Oops: general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] CPU: 1 UID: 0 PID: 3490 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Workqueue: krdsd rds_connect_worker RIP: 0010:rt_cache_valid net/ipv4/route.c:1582 [inline] RIP: 0010:__mkroute_output net/ipv4/route.c:2650 [inline] RIP: 0010:ip_route_output_key_hash_rcu+0x1355/0x23e0 net/ipv4/route.c:2875 Code: 31 ff 89 c6 e8 5c 3f fc f7 45 85 ff 74 50 e8 12 3b fc f7 eb 05 e8 0b 3b fc f7 4d 85 f6 74 38 4d 8d 7e 3a 4c 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 0f 85 aa 0e 00 00 45 0f b7 3f bf ff ff 00 00 44 RSP: 0018:ffffc9000bdef3a8 EFLAGS: 00010202 RAX: 0000000000000007 RBX: 0000000080000000 RCX: ffff888031b38000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffff888031b38000 R09: 0000000000000003 R10: 0000000000000005 R11: 0000000000000000 R12: ffff888053c9c5db R13: 0000000000000000 R14: ffffffffffffffff R15: 0000000000000039 FS: 0000000000000000(0000) GS:ffff888125d0c000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffeaf9313e8 CR3: 000000006eae4000 CR4: 00000000003526f0 Call Trace: ip_route_output_key_hash+0x174/0x280 net/ipv4/route.c:2705 __ip_route_output_key include/net/route.h:169 [inline] ip_route_output_flow+0x2a/0x150 net/ipv4/route.c:2932 ip_route_connect include/net/route.h:355 [inline] tcp_v4_connect+0x818/0x1a90 net/ipv4/tcp_ipv4.c:256 __inet_stream_connect+0x2ae/0xe70 net/ipv4/af_inet.c:679 inet_stream_connect+0x66/0xa0 net/ipv4/af_inet.c:750 kernel_connect+0x116/0x180 net/socket.c:3652 rds_tcp_conn_path_connect+0x512/0x680 net/rds/tcp_connect.c:176 rds_connect_worker+0x1d8/0x290 net/rds/threads.c:176 process_one_work+0x93a/0x15a0 kernel/workqueue.c:3279 process_scheduled_works kernel/workqueue.c:3362 [inline] worker_thread+0x9b0/0xee0 kernel/workqueue.c:3443 kthread+0x389/0x480 kernel/kthread.c:467 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:rt_cache_valid net/ipv4/route.c:1582 [inline] RIP: 0010:__mkroute_output net/ipv4/route.c:2650 [inline] RIP: 0010:ip_route_output_key_hash_rcu+0x1355/0x23e0 net/ipv4/route.c:2875 Code: 31 ff 89 c6 e8 5c 3f fc f7 45 85 ff 74 50 e8 12 3b fc f7 eb 05 e8 0b 3b fc f7 4d 85 f6 74 38 4d 8d 7e 3a 4c 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 0f 85 aa 0e 00 00 45 0f b7 3f bf ff ff 00 00 44 RSP: 0018:ffffc9000bdef3a8 EFLAGS: 00010202 RAX: 0000000000000007 RBX: 0000000080000000 RCX: ffff888031b38000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffff888031b38000 R09: 0000000000000003 R10: 0000000000000005 R11: 0000000000000000 R12: ffff888053c9c5db R13: 0000000000000000 R14: ffffffffffffffff R15: 0000000000000039 FS: 0000000000000000(0000) GS:ffff888125d0c000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000020000039f030 CR3: 000000007c4fc000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 31 ff xor %edi,%edi 2: 89 c6 mov %eax,%esi 4: e8 5c 3f fc f7 call 0xf7fc3f65 9: 45 85 ff test %r15d,%r15d c: 74 50 je 0x5e e: e8 12 3b fc f7 call 0xf7fc3b25 13: eb 05 jmp 0x1a 15: e8 0b 3b fc f7 call 0xf7fc3b25 1a: 4d 85 f6 test %r14,%r14 1d: 74 38 je 0x57 1f: 4d 8d 7e 3a lea 0x3a(%r14),%r15 23: 4c 89 f8 mov %r15,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 0f b6 04 28 movzbl (%rax,%rbp,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 0f 85 aa 0e 00 00 jne 0xee0 36: 45 0f b7 3f movzwl (%r15),%r15d 3a: bf ff ff 00 00 mov $0xffff,%edi 3f: 44 rex.R