syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1350]
Subsystems
🐞 Fixed [7124]
🐞 Invalid [18851]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

general protection fault in __fib6_drop_pcpu_from (7)

Status: closed as invalid on 2026/05/30 06:16
Subsystems: net
[Documentation on labels]
First crash: 36d, last: 5d06h
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
e91d3dc3-60bf-4b0b-9ebe-e1b40843a3ac assessment-security 💥 general protection fault in __fib6_drop_pcpu_from (7) 2026/05/15 05:50 2026/05/15 05:50 2026/05/15 05:51 6ccb967e465e832a7bfd7a116ad00d52a0923a5d failed to run ["git" "pull" "origin" "HEAD" "--depth=1" "--allow-unrelated-histories"]: exit status 128 From /app/workdir/repo/linux * branch HEAD -> FETCH_HEAD Updating files: 19% (18262/93693) Updating files: 20% (18739/93693) Updating files: 21% (19676/93693) Updating files: 22% (20613/93693) Updating files: 23% (21550/93693) Updating files: 24% (22487/93693) error: unable to write file arch/mips/pic32/pic32mzda/early_pin.c error: unable to write file arch/mips/pic32/pic32mzda/early_pin.h error: unable to write file arch/mips/pic32/pic32mzda/init.c error: unable to write file arch/mips/pic32/pic32mzda/pic32mzda.h error: unable to write file arch/mips/pic32/pic32mzda/time.c fatal: cannot create directory at 'arch/mips/power': No space left on device
Similar bugs (7)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in __fib6_drop_pcpu_from (6) net 17 236 149d 481d 0/29 auto-obsoleted due to no activity on 2026/03/13 05:04
upstream general protection fault in __fib6_drop_pcpu_from (5) net 8 467 712d 757d 26/29 fixed on 2024/06/18 11:11
upstream general protection fault in __fib6_drop_pcpu_from net 2 4 2541d 2546d 0/29 auto-closed as invalid on 2019/10/25 08:50
upstream general protection fault in __fib6_drop_pcpu_from (2) net 2 1 2164d 2164d 0/29 auto-closed as invalid on 2020/09/25 04:17
upstream general protection fault in __fib6_drop_pcpu_from (3) net 2 1 2021d 2021d 0/29 auto-closed as invalid on 2021/02/15 21:07
upstream general protection fault in __fib6_drop_pcpu_from (4) net 19 23 1612d 1920d 0/29 auto-closed as invalid on 2022/03/31 04:19
android-5-10 KASAN: use-after-free Read in __fib6_drop_pcpu_from 19 2 38d 49d 0/2 premoderation: reported on 2026/04/12 19:12

Sample crash report:
batman_adv: batadv0: Removing interface: batadv_slave_1
veth1_macvtap: left promiscuous mode
veth0_macvtap: left promiscuous mode
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000024: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127]
CPU: 1 UID: 0 PID: 17703 Comm: kworker/u8:24 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: netns cleanup_net
RIP: 0010:__fib6_drop_pcpu_from+0x1f0/0x3b0 net/ipv6/ip6_fib.c:1004
Code: 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ef e8 b7 1f d6 f7 49 8b 6d 00 48 85 ed 74 2f 48 81 c5 90 00 00 00 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 91 1f d6 f7 48 8b 45 00 48 3b 44
RSP: 0018:ffffc900079fec90 EFLAGS: 00010207
RAX: 0000000000000024 RBX: ffffffff8e26c790 RCX: ffff88801d388000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000124 R08: ffffffff8a5ad986 R09: ffffffff8e95cce0
R10: dffffc0000000000 R11: fffffbfff2061b7f R12: 0000000000000000
R13: ffffe8ffffcaf1e8 R14: dffffc0000000000 R15: ffff8880582d5920
FS:  0000000000000000(0000) GS:ffff888125387000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000022780 CR3: 00000000871ae000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1038 [inline]
 fib6_purge_rt+0x10b/0x910 net/ipv6/ip6_fib.c:1049
 fib6_del_route net/ipv6/ip6_fib.c:2050 [inline]
 fib6_del+0xeb5/0x15a0 net/ipv6/ip6_fib.c:2095
 fib6_clean_node+0x29c/0x580 net/ipv6/ip6_fib.c:2257
 fib6_walk_continue+0x67b/0x910 net/ipv6/ip6_fib.c:2179
 fib6_walk net/ipv6/ip6_fib.c:2227 [inline]
 fib6_clean_tree net/ipv6/ip6_fib.c:2307 [inline]
 __fib6_clean_all+0x35b/0x5a0 net/ipv6/ip6_fib.c:2323
 rt6_sync_down_dev net/ipv6/route.c:5023 [inline]
 rt6_disable_ip+0x128/0x730 net/ipv6/route.c:5028
 addrconf_ifdown+0x161/0x1a40 net/ipv6/addrconf.c:3865
 addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
 notifier_call_chain+0x1ad/0x3d0 kernel/notifier.c:85
 call_netdevice_notifiers_extack net/core/dev.c:2287 [inline]
 call_netdevice_notifiers net/core/dev.c:2301 [inline]
 netif_close_many+0x2ae/0x420 net/core/dev.c:1805
 unregister_netdevice_many_notify+0xb50/0x22c0 net/core/dev.c:12391
 unregister_netdevice_many net/core/dev.c:12484 [inline]
 default_device_exit_batch+0x962/0x9e0 net/core/dev.c:13076
 ops_exit_list net/core/net_namespace.c:205 [inline]
 ops_undo_list+0x52b/0x940 net/core/net_namespace.c:252
 cleanup_net+0x56b/0x800 net/core/net_namespace.c:702
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3397
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3478
 kthread+0x389/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__fib6_drop_pcpu_from+0x1f0/0x3b0 net/ipv6/ip6_fib.c:1004
Code: 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ef e8 b7 1f d6 f7 49 8b 6d 00 48 85 ed 74 2f 48 81 c5 90 00 00 00 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 91 1f d6 f7 48 8b 45 00 48 3b 44
RSP: 0018:ffffc900079fec90 EFLAGS: 00010207
RAX: 0000000000000024 RBX: ffffffff8e26c790 RCX: ffff88801d388000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000124 R08: ffffffff8a5ad986 R09: ffffffff8e95cce0
R10: dffffc0000000000 R11: fffffbfff2061b7f R12: 0000000000000000
R13: ffffe8ffffcaf1e8 R14: dffffc0000000000 R15: ffff8880582d5920
FS:  0000000000000000(0000) GS:ffff888125387000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000022780 CR3: 00000000871ae000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	48 c1 e8 03          	shr    $0x3,%rax
   4:	42 80 3c 30 00       	cmpb   $0x0,(%rax,%r14,1)
   9:	74 08                	je     0x13
   b:	4c 89 ef             	mov    %r13,%rdi
   e:	e8 b7 1f d6 f7       	call   0xf7d61fca
  13:	49 8b 6d 00          	mov    0x0(%r13),%rbp
  17:	48 85 ed             	test   %rbp,%rbp
  1a:	74 2f                	je     0x4b
  1c:	48 81 c5 90 00 00 00 	add    $0x90,%rbp
  23:	48 89 e8             	mov    %rbp,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 30 00       	cmpb   $0x0,(%rax,%r14,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 ef             	mov    %rbp,%rdi
  34:	e8 91 1f d6 f7       	call   0xf7d61fca
  39:	48 8b 45 00          	mov    0x0(%rbp),%rax
  3d:	48                   	rex.W
  3e:	3b                   	.byte 0x3b
  3f:	44                   	rex.R

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/26 14:42 upstream e8c2f9fdadee a3e47276 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in __fib6_drop_pcpu_from
2026/05/09 05:50 upstream 81d6f7807536 0c5a8d8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in __fib6_drop_pcpu_from
2026/04/25 19:15 upstream 897d54018cc9 9c2d0995 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in __fib6_drop_pcpu_from
2026/04/26 06:05 bpf b5c111f4967b 9c2d0995 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce general protection fault in __fib6_drop_pcpu_from
* Struck through repros no longer work on HEAD.