Unable to handle kernel paging request at virtual address ffff800019ff03a6 Mem abort info: Exception class = DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000033 CM = 0, WnR = 0 swapper pgtable: 4k pages, 48-bit VAs, pgd = ffff20000eeb2000 [ffff800019ff03a6] *pgd=000000007eff7003, *pud=000000007eff6003, *pmd=00f8000059e00711 Internal error: Oops: 96000021 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 5392 Comm: syz-executor1 Not tainted 4.14.0-rc2-00001-gd7ad33d #115 Hardware name: linux,dummy-virt (DT) task: ffff8000187ab500 task.stack: ffff800015f78000 PC is at __ll_sc_atomic_add+0x4/0x18 arch/arm64/include/asm/atomic_ll_sc.h:113 LR is at atomic_add arch/arm64/include/asm/atomic_lse.h:45 [inline] LR is at __skb_clone+0x4a8/0x6c0 net/core/skbuff.c:873 pc : [] lr : [] pstate: 10000145 sp : ffff80001ffeb6e0 x29: ffff80001ffeb6e0 x28: 000060001519e000 x27: ffff20000ae55360 x26: ffff800015e34348 x25: ffff800019ff0282 x24: ffff800015e34350 x23: ffff20000ae60000 x22: ffff8000139659dc x21: 1ffff00003ffd6e8 x20: ffff800015e34280 x19: ffff800013965900 x18: ffff20000da58140 x17: 0000000000000001 x16: 0000000000000000 x15: ffff20000e1485a0 x14: 1ffff000030f57d5 x13: 1ffff000030f57d6 x12: ffffffffffffffff x11: 1ffff0000272cb37 x10: ffff10000272cb37 x9 : dfff200000000000 x8 : 0082009000a40008 x7 : 0000000000000000 x6 : ffff8000139659c0 x5 : ffff10000272cb38 x4 : 0000000000000000 x3 : 1ffff0000272cb3b x2 : ffff800019ff0382 x1 : ffff800019ff03a6 x0 : 0000000000000001 Process syz-executor1 (pid: 5392, stack limit = 0xffff800015f78000) Call trace: Exception stack(0xffff80001ffeb5a0 to 0xffff80001ffeb6e0) b5a0: 0000000000000001 ffff800019ff03a6 ffff800019ff0382 1ffff0000272cb3b b5c0: 0000000000000000 ffff10000272cb38 ffff8000139659c0 0000000000000000 b5e0: 0082009000a40008 dfff200000000000 ffff10000272cb37 1ffff0000272cb37 b600: ffffffffffffffff 1ffff000030f57d6 1ffff000030f57d5 ffff20000e1485a0 b620: 0000000000000000 0000000000000001 ffff20000da58140 ffff800013965900 b640: ffff800015e34280 1ffff00003ffd6e8 ffff8000139659dc ffff20000ae60000 b660: ffff800015e34350 ffff800019ff0282 ffff800015e34348 ffff20000ae55360 b680: 000060001519e000 ffff80001ffeb6e0 ffff200009dffb58 ffff80001ffeb6e0 b6a0: ffff20000a30ce44 0000000010000145 ffff800013965900 ffff800015e34280 b6c0: 0001000000000000 ffff800015e3430e ffff80001ffeb6e0 ffff20000a30ce44 [] __ll_sc_atomic_add+0x4/0x18 arch/arm64/include/asm/atomic_ll_sc.h:113 [] skb_clone+0x1c4/0x3b0 net/core/skbuff.c:1286 [] ip_expire+0x4e8/0x7c0 net/ipv4/ip_fragment.c:239 [] call_timer_fn+0x1b8/0x430 kernel/time/timer.c:1281 [] expire_timers+0x1d4/0x320 kernel/time/timer.c:1320 [] __run_timers kernel/time/timer.c:1620 [inline] [] run_timer_softirq+0x214/0x5f0 kernel/time/timer.c:1646 [] __do_softirq+0x350/0xc0c kernel/softirq.c:284 [] do_softirq_own_stack include/linux/interrupt.h:498 [inline] [] invoke_softirq kernel/softirq.c:371 [inline] [] irq_exit+0x1dc/0x2f8 kernel/softirq.c:405 [] __handle_domain_irq+0xdc/0x230 kernel/irq/irqdesc.c:647 [] handle_domain_irq include/linux/irqdesc.h:175 [inline] [] gic_handle_irq+0x6c/0xe0 drivers/irqchip/irq-gic.c:367 Exception stack(0xffff800015f7b9d0 to 0xffff800015f7bb10) b9c0: ffff8000187abdcc 0000000000000007 b9e0: 0000000000000000 1ffff000030f57b9 1fffe400017ad00c dfff200000000000 ba00: dfff200000000000 0000000000000000 ffff8000187abdd0 1ffff000030f57b9 ba20: ffff8000187abdc8 ffff8000187abde8 1ffff000030f57bc 1ffff000030f57be ba40: 1ffff000030f57bd ffff20000e1485a0 0000000000000000 0000000000000001 ba60: ffff20000da58140 0000000000000140 ffff80001ffc8600 ffff800015f7bda0 ba80: 00000000ffffffff ffff80001ffc86c0 ffff80001ffc8600 1ffff00002bef7ba baa0: ffff800015f7bdd0 ffff80001ffc86c0 ffff20000e60e000 ffff800015f7bb10 bac0: ffff20000a361294 ffff800015f7bb10 ffff20000a361298 0000000010000145 bae0: 0000000000000140 ffff80001ffc8600 0001000000000000 ffff2000082fffcc bb00: ffff800015f7bb10 ffff20000a361298 [] el1_irq+0xb4/0x12c arch/arm64/kernel/entry.S:569 [] arch_local_irq_restore arch/arm64/include/asm/irqflags.h:81 [inline] [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] [] _raw_spin_unlock_irqrestore+0x90/0x118 kernel/locking/spinlock.c:191 [] unlock_hrtimer_base kernel/time/hrtimer.c:776 [inline] [] hrtimer_try_to_cancel+0x19c/0x370 kernel/time/hrtimer.c:1014 [] hrtimer_cancel kernel/time/hrtimer.c:1032 [inline] [] do_nanosleep+0x2fc/0x760 kernel/time/hrtimer.c:1475 [] hrtimer_nanosleep+0x1e8/0x438 kernel/time/hrtimer.c:1527 [] SYSC_nanosleep kernel/time/hrtimer.c:1559 [inline] [] SyS_nanosleep+0x120/0x1b8 kernel/time/hrtimer.c:1546 Exception stack(0xffff800015f7bec0 to 0xffff800015f7c000) bec0: 0000ffffe39b2fb0 0000000000000000 00000000ffffffbb 0000ffffe39b2f5c bee0: 000000002698f108 000000002698f000 000000002698f6f0 0000000000000000 bf00: 0000000000000065 0000000000000000 0000000000405850 00000000003d0f00 bf20: 0000ffffb80e5f60 00000000004ae890 0000000000000027 0000000000000001 bf40: 0000000000000000 0000000000826000 0000000000000000 00000000004c00d4 bf60: 00000000000193df 0000000000000014 0000000000000062 0000ffffe39b30a0 bf80: 00000000000f4240 00000000004c00b0 0000ffffe39b32a0 0000000040000001 bfa0: 0000000000019321 0000ffffe39b2fa0 00000000004468d8 0000ffffe39b2f60 bfc0: 00000000004468e8 0000000080000000 0000ffffe39b2fb0 0000000000000065 bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [] el0_svc_naked+0x24/0x28 Code: 978b7cfd 17ffff91 00000000 f9800031 (885f7c31) ---[ end trace e439728abd50f81b ]---