syzbot

 sign-in | mailing list | source | docs
🐞 Open [121]
🐞 Fixed [69]
🐞 Invalid [247]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel paging request in inet_lookup_reuseport

Status: premoderation: reported syz repro on 2025/10/13 05:47
Reported-by: syzbot+be1604b110333c4cfcb0@syzkaller.appspotmail.com
First crash: 1d21h, last: 1d21h

Sample crash report:
BUG: unable to handle page fault for address: ffffffffa0016fb0
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 6212067 P4D 6212067 PUD 6213063 PMD 1087e4067 PTE 0
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 635 Comm: syz.0.73 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:0xffffffffa0016fb0
Code: Unable to access opcode bytes at RIP 0xffffffffa0016f86.
RSP: 0018:ffffc90000de7068 EFLAGS: 00010246
RAX: 1ffff92000019206 RBX: ffffc900000c9030 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffc900000c9038 RDI: ffff8881166c7dc0
RBP: ffffc90000de7128 R08: dffffc0000000000 R09: ffffc90000de70d0
R10: fffff520001bce1d R11: 1ffff920001bce1a R12: 1ffff11022cd8fd4
R13: ffff8881166c7dc0 R14: ffff888117887000 R15: ffffc900000c9038
FS:  00007f01f32c66c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffa0016f86 CR3: 000000011585b000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 inet_lookup_reuseport+0x95/0xc0 net/ipv4/inet_hashtables.c:270
 udp4_lib_lookup2+0x397/0x6c0 net/ipv4/udp.c:445
 __udp4_lib_lookup+0x3d3/0x950 net/ipv4/udp.c:539
 __udp4_lib_lookup_skb+0x19c/0x240 net/ipv4/udp.c:555
 __udp4_lib_rcv+0x1097/0x1ca0 net/ipv4/udp.c:2425
 udp_rcv+0x21/0x30 net/ipv4/udp.c:2597
 ip_protocol_deliver_rcu+0x2f0/0x640 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip_local_deliver+0x2de/0x530 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:461 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:436 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip_rcv+0x152/0x270 net/ipv4/ip_input.c:547
 __netif_receive_skb_one_core net/core/dev.c:5402 [inline]
 __netif_receive_skb+0xc8/0x280 net/core/dev.c:5516
 netif_receive_skb_internal net/core/dev.c:5621 [inline]
 netif_receive_skb+0x9b/0x3d0 net/core/dev.c:5680
 tun_rx_batched+0x5e8/0x710 drivers/net/tun.c:-1
 tun_get_user+0x25d0/0x3090 drivers/net/tun.c:2026
 tun_chr_write_iter+0x1bf/0x270 drivers/net/tun.c:2059
 call_write_iter include/linux/fs.h:2066 [inline]
 new_sync_write fs/read_write.c:518 [inline]
 vfs_write+0x725/0xd60 fs/read_write.c:605
 ksys_write+0x140/0x240 fs/read_write.c:658
 __do_sys_write fs/read_write.c:670 [inline]
 __se_sys_write fs/read_write.c:667 [inline]
 __x64_sys_write+0x7b/0x90 fs/read_write.c:667
 do_syscall_64+0x31/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f01f349697f
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
RSP: 002b:00007f01f32c6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f01f36ef180 RCX: 00007f01f349697f
RDX: 000000000000002a RSI: 00002000000002c0 RDI: 00000000000000c8
RBP: 00007f01f351af91 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000000
R13: 00007f01f36ef218 R14: 00007f01f36ef180 R15: 00007ffe735acce8
Modules linked in:
CR2: ffffffffa0016fb0
---[ end trace 7493cd38af0eca3b ]---
RIP: 0010:0xffffffffa0016fb0
Code: Unable to access opcode bytes at RIP 0xffffffffa0016f86.
RSP: 0018:ffffc90000de7068 EFLAGS: 00010246
RAX: 1ffff92000019206 RBX: ffffc900000c9030 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffc900000c9038 RDI: ffff8881166c7dc0
RBP: ffffc90000de7128 R08: dffffc0000000000 R09: ffffc90000de70d0
R10: fffff520001bce1d R11: 1ffff920001bce1a R12: 1ffff11022cd8fd4
R13: ffff8881166c7dc0 R14: ffff888117887000 R15: ffffc900000c9038
FS:  00007f01f32c66c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffa0016f86 CR3: 000000011585b000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/13 05:46 android13-5.10-lts 2ece552169c2 ff1712fe .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-android-5-10 BUG: unable to handle kernel paging request in inet_lookup_reuseport
* Struck through repros no longer work on HEAD.