[moderation] [net?] BUG: stack guard page was hit in compat_sys_sendmmsg
1 view
Skip to first unread message
syzbot
10:30 AM (4 hours ago) 10:30 AM
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: ab5fce87a778 Merge tag 'perf-tools-fixes-for-v7.1-2026-05-..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1760e536580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4caf64b1ee83dac0
dashboard link: https://syzkaller.appspot.com/bug?extid=30807d6b823edd519c33
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: i386
CC: [da...@davemloft.net dsa...@kernel.org edum...@google.com ho...@kernel.org ido...@nvidia.com ku...@kernel.org linux-...@vger.kernel.org net...@vger.kernel.org pab...@redhat.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/eca5b9860480/disk-ab5fce87.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0ce15c72b9a7/vmlinux-ab5fce87.xz
kernel image: https://storage.googleapis.com/syzbot-assets/15e078df7ba5/bzImage-ab5fce87.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+30807d...@syzkaller.appspotmail.com
BUG: TASK stack guard page was hit at ffffc90005947fe8 (stack is ffffc90005948000..ffffc90005950000)
Oops: stack guard page: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 13435 Comm: syz.0.11488 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:format_decode+0x17/0xe10 lib/vsprintf.c:2666
Code: 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 28 49 89 d5 49 89 f6 48 89 fd <e8> 04 af 20 f6 41 0f b6 de 48 89 df 48 c7 c6 50 d2 17 90 e8 71 b4
RSP: 0018:ffffc90005947ff0 EFLAGS: 00010086
RAX: 1ffff92000b29042 RBX: dffffc0000000000 RCX: 1ffff92000b29040
RDX: ffffc90005948098 RSI: 0000000000000000 RDI: ffffffff8cdd9820
RBP: ffffffff8cdd9820 R08: ffffc90005948217 R09: 0000000000000000
R10: ffffc90005948200 R11: fffff52000b29043 R12: ffffc90005948200
R13: ffffc90005948098 R14: 0000000000000000 R15: ffffffff8cdd9820
FS: 0000000000000000(0000) GS:ffff888125289000(0063) knlGS:00000000f4fe1b40
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: ffffc90005947fe8 CR3: 000000008f3f2000 CR4: 00000000003526f0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
vsnprintf+0x102/0xee0 lib/vsprintf.c:2890
vprintk_store+0x371/0xd50 kernel/printk/printk.c:2307
vprintk_emit+0x192/0x560 kernel/printk/printk.c:2455
_printk+0xdd/0x130 kernel/printk/printk.c:2504
__dev_queue_xmit+0x1919/0x3950 net/core/dev.c:4891
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ip_send_skb+0x45/0xc0 net/ipv4/ip_output.c:1510
udp_send_skb+0x7e4/0xf70 net/ipv4/udp.c:1161
udp_sendmsg+0x1937/0x21a0 net/ipv4/udp.c:1443
sock_sendmsg_nosec net/socket.c:787 [inline]
__sock_sendmsg net/socket.c:802 [inline]
____sys_sendmsg+0x80a/0x9f0 net/socket.c:2698
___sys_sendmsg+0x2a5/0x360 net/socket.c:2752
__sys_sendmmsg+0x2e7/0x4e0 net/socket.c:2834
__compat_sys_sendmmsg net/compat.c:360 [inline]
__do_compat_sys_sendmmsg net/compat.c:367 [inline]
__se_compat_sys_sendmmsg net/compat.c:364 [inline]
__ia32_compat_sys_sendmmsg+0xa2/0xc0 net/compat.c:364
do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
__do_fast_syscall_32+0x229/0x6e0 arch/x86/entry/syscall_32.c:307
do_fast_syscall_32+0x33/0x70 arch/x86/entry/syscall_32.c:332
entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f8301c
Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
RSP: 002b:00000000f4fe150c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800005c0
RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:format_decode+0x17/0xe10 lib/vsprintf.c:2666
Code: 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 28 49 89 d5 49 89 f6 48 89 fd <e8> 04 af 20 f6 41 0f b6 de 48 89 df 48 c7 c6 50 d2 17 90 e8 71 b4
RSP: 0018:ffffc90005947ff0 EFLAGS: 00010086
RAX: 1ffff92000b29042 RBX: dffffc0000000000 RCX: 1ffff92000b29040
RDX: ffffc90005948098 RSI: 0000000000000000 RDI: ffffffff8cdd9820
RBP: ffffffff8cdd9820 R08: ffffc90005948217 R09: 0000000000000000
R10: ffffc90005948200 R11: fffff52000b29043 R12: ffffc90005948200
R13: ffffc90005948098 R14: 0000000000000000 R15: ffffffff8cdd9820
FS: 0000000000000000(0000) GS:ffff888125289000(0063) knlGS:00000000f4fe1b40
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: ffffc90005947fe8 CR3: 000000008f3f2000 CR4: 00000000003526f0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: 00 90 90 90 90 90 add %dl,-0x6f6f6f70(%rax)
8: 90 nop
9: 90 nop
a: 90 nop
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 55 push %rbp
14: 41 57 push %r15
16: 41 56 push %r14
18: 41 55 push %r13
1a: 41 54 push %r12
1c: 53 push %rbx
1d: 48 83 ec 28 sub $0x28,%rsp
21: 49 89 d5 mov %rdx,%r13
24: 49 89 f6 mov %rsi,%r14
27: 48 89 fd mov %rdi,%rbp
* 2a: e8 04 af 20 f6 call 0xf620af33 <-- trapping instruction
2f: 41 0f b6 de movzbl %r14b,%ebx
33: 48 89 df mov %rbx,%rdi
36: 48 c7 c6 50 d2 17 90 mov $0xffffffff9017d250,%rsi
3d: e8 .byte 0xe8
3e: 71 b4 jno 0xfffffff4
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: ab5fce87a778 Merge tag 'perf-tools-fixes-for-v7.1-2026-05-..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1760e536580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4caf64b1ee83dac0
dashboard link: https://syzkaller.appspot.com/bug?extid=30807d6b823edd519c33
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: i386
CC: [da...@davemloft.net dsa...@kernel.org edum...@google.com ho...@kernel.org ido...@nvidia.com ku...@kernel.org linux-...@vger.kernel.org net...@vger.kernel.org pab...@redhat.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/eca5b9860480/disk-ab5fce87.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0ce15c72b9a7/vmlinux-ab5fce87.xz
kernel image: https://storage.googleapis.com/syzbot-assets/15e078df7ba5/bzImage-ab5fce87.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+30807d...@syzkaller.appspotmail.com
BUG: TASK stack guard page was hit at ffffc90005947fe8 (stack is ffffc90005948000..ffffc90005950000)
Oops: stack guard page: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 13435 Comm: syz.0.11488 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:format_decode+0x17/0xe10 lib/vsprintf.c:2666
Code: 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 28 49 89 d5 49 89 f6 48 89 fd <e8> 04 af 20 f6 41 0f b6 de 48 89 df 48 c7 c6 50 d2 17 90 e8 71 b4
RSP: 0018:ffffc90005947ff0 EFLAGS: 00010086
RAX: 1ffff92000b29042 RBX: dffffc0000000000 RCX: 1ffff92000b29040
RDX: ffffc90005948098 RSI: 0000000000000000 RDI: ffffffff8cdd9820
RBP: ffffffff8cdd9820 R08: ffffc90005948217 R09: 0000000000000000
R10: ffffc90005948200 R11: fffff52000b29043 R12: ffffc90005948200
R13: ffffc90005948098 R14: 0000000000000000 R15: ffffffff8cdd9820
FS: 0000000000000000(0000) GS:ffff888125289000(0063) knlGS:00000000f4fe1b40
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: ffffc90005947fe8 CR3: 000000008f3f2000 CR4: 00000000003526f0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
vsnprintf+0x102/0xee0 lib/vsprintf.c:2890
vprintk_store+0x371/0xd50 kernel/printk/printk.c:2307
vprintk_emit+0x192/0x560 kernel/printk/printk.c:2455
_printk+0xdd/0x130 kernel/printk/printk.c:2504
__dev_queue_xmit+0x1919/0x3950 net/core/dev.c:4891
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ipvlan_process_v4_outbound+0x44b/0x730 drivers/net/ipvlan/ipvlan_core.c:461
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:565 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:627 [inline]
ipvlan_queue_xmit+0xac7/0x16c0 drivers/net/ipvlan/ipvlan_core.c:693
ipvlan_start_xmit+0x4a/0x160 drivers/net/ipvlan/ipvlan_main.c:226
__netdev_start_xmit include/linux/netdevice.h:5368 [inline]
netdev_start_xmit include/linux/netdevice.h:5377 [inline]
xmit_one net/core/dev.c:3888 [inline]
dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3904
__dev_queue_xmit+0x14d9/0x3950 net/core/dev.c:4870
dev_queue_xmit include/linux/netdevice.h:3418 [inline]
neigh_hh_output include/net/neighbour.h:540 [inline]
neigh_output include/net/neighbour.h:554 [inline]
ip_finish_output2+0xc68/0x1070 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x605/0x660 include/linux/netfilter.h:318
ip_vs_send_or_cont net/netfilter/ipvs/ip_vs_xmit.c:710 [inline]
ip_vs_dr_xmit+0x74a/0x9f0 net/netfilter/ipvs/ip_vs_xmit.c:1460
ip_vs_in_hook+0xd88/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2238
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
__ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
ip_send_skb+0x45/0xc0 net/ipv4/ip_output.c:1510
udp_send_skb+0x7e4/0xf70 net/ipv4/udp.c:1161
udp_sendmsg+0x1937/0x21a0 net/ipv4/udp.c:1443
sock_sendmsg_nosec net/socket.c:787 [inline]
__sock_sendmsg net/socket.c:802 [inline]
____sys_sendmsg+0x80a/0x9f0 net/socket.c:2698
___sys_sendmsg+0x2a5/0x360 net/socket.c:2752
__sys_sendmmsg+0x2e7/0x4e0 net/socket.c:2834
__compat_sys_sendmmsg net/compat.c:360 [inline]
__do_compat_sys_sendmmsg net/compat.c:367 [inline]
__se_compat_sys_sendmmsg net/compat.c:364 [inline]
__ia32_compat_sys_sendmmsg+0xa2/0xc0 net/compat.c:364
do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
__do_fast_syscall_32+0x229/0x6e0 arch/x86/entry/syscall_32.c:307
do_fast_syscall_32+0x33/0x70 arch/x86/entry/syscall_32.c:332
entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f8301c
Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
RSP: 002b:00000000f4fe150c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800005c0
RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:format_decode+0x17/0xe10 lib/vsprintf.c:2666
Code: 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 28 49 89 d5 49 89 f6 48 89 fd <e8> 04 af 20 f6 41 0f b6 de 48 89 df 48 c7 c6 50 d2 17 90 e8 71 b4
RSP: 0018:ffffc90005947ff0 EFLAGS: 00010086
RAX: 1ffff92000b29042 RBX: dffffc0000000000 RCX: 1ffff92000b29040
RDX: ffffc90005948098 RSI: 0000000000000000 RDI: ffffffff8cdd9820
RBP: ffffffff8cdd9820 R08: ffffc90005948217 R09: 0000000000000000
R10: ffffc90005948200 R11: fffff52000b29043 R12: ffffc90005948200
R13: ffffc90005948098 R14: 0000000000000000 R15: ffffffff8cdd9820
FS: 0000000000000000(0000) GS:ffff888125289000(0063) knlGS:00000000f4fe1b40
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: ffffc90005947fe8 CR3: 000000008f3f2000 CR4: 00000000003526f0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: 00 90 90 90 90 90 add %dl,-0x6f6f6f70(%rax)
8: 90 nop
9: 90 nop
a: 90 nop
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 55 push %rbp
14: 41 57 push %r15
16: 41 56 push %r14
18: 41 55 push %r13
1a: 41 54 push %r12
1c: 53 push %rbx
1d: 48 83 ec 28 sub $0x28,%rsp
21: 49 89 d5 mov %rdx,%r13
24: 49 89 f6 mov %rsi,%r14
27: 48 89 fd mov %rdi,%rbp
* 2a: e8 04 af 20 f6 call 0xf620af33 <-- trapping instruction
2f: 41 0f b6 de movzbl %r14b,%ebx
33: 48 89 df mov %rbx,%rdi
36: 48 c7 c6 50 d2 17 90 mov $0xffffffff9017d250,%rsi
3d: e8 .byte 0xe8
3e: 71 b4 jno 0xfffffff4
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages