general protection fault in tipc_conn

ID	Workflow	Result	Correct	Bug	Created	Started	Finished	Revision	Error
702ece07-5371-450e-820f-7a052c4e07cb	assessment-security	DenialOfService: ✅ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌	❓	general protection fault in tipc_conn_close (6)	2026/05/16 09:01	2026/05/16 09:01	2026/05/16 09:35	bccc1e4cfc08abce15de8b74287eef494a3f6e5e
79f3c94f-f3b0-4ffa-b508-66ebd4e63cbc	repro		❓	general protection fault in tipc_conn_close (6)	2026/03/07 22:01	2026/03/07 22:01	2026/03/07 22:10	31e9c887f7dc24e04b3ca70d0d54fc34141844b0

assessment-security

DenialOfService: ✅ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌

❓

general protection fault in tipc_conn_close (6)

2026/05/16 09:01

2026/05/16 09:35

bccc1e4cfc08abce15de8b74287eef494a3f6e5e

79f3c94f-f3b0-4ffa-b508-66ebd4e63cbc

repro

❓

general protection fault in tipc_conn_close (6)

2026/03/07 22:01

2026/03/07 22:10

31e9c887f7dc24e04b3ca70d0d54fc34141844b0

Kernel	Title	Rank 🛈	Repro	Fix bisect	Count	Last	Reported	Patched	Status
android-54	general protection fault in tipc_conn_close (2)	2			2	950d	1025d	0/2	auto-obsoleted due to no activity on 2024/01/22 16:54
android-5-15	general protection fault in tipc_conn_close (2)	2			4	871d	987d	0/2	auto-obsoleted due to no activity on 2024/04/11 01:35
android-6-1	general protection fault in tipc_conn_close (4)	2			2	23d	29d	0/2	premoderation: reported on 2026/05/03 09:20
android-54	general protection fault in tipc_conn_close	19			9	1168d	1434d	0/2	auto-obsoleted due to no activity on 2023/07/18 14:57
android-5-10	general protection fault in tipc_conn_close (3)	2			1	990d	990d	0/2	auto-obsoleted due to no activity on 2023/12/14 05:20
android-54	general protection fault in tipc_conn_close (3)	2			1	444d	444d	0/2	auto-obsoleted due to no activity on 2025/06/11 23:15
android-5-15	general protection fault in tipc_conn_close (4)	2			1	213d	213d	0/2	auto-obsoleted due to no activity on 2026/01/29 07:23
upstream	general protection fault in tipc_conn_close (4) tipc	2			1	337d	334d	29/29	fixed on 2025/09/04 16:57
upstream	general protection fault in tipc_conn_close tipc	2	C		3	3023d	3024d	5/29	fixed on 2018/05/08 18:30
android-6-1	general protection fault in tipc_conn_close	2			6	843d	1070d	0/2	auto-obsoleted due to no activity on 2024/05/18 20:39
linux-4.19	general protection fault in tipc_conn_close	19	C	error	3	1349d	1856d	0/1	upstream: reported C repro on 2021/05/01 19:58
android-5-10	general protection fault in tipc_conn_close	2			1	1479d	1479d	0/2	auto-closed as invalid on 2022/08/12 11:37
android-6-1	general protection fault in tipc_conn_close (2)	2			1	364d	364d	0/2	auto-obsoleted due to no activity on 2025/08/31 08:25
android-5-10	general protection fault in tipc_conn_close (2)	2			6	1264d	1350d	0/2	auto-obsoleted due to no activity on 2023/04/11 05:56
android-5-10	general protection fault in tipc_conn_close (5)	19			5	76d	231d	0/2	premoderation: reported on 2025/10/12 19:22
upstream	general protection fault in tipc_conn_close (5) tipc	2			2	160d	208d	0/29	closed as invalid on 2026/01/09 17:04
upstream	general protection fault in tipc_conn_close (3) tipc	2			1	955d	951d	0/29	auto-obsoleted due to no activity on 2024/01/18 09:00
upstream	general protection fault in tipc_conn_close (2) tipc	2			21	1068d	1640d	0/29	auto-obsoleted due to no activity on 2023/10/06 23:51
android-6-1	general protection fault in tipc_conn_close (3)	2			3	145d	189d	0/2	auto-obsoleted due to no activity on 2026/04/07 00:50
android-5-15	general protection fault in tipc_conn_close	19			4	1097d	1312d	0/2	auto-obsoleted due to no activity on 2023/08/28 21:57
android-5-15	general protection fault in tipc_conn_close (3)	2			1	317d	317d	0/2	auto-obsoleted due to no activity on 2025/10/17 12:07
android-5-10	general protection fault in tipc_conn_close (4)	2			2	367d	434d	0/2	auto-obsoleted due to no activity on 2025/08/27 20:16

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 0 UID: 0 PID: 8494 Comm: kworker/u10:6 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Workqueue: netns cleanup_net RIP: 0010:tipc_conn_close+0x48/0x1d0 net/tipc/topsrv.c:158 Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 08 48 8d 7d 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 54 01 00 00 4c 8b 6d 18 49 8d ad f0 03 00 00 48 RSP: 0000:ffffc900036b7a08 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff88805ad5f400 RCX: 0000000000000080 RDX: 0000000000000003 RSI: ffffffff8b304cc4 RDI: 0000000000000018 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888026e78800 R13: 0000000000000000 R14: ffff88805ad5f408 R15: ffffed1004dcf113 FS: 0000000000000000(0000) GS:ffff88812432e000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b30ed6ff8 CR3: 000000003b4a4000 CR4: 00000000003526f0 Call Trace: <TASK> tipc_topsrv_stop net/tipc/topsrv.c:709 [inline] tipc_topsrv_exit_net+0x211/0x4b0 net/tipc/topsrv.c:732 ops_exit_list net/core/net_namespace.c:199 [inline] ops_undo_list+0x2ee/0xab0 net/core/net_namespace.c:252 cleanup_net+0x499/0x920 net/core/net_namespace.c:702 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3288 process_scheduled_works kernel/workqueue.c:3371 [inline] worker_thread+0x5ef/0xe50 kernel/workqueue.c:3452 kthread+0x370/0x450 kernel/kthread.c:436 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:tipc_conn_close+0x48/0x1d0 net/tipc/topsrv.c:158 Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 08 48 8d 7d 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 54 01 00 00 4c 8b 6d 18 49 8d ad f0 03 00 00 48 RSP: 0000:ffffc900036b7a08 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff88805ad5f400 RCX: 0000000000000080 RDX: 0000000000000003 RSI: ffffffff8b304cc4 RDI: 0000000000000018 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888026e78800 R13: 0000000000000000 R14: ffff88805ad5f408 R15: ffffed1004dcf113 FS: 0000000000000000(0000) GS:ffff88812432e000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000020000001c000 CR3: 0000000075802000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess), 3 bytes skipped: 0: 48 c1 ea 03 shr $0x3,%rdx 4: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 8: 0f 85 6a 01 00 00 jne 0x178 e: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 15: fc ff df 18: 48 8b 6b 08 mov 0x8(%rbx),%rbp 1c: 48 8d 7d 18 lea 0x18(%rbp),%rdi 20: 48 89 fa mov %rdi,%rdx 23: 48 c1 ea 03 shr $0x3,%rdx * 27: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2b: 0f 85 54 01 00 00 jne 0x185 31: 4c 8b 6d 18 mov 0x18(%rbp),%r13 35: 49 8d ad f0 03 00 00 lea 0x3f0(%r13),%rbp 3c: 48 rex.W

Crashes (3):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2026/04/15 01:27	upstream	883af1f8e878	e2e976a8	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-qemu-gce-upstream-auto	general protection fault in tipc_conn_close
2026/02/05 15:10	upstream	f14faaf3a1fb	4936e85c	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-qemu-gce-upstream-auto	general protection fault in tipc_conn_close
2026/01/29 15:11	upstream	8dfce8991b95	aeb6fdd5	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-qemu-gce-upstream-auto	general protection fault in tipc_conn_close

Crashes (3):

Assets (help?)