syzbot

 sign-in | mailing list | source | docs
🐞 Open [1493]
Subsystems
🐞 Fixed [6523]
🐞 Invalid [16602]
Missing Backports [204]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

upstream test error: BUG: unable to handle kernel paging request in neigh_parms_release

Status: closed as invalid on 2025/06/26 13:22
Subsystems: net
[Documentation on labels]
First crash: 90d, last: 90d

Sample crash report:
 ret_from_fork+0x45/0x60 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: ffffffff0ea64a50
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 6c66067 P4D 6c66067 PUD 0 
Oops: Oops: 0002 [#1] SMP PTI
CPU: 0 UID: 0 PID: 1053 Comm: kworker/u8:5 Tainted: G        W           6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: netns cleanup_net
RIP: 0010:__pv_queued_spin_lock_slowpath+0x278/0x380 kernel/locking/qspinlock.c:288
Code: ff ff e8 1b f6 c3 fb e9 e1 fd ff ff 83 e0 03 c1 ea 12 48 c1 e0 05 48 8d a8 c0 53 49 89 8d 42 ff 48 98 48 03 2c c5 e0 4c 99 86 <4c> 89 75 00 b8 00 80 00 00 eb 13 84 c0 75 08 0f b6 55 14 84 d2 75
RSP: 0018:ffffc9000270fa88 EFLAGS: 00010087
RAX: 0000000000000388 RBX: 0000000000040000 RCX: 0000000000000001
RDX: 0000000000000389 RSI: 0000000000000000 RDI: ffff88810e252a98
RBP: ffffffff0ea64a50 R08: ffffffff81202f19 R09: ffffffff87264fd8
R10: 000000001f7d060b R11: 0000000096496c23 R12: 00000000003c00ed
R13: ffff88810e252a98 R14: ffff88813ba2c3c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881b2597000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff0ea64a50 CR3: 00000001111ca000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:572 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock include/linux/spinlock.h:187 [inline]
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0x36/0x40 kernel/locking/spinlock.c:162
 ref_tracker_free+0xab/0x330 lib/ref_tracker.c:243
 netdev_tracker_free include/linux/netdevice.h:4351 [inline]
 netdev_put include/linux/netdevice.h:4368 [inline]
 netdev_put include/linux/netdevice.h:4364 [inline]
 neigh_parms_release+0xc0/0x120 net/core/neighbour.c:1709
 addrconf_ifdown.isra.0+0xb50/0xc60 net/ipv6/addrconf.c:4011
 addrconf_notify+0x155/0xcc0 net/ipv6/addrconf.c:3780
 notifier_call_chain+0x90/0x180 kernel/notifier.c:85
 call_netdevice_notifiers_info+0x7d/0xe0 net/core/dev.c:2176
 call_netdevice_notifiers_extack net/core/dev.c:2214 [inline]
 call_netdevice_notifiers net/core/dev.c:2228 [inline]
 unregister_netdevice_many_notify+0x7a3/0x1050 net/core/dev.c:11972
 cleanup_net+0x333/0x5a0 net/core/net_namespace.c:649
 process_one_work+0x26b/0x620 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x2c4/0x4f0 kernel/workqueue.c:3400
 kthread+0x158/0x310 kernel/kthread.c:464
 ret_from_fork+0x45/0x60 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
CR2: ffffffff0ea64a50
---[ end trace 0000000000000000 ]---
RIP: 0010:__pv_queued_spin_lock_slowpath+0x278/0x380 kernel/locking/qspinlock.c:288
Code: ff ff e8 1b f6 c3 fb e9 e1 fd ff ff 83 e0 03 c1 ea 12 48 c1 e0 05 48 8d a8 c0 53 49 89 8d 42 ff 48 98 48 03 2c c5 e0 4c 99 86 <4c> 89 75 00 b8 00 80 00 00 eb 13 84 c0 75 08 0f b6 55 14 84 d2 75
RSP: 0018:ffffc9000270fa88 EFLAGS: 00010087
RAX: 0000000000000388 RBX: 0000000000040000 RCX: 0000000000000001
RDX: 0000000000000389 RSI: 0000000000000000 RDI: ffff88810e252a98
RBP: ffffffff0ea64a50 R08: ffffffff81202f19 R09: ffffffff87264fd8
R10: 000000001f7d060b R11: 0000000096496c23 R12: 00000000003c00ed
R13: ffff88810e252a98 R14: ffff88813ba2c3c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881b2597000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff0ea64a50 CR3: 00000001111ca000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	e8 1b f6 c3 fb       	call   0xfbc3f620
   5:	e9 e1 fd ff ff       	jmp    0xfffffdeb
   a:	83 e0 03             	and    $0x3,%eax
   d:	c1 ea 12             	shr    $0x12,%edx
  10:	48 c1 e0 05          	shl    $0x5,%rax
  14:	48 8d a8 c0 53 49 89 	lea    -0x76b6ac40(%rax),%rbp
  1b:	8d 42 ff             	lea    -0x1(%rdx),%eax
  1e:	48 98                	cltq
  20:	48 03 2c c5 e0 4c 99 	add    -0x7966b320(,%rax,8),%rbp
  27:	86
* 28:	4c 89 75 00          	mov    %r14,0x0(%rbp) <-- trapping instruction
  2c:	b8 00 80 00 00       	mov    $0x8000,%eax
  31:	eb 13                	jmp    0x46
  33:	84 c0                	test   %al,%al
  35:	75 08                	jne    0x3f
  37:	0f b6 55 14          	movzbl 0x14(%rbp),%edx
  3b:	84 d2                	test   %dl,%dl
  3d:	75                   	.byte 0x75

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/23 16:22 upstream eccf6f2f6ab9 f8cc0c83 .config console log report [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak upstream test error: BUG: unable to handle kernel paging request in neigh_parms_release
* Struck through repros no longer work on HEAD.