From: syzbot <syzbot+44c2416196b7c607f226@syzkaller.appspotmail.com>
To: ast@kernel.org, bpf@vger.kernel.org, daniel@iogearbox.net,
davem@davemloft.net, edumazet@google.com, hawk@kernel.org,
john.fastabend@gmail.com, kuba@kernel.org,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
pabeni@redhat.com, syzkaller-bugs@googlegroups.com
Subject: [syzbot] [net?] BUG: unable to handle kernel paging request in nsim_bpf
Date: Wed, 08 Nov 2023 21:10:27 -0800 [thread overview]
Message-ID: <000000000000d078d30609b138ba@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 8de1e7afcc1c Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=158c647b680000
kernel config: https://syzkaller.appspot.com/x/.config?x=3e6feaeda5dcbc27
dashboard link: https://syzkaller.appspot.com/bug?extid=44c2416196b7c607f226
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=104da6eb680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14df3787680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0f00907f9764/disk-8de1e7af.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0502fe78c60d/vmlinux-8de1e7af.xz
kernel image: https://storage.googleapis.com/syzbot-assets/192135168cc0/Image-8de1e7af.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+44c2416196b7c607f226@syzkaller.appspotmail.com
netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
Unable to handle kernel paging request at virtual address dfff800000000003
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
Mem abort info:
ESR = 0x0000000096000005
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x05: level 1 translation fault
Data abort info:
ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff800000000003] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6085 Comm: syz-executor153 Not tainted 6.6.0-rc7-syzkaller-g8de1e7afcc1c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nsim_setup_prog_hw_checks drivers/net/netdevsim/bpf.c:320 [inline]
pc : nsim_bpf+0x1e0/0xae0 drivers/net/netdevsim/bpf.c:562
lr : nsim_bpf+0x8c/0xae0 drivers/net/netdevsim/bpf.c:554
sp : ffff800096c67790
x29: ffff800096c677a0 x28: dfff800000000000 x27: ffff700012d8cf00
x26: dfff800000000000 x25: ffff800096c67a00 x24: 0000000000000008
x23: ffff800096c67820 x22: 0000000000000018 x21: ffff800096c67820
x20: ffff0000d3834cc0 x19: ffff0000d3834000 x18: ffff800096c67580
x17: ffff8000805c1258 x16: ffff80008030c738 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000003
x11: ffff0000d4ab3780 x10: 00000000000000bc x9 : ffff800085ce8bf0
x8 : 0000000000000003 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800092dee000 x4 : 0000000000000000 x3 : ffff80008030c754
x2 : 0000000000000000 x1 : ffff80009001ef50 x0 : 0000000000000001
Call trace:
nsim_setup_prog_hw_checks drivers/net/netdevsim/bpf.c:320 [inline]
nsim_bpf+0x1e0/0xae0 drivers/net/netdevsim/bpf.c:562
dev_xdp_install+0x124/0x2f0 net/core/dev.c:9199
dev_xdp_attach+0xa4c/0xcc8 net/core/dev.c:9351
dev_xdp_attach_link net/core/dev.c:9370 [inline]
bpf_xdp_link_attach+0x300/0x710 net/core/dev.c:9540
link_create+0x2c0/0x68c kernel/bpf/syscall.c:4954
__sys_bpf+0x4d4/0x5dc kernel/bpf/syscall.c:5414
__do_sys_bpf kernel/bpf/syscall.c:5448 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5446 [inline]
__arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:5446
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595
Code: 96b3720d f94002c8 91006116 d343fec8 (387a6908)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 96b3720d bl 0xfffffffffacdc834
4: f94002c8 ldr x8, [x22]
8: 91006116 add x22, x8, #0x18
c: d343fec8 lsr x8, x22, #3
* 10: 387a6908 ldrb w8, [x8, x26] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
next reply other threads:[~2023-11-09 5:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-09 5:10 syzbot [this message]
2023-11-09 19:24 ` [syzbot] [PATCH] Fix the null pointer deference in nsim_setup_prog_hw_checks syzbot
2023-11-10 0:21 ` [syzbot] [net?] BUG: unable to handle kernel paging request in nsim_bpf Stanislav Fomichev
2023-11-10 4:44 ` [syzbot] [PATCH] net: Fix the null pointer deference in nsim_setup_prog_hw_checks syzbot
[not found] <20231109192355.108550-1-kdipendra88@gmail.com>
2023-11-09 19:43 ` [syzbot] [net?] BUG: unable to handle kernel paging request in nsim_bpf syzbot
[not found] <20231110044426.109448-1-kdipendra88@gmail.com>
2023-11-10 5:33 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000d078d30609b138ba@google.com \
--to=syzbot+44c2416196b7c607f226@syzkaller.appspotmail.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hawk@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.