Unable to handle kernel paging request at virtual address ffff800037a18f42 Mem abort info: Exception class = DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000033 CM = 0, WnR = 0 swapper pgtable: 4k pages, 48-bit VAs, pgd = ffff20000eeb2000 [ffff800037a18f42] *pgd=000000007eff7003, *pud=000000007eff6003, *pmd=00f8000077a00711 Internal error: Oops: 96000021 [#1] PREEMPT SMP Modules linked in: CPU: 3 PID: 1437 Comm: syz-fuzzer Not tainted 4.14.0-rc2-00001-gd7ad33d #115 Hardware name: linux,dummy-virt (DT) task: ffff800019184f80 task.stack: ffff80003a948000 PC is at __ll_sc_atomic_add+0x4/0x18 arch/arm64/include/asm/atomic_ll_sc.h:113 LR is at atomic_add arch/arm64/include/asm/atomic_lse.h:45 [inline] LR is at __skb_clone+0x4a8/0x6c0 net/core/skbuff.c:873 pc : [] lr : [] pstate: 10000145 sp : ffff80003efd86e0 x29: ffff80003efd86e0 x28: 000060003418b000 x27: ffff20000ae55360 x26: ffff8000172214c8 x25: ffff800037a18e1e x24: ffff8000172214d0 x23: ffff20000ae60000 x22: ffff8000171d3b1c x21: 1ffff00007dfb0e8 x20: ffff800017221400 x19: ffff8000171d3a40 x18: ffff20000da58140 x17: 0000000000000000 x16: 0000000000000002 x15: ffff20000e1485a0 x14: ffff2000082f912c x13: ffff2000082f8dcc x12: ffff2000082f8980 x11: 1ffff00002e3a75f x10: ffff100002e3a75f x9 : dfff200000000000 x8 : 0082009000b00008 x7 : 0000000000000000 x6 : ffff8000171d3b00 x5 : ffff100002e3a760 x4 : 0000000000000000 x3 : 1ffff00002e3a763 x2 : ffff800037a18f1e x1 : ffff800037a18f42 x0 : 0000000000000001 Process syz-fuzzer (pid: 1437, stack limit = 0xffff80003a948000) Call trace: Exception stack(0xffff80003efd85a0 to 0xffff80003efd86e0) 85a0: 0000000000000001 ffff800037a18f42 ffff800037a18f1e 1ffff00002e3a763 85c0: 0000000000000000 ffff100002e3a760 ffff8000171d3b00 0000000000000000 85e0: 0082009000b00008 dfff200000000000 ffff100002e3a75f 1ffff00002e3a75f 8600: ffff2000082f8980 ffff2000082f8dcc ffff2000082f912c ffff20000e1485a0 8620: 0000000000000002 0000000000000000 ffff20000da58140 ffff8000171d3a40 8640: ffff800017221400 1ffff00007dfb0e8 ffff8000171d3b1c ffff20000ae60000 8660: ffff8000172214d0 ffff800037a18e1e ffff8000172214c8 ffff20000ae55360 8680: 000060003418b000 ffff80003efd86e0 ffff200009dffb58 ffff80003efd86e0 86a0: ffff20000a30ce44 0000000010000145 ffff8000171d3a40 ffff800017221400 86c0: 0001000000000000 ffff80001722148e ffff80003efd86e0 ffff20000a30ce44 [] __ll_sc_atomic_add+0x4/0x18 arch/arm64/include/asm/atomic_ll_sc.h:113 [] skb_clone+0x1c4/0x3b0 net/core/skbuff.c:1286 [] ip_expire+0x4e8/0x7c0 net/ipv4/ip_fragment.c:239 [] call_timer_fn+0x1b8/0x430 kernel/time/timer.c:1281 [] expire_timers+0x1d4/0x320 kernel/time/timer.c:1320 [] __run_timers kernel/time/timer.c:1620 [inline] [] run_timer_softirq+0x214/0x5f0 kernel/time/timer.c:1646 [] __do_softirq+0x350/0xc0c kernel/softirq.c:284 [] do_softirq_own_stack include/linux/interrupt.h:498 [inline] [] invoke_softirq kernel/softirq.c:371 [inline] [] irq_exit+0x1dc/0x2f8 kernel/softirq.c:405 [] __handle_domain_irq+0xdc/0x230 kernel/irq/irqdesc.c:647 [] handle_domain_irq include/linux/irqdesc.h:175 [inline] [] gic_handle_irq+0x6c/0xe0 drivers/irqchip/irq-gic.c:367 Exception stack(0xffff80003a94b100 to 0xffff80003a94b240) b100: ffff80001918584c 0000000000000007 0000000000000000 1ffff00003230b09 b120: 1fffe400017ad00c dfff200000000000 dfff200000000000 0000000000000000 b140: ffff800019185850 1ffff00003230b09 ffff800019185848 ffff800019185868 b160: 1ffff00003230b0c 1ffff00003230b0e 1ffff00003230b0d ffff20000e1485a0 b180: 0000000000000000 0000000000000001 ffff20000da58140 ffff80003efd9800 b1a0: ffff80003efd9800 ffff20000ae60000 ffff80003a901a80 1ffff0000752965c b1c0: ffff80003a066e00 ffff20000ae60000 0000000000000000 ffff20000a34fce0 b1e0: 0000dffff519f438 ffff80003a94b240 ffff20000a36134c ffff80003a94b240 b200: ffff20000a361350 0000000010000145 ffff80003efd9800 ffff80003efd9800 b220: 0001000000000000 ffff80003efd9800 ffff80003a94b240 ffff20000a361350 [] el1_irq+0xb4/0x12c arch/arm64/kernel/entry.S:569 [] arch_local_irq_enable arch/arm64/include/asm/irqflags.h:40 [inline] [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] [] _raw_spin_unlock_irq+0x30/0x100 kernel/locking/spinlock.c:199 [] finish_lock_switch kernel/sched/sched.h:1335 [inline] [] finish_task_switch+0x1d8/0x950 kernel/sched/core.c:2657 [] context_switch kernel/sched/core.c:2793 [inline] [] __schedule+0x518/0x17b0 kernel/sched/core.c:3366 [] schedule+0x5c/0x1f8 kernel/sched/core.c:3425 [] schedule_hrtimeout_range_clock+0x1e4/0x350 kernel/time/hrtimer.c:1708 [] schedule_hrtimeout_range+0x34/0x48 kernel/time/hrtimer.c:1753 [] poll_schedule_timeout+0x148/0x2f8 fs/select.c:242 [] do_select+0xda8/0x1428 fs/select.c:581 [] core_sys_select+0x3c8/0x920 fs/select.c:655 [] do_pselect fs/select.c:732 [inline] [] SYSC_pselect6 fs/select.c:773 [inline] [] SyS_pselect6+0x404/0x4e0 fs/select.c:758 Exception stack(0xffff80003a94bec0 to 0xffff80003a94c000) bec0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 bee0: 0000ffff82d6a898 0000000000000000 0000000000000000 00000000000001af bf00: 0000000000000048 00000000000001af 0000ffff82f16f80 00000000003d0f00 bf20: 0000ffff6bfff1f0 0000ffff82d6a7b0 0000000000000011 0000000000000879 bf40: 0000000000ac4000 0000ffff82f1e508 0000000000000000 000000000042c840 bf60: 0000000000451d00 0000000000000000 0000ffffd15d92ff 0000ffff82f3b000 bf80: 000000000078e660 0000ffff82d6b2b0 0000ffff82d6a688 0000000000002710 bfa0: 00000044200009c0 0000ffff82d6a960 000000000043304c 0000ffff82d6a890 bfc0: 000000000045293c 0000000080000000 0000000000000000 0000000000000048 bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [] el0_svc_naked+0x24/0x28 Code: 978b7cfd 17ffff91 00000000 f9800031 (885f7c31) ---[ end trace 3cdbb931d4c8217f ]---