general protection fault in find_match
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000018: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]
CPU: 0 UID: 0 PID: 30 Comm: kworker/u4:2 Not tainted 6.14.0-rc1-syzkaller-gbb066fe812d6-dirty #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:__in6_dev_get include/net/addrconf.h:347 [inline]
RIP: 0010:ip6_ignore_linkdown include/net/addrconf.h:443 [inline]
RIP: 0010:find_match+0xae/0xc10 net/ipv6/route.c:747
Code: 08 48 89 df e8 e3 e9 96 f7 4c 89 64 24 40 48 89 d8 bb c0 00 00 00 48 03 18 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 b4 e9 96 f7 4c 8b 23 e8 4c 03 5d 01
RSP: 0018:ffffc90000006fe0 EFLAGS: 00010206
RAX: 0000000000000018 RBX: 00000000000000c0 RCX: dffffc0000000000
RDX: ffff888030f02440 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffffff9a7a0878 R08: ffffffff8a8f0c7f R09: ffffc90000007310
R10: ffffc90000007300 R11: fffff52000000e2e R12: ffffc90000007310
R13: ffffffff9a7a088f R14: 1ffffffff34f4111 R15: 1ffffffff34f410f
FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007feee96c6ff8 CR3: 0000000034810000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__find_rr_leaf+0x275/0x8e0 net/ipv6/route.c:835
find_rr_leaf net/ipv6/route.c:865 [inline]
rt6_select net/ipv6/route.c:900 [inline]
fib6_table_lookup+0x56f/0xbb0 net/ipv6/route.c:2195
ip6_pol_route+0x26d/0x15b0 net/ipv6/route.c:2231
pol_lookup_func include/net/ip6_fib.h:616 [inline]
fib6_rule_lookup+0x58c/0x790 net/ipv6/fib6_rules.c:119
ip6_route_input_lookup net/ipv6/route.c:2300 [inline]
ip6_route_input+0x859/0xd90 net/ipv6/route.c:2596
ip6_rcv_finish+0x144/0x180 net/ipv6/ip6_input.c:77
NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
__netif_receive_skb_one_core net/core/dev.c:5828 [inline]
__netif_receive_skb+0x1ea/0x650 net/core/dev.c:5941
process_backlog+0x662/0x15b0 net/core/dev.c:6289
__napi_poll+0xcb/0x490 net/core/dev.c:7106
napi_poll net/core/dev.c:7175 [inline]
net_rx_action+0x89b/0x1240 net/core/dev.c:7297
handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
do_softirq+0x11b/0x1e0 kernel/softirq.c:462
__local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:389
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]
__dev_queue_xmit+0x1775/0x3f50 net/core/dev.c:4611
neigh_output include/net/neighbour.h:539 [inline]
ip6_finish_output2+0x12ad/0x1780 net/ipv6/ip6_output.c:141
ip6_finish_output+0x41e/0x840 net/ipv6/ip6_output.c:226
NF_HOOK include/linux/netfilter.h:314 [inline]
ndisc_send_skb+0xb30/0x1450 net/ipv6/ndisc.c:511
ndisc_send_ns+0xcc/0x160 net/ipv6/ndisc.c:669
addrconf_dad_work+0xb2d/0x16a0 net/ipv6/addrconf.c:4278
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__in6_dev_get include/net/addrconf.h:347 [inline]
RIP: 0010:ip6_ignore_linkdown include/net/addrconf.h:443 [inline]
RIP: 0010:find_match+0xae/0xc10 net/ipv6/route.c:747
Code: 08 48 89 df e8 e3 e9 96 f7 4c 89 64 24 40 48 89 d8 bb c0 00 00 00 48 03 18 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 b4 e9 96 f7 4c 8b 23 e8 4c 03 5d 01
RSP: 0018:ffffc90000006fe0 EFLAGS: 00010206
RAX: 0000000000000018 RBX: 00000000000000c0 RCX: dffffc0000000000
RDX: ffff888030f02440 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffffff9a7a0878 R08: ffffffff8a8f0c7f R09: ffffc90000007310
R10: ffffc90000007300 R11: fffff52000000e2e R12: ffffc90000007310
R13: ffffffff9a7a088f R14: 1ffffffff34f4111 R15: 1ffffffff34f410f
FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007feee96c6ff8 CR3: 0000000034810000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 08 48 89 or %cl,-0x77(%rax)
3: df e8 fucomip %st(0),%st
5: e3 e9 jrcxz 0xfffffff0
7: 96 xchg %eax,%esi
8: f7 4c 89 64 24 40 48 testl $0x89484024,0x64(%rcx,%rcx,4)
f: 89
10: d8 bb c0 00 00 00 fdivrs 0xc0(%rbx)
16: 48 03 18 add (%rax),%rbx
19: 48 89 d8 mov %rbx,%rax
1c: 48 c1 e8 03 shr $0x3,%rax
20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx
27: fc ff df
* 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction
2e: 74 08 je 0x38
30: 48 89 df mov %rbx,%rdi
33: e8 b4 e9 96 f7 call 0xf796e9ec
38: 4c 8b 23 mov (%rbx),%r12
3b: e8 4c 03 5d 01 call 0x15d038c
Warning: Permanently added '[localhost]:26754' (ED25519) to the list of known hosts.
2025/02/07 12:22:34 ignoring optional flag "sandboxArg"="0"
2025/02/07 12:22:34 parsed 1 programs
[ 71.241609][ T5305] cgroup: Unknown subsys name 'net'
[ 71.323411][ T5305] cgroup: Unknown subsys name 'cpuset'
[ 71.328177][ T5305] cgroup: Unknown subsys name 'rlimit'
[ 72.749583][ T5305] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 76.362055][ T1308] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.372901][ T1308] ieee802154 phy1 wpan1: encryption failed: -22
[ 76.407266][ T5320] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 76.633341][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.636503][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.903206][ T55] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.920078][ T55] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 77.021871][ T5344] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 77.025854][ T5344] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 77.029035][ T5344] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 77.040809][ T5344] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 77.043961][ T5344] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 77.050917][ T5344] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 79.071862][ T4662] Bluetooth: hci0: command tx timeout
[ 79.148215][ T5365] chnl_net:caif_netlink_parms(): no params data found
[ 79.338745][ T5365] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.364364][ T5365] bridge0: port 1(bridge_slave_0) entered disabled state
[ 79.367203][ T5365] bridge_slave_0: entered allmulticast mode
[ 79.376165][ T5365] bridge_slave_0: entered promiscuous mode
[ 79.391418][ T5365] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.394056][ T5365] bridge0: port 2(bridge_slave_1) entered disabled state
[ 79.396705][ T5365] bridge_slave_1: entered allmulticast mode
[ 79.404167][ T5365] bridge_slave_1: entered promiscuous mode
[ 79.436814][ T5365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 79.449572][ T5365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 79.479676][ T5365] team0: Port device team_slave_0 added
[ 79.485018][ T5365] team0: Port device team_slave_1 added
[ 79.501978][ T5365] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 79.504696][ T5365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 79.514304][ T5365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 79.521398][ T5365] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 79.523991][ T5365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 79.533996][ T5365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 79.557158][ T5365] hsr_slave_0: entered promiscuous mode
[ 79.559918][ T5365] hsr_slave_1: entered promiscuous mode
[ 79.659567][ T5365] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 79.666857][ T5365] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 79.673468][ T5365] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 79.678694][ T5365] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 79.714033][ T5365] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.716836][ T5365] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 79.720222][ T5365] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.722920][ T5365] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.774783][ T5365] 8021q: adding VLAN 0 to HW filter on device bond0
[ 79.784731][ T55] bridge0: port 1(bridge_slave_0) entered disabled state
[ 79.788483][ T55] bridge0: port 2(bridge_slave_1) entered disabled state
[ 79.798961][ T5365] 8021q: adding VLAN 0 to HW filter on device team0
[ 79.807616][ T55] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.810490][ T55] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.824219][ T55] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.827030][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.033749][ T5365] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 80.064677][ T5365] veth0_vlan: entered promiscuous mode
[ 80.074426][ T5365] veth1_vlan: entered promiscuous mode
[ 80.095179][ T5365] veth0_macvtap: entered promiscuous mode
[ 80.103569][ T5365] veth1_macvtap: entered promiscuous mode
[ 80.114373][ T5365] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 80.124185][ T5365] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 80.129099][ T5365] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.133405][ T5365] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.136607][ T5365] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.142480][ T5365] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/02/07 12:22:46 executed programs: 0
[ 80.321692][ T5365] syz-executor (5365) used greatest stack depth: 18416 bytes left
[ 80.362773][ T30] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.372289][ T5344] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 80.376063][ T5344] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 80.379217][ T5344] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 80.383282][ T5344] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 80.387709][ T5344] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 80.392696][ T5344] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 80.499573][ T30] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.581564][ T30] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.654106][ T30] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.716955][ T5395] chnl_net:caif_netlink_parms(): no params data found
[ 80.806266][ T5395] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.809126][ T5395] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.821012][ T5395] bridge_slave_0: entered allmulticast mode
[ 80.824074][ T5395] bridge_slave_0: entered promiscuous mode
[ 80.829501][ T5395] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.840603][ T5395] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.843487][ T5395] bridge_slave_1: entered allmulticast mode
[ 80.847061][ T5395] bridge_slave_1: entered promiscuous mode
[ 80.883392][ T5395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 80.889150][ T5395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 80.941415][ T5395] team0: Port device team_slave_0 added
[ 80.953098][ T5395] team0: Port device team_slave_1 added
[ 80.980915][ T5395] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 80.983666][ T5395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 81.010403][ T5395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 81.023437][ T5395] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 81.025966][ T5395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 81.050799][ T5395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 81.113223][ T5395] hsr_slave_0: entered promiscuous mode
[ 81.115989][ T5395] hsr_slave_1: entered promiscuous mode
[ 81.122427][ T5395] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 81.125627][ T5395] Cannot create hsr debugfs directory
[ 81.151242][ T5344] Bluetooth: hci0: command tx timeout
[ 82.430584][ T5344] Bluetooth: hci1: command tx timeout
[ 83.021978][ T30] bridge_slave_1: left allmulticast mode
[ 83.024486][ T30] bridge_slave_1: left promiscuous mode
[ 83.027376][ T30] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.038406][ T30] bridge_slave_0: left allmulticast mode
[ 83.042621][ T30] bridge_slave_0: left promiscuous mode
[ 83.045765][ T30] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.232329][ T5344] Bluetooth: hci0: command tx timeout
[ 83.279218][ T30] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 83.285316][ T30] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 83.289790][ T30] bond0 (unregistering): Released all slaves
[ 83.362852][ T30] hsr_slave_0: left promiscuous mode
[ 83.377143][ T30] hsr_slave_1: left promiscuous mode
[ 83.381031][ T30] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 83.383958][ T30] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 83.401167][ T30] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 83.404226][ T30] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 83.424003][ T30] veth1_macvtap: left promiscuous mode
[ 83.426481][ T30] veth0_macvtap: left promiscuous mode
[ 83.428554][ T30] veth1_vlan: left promiscuous mode
[ 83.450211][ T30] veth0_vlan: left promiscuous mode
[ 83.819299][ T30] team0 (unregistering): Port device team_slave_1 removed
[ 83.837329][ T30] team0 (unregistering): Port device team_slave_0 removed
[ 84.324352][ T5395] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 84.332762][ T5395] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 84.342141][ T5395] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 84.352491][ T5395] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 84.466967][ T5395] 8021q: adding VLAN 0 to HW filter on device bond0
[ 84.490136][ T5395] 8021q: adding VLAN 0 to HW filter on device team0
[ 84.518172][ T5344] Bluetooth: hci1: command tx timeout
[ 84.532566][ T30] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.535301][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 84.538995][ T30] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.541880][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 84.558675][ T5395] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 84.563675][ T5395] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 84.772544][ T5395] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 84.831789][ T5395] veth0_vlan: entered promiscuous mode
[ 84.842795][ T5395] veth1_vlan: entered promiscuous mode
[ 84.883321][ T5395] veth0_macvtap: entered promiscuous mode
[ 84.892127][ T5395] veth1_macvtap: entered promiscuous mode
[ 84.914393][ T5395] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 84.935189][ T5395] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 84.952512][ T5395] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.955796][ T5395] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.959233][ T5395] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.976982][ T5395] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.083031][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.086008][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.136938][ T30] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.140102][ T30] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.191679][ C0] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000018: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 85.196651][ C0] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]
[ 85.201232][ C0] CPU: 0 UID: 0 PID: 30 Comm: kworker/u4:2 Not tainted 6.14.0-rc1-syzkaller-gbb066fe812d6-dirty #0
[ 85.205128][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.209221][ C0] Workqueue: ipv6_addrconf addrconf_dad_work
[ 85.211722][ C0] RIP: 0010:find_match+0xae/0xc10
[ 85.213692][ C0] Code: 08 48 89 df e8 e3 e9 96 f7 4c 89 64 24 40 48 89 d8 bb c0 00 00 00 48 03 18 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 b4 e9 96 f7 4c 8b 23 e8 4c 03 5d 01
[ 85.220957][ C0] RSP: 0018:ffffc90000006fe0 EFLAGS: 00010206
[ 85.223049][ C0] RAX: 0000000000000018 RBX: 00000000000000c0 RCX: dffffc0000000000
[ 85.226070][ C0] RDX: ffff888030f02440 RSI: 0000000000000000 RDI: 0000000000000000
[ 85.229078][ C0] RBP: ffffffff9a7a0878 R08: ffffffff8a8f0c7f R09: ffffc90000007310
[ 85.232076][ C0] R10: ffffc90000007300 R11: fffff52000000e2e R12: ffffc90000007310
[ 85.235168][ C0] R13: ffffffff9a7a088f R14: 1ffffffff34f4111 R15: 1ffffffff34f410f
[ 85.238146][ C0] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[ 85.241503][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.244018][ C0] CR2: 00007feee96c6ff8 CR3: 0000000034810000 CR4: 0000000000352ef0
[ 85.247026][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 85.250051][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 85.253008][ C0] Call Trace:
[ 85.254213][ C0]
[ 85.255324][ C0] ? __die_body+0x5f/0xb0
[ 85.256933][ C0] ? die_addr+0xb0/0xe0
[ 85.258565][ C0] ? exc_general_protection+0x3dd/0x5d0
[ 85.260815][ C0] ? asm_exc_general_protection+0x26/0x30
[ 85.263049][ C0] ? find_match+0x5f/0xc10
[ 85.264707][ C0] ? find_match+0xae/0xc10
[ 85.266370][ C0] __find_rr_leaf+0x275/0x8e0
[ 85.268145][ C0] ? __pfx___find_rr_leaf+0x10/0x10
[ 85.270177][ C0] ? __pfx_fib6_node_lookup+0x10/0x10
[ 85.272232][ C0] fib6_table_lookup+0x56f/0xbb0
[ 85.274213][ C0] ? __pfx_fib6_table_lookup+0x10/0x10
[ 85.276288][ C0] ? validate_chain+0x11e/0x5920
[ 85.278206][ C0] ? validate_chain+0x11e/0x5920
[ 85.280052][ C0] ip6_pol_route+0x26d/0x15b0
[ 85.281923][ C0] ? ip6_pol_route+0x198/0x15b0
[ 85.283718][ C0] ? __pfx_validate_chain+0x10/0x10
[ 85.285597][ C0] ? validate_chain+0x11e/0x5920
[ 85.287419][ C0] ? __pfx_ip6_pol_route+0x10/0x10
[ 85.289405][ C0] fib6_rule_lookup+0x58c/0x790
[ 85.291217][ C0] ? __pfx_ip6_pol_route_input+0x10/0x10
[ 85.293372][ C0] ? __pfx_fib6_rule_lookup+0x10/0x10
[ 85.295445][ C0] ? __local_bh_enable_ip+0x168/0x200
[ 85.297405][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 85.299560][ C0] ? ip6t_do_table+0x205/0x18a0
[ 85.301398][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 85.303557][ C0] ip6_route_input+0x859/0xd90
[ 85.305331][ C0] ? __pfx_ip6_route_input+0x10/0x10
[ 85.307250][ C0] ? __pfx_lock_release+0x10/0x10
[ 85.309244][ C0] ? ip6_rcv_finish_core+0x20f/0x410
[ 85.311229][ C0] ip6_rcv_finish+0x144/0x180
[ 85.313088][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10
[ 85.315021][ C0] NF_HOOK+0x3a4/0x450
[ 85.316743][ C0] ? skb_orphan+0x4b/0xd0
[ 85.318409][ C0] ? NF_HOOK+0x9a/0x450
[ 85.320017][ C0] ? __pfx_NF_HOOK+0x10/0x10
[ 85.321814][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10
[ 85.323622][ C0] ? __pfx_ipv6_rcv+0x10/0x10
[ 85.325252][ C0] __netif_receive_skb+0x1ea/0x650
[ 85.327108][ C0] ? __pfx_lock_acquire+0x10/0x10
[ 85.329035][ C0] ? __pfx___netif_receive_skb+0x10/0x10
[ 85.331023][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 85.333914][ C0] ? __pfx_lock_release+0x10/0x10
[ 85.336388][ C0] ? _raw_spin_lock_irq+0xdf/0x120
[ 85.338749][ C0] process_backlog+0x662/0x15b0
[ 85.340660][ C0] ? process_backlog+0x33b/0x15b0
[ 85.342593][ C0] ? __pfx_process_backlog+0x10/0x10
[ 85.344774][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 85.346950][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 85.349327][ C0] ? trace_rcu_utilization+0x4b/0x1e0
[ 85.351372][ C0] __napi_poll+0xcb/0x490
[ 85.353054][ C0] net_rx_action+0x89b/0x1240
[ 85.354900][ C0] ? __pfx_net_rx_action+0x10/0x10
[ 85.356826][ C0] ? do_softirq+0x11b/0x1e0
[ 85.358585][ C0] ? __pfx_lockdep_softirqs_off+0x10/0x10
[ 85.360701][ C0] ? lockdep_softirqs_on+0x334/0x5a0
[ 85.362790][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 85.365259][ C0] handle_softirqs+0x2d4/0x9b0
[ 85.367051][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 85.369207][ C0] ? do_softirq+0x11b/0x1e0
[ 85.371014][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 85.373108][ C0] do_softirq+0x11b/0x1e0
[ 85.374820][ C0]
[ 85.375942][ C0]
[ 85.377044][ C0] ? __pfx_do_softirq+0x10/0x10
[ 85.378934][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10
[ 85.381010][ C0] ? rcu_is_watching+0x15/0xb0
[ 85.382747][ C0] __local_bh_enable_ip+0x1bb/0x200
[ 85.384669][ C0] ? dev_hard_start_xmit+0x768/0x7d0
[ 85.386628][ C0] ? __dev_queue_xmit+0x2f4/0x3f50
[ 85.388554][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 85.390696][ C0] ? __dev_queue_xmit+0x2f4/0x3f50
[ 85.392723][ C0] __dev_queue_xmit+0x1775/0x3f50
[ 85.394645][ C0] ? __dev_queue_xmit+0x2f4/0x3f50
[ 85.396618][ C0] ? __pfx___dev_queue_xmit+0x10/0x10
[ 85.398643][ C0] ? neigh_resolve_output+0x450/0x740
[ 85.400773][ C0] ? read_seqbegin+0x15a/0x2c0
[ 85.402609][ C0] ? lockdep_hardirqs_on+0x99/0x150
[ 85.404653][ C0] ? read_seqbegin+0x200/0x2c0
[ 85.406474][ C0] ? __pfx_read_seqbegin+0x10/0x10
[ 85.408532][ C0] ? neigh_resolve_output+0x2e5/0x740
[ 85.410658][ C0] ? eth_header+0x11c/0x1f0
[ 85.412483][ C0] ? __asan_memcpy+0x40/0x70
[ 85.414215][ C0] ? eth_header+0x11c/0x1f0
[ 85.415980][ C0] ? __pfx_eth_header+0x10/0x10
[ 85.417875][ C0] ? neigh_resolve_output+0x61f/0x740
[ 85.419858][ C0] ip6_finish_output2+0x12ad/0x1780
[ 85.421764][ C0] ? ip6_finish_output2+0x61d/0x1780
[ 85.423624][ C0] ? __pfx_ip6_finish_output2+0x10/0x10
[ 85.425794][ C0] ? ip6_mtu+0x81/0x3f0
[ 85.427425][ C0] ip6_finish_output+0x41e/0x840
[ 85.429249][ C0] ndisc_send_skb+0xb30/0x1450
[ 85.431073][ C0] ? ndisc_send_skb+0x563/0x1450
[ 85.432980][ C0] ? __pfx_ndisc_send_skb+0x10/0x10
[ 85.434944][ C0] ? __pfx_dst_output+0x10/0x10
[ 85.436614][ C0] ? __pfx_ndisc_ns_create+0x10/0x10
[ 85.438567][ C0] ndisc_send_ns+0xcc/0x160
[ 85.440339][ C0] ? __pfx_ndisc_send_ns+0x10/0x10
[ 85.442326][ C0] addrconf_dad_work+0xb2d/0x16a0
[ 85.444358][ C0] ? __pfx_addrconf_dad_work+0x10/0x10
[ 85.446504][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 85.449024][ C0] ? process_scheduled_works+0x976/0x1840
[ 85.451074][ C0] process_scheduled_works+0xa66/0x1840
[ 85.453146][ C0] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.455426][ C0] ? assign_work+0x364/0x3d0
[ 85.457174][ C0] worker_thread+0x870/0xd30
[ 85.458768][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 85.460971][ C0] ? __kthread_parkme+0x169/0x1d0
[ 85.463125][ C0] ? __pfx_worker_thread+0x10/0x10
[ 85.465052][ C0] kthread+0x7a9/0x920
[ 85.466620][ C0] ? __pfx_kthread+0x10/0x10
[ 85.468429][ C0] ? __pfx_worker_thread+0x10/0x10
[ 85.470430][ C0] ? __pfx_kthread+0x10/0x10
[ 85.472221][ C0] ? __pfx_kthread+0x10/0x10
[ 85.474017][ C0] ? __pfx_kthread+0x10/0x10
[ 85.475890][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 85.478015][ C0] ? lockdep_hardirqs_on+0x99/0x150
[ 85.480047][ C0] ? __pfx_kthread+0x10/0x10
[ 85.482033][ C0] ret_from_fork+0x4b/0x80
[ 85.483827][ C0] ? __pfx_kthread+0x10/0x10
[ 85.485729][ C0] ret_from_fork_asm+0x1a/0x30
[ 85.487633][ C0]
[ 85.488903][ C0] Modules linked in:
[ 85.490457][ C0] ---[ end trace 0000000000000000 ]---
[ 85.492579][ C0] RIP: 0010:find_match+0xae/0xc10
[ 85.494566][ C0] Code: 08 48 89 df e8 e3 e9 96 f7 4c 89 64 24 40 48 89 d8 bb c0 00 00 00 48 03 18 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 b4 e9 96 f7 4c 8b 23 e8 4c 03 5d 01
[ 85.501822][ C0] RSP: 0018:ffffc90000006fe0 EFLAGS: 00010206
[ 85.504104][ C0] RAX: 0000000000000018 RBX: 00000000000000c0 RCX: dffffc0000000000
[ 85.507165][ C0] RDX: ffff888030f02440 RSI: 0000000000000000 RDI: 0000000000000000
[ 85.510121][ C0] RBP: ffffffff9a7a0878 R08: ffffffff8a8f0c7f R09: ffffc90000007310
[ 85.514048][ C0] R10: ffffc90000007300 R11: fffff52000000e2e R12: ffffc90000007310
[ 85.517299][ C0] R13: ffffffff9a7a088f R14: 1ffffffff34f4111 R15: 1ffffffff34f410f
[ 85.520785][ C0] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[ 85.525167][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.527695][ C0] CR2: 00007feee96c6ff8 CR3: 0000000034810000 CR4: 0000000000352ef0
[ 85.530980][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 85.534129][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 85.537267][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 85.540414][ C0] Kernel Offset: disabled
[ 85.542267][ C0] Rebooting in 86400 seconds..
VM DIAGNOSIS:
12:22:51 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000030 RBX=ffffffff9a718760 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc90000006710
R8 =ffffffff856cbcab R9 =1ffff11003de2046 R10=dffffc0000000000 R11=ffffffff856cbc60
R12=dffffc0000000000 R13=0000000000000030 R14=0000000000000030 R15=00000000000003f8
RIP=ffffffff856cbcde RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007feee96c6ff8 CR3=0000000034810000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000004040101 Opmask01=00000000011000f0 Opmask02=000000000fffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd92f51ba0 0000003000000010
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd92f51ba0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e2e2e2e2e2e2e2e 2e2e2e2e2e2e2e2e
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff00ffffffff ffff000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ffffffff00 ff00ff00ff00ff00
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff00ffffffff ffff000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5548474900000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5548474953004d52 4c4147495300424b 4c56444049405700 4d52455447495300
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000031 0000000000000000 326874652f74656e 2f306d6973766564
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000b1 00005632511b3700 00316e6170772f74 656e2f317968702f
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 00005632347d9233 73656d5f70636864
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 725f0f8b9df47661 72610ff5fbfb737f 65677773777dffff 7f7f7d7f75777965
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0032343433636672 2000313633336366 722000676e697274 7320007865686e69
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 0000000000000031 0000726565666965
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 0000000000000031 00006d5f65636864
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbf2b313423342c
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2809212995=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at 4dfba277487
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=4dfba277487a7023ab9f5783302da4a9b5e9bef8 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241113-111659'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"4dfba277487a7023ab9f5783302da4a9b5e9bef8\"
/usr/bin/ld: /tmp/cc1rmchH.o: in function `test_cover_filter()':
executor.cc:(.text+0x1426b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/cc1rmchH.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking