general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] CPU: 0 PID: 81 Comm: kworker/u4:3 Not tainted 5.16.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net RIP: 0010:__hlist_del include/linux/list.h:840 [inline] RIP: 0010:hlist_del_init_rcu include/linux/rculist.h:184 [inline] RIP: 0010:napi_hash_del net/core/dev.c:6147 [inline] RIP: 0010:__netif_napi_del.part.0+0x9f/0x520 net/core/dev.c:6329 Code: 48 c1 ea 03 80 3c 02 00 0f 85 f6 03 00 00 48 8b 04 24 48 89 da 48 c1 ea 03 48 8b a8 70 01 00 00 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 08 04 00 00 48 85 ed 48 89 2b 74 28 e8 9a 1c 4e RSP: 0018:ffffc90001aaf988 EFLAGS: 00010203 RAX: dffffc0000000000 RBX: 0000000000000046 RCX: 0000000000000000 RDX: 0000000000000008 RSI: ffffffff87297c71 RDI: ffffe8ffffcd3210 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000003 R10: fffff52000355f23 R11: 0000000000000000 R12: ffffe8ffffcd30a0 R13: 0000000000000000 R14: ffffe8ffffcd30a0 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055ef1e88d9e0 CR3: 000000004287a000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __netif_napi_del+0x3c/0x50 net/core/dev.c:6326 gro_cells_destroy net/core/gro_cells.c:102 [inline] gro_cells_destroy+0x115/0x360 net/core/gro_cells.c:92 ip6gre_dev_free+0x15/0x60 net/ipv6/ip6_gre.c:1412 netdev_run_todo+0x6b4/0xa80 net/core/dev.c:9946 ip6gre_exit_batch_net+0x4ac/0x760 net/ipv6/ip6_gre.c:1630 ops_exit_list+0x10d/0x160 net/core/net_namespace.c:171 cleanup_net+0x4ea/0xb00 net/core/net_namespace.c:593 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445 kthread+0x405/0x4f0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Modules linked in: ---[ end trace 125c4dc8ea2708fa ]--- RIP: 0010:__hlist_del include/linux/list.h:840 [inline] RIP: 0010:hlist_del_init_rcu include/linux/rculist.h:184 [inline] RIP: 0010:napi_hash_del net/core/dev.c:6147 [inline] RIP: 0010:__netif_napi_del.part.0+0x9f/0x520 net/core/dev.c:6329 Code: 48 c1 ea 03 80 3c 02 00 0f 85 f6 03 00 00 48 8b 04 24 48 89 da 48 c1 ea 03 48 8b a8 70 01 00 00 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 08 04 00 00 48 85 ed 48 89 2b 74 28 e8 9a 1c 4e RSP: 0018:ffffc90001aaf988 EFLAGS: 00010203 RAX: dffffc0000000000 RBX: 0000000000000046 RCX: 0000000000000000 RDX: 0000000000000008 RSI: ffffffff87297c71 RDI: ffffe8ffffcd3210 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000003 R10: fffff52000355f23 R11: 0000000000000000 R12: ffffe8ffffcd30a0 R13: 0000000000000000 R14: ffffe8ffffcd30a0 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055ef1e88d9e0 CR3: 000000004287a000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 48 c1 ea 03 shr $0x3,%rdx 4: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 8: 0f 85 f6 03 00 00 jne 0x404 e: 48 8b 04 24 mov (%rsp),%rax 12: 48 89 da mov %rbx,%rdx 15: 48 c1 ea 03 shr $0x3,%rdx 19: 48 8b a8 70 01 00 00 mov 0x170(%rax),%rbp 20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 27: fc ff df * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 08 04 00 00 jne 0x43c 34: 48 85 ed test %rbp,%rbp 37: 48 89 2b mov %rbp,(%rbx) 3a: 74 28 je 0x64 3c: e8 .byte 0xe8 3d: 9a (bad) 3e: 1c 4e sbb $0x4e,%al