syzbot

 sign-in | mailing list | source | docs
🐞 Open [1507]
Subsystems
🐞 Fixed [6514]
🐞 Invalid [16568]
Missing Backports [204]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: unable to handle kernel paging request in skb_segment

Status: closed as invalid on 2025/07/30 20:31
Subsystems: net
[Documentation on labels]
First crash: 526d, last: 108d
Similar bugs (9)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in skb_segment (4) net 8 C error 4 610d 617d 25/29 fixed on 2024/01/22 01:16
android-5-10 general protection fault in skb_segment 2 C done 1 602d 616d 0/2 auto-obsoleted due to no activity on 2024/04/02 16:56
android-5-15 general protection fault in skb_segment origin:upstream 2 C done 1 602d 616d 0/2 auto-obsoleted due to no activity on 2024/04/03 02:38
linux-4.14 general protection fault in skb_segment 2 1 1139d 1139d 0/1 auto-obsoleted due to no activity on 2022/11/02 17:51
upstream general protection fault in skb_segment (3) net 2 C done 2 735d 735d 23/29 fixed on 2023/10/12 12:48
android-6-1 general protection fault in skb_segment origin:upstream missing-backport 2 C done done 1 524d 614d 0/2 auto-obsoleted due to no activity on 2024/06/20 07:05
upstream general protection fault in skb_segment (2) net 2 1 1644d 1644d 0/29 auto-closed as invalid on 2021/05/17 11:26
android-54 general protection fault in skb_segment 2 C 1 532d 616d 0/2 auto-obsoleted due to no activity on 2024/06/11 14:46
upstream general protection fault in skb_segment sctp 2 C 7 2778d 2788d 4/29 fixed on 2018/01/29 03:39

Sample crash report:
Unable to handle kernel paging request at virtual address dfff80000000000e
KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff80000000000e] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_segment+0x2104/0x33a8 net/core/skbuff.c:4590
lr : skb_segment+0x20f8/0x33a8 net/core/skbuff.c:4590
sp : ffff8000939e59a0
x29: ffff8000939e5be0 x28: dfff800000000000 x27: 0000000000000001
x26: 000000000000004a x25: 0000000000000000 x24: 00000000000000f6
x23: 000000000000004a x22: 0000000000000000 x21: 0000000000020048
x20: 000000000000ffff x19: 0000000000000070 x18: ffff8000939e5500
x17: 00005f0000002100 x16: ffff800080529618 x15: 0000000000000008
x14: 0000000000000000 x13: 000000000000a888 x12: ffff0000c19c5a00
x11: ffff0000d9794a00 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 000000000000000e x7 : 0c60dd860aaaaaaa x6 : aaaa0aaaaaaaaaaa
x5 : ffff0000dba6932c x4 : ffff0000dba69324 x3 : ffff800089c01e30
x2 : 0000000000000036 x1 : 000000000000ffff x0 : 000000000000ffff
Call trace:
 skb_segment+0x2104/0x33a8 net/core/skbuff.c:4590
 tcp_gso_segment+0x2cc/0x16b4 net/ipv4/tcp_offload.c:100
 tcp6_gso_segment+0x12c/0x36c net/ipv6/tcpv6_offload.c:67
 ipv6_gso_segment+0x92c/0x1acc net/ipv6/ip6_offload.c:152
 skb_mac_gso_segment+0x2d0/0x5bc net/core/gso.c:53
 __skb_gso_segment+0x250/0x3cc net/core/gso.c:124
 skb_gso_segment include/net/gso.h:83 [inline]
 validate_xmit_skb+0x3cc/0xd10 net/core/dev.c:3628
 validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3678
 sch_direct_xmit+0xe8/0x57c net/sched/sch_generic.c:327
 qdisc_restart net/sched/sch_generic.c:407 [inline]
 __qdisc_run+0x8f8/0x2358 net/sched/sch_generic.c:415
 __dev_xmit_skb net/core/dev.c:3839 [inline]
 __dev_queue_xmit+0xcac/0x329c net/core/dev.c:4317
 dev_queue_xmit include/linux/netdevice.h:3171 [inline]
 neigh_hh_output include/net/neighbour.h:526 [inline]
 neigh_output include/net/neighbour.h:540 [inline]
 ip6_finish_output2+0x1004/0x1ec8 net/ipv6/ip6_output.c:137
 ip6_finish_output+0x428/0x7a0 net/ipv6/ip6_output.c:222
 NF_HOOK_COND include/linux/netfilter.h:303 [inline]
 ip6_output+0x270/0x594 net/ipv6/ip6_output.c:243
 dst_output include/net/dst.h:451 [inline]
 NF_HOOK include/linux/netfilter.h:314 [inline]
 ip6_xmit+0xfd0/0x1a90 net/ipv6/ip6_output.c:358
 inet6_csk_xmit+0x3b8/0x61c net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0x1930/0x34a0 net/ipv4/tcp_output.c:1462
 tcp_transmit_skb net/ipv4/tcp_output.c:1480 [inline]
 tcp_write_xmit+0x11c0/0x4bac net/ipv4/tcp_output.c:2792
 __tcp_push_pending_frames+0x98/0x228 net/ipv4/tcp_output.c:2977
 tcp_push_pending_frames include/net/tcp.h:2061 [inline]
 tcp_data_snd_check+0x84/0xc0 net/ipv4/tcp_input.c:5653
 tcp_rcv_state_process+0x2128/0x3ee8 net/ipv4/tcp_input.c:6866
 tcp_v6_do_rcv+0x9fc/0x1484 net/ipv6/tcp_ipv6.c:1669
 tcp_v6_rcv+0x1fd4/0x294c net/ipv6/tcp_ipv6.c:1910
 ip6_protocol_deliver_rcu+0x930/0x11c4 net/ipv6/ip6_input.c:438
 ip6_input_finish+0x164/0x298 net/ipv6/ip6_input.c:483
 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:314
 ip6_input+0x90/0xa8 net/ipv6/ip6_input.c:492
 dst_input include/net/dst.h:461 [inline]
 ip6_rcv_finish+0x1f0/0x21c net/ipv6/ip6_input.c:79
 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:314
 ipv6_rcv+0x9c/0xbc net/ipv6/ip6_input.c:310
 __netif_receive_skb_one_core net/core/dev.c:5534 [inline]
 __netif_receive_skb+0x18c/0x400 net/core/dev.c:5648
 process_backlog+0x3c0/0x70c net/core/dev.c:5976
 __napi_poll+0xb4/0x654 net/core/dev.c:6576
 napi_poll net/core/dev.c:6645 [inline]
 net_rx_action+0x5e4/0xdc4 net/core/dev.c:6778
 __do_softirq+0x2d8/0xce4 kernel/softirq.c:553
 run_ksoftirqd+0x6c/0x14c kernel/softirq.c:921
 smpboot_thread_fn+0x4b0/0x90c kernel/smpboot.c:164
 kthread+0x288/0x310 kernel/kthread.c:388
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Code: 97c12dab f940cbe8 9101c113 d343fe68 (38fc6908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	97c12dab 	bl	0xffffffffff04b6ac
   4:	f940cbe8 	ldr	x8, [sp, #400]
   8:	9101c113 	add	x19, x8, #0x70
   c:	d343fe68 	lsr	x8, x19, #3
* 10:	38fc6908 	ldrsb	w8, [x8, x28] <-- trapping instruction

Crashes (36):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/09 15:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 707081b61156 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in skb_segment
2025/02/10 03:39 upstream a64dcfb451e2 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in skb_segment
2025/01/30 04:52 upstream 9c5968db9e62 afe4eff5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in skb_segment
2025/01/30 04:49 upstream 9c5968db9e62 afe4eff5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in skb_segment
2024/12/31 10:48 upstream ccb98ccef0e5 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in skb_segment
2024/11/05 16:46 upstream 2e1b3cc9d7f7 509da429 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in skb_segment
2024/11/04 19:00 upstream 59b723cd2adb 509da429 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in skb_segment
2024/09/05 15:12 upstream c763c4339688 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in skb_segment
2024/08/10 20:18 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in skb_segment
2024/07/23 04:10 upstream 66ebbdfdeb09 f063dfd9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in skb_segment
2024/07/15 16:07 upstream 0c3836482481 efee4ed2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in skb_segment
2024/07/15 16:07 upstream 0c3836482481 efee4ed2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in skb_segment
2024/07/07 04:48 upstream 22f902dfc51e bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in skb_segment
2024/06/05 20:43 upstream 71d7b52cc33b 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in skb_segment
2024/06/02 01:59 upstream 89be4025b0db 3113787f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in skb_segment
2024/05/17 13:59 upstream ea5f6ad9ad96 a12e99e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in skb_segment
2024/03/22 23:18 upstream 480e035fc4c7 7a239ce7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in skb_segment
2025/05/01 12:37 upstream 7a13c14ee59d ce7952f4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2025/05/01 05:42 upstream 7a13c14ee59d ce7952f4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2025/04/29 13:22 upstream ca91b9500108 4a62c0b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2025/04/28 15:02 upstream b4432656b36e c6b4fb39 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2025/04/26 17:38 upstream f1a3944c860b c6b4fb39 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2025/04/24 01:44 upstream a79be02bba5c 9882047a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2025/04/21 14:40 upstream 9d7a0577c9db 2a20f901 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2025/03/10 23:34 upstream 4d872d51bc9d 16256247 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2025/02/24 12:52 upstream d082ecbc71e9 d34966d1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2025/01/19 02:32 upstream fda5e3f28400 f2cb035c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2025/01/14 23:50 upstream c3812b15000c 7315a7cf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2024/12/10 12:25 upstream 7cb1b4663150 cfc402b4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2024/08/08 09:50 upstream 6a0e38264012 96450b3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2024/08/05 09:15 upstream de9c2c66ad8e d945c1fd .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2024/08/05 09:14 upstream de9c2c66ad8e d945c1fd .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2024/07/15 04:46 upstream 882ddcd1bf63 252f67bd .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in skb_segment
2024/08/19 15:38 linux-next 367b5c3d53e5 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in skb_segment
2024/08/19 15:37 linux-next 367b5c3d53e5 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in skb_segment
2024/06/02 19:59 linux-next 0e1980c40b6e 3113787f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in skb_segment
* Struck through repros no longer work on HEAD.