syzbot


general protection fault in ip6_mc_clear_src (2)

Status: upstream: reported on 2025/06/04 19:25
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+cea6d5c85e63d691dfc1@syzkaller.appspotmail.com
First crash: 83d, last: 1d03h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [net?] general protection fault in ip6_mc_clear_src (2) 0 (1) 2025/06/04 19:25
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in ip6_mc_clear_src net 2 2 122d 132d 0/29 closed as invalid on 2025/04/18 16:40

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc001fffc000: 0000 [#1] SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x00000000fffe0000-0x00000000fffe0007]
CPU: 1 UID: 0 PID: 7583 Comm: kworker/u8:39 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: netns cleanup_net
RIP: 0010:ip6_mc_clear_src+0x119/0x4e0 net/ipv6/mcast.c:2599
Code: ff ff ff e8 89 0a 42 01 89 c5 31 ff 89 c6 e8 ae 89 94 f7 85 ed 74 45 e8 65 85 94 f7 eb 05 e8 5e 85 94 f7 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 48 97 f6 f7 49 8b 2c 24 49 8d 7c
RSP: 0018:ffffc9000d0cf2e0 EFLAGS: 00010216
RAX: 000000001fffc000 RBX: 1ffff11003ff0882 RCX: ffff88807ce61e00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffffff8fa1ddf7 R09: 1ffffffff1f43bbe
R10: dffffc0000000000 R11: fffffbfff1f43bbf R12: 00000000fffe0000
R13: dffffc0000000000 R14: 0000000000000538 R15: ffff88801ff84410
FS:  0000000000000000(0000) GS:ffff888125d23000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4bc3b53000 CR3: 000000005c881000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 mld_clear_delrec+0x105/0x5d0 net/ipv6/mcast.c:826
 ipv6_mc_destroy_dev+0x45/0x5a0 net/ipv6/mcast.c:2842
 addrconf_ifdown+0x139e/0x1880 net/ipv6/addrconf.c:3995
 addrconf_notify+0x1bc/0x1010 net/ipv6/addrconf.c:-1
 notifier_call_chain+0x1b6/0x3e0 kernel/notifier.c:85
 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
 call_netdevice_notifiers net/core/dev.c:2282 [inline]
 unregister_netdevice_many_notify+0x15d8/0x2320 net/core/dev.c:12077
 unregister_netdevice_many net/core/dev.c:12140 [inline]
 default_device_exit_batch+0x819/0x890 net/core/dev.c:12644
 ops_exit_list net/core/net_namespace.c:206 [inline]
 ops_undo_list+0x525/0x990 net/core/net_namespace.c:253
 cleanup_net+0x4c5/0x800 net/core/net_namespace.c:686
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ip6_mc_clear_src+0x119/0x4e0 net/ipv6/mcast.c:2599
Code: ff ff ff e8 89 0a 42 01 89 c5 31 ff 89 c6 e8 ae 89 94 f7 85 ed 74 45 e8 65 85 94 f7 eb 05 e8 5e 85 94 f7 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 48 97 f6 f7 49 8b 2c 24 49 8d 7c
RSP: 0018:ffffc9000d0cf2e0 EFLAGS: 00010216
RAX: 000000001fffc000 RBX: 1ffff11003ff0882 RCX: ffff88807ce61e00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffffff8fa1ddf7 R09: 1ffffffff1f43bbe
R10: dffffc0000000000 R11: fffffbfff1f43bbf R12: 00000000fffe0000
R13: dffffc0000000000 R14: 0000000000000538 R15: ffff88801ff84410
FS:  0000000000000000(0000) GS:ffff888125c23000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31d0f000 CR3: 0000000030bd9000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	e8 89 0a 42 01       	call   0x1420a8e
   5:	89 c5                	mov    %eax,%ebp
   7:	31 ff                	xor    %edi,%edi
   9:	89 c6                	mov    %eax,%esi
   b:	e8 ae 89 94 f7       	call   0xf79489be
  10:	85 ed                	test   %ebp,%ebp
  12:	74 45                	je     0x59
  14:	e8 65 85 94 f7       	call   0xf794857e
  19:	eb 05                	jmp    0x20
  1b:	e8 5e 85 94 f7       	call   0xf794857e
  20:	4c 89 e0             	mov    %r12,%rax
  23:	48 c1 e8 03          	shr    $0x3,%rax
* 27:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2c:	74 08                	je     0x36
  2e:	4c 89 e7             	mov    %r12,%rdi
  31:	e8 48 97 f6 f7       	call   0xf7f6977e
  36:	49 8b 2c 24          	mov    (%r12),%rbp
  3a:	49                   	rex.WB
  3b:	8d                   	.byte 0x8d
  3c:	7c                   	.byte 0x7c

Crashes (39):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/25 20:04 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in ip6_mc_clear_src
2025/07/24 13:17 upstream 25fae0b93d1d 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in ip6_mc_clear_src
2025/07/24 12:40 upstream 25fae0b93d1d 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in ip6_mc_clear_src
2025/07/24 09:26 upstream 01a412d06bc5 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_mc_clear_src
2025/07/20 04:44 upstream bf61759db409 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_mc_clear_src
2025/07/19 20:33 upstream 4871b7cb27f4 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_mc_clear_src
2025/07/18 00:53 upstream e2291551827f 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in ip6_mc_clear_src
2025/07/18 00:52 upstream e2291551827f 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in ip6_mc_clear_src
2025/07/09 10:10 upstream 733923397fd9 abade794 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_mc_clear_src
2025/07/06 18:41 upstream 1f988d0788f5 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_mc_clear_src
2025/06/04 19:24 upstream 1af80d00e1e0 fd5e6e61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_mc_clear_src
2025/05/06 16:49 upstream 01f95500a162 ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in ip6_mc_clear_src
2025/07/10 09:47 upstream 8c2e52ebbe88 d7384b6d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in ip6_mc_clear_src
2025/05/07 12:06 upstream 0d8d44db295c 350f4ffc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in ip6_mc_clear_src
2025/07/22 08:30 net 53b2fb6b05cd 1555463b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/07/17 16:09 net 9f735b6f8a77 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/07/03 04:06 net bd475eeaaf3c 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/28 07:20 net 8550821a1535 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/26 12:14 net 8d89661a36dd 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/26 10:52 net 8d89661a36dd 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/25 21:34 net 010c40c1f50e 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/24 18:06 net 1fd26729e013 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/24 07:04 net 95b6759a8183 1a7fb460 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/22 19:22 net 302251f1fdfd d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/21 23:38 net 714db279942b d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/18 14:00 net d0fa59897e04 ca631f70 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/18 05:58 net 0aff00432cc7 e77fae15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/17 17:15 net 7b4ac12cc929 417d98fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/17 14:16 net 7b4ac12cc929 417d98fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/17 06:59 net 1224b218a4b9 cfebc887 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/16 17:44 net 5466491c9e33 d1716036 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/14 20:16 net 5466491c9e33 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/05/07 20:01 net 9540984da649 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/05/04 17:01 net ebd297a2affa b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/07/26 09:24 net-next 9312ee76490d fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in ip6_mc_clear_src
2025/07/24 03:25 net-next 8aad37d16cff 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in ip6_mc_clear_src
2025/07/23 15:50 net-next 56613001dfc9 e1dd4f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/30 17:57 net-next 7012d4f3c7a8 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in ip6_mc_clear_src
2025/07/20 23:01 linux-next d086c886ceb9 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in ip6_mc_clear_src
* Struck through repros no longer work on HEAD.