[v6.6] WARNING in rt6_multipath_rebalance
1 view
Skip to first unread message
syzbot
Jul 25, 2025, 1:47:37 AM7/25/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: dbcb8d8e4163 Linux 6.6.100
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16af10a2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=293251cfa8d8100
dashboard link: https://syzkaller.appspot.com/bug?extid=dbd8e862cb3780dae734
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d0b56817a2c3/disk-dbcb8d8e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f0d646b2f7fa/vmlinux-dbcb8d8e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1e0b752a5011/bzImage-dbcb8d8e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dbd8e8...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3496 at net/ipv6/route.c:4793 rt6_multipath_first_sibling net/ipv6/route.c:4715 [inline]
WARNING: CPU: 1 PID: 3496 at net/ipv6/route.c:4793 rt6_multipath_rebalance+0x44d/0x8a0 net/ipv6/route.c:4792
Modules linked in:
CPU: 1 PID: 3496 Comm: kworker/u4:10 Not tainted 6.6.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: netns cleanup_net
RIP: 0010:rt6_multipath_rebalance+0x44d/0x8a0 net/ipv6/route.c:4793
Code: e8 d8 88 b1 f8 e9 1c fe ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 85 fe ff ff 4c 89 e7 e8 7d 88 b1 f8 e9 78 fe ff ff e8 d3 42 5a f8 <0f> 0b eb 07 e8 ca 42 5a f8 0f 0b 48 83 c4 10 5b 41 5c 41 5d 41 5e
RSP: 0000:ffffc9000d187020 EFLAGS: 00010293
RAX: ffffffff892b52ad RBX: ffff88802dcc1c00 RCX: ffff88802e8c0000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52001a30dfc R12: ffff88802dcc1cbe
R13: ffff88802dcc1c80 R14: 0000000000000000 R15: 1ffff11005b98390
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2d713ff8 CR3: 00000000657fb000 CR4: 00000000003506e0
Call Trace:
<TASK>
fib6_ifdown+0x3f3/0x4b0 net/ipv6/route.c:4913
fib6_clean_node+0x248/0x580 net/ipv6/ip6_fib.c:2190
fib6_walk_continue+0x672/0x900 net/ipv6/ip6_fib.c:2115
fib6_walk+0x149/0x290 net/ipv6/ip6_fib.c:2163
fib6_clean_tree net/ipv6/ip6_fib.c:2243 [inline]
__fib6_clean_all+0x235/0x380 net/ipv6/ip6_fib.c:2259
rt6_sync_down_dev net/ipv6/route.c:4941 [inline]
rt6_disable_ip+0x125/0x7a0 net/ipv6/route.c:4946
addrconf_ifdown+0x15e/0x1880 net/ipv6/addrconf.c:3826
addrconf_notify+0x6c6/0x1010 net/ipv6/addrconf.c:-1
notifier_call_chain+0x197/0x390 kernel/notifier.c:93
call_netdevice_notifiers_extack net/core/dev.c:2064 [inline]
call_netdevice_notifiers net/core/dev.c:2078 [inline]
dev_close_many+0x297/0x400 net/core/dev.c:1619
unregister_netdevice_many_notify+0x4c1/0x1810 net/core/dev.c:11047
unregister_netdevice_many net/core/dev.c:11130 [inline]
default_device_exit_batch+0x9cb/0xa60 net/core/dev.c:11608
ops_exit_list net/core/net_namespace.c:178 [inline]
cleanup_net+0x77f/0xb90 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: dbcb8d8e4163 Linux 6.6.100
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16af10a2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=293251cfa8d8100
dashboard link: https://syzkaller.appspot.com/bug?extid=dbd8e862cb3780dae734
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d0b56817a2c3/disk-dbcb8d8e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f0d646b2f7fa/vmlinux-dbcb8d8e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1e0b752a5011/bzImage-dbcb8d8e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dbd8e8...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3496 at net/ipv6/route.c:4793 rt6_multipath_first_sibling net/ipv6/route.c:4715 [inline]
WARNING: CPU: 1 PID: 3496 at net/ipv6/route.c:4793 rt6_multipath_rebalance+0x44d/0x8a0 net/ipv6/route.c:4792
Modules linked in:
CPU: 1 PID: 3496 Comm: kworker/u4:10 Not tainted 6.6.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: netns cleanup_net
RIP: 0010:rt6_multipath_rebalance+0x44d/0x8a0 net/ipv6/route.c:4793
Code: e8 d8 88 b1 f8 e9 1c fe ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 85 fe ff ff 4c 89 e7 e8 7d 88 b1 f8 e9 78 fe ff ff e8 d3 42 5a f8 <0f> 0b eb 07 e8 ca 42 5a f8 0f 0b 48 83 c4 10 5b 41 5c 41 5d 41 5e
RSP: 0000:ffffc9000d187020 EFLAGS: 00010293
RAX: ffffffff892b52ad RBX: ffff88802dcc1c00 RCX: ffff88802e8c0000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52001a30dfc R12: ffff88802dcc1cbe
R13: ffff88802dcc1c80 R14: 0000000000000000 R15: 1ffff11005b98390
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2d713ff8 CR3: 00000000657fb000 CR4: 00000000003506e0
Call Trace:
<TASK>
fib6_ifdown+0x3f3/0x4b0 net/ipv6/route.c:4913
fib6_clean_node+0x248/0x580 net/ipv6/ip6_fib.c:2190
fib6_walk_continue+0x672/0x900 net/ipv6/ip6_fib.c:2115
fib6_walk+0x149/0x290 net/ipv6/ip6_fib.c:2163
fib6_clean_tree net/ipv6/ip6_fib.c:2243 [inline]
__fib6_clean_all+0x235/0x380 net/ipv6/ip6_fib.c:2259
rt6_sync_down_dev net/ipv6/route.c:4941 [inline]
rt6_disable_ip+0x125/0x7a0 net/ipv6/route.c:4946
addrconf_ifdown+0x15e/0x1880 net/ipv6/addrconf.c:3826
addrconf_notify+0x6c6/0x1010 net/ipv6/addrconf.c:-1
notifier_call_chain+0x197/0x390 kernel/notifier.c:93
call_netdevice_notifiers_extack net/core/dev.c:2064 [inline]
call_netdevice_notifiers net/core/dev.c:2078 [inline]
dev_close_many+0x297/0x400 net/core/dev.c:1619
unregister_netdevice_many_notify+0x4c1/0x1810 net/core/dev.c:11047
unregister_netdevice_many net/core/dev.c:11130 [inline]
default_device_exit_batch+0x9cb/0xa60 net/core/dev.c:11608
ops_exit_list net/core/net_namespace.c:178 [inline]
cleanup_net+0x77f/0xb90 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Nov 17, 2025, 4:21:15 PM11/17/25
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages