[syzbot] [net?] KASAN: use-after-free Read in __linkwatch_run_queue
7 views
Skip to first unread message
syzbot
May 14, 2025, 1:18:30 PMMay 14
to da...@davemloft.net, edum...@google.com, ho...@kernel.org, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 9f35e33144ae x86/its: Fix build errors when CONFIG_MODULES=n
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=107f56f4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c9b33a466dfee330
dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/136b6fd9c02c/disk-9f35e331.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1db87e48df97/vmlinux-9f35e331.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9588fd34964c/bzImage-9f35e331.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1ec2f6...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in netdev_need_ops_lock include/net/netdev_lock.h:30 [inline]
BUG: KASAN: use-after-free in netdev_unlock_ops include/net/netdev_lock.h:47 [inline]
BUG: KASAN: use-after-free in __linkwatch_run_queue+0x7d8/0x8a0 net/core/link_watch.c:245
Read of size 8 at addr ffff88807a5ecb88 by task kworker/u8:9/6112
CPU: 0 UID: 0 PID: 6112 Comm: kworker/u8:9 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound linkwatch_event
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0xc3/0x670 mm/kasan/report.c:521
kasan_report+0xe0/0x110 mm/kasan/report.c:634
netdev_need_ops_lock include/net/netdev_lock.h:30 [inline]
netdev_unlock_ops include/net/netdev_lock.h:47 [inline]
__linkwatch_run_queue+0x7d8/0x8a0 net/core/link_watch.c:245
linkwatch_event+0x8f/0xc0 net/core/link_watch.c:304
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807a5efc00 pfn:0x7a5ec
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 ffffea0001aedf08 ffff8880b853fa00 0000000000000000
raw: ffff88807a5efc00 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 13363, tgid 13353 (syz.0.2160), ts 637147906784, free_ts 639281975158
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x181/0x1b0 mm/page_alloc.c:1718
prep_new_page mm/page_alloc.c:1726 [inline]
get_page_from_freelist+0x135c/0x3920 mm/page_alloc.c:3688
__alloc_frozen_pages_noprof+0x263/0x23a0 mm/page_alloc.c:4970
__alloc_pages_noprof+0xb/0x1b0 mm/page_alloc.c:5004
__alloc_pages_node_noprof include/linux/gfp.h:284 [inline]
alloc_pages_node_noprof include/linux/gfp.h:311 [inline]
___kmalloc_large_node+0x82/0x1e0 mm/slub.c:4271
__kmalloc_large_node_noprof+0x1c/0x70 mm/slub.c:4299
__do_kmalloc_node mm/slub.c:4315 [inline]
__kvmalloc_node_noprof.cold+0xb/0x65 mm/slub.c:5012
alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11604
tun_set_iff drivers/net/tun.c:2752 [inline]
__tun_chr_ioctl+0x1964/0x4740 drivers/net/tun.c:3048
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl fs/ioctl.c:892 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 13353 tgid 13353 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1262 [inline]
__free_frozen_pages+0x69d/0xff0 mm/page_alloc.c:2725
__folio_put+0x329/0x450 mm/swap.c:112
device_release+0xa4/0x240 drivers/base/core.c:2568
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x1e7/0x5a0 lib/kobject.c:737
netdev_run_todo+0x7e9/0x1320 net/core/dev.c:11305
tun_detach drivers/net/tun.c:639 [inline]
tun_chr_close+0xea/0x230 drivers/net/tun.c:3390
__fput+0x402/0xb70 fs/file_table.c:465
task_work_run+0x150/0x240 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x260 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Memory state around the buggy address:
ffff88807a5eca80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88807a5ecb00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff88807a5ecb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff88807a5ecc00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88807a5ecc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 9f35e33144ae x86/its: Fix build errors when CONFIG_MODULES=n
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=107f56f4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c9b33a466dfee330
dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/136b6fd9c02c/disk-9f35e331.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1db87e48df97/vmlinux-9f35e331.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9588fd34964c/bzImage-9f35e331.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1ec2f6...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in netdev_need_ops_lock include/net/netdev_lock.h:30 [inline]
BUG: KASAN: use-after-free in netdev_unlock_ops include/net/netdev_lock.h:47 [inline]
BUG: KASAN: use-after-free in __linkwatch_run_queue+0x7d8/0x8a0 net/core/link_watch.c:245
Read of size 8 at addr ffff88807a5ecb88 by task kworker/u8:9/6112
CPU: 0 UID: 0 PID: 6112 Comm: kworker/u8:9 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound linkwatch_event
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0xc3/0x670 mm/kasan/report.c:521
kasan_report+0xe0/0x110 mm/kasan/report.c:634
netdev_need_ops_lock include/net/netdev_lock.h:30 [inline]
netdev_unlock_ops include/net/netdev_lock.h:47 [inline]
__linkwatch_run_queue+0x7d8/0x8a0 net/core/link_watch.c:245
linkwatch_event+0x8f/0xc0 net/core/link_watch.c:304
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807a5efc00 pfn:0x7a5ec
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 ffffea0001aedf08 ffff8880b853fa00 0000000000000000
raw: ffff88807a5efc00 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 13363, tgid 13353 (syz.0.2160), ts 637147906784, free_ts 639281975158
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x181/0x1b0 mm/page_alloc.c:1718
prep_new_page mm/page_alloc.c:1726 [inline]
get_page_from_freelist+0x135c/0x3920 mm/page_alloc.c:3688
__alloc_frozen_pages_noprof+0x263/0x23a0 mm/page_alloc.c:4970
__alloc_pages_noprof+0xb/0x1b0 mm/page_alloc.c:5004
__alloc_pages_node_noprof include/linux/gfp.h:284 [inline]
alloc_pages_node_noprof include/linux/gfp.h:311 [inline]
___kmalloc_large_node+0x82/0x1e0 mm/slub.c:4271
__kmalloc_large_node_noprof+0x1c/0x70 mm/slub.c:4299
__do_kmalloc_node mm/slub.c:4315 [inline]
__kvmalloc_node_noprof.cold+0xb/0x65 mm/slub.c:5012
alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11604
tun_set_iff drivers/net/tun.c:2752 [inline]
__tun_chr_ioctl+0x1964/0x4740 drivers/net/tun.c:3048
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl fs/ioctl.c:892 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 13353 tgid 13353 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1262 [inline]
__free_frozen_pages+0x69d/0xff0 mm/page_alloc.c:2725
__folio_put+0x329/0x450 mm/swap.c:112
device_release+0xa4/0x240 drivers/base/core.c:2568
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x1e7/0x5a0 lib/kobject.c:737
netdev_run_todo+0x7e9/0x1320 net/core/dev.c:11305
tun_detach drivers/net/tun.c:639 [inline]
tun_chr_close+0xea/0x230 drivers/net/tun.c:3390
__fput+0x402/0xb70 fs/file_table.c:465
task_work_run+0x150/0x240 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x260 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Memory state around the buggy address:
ffff88807a5eca80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88807a5ecb00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff88807a5ecb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff88807a5ecc00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88807a5ecc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 10, 2025, 1:34:30 AMJun 10
to da...@davemloft.net, edum...@google.com, ho...@kernel.org, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 19272b37aa4f Linux 6.16-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11458d70580000
kernel config: https://syzkaller.appspot.com/x/.config?x=2f8ce980f626e3f9
dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14af5a0c580000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/fa3fbcfdac58/non_bootable_disk-19272b37.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6d42ad978905/vmlinux-19272b37.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9a19eed32f09/Image-19272b37.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1ec2f6...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-use-after-free in __linkwatch_run_queue+0x180/0x2b8 net/core/link_watch.c:244
Read at addr faf00000113fca2d by task kworker/u8:2/40
Pointer tag: [fa], memory tag: [fe]
CPU: 0 UID: 0 PID: 40 Comm: kworker/u8:2 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT
Hardware name: linux,dummy-virt (DT)
Workqueue: events_unbound linkwatch_event
Call trace:
show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:466 (C)
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x78/0x90 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0x108/0x630 mm/kasan/report.c:521
kasan_report+0x88/0xac mm/kasan/report.c:634
report_tag_fault arch/arm64/mm/fault.c:332 [inline]
do_tag_recovery arch/arm64/mm/fault.c:344 [inline]
__do_kernel_fault+0x170/0x1c8 arch/arm64/mm/fault.c:386
do_bad_area arch/arm64/mm/fault.c:486 [inline]
do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:843
do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:919
el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:455
el1h_64_sync_handler+0xa4/0x120 arch/arm64/kernel/entry-common.c:533
el1h_64_sync+0x6c/0x70 arch/arm64/kernel/entry.S:595
__linkwatch_run_queue+0x180/0x2b8 net/core/link_watch.c:244 (P)
linkwatch_event+0x30/0x40 net/core/link_watch.c:304
process_one_work+0x178/0x2cc kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x250/0x358 kernel/workqueue.c:3402
kthread+0x130/0x1fc kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
Freed by task 12:
kasan_save_stack+0x3c/0x64 mm/kasan/common.c:47
save_stack_info+0x40/0x158 mm/kasan/tags.c:106
kasan_save_free_info+0x18/0x24 mm/kasan/tags.c:147
poison_slab_object mm/kasan/common.c:247 [inline]
__kasan_slab_free+0x74/0x8c mm/kasan/common.c:264
kasan_slab_free include/linux/kasan.h:233 [inline]
slab_free_hook mm/slub.c:2381 [inline]
slab_free mm/slub.c:4643 [inline]
kfree+0xfc/0x30c mm/slub.c:4842
kvfree+0x3c/0x4c mm/slub.c:5058
netdev_release+0x30/0x44 net/core/net-sysfs.c:2231
device_release+0x34/0x90 drivers/base/core.c:2568
netdev_run_todo+0x1f0/0x5a0 net/core/dev.c:11412
rtnl_unlock+0x10/0x1c net/core/rtnetlink.c:157
default_device_exit_batch+0x320/0x394 net/core/dev.c:12645
ops_exit_list net/core/net_namespace.c:206 [inline]
ops_undo_list+0x10c/0x23c net/core/net_namespace.c:253
cleanup_net+0x1f8/0x3d0 net/core/net_namespace.c:686
process_one_work+0x178/0x2cc kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x250/0x358 kernel/workqueue.c:3402
kthread+0x130/0x1fc kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
The buggy address belongs to the object at fff00000113fc000
which belongs to the cache kmalloc-cg-4k of size 4096
The buggy address is located 2605 bytes inside of
4096-byte region [fff00000113fc000, fff00000113fd000)
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfaf00000113fc000 pfn:0x513f8
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
memcg:fdf000001128ff81
flags: 0x1ffc00000000240(workingset|head|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0)
page_type: f5(slab)
raw: 01ffc00000000240 fdf0000003008000 ffffc1ffc0488e10 ffffc1ffc044f810
raw: faf00000113fc000 0000000000080004 00000000f5000000 fdf000001128ff81
head: 01ffc00000000240 fdf0000003008000 ffffc1ffc0488e10 ffffc1ffc044f810
head: faf00000113fc000 0000000000080004 00000000f5000000 fdf000001128ff81
head: 01ffc00000000003 ffffc1ffc044fe01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
fff00000113fc900: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
>fff00000113fca00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
^
fff00000113fcb00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
fff00000113fcc00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
==================================================================
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 19272b37aa4f Linux 6.16-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11458d70580000
kernel config: https://syzkaller.appspot.com/x/.config?x=2f8ce980f626e3f9
dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14af5a0c580000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/fa3fbcfdac58/non_bootable_disk-19272b37.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6d42ad978905/vmlinux-19272b37.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9a19eed32f09/Image-19272b37.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1ec2f6...@syzkaller.appspotmail.com
==================================================================
Read at addr faf00000113fca2d by task kworker/u8:2/40
Pointer tag: [fa], memory tag: [fe]
CPU: 0 UID: 0 PID: 40 Comm: kworker/u8:2 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT
Hardware name: linux,dummy-virt (DT)
Workqueue: events_unbound linkwatch_event
Call trace:
show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:466 (C)
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x78/0x90 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0x108/0x630 mm/kasan/report.c:521
kasan_report+0x88/0xac mm/kasan/report.c:634
report_tag_fault arch/arm64/mm/fault.c:332 [inline]
do_tag_recovery arch/arm64/mm/fault.c:344 [inline]
__do_kernel_fault+0x170/0x1c8 arch/arm64/mm/fault.c:386
do_bad_area arch/arm64/mm/fault.c:486 [inline]
do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:843
do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:919
el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:455
el1h_64_sync_handler+0xa4/0x120 arch/arm64/kernel/entry-common.c:533
el1h_64_sync+0x6c/0x70 arch/arm64/kernel/entry.S:595
__linkwatch_run_queue+0x180/0x2b8 net/core/link_watch.c:244 (P)
linkwatch_event+0x30/0x40 net/core/link_watch.c:304
process_one_work+0x178/0x2cc kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x250/0x358 kernel/workqueue.c:3402
kthread+0x130/0x1fc kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
Freed by task 12:
kasan_save_stack+0x3c/0x64 mm/kasan/common.c:47
save_stack_info+0x40/0x158 mm/kasan/tags.c:106
kasan_save_free_info+0x18/0x24 mm/kasan/tags.c:147
poison_slab_object mm/kasan/common.c:247 [inline]
__kasan_slab_free+0x74/0x8c mm/kasan/common.c:264
kasan_slab_free include/linux/kasan.h:233 [inline]
slab_free_hook mm/slub.c:2381 [inline]
slab_free mm/slub.c:4643 [inline]
kfree+0xfc/0x30c mm/slub.c:4842
kvfree+0x3c/0x4c mm/slub.c:5058
netdev_release+0x30/0x44 net/core/net-sysfs.c:2231
device_release+0x34/0x90 drivers/base/core.c:2568
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0xa4/0x114 lib/kobject.c:737
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
netdev_run_todo+0x1f0/0x5a0 net/core/dev.c:11412
rtnl_unlock+0x10/0x1c net/core/rtnetlink.c:157
default_device_exit_batch+0x320/0x394 net/core/dev.c:12645
ops_exit_list net/core/net_namespace.c:206 [inline]
ops_undo_list+0x10c/0x23c net/core/net_namespace.c:253
cleanup_net+0x1f8/0x3d0 net/core/net_namespace.c:686
process_one_work+0x178/0x2cc kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x250/0x358 kernel/workqueue.c:3402
kthread+0x130/0x1fc kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
The buggy address belongs to the object at fff00000113fc000
which belongs to the cache kmalloc-cg-4k of size 4096
The buggy address is located 2605 bytes inside of
4096-byte region [fff00000113fc000, fff00000113fd000)
The buggy address belongs to the physical page:
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
memcg:fdf000001128ff81
flags: 0x1ffc00000000240(workingset|head|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0)
page_type: f5(slab)
raw: 01ffc00000000240 fdf0000003008000 ffffc1ffc0488e10 ffffc1ffc044f810
raw: faf00000113fc000 0000000000080004 00000000f5000000 fdf000001128ff81
head: 01ffc00000000240 fdf0000003008000 ffffc1ffc0488e10 ffffc1ffc044f810
head: faf00000113fc000 0000000000080004 00000000f5000000 fdf000001128ff81
head: 01ffc00000000003 ffffc1ffc044fe01 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
Memory state around the buggy address:
fff00000113fc800: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
fff00000113fc900: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
>fff00000113fca00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
^
fff00000113fcb00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
fff00000113fcc00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
==================================================================
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Hillf Danton
Jun 10, 2025, 4:41:44 AMJun 10
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
> Date: Mon, 09 Jun 2025 22:34:29 -0700
--- x/net/core/link_watch.c
+++ y/net/core/link_watch.c
@@ -230,6 +230,10 @@ static void __linkwatch_run_queue(int ur
dev = list_first_entry(&wrk, struct net_device, link_watch_list);
list_del_init(&dev->link_watch_list);
+ if (dev->reg_state == NETREG_UNREGISTERING ||
+ dev->reg_state == NETREG_UNREGISTERED)
+ continue;
+
if (!netif_device_present(dev) ||
(urgent_only && !linkwatch_urgent_event(dev))) {
list_add_tail(&dev->link_watch_list, &lweventlist);
--
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 19272b37aa4f Linux 6.16-rc1
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11458d70580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=2f8ce980f626e3f9
> dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14af5a0c580000
#syz test
>
> HEAD commit: 19272b37aa4f Linux 6.16-rc1
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11458d70580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=2f8ce980f626e3f9
> dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14af5a0c580000
--- x/net/core/link_watch.c
+++ y/net/core/link_watch.c
@@ -230,6 +230,10 @@ static void __linkwatch_run_queue(int ur
dev = list_first_entry(&wrk, struct net_device, link_watch_list);
list_del_init(&dev->link_watch_list);
+ if (dev->reg_state == NETREG_UNREGISTERING ||
+ dev->reg_state == NETREG_UNREGISTERED)
+ continue;
+
if (!netif_device_present(dev) ||
(urgent_only && !linkwatch_urgent_event(dev))) {
list_add_tail(&dev->link_watch_list, &lweventlist);
--
syzbot
Jun 10, 2025, 4:51:04 AMJun 10
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
[ 190.178605][ T3436] task_work_run+0x78/0xd4
[ 190.178605][ T3436] do_exit+0x24c/0x930
[ 190.178605][ T3436] do_group_exit+0x34/0x90
[ 190.178605][ T3436] pid_child_should_wake+0x0/0x5c
[ 190.178605][ T3436] invoke_syscall+0x48/0x110
[ 190.178605][ T3436] el0_svc_common.constprop.0+0x40/0xe0
[ 190.178605][ T3436] do_el0_svc+0x1c/0x28
[ 190.178605][ T3436] el0_svc+0xa8/0x124
[ 190.178605][ T3436] el0t_64_sync_handler+0x10c/0x138
[ 190.178605][ T3436] el0t_64_sync+0x1a4/0x1a8
[ 190.178605][ T3436]
[ 190.228833][ T2102] unregister_netdevice: waiting for netdevsim3 to become free. Usage count = 2
[ 190.230735][ T2102] ref_tracker: eth%d@00000000c82ae5fb has 1/1 users at
[ 190.230735][ T2102] linkwatch_fire_event+0x124/0x170
[ 190.230735][ T2102] netif_carrier_off+0x3c/0x94
[ 190.230735][ T2102] nsim_stop+0x20/0xd4
[ 190.230735][ T2102] __dev_close_many+0xbc/0x208
[ 190.230735][ T2102] dev_close_many+0xb0/0x184
[ 190.230735][ T2102] unregister_netdevice_many_notify+0x194/0xadc
[ 190.230735][ T2102] unregister_netdevice_queue+0xec/0x12c
[ 190.230735][ T2102] nsim_destroy+0x60/0x150
[ 190.230735][ T2102] __nsim_dev_port_del+0x58/0x8c
[ 190.230735][ T2102] nsim_dev_reload_destroy+0x70/0x130
[ 190.230735][ T2102] nsim_dev_reload_down+0x24/0x5c
[ 190.230735][ T2102] devlink_reload+0x78/0x2cc
[ 190.230735][ T2102] devlink_pernet_pre_exit+0xd4/0x148
[ 190.230735][ T2102] ops_undo_list+0x8c/0x23c
[ 190.230735][ T2102] cleanup_net+0x1f8/0x3d0
[ 190.230735][ T2102] process_one_work+0x178/0x2cc
[ 190.230735][ T2102]
VM DIAGNOSIS:
08:49:39 Registers:
info registers vcpu 0
CPU#0
PC=ffff8000808cbe78 X00=0000000000000002 X01=0000000000000018
X02=ffff800082cd5018 X03=ffff800082a93160 X04=f9f00000030dd080
X05=0000000000000072 X06=000000000000000a X07=0000000000000000
X08=7f7f7f7f7f7f7f7f X09=ffff800082a93190 X10=0000000000000001
X11=ffff8000830b3e10 X12=ffff8000829e0168 X13=ffff8000830b3b7d
X14=ffff8000830b3b88 X15=ffff8000830b39f0 X16=00000000b21b6dbc
X17=00000000cb486fb5 X18=00000000ffffffff X19=f6f000000303b077
X20=ffff8000808cbf28 X21=f9f00000030dd080 X22=f6f000000303b077
X23=ffff8000808cbf28 X24=000000000000037d X25=0000000000000001
X26=f2f00000032b5b40 X27=0000000000000000 X28=0000000000000000
X29=ffff8000830b3c90 X30=ffff8000808cbf50 SP=ffff8000830b3c90
PSTATE=814020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000010
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3fd040b9c43ccc73
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3fd3333333333333
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:4192950384000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:72f1afb4f1977729:f160d24104bbfccb
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bf898c0527c9d117:e9b5e5f6290a35f7
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:155438e8b0885b01:6424fbf699fd98b4
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:caac770d9cb4e7f1:2264182514179617
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6b9a14e76a498dfa:e66bf7d2cde7cab3
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c3e8b28178f8a364:28b175fbdd869837
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f1fd7ae76558d840:c289317c1109b285
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:cd8eb63f771925cc:9c6f0f49a83bcb7f
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:775e3ea536d2040f:099b24d7639968aa
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:a58046e2fb7bf1bd:cb546256d4d6994f
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:7d5540a18e90912b:66de107f74d3e462
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f9af977d8c41e6cf:6bb516ffe6268900
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:612c18dc0ceed46d:f73a681b6535faac
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:4ed35c21df472cd3
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:8f1bbcdc8f1bbcdc
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ca62c1d6ca62c1d6
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6ed9eba15a827999
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6f453a7d6f453a7d:6f453a7d6f453a7d
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:7402081e7402081e:7402081e7402081e
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:62c20b1762c20b17:62c20b1762c20b17
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:55799b9b55799b9b:55799b9b55799b9b
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2f21a6f82f21a6f8:2f21a6f82f21a6f8
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:cfde6eb1cfde6eb1:cfde6eb1cfde6eb1
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6036fbdf6036fbdf:6036fbdf6036fbdf
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b09738e5b09738e5:b09738e5b09738e5
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000002:7962a9c3309ca05e
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0e0d0c0f0a09080b:0605040702010003
info registers vcpu 1
CPU#1
PC=ffff800080020cfc X00=0000000000000001 X01=ffff8000891b3830
X02=ffff8000891b3b30 X03=0000000000000040 X04=ffff8000891b4000
X05=ffff8000891b32f8 X06=ffff8000891b3310 X07=ffff8000891b3d80
X08=ffff8000891b3298 X09=0000000000002d40 X10=f4f000008866959a
X11=0101010101010101 X12=0000000000000029 X13=0000000000000000
X14=ffffffffffffffff X15=ffff8000891b3560 X16=0000000000000000
X17=0000000000000000 X18=00000000ffffffff X19=0000000000002d40
X20=0000000000000003 X21=0000000000002d40 X22=0000000000000050
X23=0000000000136780 X24=fff000007a336780 X25=fff000007a200000
X26=faf0000005a96ec0 X27=ffff800082c44180 X28=000000008a113678
X29=ffff8000891b3290 X30=ffff800080135d8c SP=ffff8000891b3280
PSTATE=81402809 N--- EL2h SVCR=00000000 -- BTYPE=2 FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6b000a32203d2074:6e756f6320656761
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00ff000000000000:0000000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0100000000000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000ff0000ff00:00ff0000000000ff
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000f00f00f00000f
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:726f6620676e6974:696177203a656369
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:696177203a656369:76656474656e5f72
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6e75745f7a797320:726f6620676e6974
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffcb805360:0000ffffcb805360
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffcb805330
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.7.linux-amd64'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.7.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.7'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build4094526140=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at 4826c28ef2
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go: downloading github.com/prometheus/client_golang v1.22.0
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=arm64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=4826c28ef2aca1ee7dba7111e48d3b6a9c83d9a8 -X github.com/google/syzkaller/prog.gitRevisionDate=20250606-171009" -o ./bin/linux_arm64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_arm64
aarch64-linux-gnu-g++ -o ./bin/linux_arm64/syz-executor executor/executor.cc \
-O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_arm64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"4826c28ef2aca1ee7dba7111e48d3b6a9c83d9a8\"
go: downloading github.com/klauspost/compress v1.18.0
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: /tmp/cc4lBGkG.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0xd8): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1472aa82580000
Tested on:
commit: f09079bd Merge tag 'powerpc-6.16-2' of git://git.kerne..
git tree: upstream
syzbot tried to test the proposed patch but the build/boot failed:
[ 190.178605][ T3436] task_work_run+0x78/0xd4
[ 190.178605][ T3436] do_exit+0x24c/0x930
[ 190.178605][ T3436] do_group_exit+0x34/0x90
[ 190.178605][ T3436] pid_child_should_wake+0x0/0x5c
[ 190.178605][ T3436] invoke_syscall+0x48/0x110
[ 190.178605][ T3436] el0_svc_common.constprop.0+0x40/0xe0
[ 190.178605][ T3436] do_el0_svc+0x1c/0x28
[ 190.178605][ T3436] el0_svc+0xa8/0x124
[ 190.178605][ T3436] el0t_64_sync_handler+0x10c/0x138
[ 190.178605][ T3436] el0t_64_sync+0x1a4/0x1a8
[ 190.178605][ T3436]
[ 190.228833][ T2102] unregister_netdevice: waiting for netdevsim3 to become free. Usage count = 2
[ 190.230735][ T2102] ref_tracker: eth%d@00000000c82ae5fb has 1/1 users at
[ 190.230735][ T2102] linkwatch_fire_event+0x124/0x170
[ 190.230735][ T2102] netif_carrier_off+0x3c/0x94
[ 190.230735][ T2102] nsim_stop+0x20/0xd4
[ 190.230735][ T2102] __dev_close_many+0xbc/0x208
[ 190.230735][ T2102] dev_close_many+0xb0/0x184
[ 190.230735][ T2102] unregister_netdevice_many_notify+0x194/0xadc
[ 190.230735][ T2102] unregister_netdevice_queue+0xec/0x12c
[ 190.230735][ T2102] nsim_destroy+0x60/0x150
[ 190.230735][ T2102] __nsim_dev_port_del+0x58/0x8c
[ 190.230735][ T2102] nsim_dev_reload_destroy+0x70/0x130
[ 190.230735][ T2102] nsim_dev_reload_down+0x24/0x5c
[ 190.230735][ T2102] devlink_reload+0x78/0x2cc
[ 190.230735][ T2102] devlink_pernet_pre_exit+0xd4/0x148
[ 190.230735][ T2102] ops_undo_list+0x8c/0x23c
[ 190.230735][ T2102] cleanup_net+0x1f8/0x3d0
[ 190.230735][ T2102] process_one_work+0x178/0x2cc
[ 190.230735][ T2102]
VM DIAGNOSIS:
08:49:39 Registers:
info registers vcpu 0
CPU#0
PC=ffff8000808cbe78 X00=0000000000000002 X01=0000000000000018
X02=ffff800082cd5018 X03=ffff800082a93160 X04=f9f00000030dd080
X05=0000000000000072 X06=000000000000000a X07=0000000000000000
X08=7f7f7f7f7f7f7f7f X09=ffff800082a93190 X10=0000000000000001
X11=ffff8000830b3e10 X12=ffff8000829e0168 X13=ffff8000830b3b7d
X14=ffff8000830b3b88 X15=ffff8000830b39f0 X16=00000000b21b6dbc
X17=00000000cb486fb5 X18=00000000ffffffff X19=f6f000000303b077
X20=ffff8000808cbf28 X21=f9f00000030dd080 X22=f6f000000303b077
X23=ffff8000808cbf28 X24=000000000000037d X25=0000000000000001
X26=f2f00000032b5b40 X27=0000000000000000 X28=0000000000000000
X29=ffff8000830b3c90 X30=ffff8000808cbf50 SP=ffff8000830b3c90
PSTATE=814020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000010
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3fd040b9c43ccc73
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3fd3333333333333
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:4192950384000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:72f1afb4f1977729:f160d24104bbfccb
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bf898c0527c9d117:e9b5e5f6290a35f7
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:155438e8b0885b01:6424fbf699fd98b4
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:caac770d9cb4e7f1:2264182514179617
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6b9a14e76a498dfa:e66bf7d2cde7cab3
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c3e8b28178f8a364:28b175fbdd869837
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f1fd7ae76558d840:c289317c1109b285
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:cd8eb63f771925cc:9c6f0f49a83bcb7f
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:775e3ea536d2040f:099b24d7639968aa
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:a58046e2fb7bf1bd:cb546256d4d6994f
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:7d5540a18e90912b:66de107f74d3e462
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f9af977d8c41e6cf:6bb516ffe6268900
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:612c18dc0ceed46d:f73a681b6535faac
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:4ed35c21df472cd3
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:8f1bbcdc8f1bbcdc
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ca62c1d6ca62c1d6
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6ed9eba15a827999
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6f453a7d6f453a7d:6f453a7d6f453a7d
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:7402081e7402081e:7402081e7402081e
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:62c20b1762c20b17:62c20b1762c20b17
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:55799b9b55799b9b:55799b9b55799b9b
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2f21a6f82f21a6f8:2f21a6f82f21a6f8
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:cfde6eb1cfde6eb1:cfde6eb1cfde6eb1
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6036fbdf6036fbdf:6036fbdf6036fbdf
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b09738e5b09738e5:b09738e5b09738e5
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000002:7962a9c3309ca05e
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0e0d0c0f0a09080b:0605040702010003
info registers vcpu 1
CPU#1
PC=ffff800080020cfc X00=0000000000000001 X01=ffff8000891b3830
X02=ffff8000891b3b30 X03=0000000000000040 X04=ffff8000891b4000
X05=ffff8000891b32f8 X06=ffff8000891b3310 X07=ffff8000891b3d80
X08=ffff8000891b3298 X09=0000000000002d40 X10=f4f000008866959a
X11=0101010101010101 X12=0000000000000029 X13=0000000000000000
X14=ffffffffffffffff X15=ffff8000891b3560 X16=0000000000000000
X17=0000000000000000 X18=00000000ffffffff X19=0000000000002d40
X20=0000000000000003 X21=0000000000002d40 X22=0000000000000050
X23=0000000000136780 X24=fff000007a336780 X25=fff000007a200000
X26=faf0000005a96ec0 X27=ffff800082c44180 X28=000000008a113678
X29=ffff8000891b3290 X30=ffff800080135d8c SP=ffff8000891b3280
PSTATE=81402809 N--- EL2h SVCR=00000000 -- BTYPE=2 FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6b000a32203d2074:6e756f6320656761
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00ff000000000000:0000000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0100000000000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000ff0000ff00:00ff0000000000ff
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000f00f00f00000f
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:726f6620676e6974:696177203a656369
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:696177203a656369:76656474656e5f72
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6e75745f7a797320:726f6620676e6974
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffcb805360:0000ffffcb805360
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffcb805330
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.7.linux-amd64'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.7.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.7'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build4094526140=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at 4826c28ef2
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go: downloading github.com/prometheus/client_golang v1.22.0
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=arm64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=4826c28ef2aca1ee7dba7111e48d3b6a9c83d9a8 -X github.com/google/syzkaller/prog.gitRevisionDate=20250606-171009" -o ./bin/linux_arm64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_arm64
aarch64-linux-gnu-g++ -o ./bin/linux_arm64/syz-executor executor/executor.cc \
-O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_arm64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"4826c28ef2aca1ee7dba7111e48d3b6a9c83d9a8\"
go: downloading github.com/klauspost/compress v1.18.0
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: /tmp/cc4lBGkG.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0xd8): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1472aa82580000
Tested on:
commit: f09079bd Merge tag 'powerpc-6.16-2' of git://git.kerne..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=2f8ce980f626e3f9
dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch: https://syzkaller.appspot.com/x/patch.diff?x=127669d4580000
dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Hillf Danton
Jun 10, 2025, 11:28:08 AMJun 10
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
> Date: Mon, 09 Jun 2025 22:34:29 -0700
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 19272b37aa4f Linux 6.16-rc1
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11458d70580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=2f8ce980f626e3f9
> dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14af5a0c580000
>
> HEAD commit: 19272b37aa4f Linux 6.16-rc1
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11458d70580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=2f8ce980f626e3f9
> dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14af5a0c580000
#syz test
--- x/net/core/link_watch.c
+++ y/net/core/link_watch.c
@@ -231,6 +231,8 @@ static void __linkwatch_run_queue(int ur
--- x/net/core/link_watch.c
+++ y/net/core/link_watch.c
list_del_init(&dev->link_watch_list);
if (!netif_device_present(dev) ||
+ dev->reg_state == NETREG_UNREGISTERING ||
+ dev->reg_state == NETREG_UNREGISTERED ||
(urgent_only && !linkwatch_urgent_event(dev))) {
list_add_tail(&dev->link_watch_list, &lweventlist);
continue;
list_add_tail(&dev->link_watch_list, &lweventlist);
--
syzbot
Jun 10, 2025, 11:55:05 AMJun 10
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+1ec2f6...@syzkaller.appspotmail.com
Tested-by: syzbot+1ec2f6...@syzkaller.appspotmail.com
Tested on:
commit: f09079bd Merge tag 'powerpc-6.16-2' of git://git.kerne..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=109baa82580000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+1ec2f6...@syzkaller.appspotmail.com
Tested-by: syzbot+1ec2f6...@syzkaller.appspotmail.com
Tested on:
commit: f09079bd Merge tag 'powerpc-6.16-2' of git://git.kerne..
console output: https://syzkaller.appspot.com/x/log.txt?x=109baa82580000
kernel config: https://syzkaller.appspot.com/x/.config?x=2f8ce980f626e3f9
dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch: https://syzkaller.appspot.com/x/patch.diff?x=1620260c580000
dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Note: testing is done by a robot and is best-effort only.
Reply all
Reply to author
Forward
0 new messages