Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe1ac: 0000 [#1] SMP KASAN PTI
KASAN: probably user-memory-access in range [0x00000000ffff0d60-0x00000000ffff0d67]
CPU: 0 UID: 0 PID: 12634 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00162-g302251f1fdfd #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:ip_mc_hash_remove net/ipv4/igmp.c:1431 [inline]
RIP: 0010:__ip_mc_dec_group+0x2fd/0x690 net/ipv4/igmp.c:1774
Code: 79 74 d0 f7 c6 05 99 09 9b 05 01 48 c7 c7 40 a5 9c 8c be 97 05 00 00 48 c7 c2 c0 a5 9c 8c e8 ba 74 ae f7 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 64 f2 33 f8 4d 8b 2c 24 4d 39 f5
RSP: 0018:ffffc90004d8f5f8 EFLAGS: 00010206
RAX: ffffffff89efe79e RBX: 000000001fffe1ac RCX: ffff888031721e00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff8880314e2820 R08: ffffffff8f5102e7 R09: 1ffffffff1ea205c
R10: dffffc0000000000 R11: fffffbfff1ea205d R12: 00000000ffff0d60
R13: dffffc0000000000 R14: ffff888026280600 R15: 1ffff1100629c504
FS:  0000000000000000(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc39b7df88 CR3: 000000006800c000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 inetdev_event+0x2a7/0x15b0 net/ipv4/devinet.c:1642
 notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85
 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
 call_netdevice_notifiers net/core/dev.c:2282 [inline]
 dev_close_many+0x29c/0x410 net/core/dev.c:1785
 unregister_netdevice_many_notify+0x834/0x2320 net/core/dev.c:12047
 unregister_netdevice_many net/core/dev.c:12140 [inline]
 unregister_netdevice_queue+0x33c/0x380 net/core/dev.c:11984
 unregister_netdevice include/linux/netdevice.h:3379 [inline]
 __tun_detach+0xda4/0x1560 drivers/net/tun.c:620
 tun_detach drivers/net/tun.c:636 [inline]
 tun_chr_close+0x10a/0x1c0 drivers/net/tun.c:3396
 __fput+0x44c/0xa70 fs/file_table.c:465
 task_work_run+0x1d1/0x260 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x6ad/0x22e0 kernel/exit.c:955
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1104
 __do_sys_exit_group kernel/exit.c:1115 [inline]
 __se_sys_exit_group kernel/exit.c:1113 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1113
 x64_sys_call+0x21ba/0x21c0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f92f1f8e929
Code: Unable to access opcode bytes at 0x7f92f1f8e8ff.
RSP: 002b:00007ffce8ef2898 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f92f1f8e929
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 00007f92f1fee8f0 R08: 00007ffce8ef0637 R09: 0000000000000003
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffce8ef2a50
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ip_mc_hash_remove net/ipv4/igmp.c:1431 [inline]
RIP: 0010:__ip_mc_dec_group+0x2fd/0x690 net/ipv4/igmp.c:1774
Code: 79 74 d0 f7 c6 05 99 09 9b 05 01 48 c7 c7 40 a5 9c 8c be 97 05 00 00 48 c7 c2 c0 a5 9c 8c e8 ba 74 ae f7 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 64 f2 33 f8 4d 8b 2c 24 4d 39 f5
RSP: 0018:ffffc90004d8f5f8 EFLAGS: 00010206
RAX: ffffffff89efe79e RBX: 000000001fffe1ac RCX: ffff888031721e00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff8880314e2820 R08: ffffffff8f5102e7 R09: 1ffffffff1ea205c
R10: dffffc0000000000 R11: fffffbfff1ea205d R12: 00000000ffff0d60
R13: dffffc0000000000 R14: ffff888026280600 R15: 1ffff1100629c504
FS:  0000000000000000(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000002000 CR3: 000000005f7a6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	79 74                	jns    0x76
   2:	d0 f7                	shl    %bh
   4:	c6 05 99 09 9b 05 01 	movb   $0x1,0x59b0999(%rip)        # 0x59b09a4
   b:	48 c7 c7 40 a5 9c 8c 	mov    $0xffffffff8c9ca540,%rdi
  12:	be 97 05 00 00       	mov    $0x597,%esi
  17:	48 c7 c2 c0 a5 9c 8c 	mov    $0xffffffff8c9ca5c0,%rdx
  1e:	e8 ba 74 ae f7       	call   0xf7ae74dd
  23:	4c 89 e3             	mov    %r12,%rbx
  26:	48 c1 eb 03          	shr    $0x3,%rbx
* 2a:	42 80 3c 2b 00       	cmpb   $0x0,(%rbx,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 e7             	mov    %r12,%rdi
  34:	e8 64 f2 33 f8       	call   0xf833f29d
  39:	4d 8b 2c 24          	mov    (%r12),%r13
  3d:	4d 39 f5             	cmp    %r14,%r13