Oops: general protection fault, probably for non-canonical address 0xdffffc000000000c: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067]
CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:fib6_nh_get_excptn_bucket+0x11f/0x1e0 net/ipv6/route.c:1662
Code: 05 c4 44 52 06 01 e8 00 dd 7a f7 e9 2e ff ff ff e8 c6 2a a0 f7 48 8d 7b 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a7 00 00 00 48 8b 5b 60 e8 3e 9e 58 01 31 ff 89
RSP: 0018:ffffc900006f7d40 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8a1f1c13
RDX: 000000000000000c RSI: ffffffff8a1eb8fa RDI: 0000000000000060
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: ffff88801def8b30 R12: 0000000000000000
R13: fffff520000defd6 R14: 1ffff920000defd7 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880d6bfd000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c2bd372 CR3: 0000000022d48000 CR4: 0000000000352ef0
Call Trace:
rt6_find_cached_rt+0x151/0x280 net/ipv6/route.c:1860
ip6_pol_route+0x238/0x1230 net/ipv6/route.c:2276
pol_lookup_func include/net/ip6_fib.h:617 [inline]
fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:125
ip6_route_output_flags_noref net/ipv6/route.c:2684 [inline]
ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2696
ip6_route_output include/net/ip6_route.h:93 [inline]
ip6_dst_lookup_tail.constprop.0+0xa52/0x2140 net/ipv6/ip6_output.c:1141
ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1272
udp_tunnel6_dst_lookup+0x2d0/0x4f0 net/ipv6/ip6_udp_tunnel.c:165
geneve6_xmit_skb drivers/net/geneve.c:960 [inline]
geneve_xmit+0x96e/0x6100 drivers/net/geneve.c:1047
__netdev_start_xmit include/linux/netdevice.h:5273 [inline]
netdev_start_xmit include/linux/netdevice.h:5282 [inline]
xmit_one net/core/dev.c:3853 [inline]
dev_hard_start_xmit+0x97/0x6e0 net/core/dev.c:3869
__dev_queue_xmit+0x6d7/0x4650 net/core/dev.c:4817
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip6_finish_output2+0x1184/0x1cf0 net/ipv6/ip6_output.c:136
__ip6_finish_output+0x3cd/0x1010 net/ipv6/ip6_output.c:209
ip6_finish_output net/ipv6/ip6_output.c:220 [inline]
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x253/0x710 net/ipv6/ip6_output.c:247
dst_output include/net/dst.h:464 [inline]
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xa85/0x1f50 net/ipv6/ndisc.c:512
ndisc_send_rs+0x129/0x670 net/ipv6/ndisc.c:722
addrconf_rs_timer+0x40d/0x870 net/ipv6/addrconf.c:4037
call_timer_fn+0x19a/0x5a0 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers+0x74a/0xae0 kernel/time/timer.c:2373
__run_timer_base kernel/time/timer.c:2385 [inline]
__run_timer_base kernel/time/timer.c:2377 [inline]
run_timer_base+0x114/0x190 kernel/time/timer.c:2394
run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2404
handle_softirqs+0x219/0x950 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: 46 60 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 13 f9 12 00 fb f4 cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc90000197de8 EFLAGS: 00000286
RAX: 000000000019585f RBX: 0000000000000003 RCX: ffffffff8b7766d9
RDX: 0000000000000000 RSI: ffffffff8dacb64c RDI: ffffffff8bf2a580
RBP: ffffed1003bdf000 R08: 0000000000000001 R09: ffffed100d4e673d
R10: ffff88806a7339eb R11: ffff88801def8b30 R12: 0000000000000003
R13: ffff88801def8000 R14: ffffffff908878d0 R15: 0000000000000000
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:191 [inline]
do_idle+0x38d/0x510 kernel/sched/idle.c:332
cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430
start_secondary+0x21d/0x2d0 arch/x86/kernel/smpboot.c:312
common_startup_64+0x13e/0x148
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:fib6_nh_get_excptn_bucket+0x11f/0x1e0 net/ipv6/route.c:1662
Code: 05 c4 44 52 06 01 e8 00 dd 7a f7 e9 2e ff ff ff e8 c6 2a a0 f7 48 8d 7b 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a7 00 00 00 48 8b 5b 60 e8 3e 9e 58 01 31 ff 89
RSP: 0018:ffffc900006f7d40 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8a1f1c13
RDX: 000000000000000c RSI: ffffffff8a1eb8fa RDI: 0000000000000060
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: ffff88801def8b30 R12: 0000000000000000
R13: fffff520000defd6 R14: 1ffff920000defd7 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880d6bfd000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c2bd372 CR3: 0000000022d48000 CR4: 0000000000352ef0
----------------
Code disassembly (best guess):
0: 05 c4 44 52 06 add $0x65244c4,%eax
5: 01 e8 add %ebp,%eax
7: 00 dd add %bl,%ch
9: 7a f7 jp 0x2
b: e9 2e ff ff ff jmp 0xffffff3e
10: e8 c6 2a a0 f7 call 0xf7a02adb
15: 48 8d 7b 60 lea 0x60(%rbx),%rdi
19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
20: fc ff df
23: 48 89 fa mov %rdi,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 a7 00 00 00 jne 0xdb
34: 48 8b 5b 60 mov 0x60(%rbx),%rbx
38: e8 3e 9e 58 01 call 0x1589e7b
3d: 31 ff xor %edi,%edi
3f: 89 .byte 0x89