syzbot

 sign-in | mailing list | source | docs
🐞 Open [988] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12509] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: unable to handle kernel paging request in stack_depot_save

Status: auto-closed as invalid on 2019/10/25 08:36
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+2518b40a76ef4f5d3415@syzkaller.appspotmail.com
First crash: 1770d, last: 1770d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in stack_depot_save (3) net 9 1090d 1095d 0/26 auto-closed as invalid on 2021/07/30 17:47
upstream BUG: unable to handle kernel paging request in stack_depot_save (4) kernfs 1 908d 904d 0/26 auto-closed as invalid on 2022/01/28 22:39
upstream BUG: unable to handle kernel paging request in stack_depot_save (2) netfilter 1 1513d 1509d 0/26 auto-closed as invalid on 2020/06/02 15:03

Sample crash report:
BUG: unable to handle page fault for address: ffff88806950e8d8
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD b401067 P4D b401067 PUD 62538063 PMD 94c6e063 PTE ffff888094c6e8a0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.2.0-rc5+ #59
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:find_stack lib/stackdepot.c:180 [inline]
RIP: 0010:stack_depot_save+0x100/0x450 lib/stackdepot.c:241
Code: 84 f3 01 00 00 41 89 df 41 81 e7 ff ff 0f 00 4e 8b 34 fd 80 6b 84 8a 4d 85 f6 74 28 41 8d 75 ff eb 08 4d 8b 36 4d 85 f6 74 1a <41> 39 5e 08 75 f2 31 c0 45 3b 6e 0c 0f 84 84 01 00 00 4d 8b 36 4d
RSP: 0018:ffff8880ae909758 EFLAGS: 00010082
RAX: 00000000541b0847 RBX: 0000000033fcad65 RCX: 0000000031ff2f89
RDX: 0000000000000800 RSI: 000000000000000d RDI: 00000000e6ff81d4
RBP: ffff8880ae9097a0 R08: 000000007e21a185 R09: ffff8880ae9096c0
R10: ffff8880ae909690 R11: ffff8880ae9096a0 R12: ffff8880ae9097b0
R13: 000000000000000e R14: ffff88806950e8d0 R15: 00000000000cad65
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88806950e8d8 CR3: 00000000a5f6b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 save_stack+0x5c/0x90 mm/kasan/common.c:73
 set_track mm/kasan/common.c:79 [inline]
 __kasan_slab_free+0x102/0x150 mm/kasan/common.c:451
 kasan_slab_free+0xe/0x10 mm/kasan/common.c:459
 __cache_free mm/slab.c:3432 [inline]
 kfree+0xcf/0x220 mm/slab.c:3755
 skb_free_head+0x93/0xb0 net/core/skbuff.c:588
 skb_release_data+0x42d/0x7c0 net/core/skbuff.c:608
 skb_release_all+0x4d/0x60 net/core/skbuff.c:662
 __kfree_skb net/core/skbuff.c:676 [inline]
 kfree_skb net/core/skbuff.c:694 [inline]
 kfree_skb+0xe8/0x390 net/core/skbuff.c:688
 __netif_receive_skb_core+0x552/0x3280 net/core/dev.c:4990
 __netif_receive_skb_one_core+0xa8/0x1a0 net/core/dev.c:5007
 __netif_receive_skb+0x2c/0x1d0 net/core/dev.c:5123
 process_backlog+0x206/0x750 net/core/dev.c:5934
 napi_poll net/core/dev.c:6357 [inline]
 net_rx_action+0x4f5/0x1070 net/core/dev.c:6423
 __do_softirq+0x25c/0x94c kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x180/0x1d0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1068
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:806
 </IRQ>
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
Code: ff ff 48 89 df e8 b2 5b 8c fa eb 82 e9 07 00 00 00 0f 00 2d c4 dd 4a 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d b4 dd 4a 00 fb f4 <c3> 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 ee be 41 fa e8 a9
RSP: 0018:ffff8880a98e7d78 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff1164e81 RBX: ffff8880a98d4340 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000006 RDI: ffff8880a98d4bbc
RBP: ffff8880a98e7da8 R08: ffff8880a98d4340 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: ffffffff88b273f8 R14: 0000000000000001 R15: 0000000000000000
 arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:571
 default_idle_call+0x36/0x90 kernel/sched/idle.c:94
 cpuidle_idle_call kernel/sched/idle.c:154 [inline]
 do_idle+0x377/0x560 kernel/sched/idle.c:263
 cpu_startup_entry+0x1b/0x20 kernel/sched/idle.c:354
 start_secondary+0x34e/0x4c0 arch/x86/kernel/smpboot.c:265
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
Modules linked in:
CR2: ffff88806950e8d8
---[ end trace c886272baf87a3a0 ]---
RIP: 0010:find_stack lib/stackdepot.c:180 [inline]
RIP: 0010:stack_depot_save+0x100/0x450 lib/stackdepot.c:241
Code: 84 f3 01 00 00 41 89 df 41 81 e7 ff ff 0f 00 4e 8b 34 fd 80 6b 84 8a 4d 85 f6 74 28 41 8d 75 ff eb 08 4d 8b 36 4d 85 f6 74 1a <41> 39 5e 08 75 f2 31 c0 45 3b 6e 0c 0f 84 84 01 00 00 4d 8b 36 4d
RSP: 0018:ffff8880ae909758 EFLAGS: 00010082
RAX: 00000000541b0847 RBX: 0000000033fcad65 RCX: 0000000031ff2f89
RDX: 0000000000000800 RSI: 000000000000000d RDI: 00000000e6ff81d4
RBP: ffff8880ae9097a0 R08: 000000007e21a185 R09: ffff8880ae9096c0
R10: ffff8880ae909690 R11: ffff8880ae9096a0 R12: ffff8880ae9097b0
R13: 000000000000000e R14: ffff88806950e8d0 R15: 00000000000cad65
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88806950e8d8 CR3: 00000000a5f6b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/21 13:56 net-old 48620e341659 34bf9440 .config console log report ci-upstream-net-this-kasan-gce
* Struck through repros no longer work on HEAD.