syzbot

 sign-in | mailing list | source | docs
🐞 Open [1605]
Subsystems
🐞 Fixed [6300]
🐞 Invalid [16050]
Missing Backports [190]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: global-out-of-bounds Read in fib6_clean_node (2)

Status: upstream: reported on 2025/05/01 14:38
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+ef84446be20ce6c5e514@syzkaller.appspotmail.com
First crash: 49d, last: 9d20h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [net?] KASAN: global-out-of-bounds Read in fib6_clean_node (2) 0 (1) 2025/05/01 14:38
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: global-out-of-bounds Read in fib6_clean_node net 4 96d 98d 0/29 closed as invalid on 2025/04/08 14:38

Sample crash report:
==================================================================
BUG: KASAN: global-out-of-bounds in fib6_clean_node+0x35d/0x590 net/ipv6/ip6_fib.c:2251
Read of size 8 at addr ffffffff99f8d408 by task syz.4.4636/22258

CPU: 0 UID: 0 PID: 22258 Comm: syz.4.4636 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xd2/0x2b0 mm/kasan/report.c:521
 kasan_report+0x118/0x150 mm/kasan/report.c:634
 fib6_clean_node+0x35d/0x590 net/ipv6/ip6_fib.c:2251
 fib6_walk_continue+0x67b/0x910 net/ipv6/ip6_fib.c:2177
 fib6_walk+0x149/0x290 net/ipv6/ip6_fib.c:2225
 fib6_clean_tree net/ipv6/ip6_fib.c:2305 [inline]
 __fib6_clean_all+0x234/0x380 net/ipv6/ip6_fib.c:2321
 rt6_sync_down_dev net/ipv6/route.c:5004 [inline]
 rt6_disable_ip+0x120/0x720 net/ipv6/route.c:5009
 addrconf_ifdown+0x15d/0x1880 net/ipv6/addrconf.c:3857
 addrconf_notify+0x1bc/0x1010 net/ipv6/addrconf.c:-1
 notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85
 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
 call_netdevice_notifiers net/core/dev.c:2282 [inline]
 unregister_netdevice_many_notify+0x15d8/0x2320 net/core/dev.c:12076
 virt_wifi_event+0x22c/0x270 drivers/net/wireless/virtual/virt_wifi.c:657
 notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85
 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
 call_netdevice_notifiers net/core/dev.c:2282 [inline]
 unregister_netdevice_many_notify+0x15d8/0x2320 net/core/dev.c:12076
 rtnl_delete_link net/core/rtnetlink.c:3511 [inline]
 rtnl_dellink+0x488/0x710 net/core/rtnetlink.c:3553
 rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6944
 netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2534
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x75b/0x8d0 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x21c/0x270 net/socket.c:727
 ____sys_sendmsg+0x505/0x830 net/socket.c:2566
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620
 __sys_sendmsg net/socket.c:2652 [inline]
 __do_sys_sendmsg net/socket.c:2657 [inline]
 __se_sys_sendmsg net/socket.c:2655 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2655
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f164af8e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f164bda9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f164b1b6080 RCX: 00007f164af8e929
RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000009
RBP: 00007f164b010b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f164b1b6080 R15: 00007f164b2dfa28
 </TASK>

The buggy address belongs to the variable:
 binder_devices+0x8/0x20

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19f8d
flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002000 ffffea000067e348 ffffea000067e348 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffffffff99f8d300: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffffff99f8d380: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
>ffffffff99f8d400: 00 f9 f9 f9 00 00 f9 f9 00 00 00 00 00 00 00 00
                      ^
 ffffffff99f8d480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff99f8d500: 00 00 00 00 00 00 04 f9 f9 f9 f9 f9 00 f9 f9 f9
==================================================================

Crashes (62):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/05 09:27 upstream 64980441d269 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/02 23:34 upstream cd2e103d57e5 b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/02 07:47 upstream cd2e103d57e5 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/01 16:32 upstream 7d4e49a77d99 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/29 01:38 upstream feacb1774bd5 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/28 07:41 upstream 015a99fa7665 874a1386 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/26 13:26 upstream 0f8c0258bf04 2d4582d0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/25 08:28 upstream d0c22de9995b ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/24 08:23 upstream 4856ebd99715 ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/23 20:12 upstream eccf6f2f6ab9 f8cc0c83 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/22 10:57 upstream d608703fcdd9 0919b50b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/21 14:31 upstream 4a95bc121ccd b47f9e02 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/19 12:31 upstream a5806cd506af f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/17 20:44 upstream 172a9d94339c f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/17 20:43 upstream 172a9d94339c f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/17 07:13 upstream 3c21441eeffc f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/13 05:21 upstream 82f2b0b97b36 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/12 06:09 upstream cd802e7e5f1e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/11 12:57 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/11 00:55 upstream bec6f00f120e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/10 20:04 upstream 0e1329d4045c 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/08 10:41 upstream d76bb1ebb558 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/07 02:10 upstream 0d8d44db295c 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/06 03:01 upstream 01f95500a162 ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/05 22:59 upstream 92a09c47464d 6ca47dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/04 06:33 upstream 2a239ffbebb5 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/04 03:06 upstream 2a239ffbebb5 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/04 03:01 upstream 2a239ffbebb5 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/03 11:07 upstream 95d3481af6dc b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/01 21:34 upstream 4f79eaa2ceac 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/01 12:48 upstream 4f79eaa2ceac ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/01 10:57 upstream 4f79eaa2ceac ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/02 08:59 upstream cd2e103d57e5 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/22 15:09 upstream d608703fcdd9 0919b50b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/06 07:05 upstream 01f95500a162 ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/05 17:04 upstream 92a09c47464d 6ca47dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/06 09:39 upstream e271ed52b344 3d899f2c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/03 15:51 upstream 546b1c9e93c2 a30356b7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/01 22:11 upstream 7d4e49a77d99 3d2f584d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/01 13:39 upstream 7d4e49a77d99 3d2f584d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/31 11:16 upstream 0f70f5b08a47 3d2f584d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/29 19:39 upstream e0797d3b91de 3d2f584d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/05 18:19 upstream ec7714e49479 6b6b5f21 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/02 21:24 upstream 7f9039c524a3 a30356b7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-compat KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/02 06:39 upstream cd2e103d57e5 3d2f584d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/01 23:42 upstream 7d4e49a77d99 3d2f584d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/30 07:17 upstream 9d230d500b0e 3d2f584d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/25 23:32 bpf b4432656b36e ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/07 23:05 bpf-next 43745d11bfd9 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/09 05:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d7fa1af5b33e 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/05 21:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d7fa1af5b33e 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/06/02 16:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d7fa1af5b33e b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/28 18:04 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d7fa1af5b33e 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/26 06:01 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d7fa1af5b33e 2d4582d0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/13 02:02 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c32f8dc5aaf9 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/04 23:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e0f4c8dd9d2d b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/03 06:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e0f4c8dd9d2d b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/05/02 14:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e0f4c8dd9d2d 2bfec9c0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: global-out-of-bounds Read in fib6_clean_node
2025/04/30 23:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e0f4c8dd9d2d ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: global-out-of-bounds Read in fib6_clean_node
* Struck through repros no longer work on HEAD.