8<--- cut here --- Unable to handle kernel paging request at virtual address 5b70d000 when read [5b70d000] *pgd=862e5003, *pmd=00000000 Internal error: Oops: 206 [#1] SMP ARM Modules linked in: CPU: 0 UID: 0 PID: 17688 Comm: syz.3.2976 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: ARM-Versatile Express PC is at __mkroute_output net/ipv4/route.c:2649 [inline] PC is at ip_route_output_key_hash_rcu+0x5b8/0x8bc net/ipv4/route.c:2875 LR is at __mkroute_output net/ipv4/route.c:2634 [inline] LR is at ip_route_output_key_hash_rcu+0x5a0/0x8bc net/ipv4/route.c:2875 pc : [<8177bfe8>] lr : [<8177bfd0>] psr: 60000013 sp : ea719d68 ip : ea719d68 fp : ea719dbc r10: 80000000 r9 : 868fb600 r8 : 00000000 r7 : ea719dc4 r6 : 85e49800 r5 : 869e5410 r4 : 84dc5fb8 r3 : 5b70d000 r2 : 00000001 r1 : 5b70d000 r0 : 00000000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 30c5387d Table: 8527a180 DAC: fffffffd Register r0 information: NULL pointer Register r1 information: non-paged memory Register r2 information: non-paged memory Register r3 information: non-paged memory Register r4 information: slab TCP start 84dc5d00 pointer offset 696 size 1920 Register r5 information: slab kmalloc-128 start 869e5400 pointer offset 16 size 128 Register r6 information: slab kmalloc-cg-2k start 85e49800 pointer offset 0 size 2048 Register r7 information: 2-page vmalloc region starting at 0xea718000 allocated at kernel_clone+0xac/0x3f4 kernel/fork.c:2651 Register r8 information: NULL pointer Register r9 information: slab kmalloc-512 start 868fb600 pointer offset 0 size 512 Register r10 information: non-slab/vmalloc memory Register r11 information: 2-page vmalloc region starting at 0xea718000 allocated at kernel_clone+0xac/0x3f4 kernel/fork.c:2651 Register r12 information: 2-page vmalloc region starting at 0xea718000 allocated at kernel_clone+0xac/0x3f4 kernel/fork.c:2651 Process syz.3.2976 (pid: 17688, stack limit = 0xea718000) Stack: (0xea719d68 to 0xea71a000) 9d60: ffffffff 00000001 00000000 0a2fa4f3 ea719dc4 ea719d88 9d80: 807aafa8 00000001 00000000 869e5d00 ea719e14 84dc5fb8 85c11f00 00000000 9da0: 00000000 84dc5fb8 00000000 04001eac ea719e04 ea719dc0 8177c348 8177ba3c 9dc0: 8022b998 00000000 00010000 00000000 00000000 869e5410 869e5d00 861d5740 9de0: 852c515c 0a2fa4f3 8022b998 84dc5d00 04001eac ea719ef4 ea719e4c ea719e08 9e00: 817b62a8 8177c2f8 8022ca08 00000000 00000000 85c11f00 00000000 0a2fa4f3 9e20: 80290afc 84dc5d00 8554ca00 00000010 00000002 83f0b000 83f0b000 0000011b 9e40: ea719ea4 ea719e50 817de330 817b5fe4 81aa70c4 81aa6f94 ea719e7c ea719e68 9e60: 8025ba7c 8028ef68 84dc5d00 84dc5df0 ea719e8c 0a2fa4f3 81ab4944 8554ca00 9e80: ea719ef4 00000010 00000002 8020029c 83f0b000 0000011b ea719ecc ea719ea8 9ea0: 817de6cc 817de2bc 00000000 804486a4 817de684 00000000 ea719ef4 00000010 9ec0: ea719eec ea719ed0 81590b28 817de690 00000000 858839c1 00000010 20000040 9ee0: ea719f94 ea719ef0 81590bd8 81590ac8 81ab4658 00000002 04001eac 00000000 9f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 9f60: 00000000 00000000 00000000 00000000 00000000 0a2fa4f3 00000000 00000000 9f80: 00346310 0000011b ea719fa4 ea719f98 81590c0c 81590b40 00000000 ea719fa8 9fa0: 80200060 81590c08 00000000 00000000 00000003 20000040 00000010 00000000 9fc0: 00000000 00000000 00346310 0000011b 003462d8 00000000 00000001 76f6e0dc 9fe0: 76f6de88 76f6de78 00018734 0012fc20 60000010 00000003 00000000 00000000 Call trace: [<8177ba30>] (ip_route_output_key_hash_rcu) from [<8177c348>] (ip_route_output_key_hash+0x5c/0x8c net/ipv4/route.c:2705) r10:04001eac r9:00000000 r8:84dc5fb8 r7:00000000 r6:00000000 r5:85c11f00 r4:84dc5fb8 [<8177c2ec>] (ip_route_output_key_hash) from [<817b62a8>] (__ip_route_output_key include/net/route.h:169 [inline]) [<8177c2ec>] (ip_route_output_key_hash) from [<817b62a8>] (ip_route_connect include/net/route.h:348 [inline]) [<8177c2ec>] (ip_route_output_key_hash) from [<817b62a8>] (tcp_v4_connect+0x2d0/0x4f0 net/ipv4/tcp_ipv4.c:256) r6:ea719ef4 r5:04001eac r4:84dc5d00 [<817b5fd8>] (tcp_v4_connect) from [<817de330>] (__inet_stream_connect+0x80/0x3d4 net/ipv4/af_inet.c:679) r10:0000011b r9:83f0b000 r8:83f0b000 r7:00000002 r6:00000010 r5:8554ca00 r4:84dc5d00 [<817de2b0>] (__inet_stream_connect) from [<817de6cc>] (inet_stream_connect+0x48/0x64 net/ipv4/af_inet.c:750) r10:0000011b r9:83f0b000 r8:8020029c r7:00000002 r6:00000010 r5:ea719ef4 r4:8554ca00 [<817de684>] (inet_stream_connect) from [<81590b28>] (__sys_connect_file+0x6c/0x78 net/socket.c:2089) r7:00000010 r6:ea719ef4 r5:00000000 r4:817de684 [<81590abc>] (__sys_connect_file) from [<81590bd8>] (__sys_connect+0xa4/0xc8 net/socket.c:2108) r7:20000040 r6:00000010 r5:858839c1 r4:00000000 [<81590b34>] (__sys_connect) from [<81590c0c>] (__do_sys_connect net/socket.c:2114 [inline]) [<81590b34>] (__sys_connect) from [<81590c0c>] (sys_connect+0x10/0x14 net/socket.c:2111) r7:0000011b r6:00346310 r5:00000000 r4:00000000 [<81590bfc>] (sys_connect) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67) Exception stack(0xea719fa8 to 0xea719ff0) 9fa0: 00000000 00000000 00000003 20000040 00000010 00000000 9fc0: 00000000 00000000 00346310 0000011b 003462d8 00000000 00000001 76f6e0dc 9fe0: 76f6de88 76f6de78 00018734 0012fc20 Code: e51b3034 e3530000 12833020 0a000081 (e5935000) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: e51b3034 ldr r3, [fp, #-52] @ 0xffffffcc 4: e3530000 cmp r3, #0 8: 12833020 addne r3, r3, #32 c: 0a000081 beq 0x218 * 10: e5935000 ldr r5, [r3] <-- trapping instruction