syzbot

 sign-in | mailing list | source | docs
🐞 Open [1501]
Subsystems
🐞 Fixed [6527]
🐞 Invalid [16616]
Missing Backports [205]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: unable to handle kernel paging request in __netlink_lookup

Status: closed as invalid on 2023/03/21 17:14
Subsystems: net
[Documentation on labels]
First crash: 937d, last: 937d

Sample crash report:
Unable to handle kernel paging request at virtual address fffffffffffffe40
Mem abort info:
  ESR = 0x0000000096000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004
  CM = 0, WnR = 0
swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001c5285000
[fffffffffffffe40] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 7481 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller-17298-gc62c88e05937 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : netlink_compare net/netlink/af_netlink.c:500 [inline]
pc : __rhashtable_lookup include/linux/rhashtable.h:609 [inline]
pc : rhashtable_lookup include/linux/rhashtable.h:646 [inline]
pc : rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
pc : __netlink_lookup+0x1e8/0x4ac net/netlink/af_netlink.c:518
lr : __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
lr : rhashtable_lookup include/linux/rhashtable.h:646 [inline]
lr : rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
lr : __netlink_lookup+0x22c/0x4ac net/netlink/af_netlink.c:518
sp : ffff800015163810
x29: ffff800015163820 x28: 0000000000000000 x27: fffffffffffff930
x26: 0000000000000000 x25: ffff00011da29698 x24: ffff00011da29699
x23: fffffffffffff930 x22: ffff00011da29600 x21: ffff0000c01f1a80
x20: 0000000000000193 x19: ffff0000c9f48000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff80000dd97118 x15: ffff00011b333400
x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000040000
x11: 0000000000000ba1 x10: ffff800013065000 x9 : ffff80000b49eca8
x8 : 0000000000000ba2 x7 : ffff80000b49a7c0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : 0000000000000193 x0 : 0000000000000000
Call trace:
 rht_obj include/linux/rhashtable.h:116 [inline]
 __rhashtable_lookup include/linux/rhashtable.h:609 [inline]
 rhashtable_lookup include/linux/rhashtable.h:646 [inline]
 rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
 __netlink_lookup+0x1e8/0x4ac net/netlink/af_netlink.c:518
 netlink_lookup+0xc0/0x1f0 net/netlink/af_netlink.c:538
 netlink_getsockbyportid+0x30/0x12c net/netlink/af_netlink.c:1165
 netlink_unicast+0xa8/0x248 net/netlink/af_netlink.c:1350
 nlmsg_unicast include/net/netlink.h:1099 [inline]
 genlmsg_unicast include/net/genetlink.h:433 [inline]
 genlmsg_reply include/net/genetlink.h:443 [inline]
 ctrl_getfamily+0x2cc/0x318 net/netlink/genetlink.c:1328
 genl_family_rcv_msg_doit net/netlink/genetlink.c:968 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]
 genl_rcv_msg+0x450/0x4ec net/netlink/genetlink.c:1065
 netlink_rcv_skb+0xfc/0x1e8 net/netlink/af_netlink.c:2564
 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1076
 netlink_unicast_kernel+0xfc/0x1dc net/netlink/af_netlink.c:1330
 netlink_unicast+0x164/0x248 net/netlink/af_netlink.c:1356
 netlink_sendmsg+0x484/0x584 net/netlink/af_netlink.c:1932
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 __sys_sendto+0x1e4/0x280 net/socket.c:2117
 __do_sys_sendto net/socket.c:2129 [inline]
 __se_sys_sendto net/socket.c:2125 [inline]
 __arm64_sys_sendto+0x30/0x44 net/socket.c:2125
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x104 arch/arm64/kernel/syscall.c:193
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Code: 370002dc 79402ea8 cb0803f7 8b17039b (b945137a) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	370002dc 	tbnz	w28, #0, 0x58
   4:	79402ea8 	ldrh	w8, [x21, #22]
   8:	cb0803f7 	neg	x23, x8
   c:	8b17039b 	add	x27, x28, x23
* 10:	b945137a 	ldr	w26, [x27, #1296] <-- trapping instruction

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/29 03:02 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c62c88e05937 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in __netlink_lookup
* Struck through repros no longer work on HEAD.