 [inline]
 __netif_receive_skb+0xd3/0x380 net/core/dev.c:6000
 process_backlog+0x60e/0x14f0 net/core/dev.c:6352
 __napi_poll+0xc4/0x480 net/core/dev.c:7324
 napi_poll net/core/dev.c:7388 [inline]
 net_rx_action+0x6ea/0xdf0 net/core/dev.c:7510
 handle_softirqs+0x286/0x870 kernel/softirq.c:579
 do_softirq+0xec/0x180 kernel/softirq.c:480
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x17d/0x1c0 kernel/softirq.c:407
 neigh_periodic_work+0xb41/0xd60 net/core/neighbour.c:966
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:nexthop_is_blackhole+0x23/0x2c0 include/net/nexthop.h:370
Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 48 89 fb 49 bf 00 00 00 00 00 fc ff df e8 c8 d5 b8 f7 4c 8d 73 66 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 18 02 00 00 41 80 3e 00 74 41 48 83 eb
RSP: 0018:ffffc90000a08218 EFLAGS: 00010203
RAX: 000000000000000d RBX: 0000000000000008 RCX: ffff88802e190000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000008
RBP: ffffc90000a08398 R08: ffffc90000a084c0 R09: ffffc90000a084d0
R10: ffffc90000a08320 R11: fffff52000141066 R12: 1ffffffff339ccd0
R13: ffffffff99ce66d0 R14: 000000000000006e R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8881261f9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffd66f0000 CR3: 000000004bbb8000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	55                   	push   %rbp
   8:	41 57                	push   %r15
   a:	41 56                	push   %r14
   c:	53                   	push   %rbx
   d:	48 89 fb             	mov    %rdi,%rbx
  10:	49 bf 00 00 00 00 00 	movabs $0xdffffc0000000000,%r15
  17:	fc ff df
  1a:	e8 c8 d5 b8 f7       	call   0xf7b8d5e7
  1f:	4c 8d 73 66          	lea    0x66(%rbx),%r14
  23:	4c 89 f0             	mov    %r14,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 0f b6 04 38       	movzbl (%rax,%r15,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	0f 85 18 02 00 00    	jne    0x24f
  37:	41 80 3e 00          	cmpb   $0x0,(%r14)
  3b:	74 41                	je     0x7e
  3d:	48                   	rex.W
  3e:	83                   	.byte 0x83
  3f:	eb                   	.byte 0xeb