Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 0 UID: 0 PID: 1136 Comm: kworker/u32:5 Not tainted 6.15.0-rc6-syzkaller-00085-gc94d59a126cb #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:kasan_byte_accessible+0x15/0x30 mm/kasan/generic.c:199
Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 e9 0e 29 4d 09 66 66 2e 0f 1f 84 00 00 00
RSP: 0018:ffffc90006d8f818 EFLAGS: 00010286
RAX: dffffc0000000000 RBX: 0000000000000030 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8b6c0863 RDI: dffffc0000000006
RBP: 0000000000000030 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8b6c0863
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880977ea000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbf9f52c6b0 CR3: 0000000065999000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__kasan_check_byte+0x13/0x50 mm/kasan/common.c:556
kasan_check_byte include/linux/kasan.h:399 [inline]
lock_acquire kernel/locking/lockdep.c:5840 [inline]
lock_acquire+0xfc/0x350 kernel/locking/lockdep.c:5823
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
__ip6_ins_rt net/ipv6/route.c:1350 [inline]
ip6_ins_rt+0xa1/0x110 net/ipv6/route.c:1361
__ipv6_ifa_notify+0xa6b/0xd60 net/ipv6/addrconf.c:6286
ipv6_ifa_notify net/ipv6/addrconf.c:6325 [inline]
addrconf_dad_completed+0x19a/0x10d0 net/ipv6/addrconf.c:4324
addrconf_dad_work+0x84d/0x14e0 net/ipv6/addrconf.c:4272
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c5/0x780 kernel/kthread.c:464
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:kasan_byte_accessible+0x15/0x30 mm/kasan/generic.c:199
Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 e9 0e 29 4d 09 66 66 2e 0f 1f 84 00 00 00
RSP: 0018:ffffc90006d8f818 EFLAGS: 00010286
RAX: dffffc0000000000 RBX: 0000000000000030 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8b6c0863 RDI: dffffc0000000006
RBP: 0000000000000030 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8b6c0863
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880977ea000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbf9f52c6b0 CR3: 0000000065999000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: 0f 1f 00 nopl (%rax)
5: 90 nop
6: 90 nop
7: 90 nop
8: 90 nop
9: 90 nop
a: 90 nop
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 66 0f 1f 00 nopw (%rax)
19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
20: fc ff df
23: 48 c1 ef 03 shr $0x3,%rdi
27: 48 01 c7 add %rax,%rdi
* 2a: 0f b6 07 movzbl (%rdi),%eax <-- trapping instruction
2d: 3c 07 cmp $0x7,%al
2f: 0f 96 c0 setbe %al
32: e9 0e 29 4d 09 jmp 0x94d2945
37: 66 data16
38: 66 data16
39: 2e cs
3a: 0f .byte 0xf
3b: 1f (bad)
3c: 84 00 test %al,(%rax)