BUG: unable to handle kernel paging request in drop_sysctl

Title	Replies (including bot)	Last reply
[syzbot] [fs?] BUG: unable to handle kernel paging request in drop_sysctl_table	1 (2)	2025/05/15 08:17

Title

Replies (including bot)

Last reply

[syzbot] [fs?] BUG: unable to handle kernel paging request in drop_sysctl_table

1 (2)

2025/05/15 08:17

Kernel	Title	Rank 🛈	Count	Last	Reported	Patched	Status
linux-4.19	general protection fault in drop_sysctl_table	2	1	1471d	1471d	0/1	auto-closed as invalid on 2021/11/05 12:30
linux-4.14	general protection fault in drop_sysctl_table	2	1	1546d	1546d	0/1	auto-closed as invalid on 2021/08/22 12:55
upstream	general protection fault in drop_sysctl_table (2) fs	2	1	1350d	1350d	0/29	auto-closed as invalid on 2022/02/04 05:07

Created	Duration	User	Patch	Repo	Result
2025/06/12 14:25	26m	retest repro		upstream	OK log

Created

Duration

User

Patch

Repo

Result

2025/06/12 14:25

26m

retest repro

upstream

OK log

netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 8<--- cut here --- Unable to handle kernel paging request at virtual address 0000306d when write [0000306d] *pgd=80000080004003, *pmd=00000000 Internal error: Oops: a05 [#1] SMP ARM Modules linked in: CPU: 1 UID: 0 PID: 7661 Comm: kworker/u8:1 Not tainted 6.15.0-syzkaller #0 PREEMPT Hardware name: ARM-Versatile Express Workqueue: netns cleanup_net PC is at __rb_erase_augmented include/linux/rbtree_augmented.h:251 [inline] PC is at rb_erase+0x2f4/0x394 lib/rbtree.c:443 LR is at 0x0 pc : [<81a4e404>] lr : [<00000000>] psr: 60090013 sp : dfe3dac8 ip : dfe3dae0 fp : dfe3dadc r10: dfe3dca8 r9 : 85611000 r8 : 00000004 r7 : 8535bd80 r6 : 00000001 r5 : 8538ebc8 r4 : 8538eb80 r3 : 6474656e r2 : 0000306d r1 : 8535bdb4 r0 : 8538ebe8 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 845e8d80 DAC: 00000000 Register r0 information: slab kmalloc-128 start 8538eb80 pointer offset 104 size 128 Register r1 information: slab kmalloc-128 start 8535bd80 pointer offset 52 size 128 Register r2 information: non-paged memory Register r3 information: non-paged memory Register r4 information: slab kmalloc-128 start 8538eb80 pointer offset 0 size 128 Register r5 information: slab kmalloc-128 start 8538eb80 pointer offset 72 size 128 Register r6 information: non-paged memory Register r7 information: slab kmalloc-128 start 8535bd80 pointer offset 0 size 128 Register r8 information: non-paged memory Register r9 information: slab kmalloc-cg-4k start 85611000 pointer offset 0 size 4096 Register r10 information: 2-page vmalloc region starting at 0xdfe3c000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2859 Register r11 information: 2-page vmalloc region starting at 0xdfe3c000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2859 Register r12 information: 2-page vmalloc region starting at 0xdfe3c000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2859 Process kworker/u8:1 (pid: 7661, stack limit = 0xdfe3c000) Stack: (0xdfe3dac8 to 0xdfe3e000) dac0: 8538eb80 8538ebc8 dfe3db1c dfe3dae0 8060d654 81a4e11c dae0: 0000000c 60090013 ddde099c 60090013 00000000 1ad21e46 856f0004 84a30c00 db00: 856f0004 00000001 8538eb80 00000021 dfe3db5c dfe3db20 8060d688 8060d590 db20: dfe3db3c dfe3db30 81a5e720 82ac92a8 84b69b80 1ad21e46 dfe3db5c 84a30c00 db40: 84b69b80 848b0200 0000003e 848b0210 dfe3db74 dfe3db60 8060d758 8060d590 db60: 856f0000 84b69b80 dfe3db84 dfe3db78 8198ee08 8060d73c dfe3dbe4 dfe3db88 db80: 81765d68 8198ee04 00000000 812391ac 00000000 00000000 00000000 00000000 dba0: 00000000 00000000 00000000 00000000 00000000 1ad21e46 00000000 829e10b4 dbc0: 829e0fac fffffff0 00000000 81765b4c 826c2e40 dfe3dca8 dfe3dc1c dfe3dbe8 dbe0: 80289e30 81765b58 8406e000 00000006 dfe3dc1c dfe3dca8 00000006 84b69b80 dc00: 00000000 82c1f634 826c2e40 00000000 dfe3dc34 dfe3dc20 8028a068 80289ddc dc20: 00000000 802d2004 dfe3dc5c dfe3dc38 81556834 8028a054 804352e8 1ad21e46 dc40: dfe3dc5c 000000c0 85611000 00000001 dfe3dcf4 dfe3dc60 81562170 815567ec dc60: 81a6a768 8473f800 dfe3dcb4 82805d04 dfe3dc94 dfe3dc80 82c1e80c 82c1f634 dc80: 829d1924 00000000 00000000 00000000 8406e000 dfe3dd00 8057c190 81a6a520 dca0: dfe3dca0 dfe3dca0 85611000 00000000 dfe3dcd4 dfe3dcb4 dfe3dcb4 8156f34c dcc0: 82acaf6c 1ad21e46 dfe3dd04 dfe3dd00 85611000 8561110c 8473f800 00000000 dce0: 8473f000 00000001 dfe3dd2c dfe3dcf8 815628e4 81561c30 dfe3dd2c dfe3dd08 dd00: 8561110c 8561110c 856116c0 1ad21e46 856116c0 85611000 8473f968 8473f800 dd20: dfe3dd44 dfe3dd30 80e2ddac 8156280c 8525a500 8525a508 dfe3dd5c dfe3dd48 dd40: 80e2e2d0 80e2dd4c 8473f968 8473f900 dfe3dd84 dfe3dd60 80e2e9f8 80e2e290 dd60: 00000000 00000000 80e2eab0 00000001 00000000 dfe3de0c dfe3dd9c dfe3dd88 dd80: 80e2ead0 80e2e9b0 8473f800 00000000 dfe3ddfc dfe3dda0 818a9b40 80e2eabc dda0: 00000000 84c55d10 00000000 82c1e840 dfe3ddfc 00000000 00000000 00000000 ddc0: 00000000 00000000 00000000 1ad21e46 00000000 8473f800 84b69b80 829e63f4 dde0: 82c1e840 8473f8b8 00000001 00000001 dfe3de3c dfe3de00 818a798c 818a9ac4 de00: dfe3de0c 00000000 dfe3de24 00000000 00000004 1ad21e46 dfe3de3c dfe3de98 de20: 84b69b80 829d1380 829e63c4 829d1380 dfe3de7c dfe3de40 81544744 818a78d0 de40: 81a5e740 81a5e610 dfe3de6c 1ad21e46 80262bf4 84b69ba0 82c1e800 829d1280 de60: 829d12a8 84b6a940 ffffffd4 00000000 dfe3ded4 dfe3de80 81546ae8 815446d0 de80: dfe3ded4 dfe3de90 808ce900 82c1e800 829d1280 81544660 84b69ba0 84b69ba0 dea0: 00000000 1ad21e46 81c01f24 8553b180 829d1298 8301bc00 8300e600 8406e000 dec0: 8301bc15 8300f070 dfe3df2c dfe3ded8 8027eb9c 815468e8 81c01ac4 8406e000 dee0: dfe3df14 dfe3def0 829d129c 829d1298 829d129c 829d1298 dfe3df2c 00000000 df00: 8027a4d8 8553b180 8300e620 8300e600 82804d40 8553b1ac 8406e000 61c88647 df20: dfe3df6c dfe3df30 8027f7e4 8027e9f4 81a6a634 61c88647 82804d40 61c88647 df40: 8028632c 00000001 8406e000 85439e80 dfa9de60 8027f5e8 8553b180 00000000 df60: dfe3dfac dfe3df70 80286810 8027f5f4 8026c664 81a6a5bc 8406e000 1ad21e46 df80: dfe3dfac 8553d680 802866e4 00000000 00000000 00000000 00000000 00000000 dfa0: 00000000 dfe3dfb0 80200114 802866f0 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 Call trace: [<81a4e110>] (rb_erase) from [<8060d654>] (erase_entry fs/proc/proc_sysctl.c:189 [inline]) [<81a4e110>] (rb_erase) from [<8060d654>] (erase_header fs/proc/proc_sysctl.c:225 [inline]) [<81a4e110>] (rb_erase) from [<8060d654>] (start_unregistering fs/proc/proc_sysctl.c:322 [inline]) [<81a4e110>] (rb_erase) from [<8060d654>] (drop_sysctl_table+0xd0/0x1ac fs/proc/proc_sysctl.c:1514) r5:8538ebc8 r4:8538eb80 [<8060d584>] (drop_sysctl_table) from [<8060d688>] (drop_sysctl_table+0x104/0x1ac fs/proc/proc_sysctl.c:1521) r8:00000021 r7:8538eb80 r6:00000001 r5:856f0004 r4:84a30c00 [<8060d584>] (drop_sysctl_table) from [<8060d758>] (unregister_sysctl_table fs/proc/proc_sysctl.c:1539 [inline]) [<8060d584>] (drop_sysctl_table) from [<8060d758>] (unregister_sysctl_table+0x28/0x38 fs/proc/proc_sysctl.c:1531) r8:848b0210 r7:0000003e r6:848b0200 r5:84b69b80 r4:84a30c00 [<8060d730>] (unregister_sysctl_table) from [<8198ee08>] (unregister_net_sysctl_table+0x10/0x14 net/sysctl_net.c:177) r5:84b69b80 r4:856f0000 [<8198edf8>] (unregister_net_sysctl_table) from [<81765d68>] (__devinet_sysctl_unregister net/ipv4/devinet.c:2701 [inline]) [<8198edf8>] (unregister_net_sysctl_table) from [<81765d68>] (devinet_sysctl_unregister net/ipv4/devinet.c:2729 [inline]) [<8198edf8>] (unregister_net_sysctl_table) from [<81765d68>] (inetdev_destroy net/ipv4/devinet.c:334 [inline]) [<8198edf8>] (unregister_net_sysctl_table) from [<81765d68>] (inetdev_event+0x21c/0x6cc net/ipv4/devinet.c:1656) [<81765b4c>] (inetdev_event) from [<80289e30>] (notifier_call_chain+0x60/0x1b4 kernel/notifier.c:85) r10:dfe3dca8 r9:826c2e40 r8:81765b4c r7:00000000 r6:fffffff0 r5:829e0fac r4:829e10b4 [<80289dd0>] (notifier_call_chain) from [<8028a068>] (raw_notifier_call_chain+0x20/0x28 kernel/notifier.c:453) r10:00000000 r9:826c2e40 r8:82c1f634 r7:00000000 r6:84b69b80 r5:00000006 r4:dfe3dca8 [<8028a048>] (raw_notifier_call_chain) from [<81556834>] (call_netdevice_notifiers_info+0x54/0xa0 net/core/dev.c:2230) [<815567e0>] (call_netdevice_notifiers_info) from [<81562170>] (call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]) [<815567e0>] (call_netdevice_notifiers_info) from [<81562170>] (call_netdevice_notifiers net/core/dev.c:2282 [inline]) [<815567e0>] (call_netdevice_notifiers_info) from [<81562170>] (unregister_netdevice_many_notify+0x54c/0xbc0 net/core/dev.c:12076) r6:00000001 r5:85611000 r4:000000c0 [<81561c24>] (unregister_netdevice_many_notify) from [<815628e4>] (unregister_netdevice_many net/core/dev.c:12139 [inline]) [<81561c24>] (unregister_netdevice_many_notify) from [<815628e4>] (unregister_netdevice_queue+0xe4/0x12c net/core/dev.c:11983) r10:00000001 r9:8473f000 r8:00000000 r7:8473f800 r6:8561110c r5:85611000 r4:dfe3dd00 [<81562800>] (unregister_netdevice_queue) from [<80e2ddac>] (unregister_netdevice include/linux/netdevice.h:3379 [inline]) [<81562800>] (unregister_netdevice_queue) from [<80e2ddac>] (nsim_destroy+0x6c/0x158 drivers/net/netdevsim/netdev.c:1068) r7:8473f800 r6:8473f968 r5:85611000 r4:856116c0 [<80e2dd40>] (nsim_destroy) from [<80e2e2d0>] (__nsim_dev_port_del+0x4c/0x74 drivers/net/netdevsim/dev.c:1428) r5:8525a508 r4:8525a500 [<80e2e284>] (__nsim_dev_port_del) from [<80e2e9f8>] (nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1440 [inline]) [<80e2e284>] (__nsim_dev_port_del) from [<80e2e9f8>] (nsim_dev_reload_destroy+0x54/0x10c drivers/net/netdevsim/dev.c:1661) r5:8473f900 r4:8473f968 [<80e2e9a4>] (nsim_dev_reload_destroy) from [<80e2ead0>] (nsim_dev_reload_down+0x20/0x4c drivers/net/netdevsim/dev.c:968) r9:dfe3de0c r8:00000000 r7:00000001 r6:80e2eab0 r5:00000000 r4:00000000 [<80e2eab0>] (nsim_dev_reload_down) from [<818a9b40>] (devlink_reload+0x88/0x378 net/devlink/dev.c:461) r5:00000000 r4:8473f800 [<818a9ab8>] (devlink_reload) from [<818a798c>] (devlink_pernet_pre_exit+0xc8/0x130 net/devlink/core.c:509) r10:00000001 r9:00000001 r8:8473f8b8 r7:82c1e840 r6:829e63f4 r5:84b69b80 r4:8473f800 [<818a78c4>] (devlink_pernet_pre_exit) from [<81544744>] (ops_pre_exit_list net/core/net_namespace.c:162 [inline]) [<818a78c4>] (devlink_pernet_pre_exit) from [<81544744>] (ops_undo_list+0x80/0x238 net/core/net_namespace.c:235) r8:829d1380 r7:829e63c4 r6:829d1380 r5:84b69b80 r4:dfe3de98 [<815446c4>] (ops_undo_list) from [<81546ae8>] (cleanup_net+0x20c/0x384 net/core/net_namespace.c:686) r10:00000000 r9:ffffffd4 r8:84b6a940 r7:829d12a8 r6:829d1280 r5:82c1e800 r4:84b69ba0 [<815468dc>] (cleanup_net) from [<8027eb9c>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3238) r10:8300f070 r9:8301bc15 r8:8406e000 r7:8300e600 r6:8301bc00 r5:829d1298 r4:8553b180 [<8027e9e8>] (process_one_work) from [<8027f7e4>] (process_scheduled_works kernel/workqueue.c:3321 [inline]) [<8027e9e8>] (process_one_work) from [<8027f7e4>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3402) r10:61c88647 r9:8406e000 r8:8553b1ac r7:82804d40 r6:8300e600 r5:8300e620 r4:8553b180 [<8027f5e8>] (worker_thread) from [<80286810>] (kthread+0x12c/0x280 kernel/kthread.c:464) r10:00000000 r9:8553b180 r8:8027f5e8 r7:dfa9de60 r6:85439e80 r5:8406e000 r4:00000001 [<802866e4>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137) Exception stack(0xdfe3dfb0 to 0xdfe3dff8) dfa0: 00000000 00000000 00000000 00000000 dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:802866e4 r4:8553d680 Code: 089da830 e58e3000 e89da830 e5903000 (e5823000) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: 089da830 ldmeq sp, {r4, r5, fp, sp, pc} 4: e58e3000 str r3, [lr] 8: e89da830 ldm sp, {r4, r5, fp, sp, pc} c: e5903000 ldr r3, [r0] * 10: e5823000 str r3, [r2] <-- trapping instruction

Crashes (6):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	VM info	Assets (help?)	Manager	Title
2025/05/29 14:15	upstream	90b83efa6701	3d2f584d	.config	console log	report		info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	BUG: unable to handle kernel paging request in drop_sysctl_table
2025/05/28 14:58	upstream	c89756bcf406	874a1386	.config	console log	report		info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	BUG: unable to handle kernel paging request in drop_sysctl_table
2025/05/20 19:05	upstream	a5806cd506af	8f9cf946	.config	console log	report		info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	BUG: unable to handle kernel paging request in drop_sysctl_table
2025/05/17 01:53	upstream	3c21441eeffc	f41472b0	.config	console log	report		info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	BUG: unable to handle kernel paging request in drop_sysctl_table
2025/05/13 02:51	upstream	627277ba7c23	f6671af7	.config	console log	report		info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	BUG: unable to handle kernel paging request in drop_sysctl_table
2025/05/10 22:34	upstream	1a33418a69cc	77908e5f	.config	console log	report	syz / log		[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	BUG: unable to handle kernel paging request in drop_sysctl_table

Crashes (6):

Assets (help?)