| Version | Stage | Reported | Report Link | Job |
|---|---|---|---|---|
| 2 | moderation | 2026/05/16 21:35 | Discussion | ff8236be-bfa9-48fc-9c7e-9939ad17d937 |
| 1 | moderation | 2026/05/14 00:04 | Discussion | 8b1e4143-642b-4b3e-8be9-194c7a66e24a |
syzbot |
sign-in | mailing list | source | docs | 🏰 |
| Version | Stage | Reported | Report Link | Job |
|---|---|---|---|---|
| 2 | moderation | 2026/05/16 21:35 | Discussion | ff8236be-bfa9-48fc-9c7e-9939ad17d937 |
| 1 | moderation | 2026/05/14 00:04 | Discussion | 8b1e4143-642b-4b3e-8be9-194c7a66e24a |
| ID | Workflow | Result | Correct | Bug | Created | Started | Finished | Revision | Error |
|---|---|---|---|---|---|---|---|---|---|
| 14c93a00-1ca2-42d0-8b2e-a5faf3b2c109 | assessment-security | DenialOfService: ✅ Exploitable: ✅ FilesystemTrigger: ❌ NetworkTrigger: ✅ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌ | ❓ | general protection fault in bpf_get_local_storage (2) | 2026/05/26 07:55 | 2026/05/26 07:55 | 2026/05/26 08:55 | c69befb30ac10e158cc9d1557b508ee3f0eca1de | |
| ff8236be-bfa9-48fc-9c7e-9939ad17d937 | patch-iteration | ❓ | general protection fault in bpf_get_local_storage (2) | 2026/05/16 18:23 | 2026/05/16 18:23 | 2026/05/16 21:35 | de5aae85e5f28e2fa1c7deefcc24fe286abe5140 | ||
| 82037e22-09c9-4520-aa41-1ddf44b6ac48 | patch-iteration | 💥 | general protection fault in bpf_get_local_storage (2) | 2026/05/16 06:06 | 2026/05/16 06:06 | 2026/05/16 06:06 | a15a64a66dd37b7f9c31f5c3efb1524bb9863162 | flow inputs are missing: patching.PatchIterationInputs: field "StraceBin" is not present when converting map | |
| 0b690022-5060-4860-bfda-2ee01564fe7a | patch-iteration | 💥 | general protection fault in bpf_get_local_storage (2) | 2026/05/15 17:46 | 2026/05/15 17:46 | 2026/05/15 17:46 | efdaf0f9b8bfc56ea6d17bea15a64f4591cc712d | flow inputs are missing: patching.PatchIterationInputs: field "StraceBin" is not present when converting map | |
| 453db6da-d441-4a79-a8d1-b0bf20958f66 | patch-iteration | 💥 | general protection fault in bpf_get_local_storage (2) | 2026/05/15 11:15 | 2026/05/15 11:16 | 2026/05/15 11:33 | 9cd3beaadf14b3a22d15fd97a0bf081ee41ebe01 | failed to run ["git" "pull" "origin" "HEAD" "--depth=1" "--allow-unrelated-histories"]: exit status 128 From /app/workdir/cache/src/ecd8bb68855fdd08aa08215ac485989bac875215 * branch HEAD -> FETCH_HEAD Updating files: 17% (16142/93697) Updating files: 18% (16866/93697) Updating files: 19% (17803/93697) Updating files: 20% (18740/93697) Updating files: 21% (19677/93697) Updating files: 22% (20614/93697) Updating files: 23% (21551/93697) error: unable to write file arch/mips/include/asm/sgi/hpc3.h error: unable to write file arch/mips/include/asm/sgi/ioc.h error: unable to write file arch/mips/include/asm/sgi/ip22.h error: unable to write file arch/mips/include/asm/sgi/mc.h error: unable to write file arch/mips/include/asm/sgi/pi1.h error: unable to write file arch/mips/include/asm/sgi/seeq.h error: unable to write file arch/mips/include/asm/sgi/wd.h error: unable to write file arch/mips/include/asm/sgialib.h error: unable to write file arch/mips/include/asm/sgiarcs.h error: unable to write file arch/mips/include/asm/shmparam.h fatal: cannot create directory at 'arch/mips/include/asm/sibyte': No space left on device | |
| 8c044f76-2b05-402e-9a11-bf461aa4bd99 | patch-iteration | 💥 | general protection fault in bpf_get_local_storage (2) | 2026/05/15 10:15 | 2026/05/15 10:15 | 2026/05/15 10:15 | 9cd3beaadf14b3a22d15fd97a0bf081ee41ebe01 | failed to run ["git" "-c" "core.hooksPath=/dev/null" "checkout" "origin/master"]: exit status 128 Previous HEAD position was e1914add2799 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm fatal: update_ref failed for ref 'HEAD': cannot lock ref 'HEAD': Unable to create '/app/workdir/repo/linux/.git/HEAD.lock': File exists. Another git process seems to be running in this repository, e.g. an editor opened by 'git commit'. Please make sure all processes are terminated then try again. If it still fails, a git process may have crashed in this repository earlier: remove the file manually to continue. | |
| 8b1e4143-642b-4b3e-8be9-194c7a66e24a | patching-compressed | ❓ | general protection fault in bpf_get_local_storage (2) | 2026/05/13 20:04 | 2026/05/13 21:15 | 2026/05/14 00:04 | 71153e5d9da49247dc7f1194a9cc04fb90c64f9c |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [bpf?] general protection fault in bpf_get_local_storage (2) | 4 (7) | 2026/05/16 05:38 |
| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| android-6-1 | general protection fault in bpf_get_local_storage origin:upstream | 2 | C | error | 8 | 7d21h | 266d | 0/2 | upstream: reported C repro on 2025/09/22 07:39 | |
| upstream | general protection fault in bpf_get_local_storage bpf | 2 | C | 13 | 356d | 427d | 0/29 | auto-obsoleted due to no activity on 2025/10/02 04:58 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2026/05/30 07:37 | 20m | retest repro | upstream | error | |
| 2026/05/30 07:37 | 21m | retest repro | upstream | error | |
| 2026/05/30 06:16 | 20m | retest repro | upstream | error | |
| 2026/05/16 05:15 | 22m | dvyukov@google.com | patch | git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v7.1-rc3 | error |
| 2026/03/21 06:40 | 16m | retest repro | upstream | error | |
| 2026/03/21 05:48 | 17m | retest repro | upstream | error | |
| 2026/03/21 05:48 | 16m | retest repro | upstream | error | |
| 2026/01/10 05:12 | 17m | retest repro | upstream | report log | |
| 2026/01/10 05:12 | 14m | retest repro | upstream | report log | |
| 2026/01/10 05:12 | 13m | retest repro | upstream | error | |
| 2025/12/31 03:20 | 20m | buaajxlj@163.com | patch | git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3f0e9c8cefa9 | OK log |
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: rcu_gp process_srcu RIP: 0010:____bpf_get_local_storage kernel/bpf/cgroup.c:1774 [inline] RIP: 0010:bpf_get_local_storage+0xbd/0x180 kernel/bpf/cgroup.c:1756 Code: e0 49 83 c6 08 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 a2 83 39 00 4d 8b 36 83 fb 15 75 5c 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 84 83 39 00 49 8b 1e e8 ec 7e 6c RSP: 0018:ffffc900000072d8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000015 RCX: 0000000000000100 RDX: ffff88801bef4980 RSI: 0000000000000015 RDI: 0000000000000015 RBP: ffffc90000007310 R08: 0000000000000003 R09: 0000000000000000 R10: ffffc90000007380 R11: ffffffffa0203ce4 R12: 0000000000000001 R13: ffff88801248d640 R14: 0000000000000000 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000200000001c40 CR3: 000000003701b000 CR4: 0000000000352ef0 Call Trace: <IRQ> bpf_prog_e63b106389d7305a+0x2e/0x45 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline] __bpf_prog_run include/linux/filter.h:723 [inline] bpf_prog_run include/linux/filter.h:730 [inline] __bpf_prog_run_save_cb+0x127/0x370 include/linux/filter.h:980 bpf_prog_run_array_cg kernel/bpf/cgroup.c:81 [inline] __cgroup_bpf_run_filter_skb+0x9e0/0xf40 kernel/bpf/cgroup.c:1612 sk_filter_trim_cap+0xd42/0xf50 net/core/filter.c:150 tcp_filter net/ipv4/tcp_ipv4.c:2117 [inline] tcp_v4_rcv+0x1f90/0x2f20 net/ipv4/tcp_ipv4.c:2304 ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:207 ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318 __netif_receive_skb_one_core net/core/dev.c:6137 [inline] __netif_receive_skb+0x143/0x380 net/core/dev.c:6250 process_backlog+0x54f/0x1340 net/core/dev.c:6602 __napi_poll+0xae/0x320 net/core/dev.c:7666 napi_poll net/core/dev.c:7729 [inline] net_rx_action+0x64a/0xe00 net/core/dev.c:7881 handle_softirqs+0x22b/0x7c0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x60/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:delay_loop+0x20/0x30 arch/x86/lib/delay.c:44 Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 f8 48 85 c0 74 19 eb 02 66 90 eb 0e 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 <48> ff c8 75 fb 48 ff c8 c3 cc cc cc cc cc 66 90 90 90 90 90 90 90 RSP: 0018:ffffc900001b78d0 EFLAGS: 00000216 RAX: 00000000000022ff RBX: 0000000000000001 RCX: 0000000008583a9c RDX: 00000000000036b0 RSI: 0000000000000008 RDI: 00000000000036b1 RBP: 0000000000000001 R08: ffff88801fc42b47 R09: 1ffff11003f88568 R10: dffffc0000000000 R11: ffffffff8b5a31d0 R12: 0000000000000001 R13: 0000000000004fb8 R14: ffff88801fc42b60 R15: dffffc0000000000 udelay include/asm-generic/delay.h:64 [inline] try_check_zero+0x412/0x470 kernel/rcu/srcutree.c:1182 srcu_advance_state kernel/rcu/srcutree.c:1886 [inline] process_srcu+0x2d3/0x1220 kernel/rcu/srcutree.c:1995 process_one_work kernel/workqueue.c:3257 [inline] process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:____bpf_get_local_storage kernel/bpf/cgroup.c:1774 [inline] RIP: 0010:bpf_get_local_storage+0xbd/0x180 kernel/bpf/cgroup.c:1756 Code: e0 49 83 c6 08 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 a2 83 39 00 4d 8b 36 83 fb 15 75 5c 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 84 83 39 00 49 8b 1e e8 ec 7e 6c RSP: 0018:ffffc900000072d8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000015 RCX: 0000000000000100 RDX: ffff88801bef4980 RSI: 0000000000000015 RDI: 0000000000000015 RBP: ffffc90000007310 R08: 0000000000000003 R09: 0000000000000000 R10: ffffc90000007380 R11: ffffffffa0203ce4 R12: 0000000000000001 R13: ffff88801248d640 R14: 0000000000000000 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000200000001c40 CR3: 000000003701b000 CR4: 0000000000352ef0 ---------------- Code disassembly (best guess): 0: e0 49 loopne 0x4b 2: 83 c6 08 add $0x8,%esi 5: 4c 89 f0 mov %r14,%rax 8: 48 c1 e8 03 shr $0x3,%rax c: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) 11: 74 08 je 0x1b 13: 4c 89 f7 mov %r14,%rdi 16: e8 a2 83 39 00 call 0x3983bd 1b: 4d 8b 36 mov (%r14),%r14 1e: 83 fb 15 cmp $0x15,%ebx 21: 75 5c jne 0x7f 23: 4c 89 f0 mov %r14,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) <-- trapping instruction 2f: 74 08 je 0x39 31: 4c 89 f7 mov %r14,%rdi 34: e8 84 83 39 00 call 0x3983bd 39: 49 8b 1e mov (%r14),%rbx 3c: e8 .byte 0xe8 3d: ec in (%dx),%al 3e: 7e 6c jle 0xac
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/12/27 03:54 | upstream | 3f0e9c8cefa9 | d1b870e1 | .config | console log | report | syz / log | C | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-snapshot-upstream-root | general protection fault in bpf_get_local_storage | |
| 2025/12/27 02:11 | upstream | 3f0e9c8cefa9 | d1b870e1 | .config | console log | report | syz / log | C | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-snapshot-upstream-root | general protection fault in bpf_get_local_storage | |
| 2025/12/27 00:20 | upstream | 3f0e9c8cefa9 | d1b870e1 | .config | console log | report | syz / log | C | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-snapshot-upstream-root | general protection fault in bpf_get_local_storage |