syzbot


general protection fault in ip6_mc_clear_src (2)

Status: upstream: reported on 2025/06/04 19:25
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+cea6d5c85e63d691dfc1@syzkaller.appspotmail.com
First crash: 80d, last: 7h38m
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [net?] general protection fault in ip6_mc_clear_src (2) 0 (1) 2025/06/04 19:25
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in ip6_mc_clear_src net 2 2 118d 128d 0/29 closed as invalid on 2025/04/18 16:40

Sample crash report:
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_1
Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe000: 0000 [#1] SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x00000000ffff0000-0x00000000ffff0007]
CPU: 0 UID: 0 PID: 2951 Comm: kworker/u8:7 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: netns cleanup_net
RIP: 0010:ip6_mc_clear_src+0x89/0x5a0 net/ipv6/mcast.c:2599
Code: 49 bc 00 00 00 00 00 fc ff df 48 8d 45 10 49 89 c5 48 89 04 24 49 c1 ed 03 4d 01 e5 eb 32 e8 de 54 7f f7 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 80 04 00 00 4c 8b 3b 48 8d 7b 30 48 89 de e8
RSP: 0018:ffffc9000b86f528 EFLAGS: 00010206
RAX: 000000001fffe000 RBX: 00000000ffff0000 RCX: ffffffff8a3c944b
RDX: ffff888031182440 RSI: ffffffff8a3c93d2 RDI: 0000000000000005
RBP: ffff888055416000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
R13: ffffed100aa82c02 R14: ffff888055416028 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff888124720000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2fcf8ff8 CR3: 000000005c540000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 mld_clear_delrec+0xfb/0x640 net/ipv6/mcast.c:826
 ipv6_mc_destroy_dev+0x49/0x690 net/ipv6/mcast.c:2842
 addrconf_ifdown.isra.0+0x13ef/0x1a90 net/ipv6/addrconf.c:3995
 addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3775
 notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
 call_netdevice_notifiers net/core/dev.c:2282 [inline]
 unregister_netdevice_many_notify+0xf9d/0x2700 net/core/dev.c:12077
 unregister_netdevice_many net/core/dev.c:12140 [inline]
 default_device_exit_batch+0x853/0xaf0 net/core/dev.c:12644
 ops_exit_list net/core/net_namespace.c:206 [inline]
 ops_undo_list+0x360/0xab0 net/core/net_namespace.c:253
 cleanup_net+0x408/0x890 net/core/net_namespace.c:686
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ip6_mc_clear_src+0x89/0x5a0 net/ipv6/mcast.c:2599
Code: 49 bc 00 00 00 00 00 fc ff df 48 8d 45 10 49 89 c5 48 89 04 24 49 c1 ed 03 4d 01 e5 eb 32 e8 de 54 7f f7 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 80 04 00 00 4c 8b 3b 48 8d 7b 30 48 89 de e8
RSP: 0018:ffffc9000b86f528 EFLAGS: 00010206
RAX: 000000001fffe000 RBX: 00000000ffff0000 RCX: ffffffff8a3c944b
RDX: ffff888031182440 RSI: ffffffff8a3c93d2 RDI: 0000000000000005
RBP: ffff888055416000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
R13: ffffed100aa82c02 R14: ffff888055416028 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff888124820000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000118 CR3: 000000002a3f6000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	49 bc 00 00 00 00 00 	movabs $0xdffffc0000000000,%r12
   7:	fc ff df
   a:	48 8d 45 10          	lea    0x10(%rbp),%rax
   e:	49 89 c5             	mov    %rax,%r13
  11:	48 89 04 24          	mov    %rax,(%rsp)
  15:	49 c1 ed 03          	shr    $0x3,%r13
  19:	4d 01 e5             	add    %r12,%r13
  1c:	eb 32                	jmp    0x50
  1e:	e8 de 54 7f f7       	call   0xf77f5501
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2f:	0f 85 80 04 00 00    	jne    0x4b5
  35:	4c 8b 3b             	mov    (%rbx),%r15
  38:	48 8d 7b 30          	lea    0x30(%rbx),%rdi
  3c:	48 89 de             	mov    %rbx,%rsi
  3f:	e8                   	.byte 0xe8

Crashes (33):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/20 04:44 upstream bf61759db409 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_mc_clear_src
2025/07/19 20:33 upstream 4871b7cb27f4 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_mc_clear_src
2025/07/18 00:53 upstream e2291551827f 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in ip6_mc_clear_src
2025/07/18 00:52 upstream e2291551827f 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in ip6_mc_clear_src
2025/07/09 10:10 upstream 733923397fd9 abade794 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_mc_clear_src
2025/07/06 18:41 upstream 1f988d0788f5 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_mc_clear_src
2025/06/04 19:24 upstream 1af80d00e1e0 fd5e6e61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_mc_clear_src
2025/05/06 16:49 upstream 01f95500a162 ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in ip6_mc_clear_src
2025/07/10 09:47 upstream 8c2e52ebbe88 d7384b6d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in ip6_mc_clear_src
2025/05/07 12:06 upstream 0d8d44db295c 350f4ffc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in ip6_mc_clear_src
2025/07/22 08:30 net 53b2fb6b05cd 1555463b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/07/17 16:09 net 9f735b6f8a77 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/07/03 04:06 net bd475eeaaf3c 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/28 07:20 net 8550821a1535 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/26 12:14 net 8d89661a36dd 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/26 10:52 net 8d89661a36dd 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/25 21:34 net 010c40c1f50e 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/24 18:06 net 1fd26729e013 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/24 07:04 net 95b6759a8183 1a7fb460 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/22 19:22 net 302251f1fdfd d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/21 23:38 net 714db279942b d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/18 14:00 net d0fa59897e04 ca631f70 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/18 05:58 net 0aff00432cc7 e77fae15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/17 17:15 net 7b4ac12cc929 417d98fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/17 14:16 net 7b4ac12cc929 417d98fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/17 06:59 net 1224b218a4b9 cfebc887 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/16 17:44 net 5466491c9e33 d1716036 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/14 20:16 net 5466491c9e33 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/05/07 20:01 net 9540984da649 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/05/04 17:01 net ebd297a2affa b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip6_mc_clear_src
2025/07/23 15:50 net-next 56613001dfc9 e1dd4f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in ip6_mc_clear_src
2025/06/30 17:57 net-next 7012d4f3c7a8 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce general protection fault in ip6_mc_clear_src
2025/07/20 23:01 linux-next d086c886ceb9 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in ip6_mc_clear_src
* Struck through repros no longer work on HEAD.