[v5.15] WARNING in ip_rt_bug
4 views
Skip to first unread message
syzbot
Jan 5, 2025, 8:15:25 PM1/5/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 91786f140358 Linux 5.15.175
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=168f84b0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=792c138814af56fb
dashboard link: https://syzkaller.appspot.com/bug?extid=8dd6912e348f90eb4ddd
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/703bce36932e/disk-91786f14.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f72d0cd34063/vmlinux-91786f14.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3ea47692ed8c/Image-91786f14.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8dd691...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3644 at net/ipv4/route.c:1260 kfree_skb include/linux/skbuff.h:1118 [inline]
WARNING: CPU: 0 PID: 3644 at net/ipv4/route.c:1260 ip_rt_bug+0x30/0x100 net/ipv4/route.c:1259
Modules linked in:
CPU: 0 PID: 3644 Comm: udevd Not tainted 5.15.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ip_rt_bug+0x30/0x100 include/linux/skbuff.h:1118
lr : kfree_skb include/linux/skbuff.h:1118 [inline]
lr : ip_rt_bug+0x30/0x100 net/ipv4/route.c:1259
sp : ffff800008007530
x29: ffff800008007530 x28: 1fffe00018f82123 x27: ffff800008007800
x26: dfff800000000000 x25: 1fffe0001cf96fc3 x24: dfff800000000000
x23: ffff0000e841de00 x22: ffff0000e841de30 x21: ffff0000c7c10680
x20: ffff0000e7cb7dc0 x19: ffff0000e7cb7dc0 x18: 0000000000000303
x17: 0000000000000000 x16: ffff800011b4eaf8 x15: ffff8000083bd5a4
x14: ffff8000083bd904
x13: ffff80000ffd1640 x12: 0000000000000003
x11: 0000000000000304 x10: 0000000000000003 x9 : f8f6bed45f89d500
x8 : f8f6bed45f89d500 x7 : 0000000000000000 x6 : ffff8000083bb0c8
x5 : ffff0000d8ff3330 x4 : 0000000000000000 x3 : ffff8000136c51e0
x2 : 0000000000000002 x1 : ffff800012165740 x0 : 0000000000000001
Call trace:
kfree_skb include/linux/skbuff.h:1118 [inline]
ip_rt_bug+0x30/0x100 net/ipv4/route.c:1259
dst_output include/net/dst.h:443 [inline]
ip_local_out net/ipv4/ip_output.c:126 [inline]
ip_send_skb+0x134/0x2f8 net/ipv4/ip_output.c:1581
ip_push_pending_frames+0x68/0x84 net/ipv4/ip_output.c:1601
icmp_push_reply+0x3a4/0x4d4 net/ipv4/icmp.c:396
__icmp_send+0xb74/0x1020 net/ipv4/icmp.c:777
ipv4_send_dest_unreach net/ipv4/route.c:1240 [inline]
ipv4_link_failure+0x554/0x8d4 net/ipv4/route.c:1247
dst_link_failure include/net/dst.h:422 [inline]
arp_error_report+0x11c/0x16c net/ipv4/arp.c:295
neigh_invalidate+0x2c0/0x514 net/core/neighbour.c:1001
neigh_timer_handler+0x630/0xe1c net/core/neighbour.c:1088
call_timer_fn+0x19c/0x8f0 kernel/time/timer.c:1451
expire_timers kernel/time/timer.c:1496 [inline]
__run_timers+0x554/0x718 kernel/time/timer.c:1767
run_timer_softirq+0x7c/0x114 kernel/time/timer.c:1780
handle_softirqs+0x384/0xdbc kernel/softirq.c:558
__do_softirq kernel/softirq.c:592 [inline]
do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
invoke_softirq kernel/softirq.c:439 [inline]
__irq_exit_rcu+0x268/0x4d8 kernel/softirq.c:641
irq_exit+0x14/0x88 kernel/softirq.c:665
handle_domain_irq+0xf4/0x178 kernel/irq/irqdesc.c:711
gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899
do_interrupt_handler+0x74/0x94 arch/arm64/kernel/entry-common.c:267
el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irqrestore+0xbc/0x158 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:418 [inline]
get_partial_node+0x260/0x2e4 mm/slub.c:2152
get_partial mm/slub.c:2232 [inline]
___slab_alloc+0x39c/0xdbc mm/slub.c:3003
__slab_alloc mm/slub.c:3095 [inline]
slab_alloc_node mm/slub.c:3186 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x2d8/0x45c mm/slub.c:3233
getname_flags+0xd0/0x480 fs/namei.c:138
user_path_at_empty+0x40/0x1a4 fs/namei.c:2882
user_path_at include/linux/namei.h:57 [inline]
vfs_statx+0xf8/0x378 fs/stat.c:221
vfs_fstatat fs/stat.c:243 [inline]
__do_sys_newfstatat fs/stat.c:411 [inline]
__se_sys_newfstatat fs/stat.c:405 [inline]
__arm64_sys_newfstatat+0x110/0x194 fs/stat.c:405
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 3078043
hardirqs last enabled at (3078042): [<ffff8000088d68d0>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:231
hardirqs last disabled at (3078043): [<ffff800011b4a1ac>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last enabled at (3077474): [<ffff8000081b691c>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (3077474): [<ffff8000081b691c>] handle_softirqs+0xb88/0xdbc kernel/softirq.c:586
softirqs last disabled at (3077883): [<ffff8000081b6fb4>] __do_softirq kernel/softirq.c:592 [inline]
softirqs last disabled at (3077883): [<ffff8000081b6fb4>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (3077883): [<ffff8000081b6fb4>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (3077883): [<ffff8000081b6fb4>] __irq_exit_rcu+0x268/0x4d8 kernel/softirq.c:641
---[ end trace 40b5718169433a5a ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 91786f140358 Linux 5.15.175
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=168f84b0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=792c138814af56fb
dashboard link: https://syzkaller.appspot.com/bug?extid=8dd6912e348f90eb4ddd
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/703bce36932e/disk-91786f14.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f72d0cd34063/vmlinux-91786f14.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3ea47692ed8c/Image-91786f14.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8dd691...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3644 at net/ipv4/route.c:1260 kfree_skb include/linux/skbuff.h:1118 [inline]
WARNING: CPU: 0 PID: 3644 at net/ipv4/route.c:1260 ip_rt_bug+0x30/0x100 net/ipv4/route.c:1259
Modules linked in:
CPU: 0 PID: 3644 Comm: udevd Not tainted 5.15.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ip_rt_bug+0x30/0x100 include/linux/skbuff.h:1118
lr : kfree_skb include/linux/skbuff.h:1118 [inline]
lr : ip_rt_bug+0x30/0x100 net/ipv4/route.c:1259
sp : ffff800008007530
x29: ffff800008007530 x28: 1fffe00018f82123 x27: ffff800008007800
x26: dfff800000000000 x25: 1fffe0001cf96fc3 x24: dfff800000000000
x23: ffff0000e841de00 x22: ffff0000e841de30 x21: ffff0000c7c10680
x20: ffff0000e7cb7dc0 x19: ffff0000e7cb7dc0 x18: 0000000000000303
x17: 0000000000000000 x16: ffff800011b4eaf8 x15: ffff8000083bd5a4
x14: ffff8000083bd904
x13: ffff80000ffd1640 x12: 0000000000000003
x11: 0000000000000304 x10: 0000000000000003 x9 : f8f6bed45f89d500
x8 : f8f6bed45f89d500 x7 : 0000000000000000 x6 : ffff8000083bb0c8
x5 : ffff0000d8ff3330 x4 : 0000000000000000 x3 : ffff8000136c51e0
x2 : 0000000000000002 x1 : ffff800012165740 x0 : 0000000000000001
Call trace:
kfree_skb include/linux/skbuff.h:1118 [inline]
ip_rt_bug+0x30/0x100 net/ipv4/route.c:1259
dst_output include/net/dst.h:443 [inline]
ip_local_out net/ipv4/ip_output.c:126 [inline]
ip_send_skb+0x134/0x2f8 net/ipv4/ip_output.c:1581
ip_push_pending_frames+0x68/0x84 net/ipv4/ip_output.c:1601
icmp_push_reply+0x3a4/0x4d4 net/ipv4/icmp.c:396
__icmp_send+0xb74/0x1020 net/ipv4/icmp.c:777
ipv4_send_dest_unreach net/ipv4/route.c:1240 [inline]
ipv4_link_failure+0x554/0x8d4 net/ipv4/route.c:1247
dst_link_failure include/net/dst.h:422 [inline]
arp_error_report+0x11c/0x16c net/ipv4/arp.c:295
neigh_invalidate+0x2c0/0x514 net/core/neighbour.c:1001
neigh_timer_handler+0x630/0xe1c net/core/neighbour.c:1088
call_timer_fn+0x19c/0x8f0 kernel/time/timer.c:1451
expire_timers kernel/time/timer.c:1496 [inline]
__run_timers+0x554/0x718 kernel/time/timer.c:1767
run_timer_softirq+0x7c/0x114 kernel/time/timer.c:1780
handle_softirqs+0x384/0xdbc kernel/softirq.c:558
__do_softirq kernel/softirq.c:592 [inline]
do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
invoke_softirq kernel/softirq.c:439 [inline]
__irq_exit_rcu+0x268/0x4d8 kernel/softirq.c:641
irq_exit+0x14/0x88 kernel/softirq.c:665
handle_domain_irq+0xf4/0x178 kernel/irq/irqdesc.c:711
gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899
do_interrupt_handler+0x74/0x94 arch/arm64/kernel/entry-common.c:267
el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irqrestore+0xbc/0x158 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:418 [inline]
get_partial_node+0x260/0x2e4 mm/slub.c:2152
get_partial mm/slub.c:2232 [inline]
___slab_alloc+0x39c/0xdbc mm/slub.c:3003
__slab_alloc mm/slub.c:3095 [inline]
slab_alloc_node mm/slub.c:3186 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x2d8/0x45c mm/slub.c:3233
getname_flags+0xd0/0x480 fs/namei.c:138
user_path_at_empty+0x40/0x1a4 fs/namei.c:2882
user_path_at include/linux/namei.h:57 [inline]
vfs_statx+0xf8/0x378 fs/stat.c:221
vfs_fstatat fs/stat.c:243 [inline]
__do_sys_newfstatat fs/stat.c:411 [inline]
__se_sys_newfstatat fs/stat.c:405 [inline]
__arm64_sys_newfstatat+0x110/0x194 fs/stat.c:405
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 3078043
hardirqs last enabled at (3078042): [<ffff8000088d68d0>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:231
hardirqs last disabled at (3078043): [<ffff800011b4a1ac>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last enabled at (3077474): [<ffff8000081b691c>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (3077474): [<ffff8000081b691c>] handle_softirqs+0xb88/0xdbc kernel/softirq.c:586
softirqs last disabled at (3077883): [<ffff8000081b6fb4>] __do_softirq kernel/softirq.c:592 [inline]
softirqs last disabled at (3077883): [<ffff8000081b6fb4>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (3077883): [<ffff8000081b6fb4>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (3077883): [<ffff8000081b6fb4>] __irq_exit_rcu+0x268/0x4d8 kernel/softirq.c:641
---[ end trace 40b5718169433a5a ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Aug 13, 2025, 1:11:19 PM8/13/25
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages