[syzbot] [batman?] [bluetooth?] memory leak in skb_clone (3)
3 views
Skip to first unread message
syzbot
Jan 7, 2026, 12:34:31 PM (yesterday) Jan 7
to ant...@mandelbit.com, b.a.t...@lists.open-mesh.org, johan....@gmail.com, linux-b...@vger.kernel.org, linux-...@vger.kernel.org, luiz....@gmail.com, mar...@holtmann.org, marek....@mailbox.org, net...@vger.kernel.org, sv...@narfation.org, s...@simonwunderlich.de, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4a26e7032d7d Merge tag 'core-bugs-2025-12-01' of git://git..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=116a9512580000
kernel config: https://syzkaller.appspot.com/x/.config?x=cbf343972ee89096
dashboard link: https://syzkaller.appspot.com/bug?extid=6e76aa21aaf2d8be6034
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=179be192580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15cd92b4580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3f4ff8b7d65f/disk-4a26e703.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2fbb585ef1ac/vmlinux-4a26e703.xz
kernel image: https://storage.googleapis.com/syzbot-assets/dfdc58db78d3/bzImage-4a26e703.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6e76aa...@syzkaller.appspotmail.com
2025/12/03 00:25:54 executed programs: 5
BUG: memory leak
unreferenced object 0xffff88811a1e1100 (size 240):
comm "kworker/u9:0", pid 51, jiffies 4294944590
hex dump (first 32 bytes):
90 50 50 42 81 88 ff ff 90 50 50 42 81 88 ff ff .PPB.....PPB....
00 00 00 00 00 00 00 00 00 50 50 42 81 88 ff ff .........PPB....
backtrace (crc eed28d2d):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4983 [inline]
slab_alloc_node mm/slub.c:5288 [inline]
kmem_cache_alloc_noprof+0x397/0x5a0 mm/slub.c:5295
skb_clone+0xae/0x2b0 net/core/skbuff.c:2050
__skb_tstamp_tx+0x3a0/0x4c0 net/core/skbuff.c:5636
hci_conn_tx_queue+0x11c/0x1d0 net/bluetooth/hci_conn.c:3026
hci_send_conn_frame net/bluetooth/hci_core.c:3086 [inline]
hci_sched_acl_pkt net/bluetooth/hci_core.c:3701 [inline]
hci_sched_acl net/bluetooth/hci_core.c:3726 [inline]
hci_tx_work+0x437/0x570 net/bluetooth/hci_core.c:3820
process_one_work+0x26b/0x620 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x2c4/0x4f0 kernel/workqueue.c:3427
kthread+0x15b/0x310 kernel/kthread.c:463
ret_from_fork+0x2af/0x2e0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 4a26e7032d7d Merge tag 'core-bugs-2025-12-01' of git://git..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=116a9512580000
kernel config: https://syzkaller.appspot.com/x/.config?x=cbf343972ee89096
dashboard link: https://syzkaller.appspot.com/bug?extid=6e76aa21aaf2d8be6034
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=179be192580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15cd92b4580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3f4ff8b7d65f/disk-4a26e703.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2fbb585ef1ac/vmlinux-4a26e703.xz
kernel image: https://storage.googleapis.com/syzbot-assets/dfdc58db78d3/bzImage-4a26e703.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6e76aa...@syzkaller.appspotmail.com
2025/12/03 00:25:54 executed programs: 5
BUG: memory leak
unreferenced object 0xffff88811a1e1100 (size 240):
comm "kworker/u9:0", pid 51, jiffies 4294944590
hex dump (first 32 bytes):
90 50 50 42 81 88 ff ff 90 50 50 42 81 88 ff ff .PPB.....PPB....
00 00 00 00 00 00 00 00 00 50 50 42 81 88 ff ff .........PPB....
backtrace (crc eed28d2d):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4983 [inline]
slab_alloc_node mm/slub.c:5288 [inline]
kmem_cache_alloc_noprof+0x397/0x5a0 mm/slub.c:5295
skb_clone+0xae/0x2b0 net/core/skbuff.c:2050
__skb_tstamp_tx+0x3a0/0x4c0 net/core/skbuff.c:5636
hci_conn_tx_queue+0x11c/0x1d0 net/bluetooth/hci_conn.c:3026
hci_send_conn_frame net/bluetooth/hci_core.c:3086 [inline]
hci_sched_acl_pkt net/bluetooth/hci_core.c:3701 [inline]
hci_sched_acl net/bluetooth/hci_core.c:3726 [inline]
hci_tx_work+0x437/0x570 net/bluetooth/hci_core.c:3820
process_one_work+0x26b/0x620 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x2c4/0x4f0 kernel/workqueue.c:3427
kthread+0x15b/0x310 kernel/kthread.c:463
ret_from_fork+0x2af/0x2e0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
3:32 AM (12 hours ago) 3:32 AM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] Bluetooth: hci_conn: Fix memory leak in tx_q on connection teardown
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Cloned SKBs queued in conn->tx_q.queue for TX timestamp tracking are
not freed if the connection is torn down before all completion events
arrive. Add skb_queue_purge() in hci_conn_cleanup() to fix the leak.
Reported-by: syzbot+6e76aa...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6e76aa21aaf2d8be6034
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
net/bluetooth/hci_conn.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index c3f7828bf9d5..3fb93faf60f3 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -148,6 +148,7 @@ static void hci_conn_cleanup(struct hci_conn *conn)
hci_remove_link_key(hdev, &conn->dst);
hci_chan_list_flush(conn);
+ skb_queue_purge(&conn->tx_q.queue);
if (HCI_CONN_HANDLE_UNSET(conn->handle))
ida_free(&hdev->unset_handle_ida, conn->handle);
--
2.43.0
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] Bluetooth: hci_conn: Fix memory leak in tx_q on connection teardown
Author: karti...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Cloned SKBs queued in conn->tx_q.queue for TX timestamp tracking are
not freed if the connection is torn down before all completion events
arrive. Add skb_queue_purge() in hci_conn_cleanup() to fix the leak.
Reported-by: syzbot+6e76aa...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6e76aa21aaf2d8be6034
Signed-off-by: Deepanshu Kartikey <karti...@gmail.com>
---
net/bluetooth/hci_conn.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index c3f7828bf9d5..3fb93faf60f3 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -148,6 +148,7 @@ static void hci_conn_cleanup(struct hci_conn *conn)
hci_remove_link_key(hdev, &conn->dst);
hci_chan_list_flush(conn);
+ skb_queue_purge(&conn->tx_q.queue);
if (HCI_CONN_HANDLE_UNSET(conn->handle))
ida_free(&hdev->unset_handle_ida, conn->handle);
--
2.43.0
syzbot
3:51 AM (11 hours ago) 3:51 AM
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
SYZFAIL: failed to recv rpc
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
Warning: Permanently added '10.128.1.244' (ED25519) to the list of known hosts.
2026/01/08 08:50:22 parsed 1 programs
[ 44.412272][ T5812] cgroup: Unknown subsys name 'net'
[ 44.552213][ T5812] cgroup: Unknown subsys name 'cpuset'
[ 44.558758][ T5812] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 53.102607][ T5812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 54.610733][ T5820] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linu...@kvack.org if you depend on this functionality.
[ 54.970990][ T4540] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 54.979079][ T4540] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 54.989620][ T4540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 54.998662][ T4540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 55.095104][ T5854] chnl_net:caif_netlink_parms(): no params data found
[ 55.116031][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.123620][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.130804][ T5854] bridge_slave_0: entered allmulticast mode
[ 55.137513][ T5854] bridge_slave_0: entered promiscuous mode
[ 55.144864][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.152202][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.159726][ T5854] bridge_slave_1: entered allmulticast mode
[ 55.166034][ T5854] bridge_slave_1: entered promiscuous mode
[ 55.181476][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 55.191700][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 55.206168][ T5854] team0: Port device team_slave_0 added
[ 55.212408][ T5854] team0: Port device team_slave_1 added
[ 55.222377][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 55.229456][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 55.255645][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 55.266796][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 55.274160][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 55.300431][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 55.319448][ T5854] hsr_slave_0: entered promiscuous mode
[ 55.325770][ T5854] hsr_slave_1: entered promiscuous mode
[ 55.362408][ T5854] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 55.370244][ T5854] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 55.378970][ T5854] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 55.388147][ T5854] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 55.401593][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.408842][ T5854] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.416647][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.423865][ T5854] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 55.442923][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[ 55.453099][ T616] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.460774][ T616] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.471115][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[ 55.480096][ T67] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.487260][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 55.496479][ T616] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.503846][ T616] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.550208][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 55.565686][ T5854] veth0_vlan: entered promiscuous mode
[ 55.573327][ T5854] veth1_vlan: entered promiscuous mode
[ 55.585138][ T5854] veth0_macvtap: entered promiscuous mode
[ 55.592480][ T5854] veth1_macvtap: entered promiscuous mode
[ 55.601527][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 55.610880][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 55.620306][ T616] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.629467][ T616] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.638355][ T616] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.648753][ T616] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.703784][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 55.723557][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 55.763184][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 55.823220][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 56.020250][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 56.027724][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 56.034988][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 56.042645][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 56.050572][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/01/08 08:50:36 executed programs: 0
[ 59.032883][ T35] bridge_slave_1: left allmulticast mode
[ 59.038658][ T35] bridge_slave_1: left promiscuous mode
[ 59.045176][ T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.052922][ T35] bridge_slave_0: left allmulticast mode
[ 59.058648][ T35] bridge_slave_0: left promiscuous mode
[ 59.064629][ T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.113036][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 59.122429][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 59.132012][ T35] bond0 (unregistering): Released all slaves
[ 59.203982][ T35] hsr_slave_0: left promiscuous mode
[ 59.209616][ T35] hsr_slave_1: left promiscuous mode
[ 59.215254][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 59.222841][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 59.230239][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 59.237951][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 59.246416][ T35] veth1_macvtap: left promiscuous mode
[ 59.252390][ T35] veth0_macvtap: left promiscuous mode
[ 59.257961][ T35] veth1_vlan: left promiscuous mode
[ 59.263367][ T35] veth0_vlan: left promiscuous mode
[ 59.288522][ T35] team0 (unregistering): Port device team_slave_1 removed
[ 59.296801][ T35] team0 (unregistering): Port device team_slave_0 removed
[ 61.956988][ T5134] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 61.964164][ T5134] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 61.971580][ T5134] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 61.978935][ T5134] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 61.986248][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 62.024970][ T5987] chnl_net:caif_netlink_parms(): no params data found
[ 62.044720][ T5987] bridge0: port 1(bridge_slave_0) entered blocking state
[ 62.051850][ T5987] bridge0: port 1(bridge_slave_0) entered disabled state
[ 62.059088][ T5987] bridge_slave_0: entered allmulticast mode
[ 62.065458][ T5987] bridge_slave_0: entered promiscuous mode
[ 62.071899][ T5987] bridge0: port 2(bridge_slave_1) entered blocking state
[ 62.078959][ T5987] bridge0: port 2(bridge_slave_1) entered disabled state
[ 62.086298][ T5987] bridge_slave_1: entered allmulticast mode
[ 62.093018][ T5987] bridge_slave_1: entered promiscuous mode
[ 62.104620][ T5987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 62.114765][ T5987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 62.128762][ T5987] team0: Port device team_slave_0 added
[ 62.135127][ T5987] team0: Port device team_slave_1 added
[ 62.145113][ T5987] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 62.152247][ T5987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 62.179221][ T5987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 62.190316][ T5987] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 62.197395][ T5987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 62.223735][ T5987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 62.240965][ T5987] hsr_slave_0: entered promiscuous mode
[ 62.246931][ T5987] hsr_slave_1: entered promiscuous mode
[ 62.415056][ T5987] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 62.423232][ T5987] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 62.431634][ T5987] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 62.440024][ T5987] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 62.459073][ T5987] bridge0: port 2(bridge_slave_1) entered blocking state
[ 62.466378][ T5987] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 62.473702][ T5987] bridge0: port 1(bridge_slave_0) entered blocking state
[ 62.480879][ T5987] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 62.502486][ T5987] 8021q: adding VLAN 0 to HW filter on device bond0
[ 62.512598][ T1099] bridge0: port 1(bridge_slave_0) entered disabled state
[ 62.520129][ T1099] bridge0: port 2(bridge_slave_1) entered disabled state
[ 62.530248][ T5987] 8021q: adding VLAN 0 to HW filter on device team0
[ 62.540199][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state
[ 62.547315][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 62.564025][ T5987] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 62.574677][ T5987] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 62.587204][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state
[ 62.594310][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 62.643732][ T5987] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 62.662658][ T5987] veth0_vlan: entered promiscuous mode
[ 62.670978][ T5987] veth1_vlan: entered promiscuous mode
[ 62.685995][ T5987] veth0_macvtap: entered promiscuous mode
[ 62.694531][ T5987] veth1_macvtap: entered promiscuous mode
[ 62.704853][ T5987] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 62.714729][ T5987] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 62.724965][ T1099] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.734666][ T1099] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.744973][ T1099] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.756496][ T1099] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.781601][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 62.789541][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 62.806901][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 62.815348][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build91986741=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=<nil>)
HEAD detached at d6526ea3e
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d6526ea3e6ad9081c902859bbb80f9f840377cb4\"
/usr/bin/ld: /tmp/cci9bR9C.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null
Tested on:
commit: f0b9d8eb Merge tag 'nfsd-6.19-3' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=d60836e327fd6756
syzbot tried to test the proposed patch but the build/boot failed:
SYZFAIL: failed to recv rpc
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
Warning: Permanently added '10.128.1.244' (ED25519) to the list of known hosts.
2026/01/08 08:50:22 parsed 1 programs
[ 44.412272][ T5812] cgroup: Unknown subsys name 'net'
[ 44.552213][ T5812] cgroup: Unknown subsys name 'cpuset'
[ 44.558758][ T5812] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 53.102607][ T5812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 54.610733][ T5820] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linu...@kvack.org if you depend on this functionality.
[ 54.970990][ T4540] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 54.979079][ T4540] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 54.989620][ T4540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 54.998662][ T4540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 55.095104][ T5854] chnl_net:caif_netlink_parms(): no params data found
[ 55.116031][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.123620][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.130804][ T5854] bridge_slave_0: entered allmulticast mode
[ 55.137513][ T5854] bridge_slave_0: entered promiscuous mode
[ 55.144864][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.152202][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.159726][ T5854] bridge_slave_1: entered allmulticast mode
[ 55.166034][ T5854] bridge_slave_1: entered promiscuous mode
[ 55.181476][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 55.191700][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 55.206168][ T5854] team0: Port device team_slave_0 added
[ 55.212408][ T5854] team0: Port device team_slave_1 added
[ 55.222377][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 55.229456][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 55.255645][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 55.266796][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 55.274160][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 55.300431][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 55.319448][ T5854] hsr_slave_0: entered promiscuous mode
[ 55.325770][ T5854] hsr_slave_1: entered promiscuous mode
[ 55.362408][ T5854] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 55.370244][ T5854] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 55.378970][ T5854] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 55.388147][ T5854] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 55.401593][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.408842][ T5854] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.416647][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.423865][ T5854] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 55.442923][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[ 55.453099][ T616] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.460774][ T616] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.471115][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[ 55.480096][ T67] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.487260][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 55.496479][ T616] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.503846][ T616] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.550208][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 55.565686][ T5854] veth0_vlan: entered promiscuous mode
[ 55.573327][ T5854] veth1_vlan: entered promiscuous mode
[ 55.585138][ T5854] veth0_macvtap: entered promiscuous mode
[ 55.592480][ T5854] veth1_macvtap: entered promiscuous mode
[ 55.601527][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 55.610880][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 55.620306][ T616] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.629467][ T616] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.638355][ T616] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.648753][ T616] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.703784][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 55.723557][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 55.763184][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 55.823220][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 56.020250][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 56.027724][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 56.034988][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 56.042645][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 56.050572][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/01/08 08:50:36 executed programs: 0
[ 59.032883][ T35] bridge_slave_1: left allmulticast mode
[ 59.038658][ T35] bridge_slave_1: left promiscuous mode
[ 59.045176][ T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.052922][ T35] bridge_slave_0: left allmulticast mode
[ 59.058648][ T35] bridge_slave_0: left promiscuous mode
[ 59.064629][ T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.113036][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 59.122429][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 59.132012][ T35] bond0 (unregistering): Released all slaves
[ 59.203982][ T35] hsr_slave_0: left promiscuous mode
[ 59.209616][ T35] hsr_slave_1: left promiscuous mode
[ 59.215254][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 59.222841][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 59.230239][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 59.237951][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 59.246416][ T35] veth1_macvtap: left promiscuous mode
[ 59.252390][ T35] veth0_macvtap: left promiscuous mode
[ 59.257961][ T35] veth1_vlan: left promiscuous mode
[ 59.263367][ T35] veth0_vlan: left promiscuous mode
[ 59.288522][ T35] team0 (unregistering): Port device team_slave_1 removed
[ 59.296801][ T35] team0 (unregistering): Port device team_slave_0 removed
[ 61.956988][ T5134] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 61.964164][ T5134] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 61.971580][ T5134] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 61.978935][ T5134] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 61.986248][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 62.024970][ T5987] chnl_net:caif_netlink_parms(): no params data found
[ 62.044720][ T5987] bridge0: port 1(bridge_slave_0) entered blocking state
[ 62.051850][ T5987] bridge0: port 1(bridge_slave_0) entered disabled state
[ 62.059088][ T5987] bridge_slave_0: entered allmulticast mode
[ 62.065458][ T5987] bridge_slave_0: entered promiscuous mode
[ 62.071899][ T5987] bridge0: port 2(bridge_slave_1) entered blocking state
[ 62.078959][ T5987] bridge0: port 2(bridge_slave_1) entered disabled state
[ 62.086298][ T5987] bridge_slave_1: entered allmulticast mode
[ 62.093018][ T5987] bridge_slave_1: entered promiscuous mode
[ 62.104620][ T5987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 62.114765][ T5987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 62.128762][ T5987] team0: Port device team_slave_0 added
[ 62.135127][ T5987] team0: Port device team_slave_1 added
[ 62.145113][ T5987] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 62.152247][ T5987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 62.179221][ T5987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 62.190316][ T5987] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 62.197395][ T5987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 62.223735][ T5987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 62.240965][ T5987] hsr_slave_0: entered promiscuous mode
[ 62.246931][ T5987] hsr_slave_1: entered promiscuous mode
[ 62.415056][ T5987] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 62.423232][ T5987] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 62.431634][ T5987] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 62.440024][ T5987] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 62.459073][ T5987] bridge0: port 2(bridge_slave_1) entered blocking state
[ 62.466378][ T5987] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 62.473702][ T5987] bridge0: port 1(bridge_slave_0) entered blocking state
[ 62.480879][ T5987] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 62.502486][ T5987] 8021q: adding VLAN 0 to HW filter on device bond0
[ 62.512598][ T1099] bridge0: port 1(bridge_slave_0) entered disabled state
[ 62.520129][ T1099] bridge0: port 2(bridge_slave_1) entered disabled state
[ 62.530248][ T5987] 8021q: adding VLAN 0 to HW filter on device team0
[ 62.540199][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state
[ 62.547315][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 62.564025][ T5987] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 62.574677][ T5987] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 62.587204][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state
[ 62.594310][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 62.643732][ T5987] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 62.662658][ T5987] veth0_vlan: entered promiscuous mode
[ 62.670978][ T5987] veth1_vlan: entered promiscuous mode
[ 62.685995][ T5987] veth0_macvtap: entered promiscuous mode
[ 62.694531][ T5987] veth1_macvtap: entered promiscuous mode
[ 62.704853][ T5987] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 62.714729][ T5987] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 62.724965][ T1099] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.734666][ T1099] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.744973][ T1099] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.756496][ T1099] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.781601][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 62.789541][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 62.806901][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 62.815348][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build91986741=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=<nil>)
HEAD detached at d6526ea3e
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d6526ea3e6ad9081c902859bbb80f9f840377cb4\"
/usr/bin/ld: /tmp/cci9bR9C.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null
Tested on:
commit: f0b9d8eb Merge tag 'nfsd-6.19-3' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=d60836e327fd6756
dashboard link: https://syzkaller.appspot.com/bug?extid=6e76aa21aaf2d8be6034
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=176f1f92580000
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syzbot
3:56 AM (11 hours ago) 3:56 AM
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot
4:13 AM (11 hours ago) 4:13 AM
to karti...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
SYZFAIL: failed to recv rpc
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
Warning: Permanently added '10.128.1.206' (ED25519) to the list of known hosts.
syzbot tried to test the proposed patch but the build/boot failed:
SYZFAIL: failed to recv rpc
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
2026/01/08 09:12:03 parsed 1 programs
[ 39.446388][ T5812] cgroup: Unknown subsys name 'net'
[ 39.605314][ T5812] cgroup: Unknown subsys name 'cpuset'
[ 39.611595][ T5812] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 47.470840][ T5812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 48.689659][ T5825] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linu...@kvack.org if you depend on this functionality.
[ 48.766059][ T3516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 48.773877][ T3516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 48.807776][ T1319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 48.815738][ T1319] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 48.963021][ T5846] chnl_net:caif_netlink_parms(): no params data found
[ 48.982991][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[ 48.990106][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[ 48.997249][ T5846] bridge_slave_0: entered allmulticast mode
[ 49.003380][ T5846] bridge_slave_0: entered promiscuous mode
[ 49.009804][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.017040][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.024422][ T5846] bridge_slave_1: entered allmulticast mode
[ 49.030550][ T5846] bridge_slave_1: entered promiscuous mode
[ 49.042940][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 49.052596][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 49.066555][ T5846] team0: Port device team_slave_0 added
[ 49.073712][ T5846] team0: Port device team_slave_1 added
[ 49.083130][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 49.090176][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 49.116048][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 49.127131][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 49.134057][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 49.159984][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 49.178347][ T5846] hsr_slave_0: entered promiscuous mode
[ 49.184058][ T5846] hsr_slave_1: entered promiscuous mode
[ 49.213013][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 49.220688][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 49.228231][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 49.236272][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 49.247812][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.254847][ T5846] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.262104][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.269145][ T5846] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.286316][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[ 49.295647][ T1319] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.302995][ T1319] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.312485][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[ 49.320726][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.327779][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 49.336884][ T1319] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.343946][ T1319] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 49.383078][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 49.397071][ T5846] veth0_vlan: entered promiscuous mode
[ 49.403780][ T5846] veth1_vlan: entered promiscuous mode
[ 49.414196][ T5846] veth0_macvtap: entered promiscuous mode
[ 49.420989][ T5846] veth1_macvtap: entered promiscuous mode
[ 49.429785][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 49.438714][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 49.447616][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 49.456376][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 49.465324][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 49.474002][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 49.537965][ T3516] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 49.575587][ T3516] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 49.625524][ T3516] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 49.676203][ T3516] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 49.717152][ T5134] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 49.724228][ T5134] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 49.731484][ T5134] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 49.740040][ T5134] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 49.747339][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/01/08 09:12:15 executed programs: 0
[ 52.728523][ T3516] bridge_slave_1: left allmulticast mode
[ 52.734180][ T3516] bridge_slave_1: left promiscuous mode
[ 52.740446][ T3516] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.748078][ T3516] bridge_slave_0: left allmulticast mode
[ 52.753702][ T3516] bridge_slave_0: left promiscuous mode
[ 52.759611][ T3516] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.826783][ T3516] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 52.836559][ T3516] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 52.845690][ T3516] bond0 (unregistering): Released all slaves
[ 52.946650][ T3516] hsr_slave_0: left promiscuous mode
[ 52.953380][ T3516] hsr_slave_1: left promiscuous mode
[ 52.959024][ T3516] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 52.966522][ T3516] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 52.973866][ T3516] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 52.981792][ T3516] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 52.995844][ T3516] veth1_macvtap: left promiscuous mode
[ 53.001322][ T3516] veth0_macvtap: left promiscuous mode
[ 53.006881][ T3516] veth1_vlan: left promiscuous mode
[ 53.012105][ T3516] veth0_vlan: left promiscuous mode
[ 53.035995][ T3516] team0 (unregistering): Port device team_slave_1 removed
[ 53.044002][ T3516] team0 (unregistering): Port device team_slave_0 removed
[ 55.432868][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 55.439938][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 55.446972][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 55.454519][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 55.461754][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 55.495653][ T5988] chnl_net:caif_netlink_parms(): no params data found
[ 55.513339][ T5988] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.520538][ T5988] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.527732][ T5988] bridge_slave_0: entered allmulticast mode
[ 55.533952][ T5988] bridge_slave_0: entered promiscuous mode
[ 55.540831][ T5988] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.548069][ T5988] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.555238][ T5988] bridge_slave_1: entered allmulticast mode
[ 55.561388][ T5988] bridge_slave_1: entered promiscuous mode
[ 55.571735][ T5988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 55.581491][ T5988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 55.594719][ T5988] team0: Port device team_slave_0 added
[ 55.600867][ T5988] team0: Port device team_slave_1 added
[ 55.611085][ T5988] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 55.618166][ T5988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 55.644127][ T5988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 55.655387][ T5988] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 55.662325][ T5988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 55.688309][ T5988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 55.704682][ T5988] hsr_slave_0: entered promiscuous mode
[ 55.710387][ T5988] hsr_slave_1: entered promiscuous mode
[ 55.896676][ T5988] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 55.904652][ T5988] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 55.912369][ T5988] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 55.921723][ T5988] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 55.936770][ T5988] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.943837][ T5988] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.951469][ T5988] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.958535][ T5988] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 55.978522][ T5988] 8021q: adding VLAN 0 to HW filter on device bond0
[ 55.987742][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.998188][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.007799][ T5988] 8021q: adding VLAN 0 to HW filter on device team0
[ 56.017320][ T178] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.024383][ T178] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 56.034662][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.041783][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.092099][ T5988] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 56.109092][ T5988] veth0_vlan: entered promiscuous mode
[ 56.116470][ T5988] veth1_vlan: entered promiscuous mode
[ 56.128642][ T5988] veth0_macvtap: entered promiscuous mode
[ 56.136702][ T5988] veth1_macvtap: entered promiscuous mode
[ 56.146283][ T5988] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 56.159235][ T5988] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 56.172406][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.181580][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.190576][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.202027][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 56.221912][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 56.236285][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 56.247653][ T3516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 56.255571][ T3516] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null
Tested on:
commit: f0b9d8eb Merge tag 'nfsd-6.19-3' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=d60836e327fd6756
dashboard link: https://syzkaller.appspot.com/bug?extid=6e76aa21aaf2d8be6034
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1157a922580000
./tools/check-syzos.sh 2>/dev/null
Tested on:
commit: f0b9d8eb Merge tag 'nfsd-6.19-3' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=d60836e327fd6756
dashboard link: https://syzkaller.appspot.com/bug?extid=6e76aa21aaf2d8be6034
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Reply all
Reply to author
Forward
0 new messages