general protection fault in bpf_get_local

Date	Name	Commit	Repro	Result
2025/09/22	lts (merge base)	3594f306da12	C	[report] general protection fault in bpf_get_local_storage
2025/09/22	upstream (ToT)	07e27ad16399	C	[report] general protection fault in bpf_get_local_storage

Date

Name

Commit

Repro

Result

2025/09/22

lts (merge base)

3594f306da12

[report] general protection fault in bpf_get_local_storage

2025/09/22

upstream (ToT)

07e27ad16399

[report] general protection fault in bpf_get_local_storage

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	general protection fault in bpf_get_local_storage bpf	2	C			13	351d	422d	0/29	auto-obsoleted due to no activity on 2025/10/02 04:58
upstream	general protection fault in bpf_get_local_storage (2) bpf prio:high	2	C			3	151d	161d	0/29	upstream: reported C repro on 2025/12/31 00:27

Rank 🛈

upstream

general protection fault in bpf_get_local_storage bpf

351d

422d

0/29

auto-obsoleted due to no activity on 2025/10/02 04:58

upstream

general protection fault in bpf_get_local_storage (2) bpf prio:high

151d

161d

0/29

upstream: reported C repro on 2025/12/31 00:27


Created	Duration	User	Repo	Result
2026/06/03 09:15	14m	retest repro	android14-6.1	log
2026/06/03 09:15	16m	retest repro	android14-6.1	log
2026/06/03 09:15	16m	retest repro	android14-6.1	log
2026/06/03 09:15	15m	retest repro	android14-6.1	log
2026/06/03 09:15	20m	retest repro	android14-6.1	log
2026/05/09 00:53	3h59m	retest repro	android14-6.1	report log
2026/05/09 00:53	17m	retest repro	android14-6.1	report log
2026/02/25 11:44	33m	retest repro	android14-6.1	report log

Created	Duration	User	Repo	Result
2026/02/19 03:20	0m	bisect fix	android14-6.1	error job log
2026/01/20 01:22	1h47m	bisect fix	android14-6.1	OK (0) job log log
2025/11/13 00:06	1h10m	bisect fix	android14-6.1	OK (0) job log log

Created

Duration

User

Patch

Repo

Result

2026/02/19 03:20

bisect fix

android14-6.1

error job log

2026/01/20 01:22

1h47m

bisect fix

android14-6.1

OK (0) job log log

2025/11/13 00:06

1h10m

bisect fix

android14-6.1

OK (0) job log log

general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 60 Comm: kworker/1:2 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:____bpf_get_local_storage kernel/bpf/cgroup.c:1573 [inline] RIP: 0010:bpf_get_local_storage+0x11b/0x180 kernel/bpf/cgroup.c:1557 Code: 79 6d 86 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 16 2d 22 00 49 03 1e eb 22 e8 dc 87 dc ff 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 f6 2c 22 00 49 8b 1e 48 83 c3 10 RSP: 0018:ffffc900009075b8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000013 RCX: ffff88810dc9a880 RDX: 0000000000000000 RSI: 0000000000000013 RDI: 0000000000000015 RBP: ffffc900009075d8 R08: ffffc90000907753 R09: ffffc90000907740 R10: dffffc0000000000 R11: fffff52000120eeb R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe35ec5e40 CR3: 0000000110147000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> bpf_prog_3d505f2f98b3eabe+0x25/0x3b bpf_dispatcher_nop_func include/linux/bpf.h:987 [inline] __bpf_prog_run include/linux/filter.h:607 [inline] bpf_prog_run include/linux/filter.h:614 [inline] __bpf_prog_run_save_cb include/linux/filter.h:757 [inline] bpf_prog_run_array_cg kernel/bpf/cgroup.c:68 [inline] __cgroup_bpf_run_filter_skb+0x53d/0xfb0 kernel/bpf/cgroup.c:1401 ip6_finish_output+0xaf5/0xbb0 net/ipv6/ip6_output.c:212 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip6_output+0x1fa/0x410 net/ipv6/ip6_output.c:237 dst_output include/net/dst.h:453 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ndisc_send_skb+0x7dc/0xcc0 net/ipv6/ndisc.c:513 ndisc_send_ns+0xd4/0x160 net/ipv6/ndisc.c:671 addrconf_dad_work+0xa1e/0x14d0 net/ipv6/addrconf.c:4245 process_one_work+0x71f/0xc40 kernel/workqueue.c:2302 worker_thread+0xa29/0x11e0 kernel/workqueue.c:2449 kthread+0x281/0x320 kernel/kthread.c:386 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:____bpf_get_local_storage kernel/bpf/cgroup.c:1573 [inline] RIP: 0010:bpf_get_local_storage+0x11b/0x180 kernel/bpf/cgroup.c:1557 Code: 79 6d 86 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 16 2d 22 00 49 03 1e eb 22 e8 dc 87 dc ff 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 f6 2c 22 00 49 8b 1e 48 83 c3 10 RSP: 0018:ffffc900009075b8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000013 RCX: ffff88810dc9a880 RDX: 0000000000000000 RSI: 0000000000000013 RDI: 0000000000000015 RBP: ffffc900009075d8 R08: ffffc90000907753 R09: ffffc90000907740 R10: dffffc0000000000 R11: fffff52000120eeb R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe35ec5e40 CR3: 0000000113806000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 79 6d jns 0x6f 2: 86 4c 89 f0 xchg %cl,-0x10(%rcx,%rcx,4) 6: 48 c1 e8 03 shr $0x3,%rax a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) f: 74 08 je 0x19 11: 4c 89 f7 mov %r14,%rdi 14: e8 16 2d 22 00 call 0x222d2f 19: 49 03 1e add (%r14),%rbx 1c: eb 22 jmp 0x40 1e: e8 dc 87 dc ff call 0xffdc87ff 23: 4c 89 f0 mov %r14,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) <-- trapping instruction 2f: 74 08 je 0x39 31: 4c 89 f7 mov %r14,%rdi 34: e8 f6 2c 22 00 call 0x222d2f 39: 49 8b 1e mov (%r14),%rbx 3c: 48 83 c3 10 add $0x10,%rbx

Crashes (8):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Assets (help?)	Manager	Title
2026/06/08 01:45	android14-6.1	d73749230104	cc095639	.config	console log	report	syz / log	C	[disk image] [vmlinux] [kernel image]	ci2-android-6-1	general protection fault in bpf_get_local_storage
2026/05/10 20:50	android14-6.1	2f67b6088692	29233ece	.config	console log	report	syz / log	C	[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-android-6-1	general protection fault in bpf_get_local_storage
2026/05/10 13:08	android14-6.1	2f67b6088692	29233ece	.config	console log	report	syz / log	C	[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-android-6-1	general protection fault in bpf_get_local_storage
2026/05/10 08:24	android14-6.1	2f67b6088692	29233ece	.config	console log	report	syz / log	C	[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-android-6-1	general protection fault in bpf_get_local_storage
2025/09/22 15:05	android14-6.1	462bdb2cb1b1	0ac7291c	.config	console log	report	syz / log	C	[disk image] [vmlinux] [kernel image]	ci2-android-6-1	general protection fault in bpf_get_local_storage
2025/09/22 07:38	android14-6.1	462bdb2cb1b1	67c37560	.config	console log	report	syz / log	C	[disk image] [vmlinux] [kernel image]	ci2-android-6-1	general protection fault in bpf_get_local_storage
2026/05/10 22:42	android14-6.1	2f67b6088692	29233ece	.config	console log	report	syz / log		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-android-6-1	general protection fault in bpf_get_local_storage
2026/05/10 03:04	android14-6.1	2f67b6088692	29233ece	.config	console log	report	syz / log		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-android-6-1	general protection fault in bpf_get_local_storage

Crashes (8):

Assets (help?)