syzbot


BUG: unable to handle kernel paging request in __ipv6_dev_get_saddr (2)

Status: auto-closed as invalid on 2021/06/21 20:51
Subsystems: net
[Documentation on labels]
First crash: 1070d, last: 1070d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in __ipv6_dev_get_saddr net 16 2290d 2292d 0/26 closed as invalid on 2018/02/13 19:48
linux-4.19 BUG: unable to handle kernel paging request in __ipv6_dev_get_saddr 1 1026d 1026d 0/1 auto-closed as invalid on 2021/10/03 22:57

Sample crash report:
BUG: unable to handle page fault for address: ffffffffffffff14
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD bc8f067 P4D bc8f067 PUD bc91067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 15246 Comm: syz-executor.1 Not tainted 5.12.0-rc8-next-20210422-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__ipv6_dev_get_saddr+0x103/0x5c0 net/ipv6/addrconf.c:1662
Code: 48 b9 00 00 00 00 00 fc ff df 48 89 f8 48 c1 e8 03 0f b6 14 08 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 1c 04 00 00 <8b> 5d 6c bf 40 00 00 00 83 e3 44 89 de e8 5b b4 b5 f9 83 fb 40 0f
RSP: 0018:ffffc90000dc00f8 EFLAGS: 00010246
RAX: 0000000000000007 RBX: 0000000000000000 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffffff87bf4c65 RDI: ffffffffffffff14
RBP: fffffffffffffea8 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff87bf4cf8 R11: 0000000000000000 R12: ffff888028ff8000
R13: ffffc90000dc01e0 R14: ffff88802c299a40 R15: ffffc90000dc01a0
FS:  00007ff30a930700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffff14 CR3: 000000001da5c000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 ipv6_dev_get_saddr+0x824/0xbc0 net/ipv6/addrconf.c:1817
 ip6_route_get_saddr include/net/ip6_route.h:145 [inline]
 ip6_dst_lookup_tail+0xb35/0x1760 net/ipv6/ip6_output.c:1069
 ip6_dst_lookup_flow+0x8c/0x1d0 net/ipv6/ip6_output.c:1194
 geneve_get_v6_dst+0x46f/0x9a0 drivers/net/geneve.c:863
 geneve6_xmit_skb drivers/net/geneve.c:996 [inline]
 geneve_xmit+0x4b2/0x3350 drivers/net/geneve.c:1079
 __netdev_start_xmit include/linux/netdevice.h:4944 [inline]
 netdev_start_xmit include/linux/netdevice.h:4958 [inline]
 xmit_one net/core/dev.c:3654 [inline]
 dev_hard_start_xmit+0x1eb/0x920 net/core/dev.c:3670
 __dev_queue_xmit+0x20bc/0x2e50 net/core/dev.c:4245
 neigh_resolve_output net/core/neighbour.c:1495 [inline]
 neigh_resolve_output+0x50e/0x820 net/core/neighbour.c:1475
 neigh_output include/net/neighbour.h:510 [inline]
 ip6_finish_output2+0x686/0x1700 net/ipv6/ip6_output.c:117
 __ip6_finish_output net/ipv6/ip6_output.c:182 [inline]
 __ip6_finish_output+0x4c1/0xe10 net/ipv6/ip6_output.c:161
 ip6_finish_output+0x35/0x200 net/ipv6/ip6_output.c:192
 NF_HOOK_COND include/linux/netfilter.h:290 [inline]
 ip6_output+0x1e4/0x530 net/ipv6/ip6_output.c:215
 dst_output include/net/dst.h:448 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ndisc_send_skb+0xa99/0x1750 net/ipv6/ndisc.c:508
 ndisc_send_rs+0x12e/0x6f0 net/ipv6/ndisc.c:702
 addrconf_rs_timer+0x3f2/0x820 net/ipv6/addrconf.c:3877
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1417
 expire_timers kernel/time/timer.c:1462 [inline]
 __run_timers.part.0+0x67c/0xa50 kernel/time/timer.c:1731
 __run_timers kernel/time/timer.c:1712 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1744
 __do_softirq+0x29b/0x9fe kernel/softirq.c:559
 invoke_softirq kernel/softirq.c:433 [inline]
 __irq_exit_rcu+0x136/0x200 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100
 </IRQ>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
RIP: 0010:pte_pfn arch/x86/include/asm/pgtable.h:216 [inline]
RIP: 0010:vm_normal_page+0xc8/0x2a0 mm/memory.c:609
Code: 89 f3 45 89 f7 31 ff 83 e3 01 41 81 e7 00 02 00 00 48 89 de 48 83 eb 01 e8 35 33 cc ff 4c 31 f3 31 ff 44 89 fe e8 b8 32 cc ff <48> c1 e3 0c 48 c1 eb 18 45 85 ff 0f 85 a6 00 00 00 e8 f2 2a cc ff
RSP: 0018:ffffc90009ebf790 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 8000000042ec4007 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8880565b5580 RDI: 0000000000000003
RBP: 1ffff920013d7ef3 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff81a8ce48 R11: 0000000000000000 R12: ffff8880569ac630
R13: 00007ff30d322000 R14: 8000000042ec4007 R15: 0000000000000000
 copy_present_pte mm/memory.c:866 [inline]
 copy_pte_range mm/memory.c:984 [inline]
 copy_pmd_range mm/memory.c:1064 [inline]
 copy_pud_range mm/memory.c:1101 [inline]
 copy_p4d_range mm/memory.c:1125 [inline]
 copy_page_range+0xddc/0x3e50 mm/memory.c:1198
 dup_mmap kernel/fork.c:598 [inline]
 dup_mm+0x9ed/0x1380 kernel/fork.c:1373
 copy_mm kernel/fork.c:1425 [inline]
 copy_process+0x5e19/0x70e0 kernel/fork.c:2115
 kernel_clone+0xe7/0xac0 kernel/fork.c:2502
 __do_sys_fork+0x8a/0xc0 kernel/fork.c:2565
 do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff30a930188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00000000004bfbb9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffd3bd702bf R14: 00007ff30a930300 R15: 0000000000022000
Modules linked in:
CR2: ffffffffffffff14
---[ end trace fdfb4a0aeb63b908 ]---
RIP: 0010:__ipv6_dev_get_saddr+0x103/0x5c0 net/ipv6/addrconf.c:1662
Code: 48 b9 00 00 00 00 00 fc ff df 48 89 f8 48 c1 e8 03 0f b6 14 08 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 1c 04 00 00 <8b> 5d 6c bf 40 00 00 00 83 e3 44 89 de e8 5b b4 b5 f9 83 fb 40 0f
RSP: 0018:ffffc90000dc00f8 EFLAGS: 00010246
RAX: 0000000000000007 RBX: 0000000000000000 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffffff87bf4c65 RDI: ffffffffffffff14
RBP: fffffffffffffea8 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff87bf4cf8 R11: 0000000000000000 R12: ffff888028ff8000
R13: ffffc90000dc01e0 R14: ffff88802c299a40 R15: ffffc90000dc01a0
FS:  00007ff30a930700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffff14 CR3: 000000001da5c000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/04/22 20:50 linux-next c457d9676496 590921a5 .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel paging request in __ipv6_dev_get_saddr
* Struck through repros no longer work on HEAD.