syzbot

 sign-in | mailing list | source | docs
🐞 Open [1646]
Subsystems
🐞 Fixed [6009]
🐞 Invalid [14806]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: unable to handle kernel paging request in ipv4_dst_destroy

Status: closed as invalid on 2018/09/05 12:51
Subsystems: net
[Documentation on labels]
First crash: 2387d, last: 2387d

Sample crash report:
RAX: ffffffffffffffda RBX: 00007f6fd69436d4 RCX: 0000000000455ab9
RDX: 0000000020752ffc RSI: 0000000020975000 RDI: 0000000000000013
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015
R13: 00000000004bb46c R14: 00000000004c8650 R15: 0000000000000008
BUG: unable to handle kernel paging request at ffff88008e7f92c8
PGD c316067 P4D c316067 PUD 21ffff067 PMD 1cb9f7063 PTE 0
Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 4607 Comm: syz-executor0 Not tainted 4.18.0-rc4+ #27
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__list_del_entry_valid+0xdf/0x440 lib/list_debug.c:51
Code: c1 0f 84 76 01 00 00 4d 39 f7 0f 84 7e 01 00 00 41 89 de 4d 85 e4 0f 85 01 02 00 00 4d 8b 27 4c 89 ff e8 e4 58 ae fd 48 8b 18 <44> 8b 3a 48 89 d8 48 0b 45 c8 74 13 4c 89 e1 48 33 4d c0 48 f7 d0 
RSP: 0018:ffff88021fd0fc00 EFLAGS: 00010286
RAX: ffff88008fc8f2c8 RBX: 0000000000000000 RCX: ffff88008e7f92c8
RDX: ffff88008e7f92c8 RSI: aaaaaaaaaaaab000 RDI: ffffea000369ec40
RBP: ffff88021fd0fc58 R08: 0000000000480020 R09: 0000000000000002
R10: 0000000000100000 R11: ffffffff88949e40 R12: ffff8801caa2a5c8
R13: ffff8801caa2a808 R14: 000000008460018d R15: ffff880091a762c8
FS:  0000000000b07940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88008e7f92c8 CR3: 0000000147916000 CR4: 00000000001406e0
DR0: 0000000020abe000 DR1: 0000000020abe000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 __list_del_entry include/linux/list.h:117 [inline]
 list_del include/linux/list.h:125 [inline]
 rt_del_uncached_list net/ipv4/route.c:1477 [inline]
 ipv4_dst_destroy+0x226/0x4b0 net/ipv4/route.c:1490
 dst_destroy+0x21b/0x7c0 net/core/dst.c:132
 dst_destroy_rcu+0x46/0x50 net/core/dst.c:154
 __rcu_reclaim kernel/rcu/rcu.h:178 [inline]
 rcu_do_batch kernel/rcu/tree.c:2558 [inline]
 invoke_rcu_callbacks kernel/rcu/tree.c:2818 [inline]
 __rcu_process_callbacks kernel/rcu/tree.c:2785 [inline]
 rcu_process_callbacks+0x13b0/0x1b30 kernel/rcu/tree.c:2802
 __do_softirq+0x55f/0x934 kernel/softirq.c:288
 invoke_softirq kernel/softirq.c:369 [inline]
 irq_exit+0x22a/0x270 kernel/softirq.c:410
 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:527
 smp_apic_timer_interrupt+0x64/0x90 arch/x86/kernel/apic/apic.c:1055
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:868
 </IRQ>
RIP: 0010:finish_lock_switch+0x38/0x50 kernel/sched/core.c:2608
Code: e8 3d bc 8f 00 44 8b b0 88 0c 00 00 48 8b 18 4c 89 e7 e8 cb b0 8f 00 49 89 c7 48 85 db 75 13 41 c6 07 00 41 c6 04 24 00 fb 5b <41> 5c 41 5e 41 5f 5d c3 44 89 f7 e8 28 bb 8f 00 eb e3 66 0f 1f 44 
RSP: 0018:ffff88014789fbf8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: ffff88021f3d0d00 RBX: ffff8801c4eb1d80 RCX: ffff88021f3d1d00
RDX: ffff88021f3d1d00 RSI: aaaaaaaaaaaab000 RDI: ffffea000cbf2560
RBP: ffff88014789fc10 R08: 0000000000480020 R09: 0000000000000002
R10: ffffffff7fffffff R11: ffffffff81363150 R12: ffff88021fdb9d00
R13: 0000000000000001 R14: 0000000000000000 R15: ffff88021f3d0d00
 finish_task_switch+0xe3/0x260 kernel/sched/core.c:2709
 context_switch kernel/sched/core.c:2860 [inline]
 __schedule+0x66c/0x780 kernel/sched/core.c:3507
 schedule+0x1cc/0x300 kernel/sched/core.c:3551
 freezable_schedule include/linux/freezer.h:172 [inline]
 do_nanosleep+0x2d6/0x9e0 kernel/time/hrtimer.c:1689
 hrtimer_nanosleep kernel/time/hrtimer.c:1743 [inline]
 __do_sys_nanosleep kernel/time/hrtimer.c:1777 [inline]
 __se_sys_nanosleep+0x521/0x740 kernel/time/hrtimer.c:1764
 __x64_sys_nanosleep+0x92/0xc0 kernel/time/hrtimer.c:1764
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x4811c0
Code: 05 48 3d 01 f0 ff ff 0f 83 0d 03 f9 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 91 52 5c 00 00 75 14 b8 23 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 e4 02 f9 ff c3 48 83 ec 08 e8 6a 74 fd ff 
RSP: 002b:0000000000a3ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000023
RAX: ffffffffffffffda RBX: 000000000009caf7 RCX: 00000000004811c0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a3eaa0
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000b07940
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
R13: 000000000000089e R14: 0000000000a3f160 R15: 000000000009c801
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
CR2: ffff88008e7f92c8
---[ end trace 9ecacb5850c7742a ]---
RIP: 0010:__list_del_entry_valid+0xdf/0x440 lib/list_debug.c:51
Code: c1 0f 84 76 01 00 00 4d 39 f7 0f 84 7e 01 00 00 41 89 de 4d 85 e4 0f 85 01 02 00 00 4d 8b 27 4c 89 ff e8 e4 58 ae fd 48 8b 18 <44> 8b 3a 48 89 d8 48 0b 45 c8 74 13 4c 89 e1 48 33 4d c0 48 f7 d0 
RSP: 0018:ffff88021fd0fc00 EFLAGS: 00010286
RAX: ffff88008fc8f2c8 RBX: 0000000000000000 RCX: ffff88008e7f92c8
RDX: ffff88008e7f92c8 RSI: aaaaaaaaaaaab000 RDI: ffffea000369ec40
RBP: ffff88021fd0fc58 R08: 0000000000480020 R09: 0000000000000002
R10: 0000000000100000 R11: ffffffff88949e40 R12: ffff8801caa2a5c8
R13: ffff8801caa2a808 R14: 000000008460018d R15: ffff880091a762c8
FS:  0000000000b07940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88008e7f92c8 CR3: 0000000147916000 CR4: 00000000001406e0
DR0: 0000000020abe000 DR1: 0000000020abe000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/17 12:45 https://github.com/google/kmsan.git master 80ecacc456c1 13761366 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.