syzbot

 sign-in | mailing list | source | docs
🐞 Open [78]
🐞 Fixed [22]
🐞 Invalid [393]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel paging request in fib6_ifup

Status: auto-obsoleted due to no activity on 2025/08/01 22:57
First crash: 112d, last: 112d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: global-out-of-bounds Read in fib6_ifup net 17 12 88d 112d 0/29 auto-obsoleted due to no activity on 2025/08/06 18:32

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
BUG: unable to handle page fault for address: ffff8881d878c498
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 7001067 P4D 7001067 PUD 1e1cd8063 PMD 1ea14f063 PTE 7e597e069b5c1200
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9 Comm: kworker/u4:1 Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_unbound linkwatch_event
RIP: 0010:fib6_ifup+0xad/0x190 net/ipv6/route.c:4648
Code: 1c 24 74 37 4c 8d a3 98 00 00 00 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 e7 e8 93 82 da fd <49> 83 3c 24 00 74 14 e8 57 88 ac fd e9 98 00 00 00 e8 4d 88 ac fd
RSP: 0018:ffff8881f5dcf688 EFLAGS: 00010246
RAX: 1ffff1103b0f1893 RBX: ffff8881d878c400 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffff8881f5dcfa20 RDI: ffff8881d878c400
RBP: ffff8881f5dcf6b0 R08: ffff8881f5dc1f80 R09: 0000000000000003
R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8881d878c498
R13: ffff8881f2ae2000 R14: ffff8881f5dcfa20 R15: ffff8881d725b600
FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881d878c498 CR3: 00000001d25de000 CR4: 00000000003406a0
DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 fib6_clean_node+0x244/0x520 net/ipv6/ip6_fib.c:2085
 fib6_walk_continue+0x4fc/0x700 net/ipv6/ip6_fib.c:2010
 fib6_walk+0x151/0x280 net/ipv6/ip6_fib.c:2058
 fib6_clean_tree net/ipv6/ip6_fib.c:2138 [inline]
 __fib6_clean_all net/ipv6/ip6_fib.c:2154 [inline]
 fib6_clean_all+0x174/0x230 net/ipv6/ip6_fib.c:2165
 rt6_sync_up+0x11d/0x150 net/ipv6/route.c:4670
 addrconf_notify+0xa5c/0xeb0 net/ipv6/addrconf.c:3669
 notifier_call_chain kernel/notifier.c:98 [inline]
 __raw_notifier_call_chain kernel/notifier.c:399 [inline]
 raw_notifier_call_chain+0xa0/0x120 kernel/notifier.c:406
 call_netdevice_notifiers_info net/core/dev.c:1670 [inline]
 netdev_state_change+0x102/0x1a0 net/core/dev.c:1273
 linkwatch_do_dev+0x102/0x140 net/core/link_watch.c:159
 __linkwatch_run_queue+0x412/0x7e0 net/core/link_watch.c:205
 linkwatch_event+0x4c/0x60 net/core/link_watch.c:244
 process_one_work+0x73b/0xcc0 kernel/workqueue.c:2290
 worker_thread+0xa5c/0x13b0 kernel/workqueue.c:2436
 kthread+0x31e/0x3a0 kernel/kthread.c:288
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354
Modules linked in:
CR2: ffff8881d878c498
---[ end trace 0e94b777d048db8c ]---
RIP: 0010:fib6_ifup+0xad/0x190 net/ipv6/route.c:4648
Code: 1c 24 74 37 4c 8d a3 98 00 00 00 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 e7 e8 93 82 da fd <49> 83 3c 24 00 74 14 e8 57 88 ac fd e9 98 00 00 00 e8 4d 88 ac fd
RSP: 0018:ffff8881f5dcf688 EFLAGS: 00010246
RAX: 1ffff1103b0f1893 RBX: ffff8881d878c400 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffff8881f5dcfa20 RDI: ffff8881d878c400
RBP: ffff8881f5dcf6b0 R08: ffff8881f5dc1f80 R09: 0000000000000003
R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8881d878c498
R13: ffff8881f2ae2000 R14: ffff8881f5dcfa20 R15: ffff8881d725b600
FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881d878c498 CR3: 00000001d25de000 CR4: 00000000003406a0
DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
----------------
Code disassembly (best guess):
   0:	1c 24                	sbb    $0x24,%al
   2:	74 37                	je     0x3b
   4:	4c 8d a3 98 00 00 00 	lea    0x98(%rbx),%r12
   b:	4c 89 e0             	mov    %r12,%rax
   e:	48 c1 e8 03          	shr    $0x3,%rax
  12:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  19:	fc ff df
  1c:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1)
  20:	74 08                	je     0x2a
  22:	4c 89 e7             	mov    %r12,%rdi
  25:	e8 93 82 da fd       	call   0xfdda82bd
* 2a:	49 83 3c 24 00       	cmpq   $0x0,(%r12) <-- trapping instruction
  2f:	74 14                	je     0x45
  31:	e8 57 88 ac fd       	call   0xfdac888d
  36:	e9 98 00 00 00       	jmp    0xd3
  3b:	e8 4d 88 ac fd       	call   0xfdac888d

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/03 22:50 android12-5.4 cd8e74fa0fa3 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-perf-kasan BUG: unable to handle kernel paging request in fib6_ifup
* Struck through repros no longer work on HEAD.