Re: [REGRESSION][BISECTED][PATCH] net: ipv4: fix regression in broadcast routes

Hello,

kernel test robot noticed "Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN_PTI" on:

commit: a1b445e1dcd6ee9682d77347faf3545b53354d71 ("[REGRESSION][BISECTED][PATCH] net: ipv4: fix regression in broadcast routes") url: https://github.com/intel-lab-lkp/linux/commits/Brett-A-C-Sheffield/net-ipv4-... patch link: https://lore.kernel.org/all/20250822165231.4353-4-bacs@librecast.net/ patch subject: [REGRESSION][BISECTED][PATCH] net: ipv4: fix regression in broadcast routes

in testcase: trinity version: trinity-x86_64-ba2360ed-1_20241228 with following parameters:

runtime: 300s group: group-04 nr_groups: 5

config: x86_64-randconfig-104-20250826 compiler: clang-20 test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)

If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot oliver.sang@intel.com | Closes: https://lore.kernel.org/oe-lkp/202508281637.f1c00f73-lkp@intel.com

[ 344.224405][ T239] [ 346.380232][ T239] [main] 270958 iterations. [F:200215 S:70364 HI:20538] [ 346.380362][ T239] [ 348.540466][ T239] [main] 282649 iterations. [F:208752 S:73502 HI:20538] [ 348.540488][ T239] [ 352.276620][ T4267] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI [ 352.278585][ T4267] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 352.279982][ T4267] CPU: 0 UID: 65534 PID: 4267 Comm: trinity-c0 Not tainted 6.17.0-rc2-00174-ga1b445e1dcd6 #1 PREEMPT(none) [ 352.281748][ T4267] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 352.283361][ T4267] RIP: 0010:ip_route_output_key_hash_rcu (kbuild/src/consumer/net/ipv4/route.c:2663) [ 352.284480][ T4267] Code: 3c 10 00 48 8b 5c 24 60 74 12 48 89 df e8 d7 d5 f3 fc 48 ba 00 00 00 00 00 fc ff df 48 8b 1b 48 83 c3 58 48 89 d8 48 c1 e8 03 <80> 3c 10 00 74 12 48 89 df e8 b1 d5 f3 fc 48 ba 00 00 00 00 00 fc All code ======== 0: 3c 10 cmp $0x10,%al 2: 00 48 8b add %cl,-0x75(%rax) 5: 5c pop %rsp 6: 24 60 and $0x60,%al 8: 74 12 je 0x1c a: 48 89 df mov %rbx,%rdi d: e8 d7 d5 f3 fc call 0xfffffffffcf3d5e9 12: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 19: fc ff df 1c: 48 8b 1b mov (%rbx),%rbx 1f: 48 83 c3 58 add $0x58,%rbx 23: 48 89 d8 mov %rbx,%rax 26: 48 c1 e8 03 shr $0x3,%rax 2a:* 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) <-- trapping instruction 2e: 74 12 je 0x42 30: 48 89 df mov %rbx,%rdi 33: e8 b1 d5 f3 fc call 0xfffffffffcf3d5e9 38: 48 rex.W 39: ba 00 00 00 00 mov $0x0,%edx 3e: 00 fc add %bh,%ah

Code starting with the faulting instruction =========================================== 0: 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) 4: 74 12 je 0x18 6: 48 89 df mov %rbx,%rdi 9: e8 b1 d5 f3 fc call 0xfffffffffcf3d5bf e: 48 rex.W f: ba 00 00 00 00 mov $0x0,%edx 14: 00 fc add %bh,%ah [ 352.287420][ T4267] RSP: 0018:ffffc900037cf7e0 EFLAGS: 00010202 [ 352.288406][ T4267] RAX: 000000000000000b RBX: 0000000000000058 RCX: 0000000000000000 [ 352.289715][ T4267] RDX: dffffc0000000000 RSI: 0000000090000000 RDI: ffff888155e8a0a8 [ 352.291007][ T4267] RBP: ffff88815a690640 R08: ffff88815a6906d8 R09: 0000000000000002 [ 352.292287][ T4267] R10: ffff88815a6906d2 R11: ffffed102b4d20dc R12: ffff888118e51701 [ 352.293502][ T4267] R13: 1ffff1102b4d20ce R14: ffff88815a6906d4 R15: 0000000090000000 [ 352.294417][ T4267] FS: 00007fa824b10740(0000) GS:ffff8884259dd000(0000) knlGS:0000000000000000 [ 352.295629][ T4267] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 352.296648][ T4267] CR2: 0000000000000008 CR3: 00000001284fc000 CR4: 00000000000406f0 [ 352.297771][ T4267] Call Trace: [ 352.298404][ T4267] <TASK> [ 352.298958][ T4267] ? ip_route_output_key_hash (kbuild/src/consumer/include/linux/rcupdate.h:331 kbuild/src/consumer/include/linux/rcupdate.h:841 kbuild/src/consumer/net/ipv4/route.c:2700) [ 352.299842][ T4267] ip_route_output_key_hash (kbuild/src/consumer/net/ipv4/route.c:2701) [ 352.300711][ T4267] ip_route_output_flow (kbuild/src/consumer/include/linux/err.h:70 kbuild/src/consumer/net/ipv4/route.c:2930) [ 352.301444][ T4267] __ip4_datagram_connect (kbuild/src/consumer/include/net/route.h:355)

The kernel config and materials to reproduce are available at: https://download.01.org/0day-ci/archive/20250828/202508281637.f1c00f73-lkp@i...