syzbot

veth1_vlan: entered promiscuous mode
veth0_macvtap: entered promiscuous mode
veth1_macvtap: entered promiscuous mode
Oops: general protection fault, probably for non-canonical address 0xdffffc001fffa1ac: 0000 [#1] SMP KASAN PTI
KASAN: probably user-memory-access in range [0x00000000fffd0d60-0x00000000fffd0d67]
CPU: 0 UID: 0 PID: 10203 Comm: syz-executor Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:____ip_mc_inc_group+0x214/0xde0 net/ipv4/igmp.c:-1
Code: aa 9a 05 01 48 c7 c7 00 86 9c 8c be ec 05 00 00 48 c7 c2 80 86 9c 8c e8 0a 7d ae f7 44 89 e8 4d 8d 34 c6 4c 89 f0 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 f7 e8 6e 25 30 f8 4d 8b 2e 4d 85 ed 0f 84
RSP: 0018:ffffc900039ceb90 EFLAGS: 00010206
RAX: 000000001fffa1ac RBX: dffffc0000000000 RCX: ffff88802f4dbc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffffff8f509ea7 R09: 1ffffffff1ea13d4
R10: dffffc0000000000 R11: fffffbfff1ea13d5 R12: 00000000010000e0
R13: 00000000000001ac R14: 00000000fffd0d60 R15: 0000000000000cc0
FS:  00005555710fe500(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbc781b7dac CR3: 000000002902a000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __ip_mc_inc_group net/ipv4/igmp.c:1573 [inline]
 ip_mc_inc_group net/ipv4/igmp.c:1579 [inline]
 ip_mc_up+0x125/0x300 net/ipv4/igmp.c:1880
 inetdev_event+0xfb3/0x15b0 net/ipv4/devinet.c:1631
 notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85
 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
 call_netdevice_notifiers net/core/dev.c:2282 [inline]
 __dev_notify_flags+0x18d/0x2e0 net/core/dev.c:-1
 netif_change_flags+0xe8/0x1a0 net/core/dev.c:9526
 do_setlink+0xc55/0x41c0 net/core/rtnetlink.c:3141
 rtnl_changelink net/core/rtnetlink.c:3759 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3918 [inline]
 rtnl_newlink+0x160b/0x1c70 net/core/rtnetlink.c:4055
 rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6944
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x75c/0x8e0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x21c/0x270 net/socket.c:727
 __sys_sendto+0x3bd/0x520 net/socket.c:2180
 __do_sys_sendto net/socket.c:2187 [inline]
 __se_sys_sendto net/socket.c:2183 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2183
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbf3d190a7c
Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
RSP: 002b:00007fff94e36890 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fbf3dee4620 RCX: 00007fbf3d190a7c
RDX: 000000000000002c RSI: 00007fbf3dee4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff94e368e4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007fbf3dee4670 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:____ip_mc_inc_group+0x214/0xde0 net/ipv4/igmp.c:-1
Code: aa 9a 05 01 48 c7 c7 00 86 9c 8c be ec 05 00 00 48 c7 c2 80 86 9c 8c e8 0a 7d ae f7 44 89 e8 4d 8d 34 c6 4c 89 f0 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 f7 e8 6e 25 30 f8 4d 8b 2e 4d 85 ed 0f 84
RSP: 0018:ffffc900039ceb90 EFLAGS: 00010206
RAX: 000000001fffa1ac RBX: dffffc0000000000 RCX: ffff88802f4dbc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffffff8f509ea7 R09: 1ffffffff1ea13d4
R10: dffffc0000000000 R11: fffffbfff1ea13d5 R12: 00000000010000e0
R13: 00000000000001ac R14: 00000000fffd0d60 R15: 0000000000000cc0
FS:  00005555710fe500(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff9ca94f000 CR3: 000000002902a000 CR4: 00000000003526f0
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	05 01 48 c7 c7       	add    $0xc7c74801,%eax
   5:	00 86 9c 8c be ec    	add    %al,-0x13417364(%rsi)
   b:	05 00 00 48 c7       	add    $0xc7480000,%eax
  10:	c2 80 86             	ret    $0x8680
  13:	9c                   	pushf
  14:	8c e8                	mov    %gs,%eax
  16:	0a 7d ae             	or     -0x52(%rbp),%bh
  19:	f7 44 89 e8 4d 8d 34 	testl  $0xc6348d4d,-0x18(%rcx,%rcx,4)
  20:	c6
  21:	4c 89 f0             	mov    %r14,%rax
  24:	48 c1 e8 03          	shr    $0x3,%rax
* 28:	80 3c 18 00          	cmpb   $0x0,(%rax,%rbx,1) <-- trapping instruction
  2c:	74 08                	je     0x36
  2e:	4c 89 f7             	mov    %r14,%rdi
  31:	e8 6e 25 30 f8       	call   0xf83025a4
  36:	4d 8b 2e             	mov    (%r14),%r13
  39:	4d 85 ed             	test   %r13,%r13
  3c:	0f                   	.byte 0xf
  3d:	84                   	.byte 0x84