Re: [syzbot] [ocfs2?] KASAN: use-after-free Read in ocfs2_claim_suballoc_bits

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+505447...@syzkaller.appspotmail.com
Tested-by: syzbot+505447...@syzkaller.appspotmail.com

Tested on:

commit: 98ac9cc4 Merge tag 'f2fs-fix-6.18-rc2' of git://git.ke..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=1426cb04580000
kernel config: https://syzkaller.appspot.com/x/.config?x=b1620e3721dc97c0
dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=14c4b67c580000

Note: testing is done by a robot and is best-effort only.

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+505447...@syzkaller.appspotmail.com
Tested-by: syzbot+505447...@syzkaller.appspotmail.com

Tested on:

commit: 552c5071 Merge tag 'vfio-v6.18-rc3' of https://github...
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=1152ce7c580000

kernel config: https://syzkaller.appspot.com/x/.config?x=b1620e3721dc97c0
dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8

patch: https://syzkaller.appspot.com/x/patch.diff?x=116ce3e2580000

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: signed-integer-overflow in ip_idents_reserve

================================================================================
UBSAN: signed-integer-overflow in ./arch/x86/include/asm/atomic.h:165:11
-2082307266 + -1738913672 cannot be represented in type 'int'
CPU: 0 PID: 43 Comm: kworker/u4:2 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker
Call Trace:
dump_stack+0xfd/0x16e lib/dump_stack.c:118
ubsan_epilogue+0xa/0x30 lib/ubsan.c:148
handle_overflow+0x192/0x1b0 lib/ubsan.c:180
arch_atomic_add_return arch/x86/include/asm/atomic.h:165 [inline]
atomic_add_return include/asm-generic/atomic-instrumented.h:73 [inline]
ip_idents_reserve+0x14a/0x170 net/ipv4/route.c:521
__ip_select_ident+0xe4/0x1c0 net/ipv4/route.c:538
iptunnel_xmit+0x466/0x7b0 net/ipv4/ip_tunnel_core.c:80
udp_tunnel_xmit_skb+0x1ba/0x290 net/ipv4/udp_tunnel_core.c:190
send4+0x5d4/0xaf0 drivers/net/wireguard/socket.c:85
wg_socket_send_skb_to_peer+0xcd/0x1c0 drivers/net/wireguard/socket.c:175
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
wg_packet_handshake_send_worker+0x16b/0x280 drivers/net/wireguard/send.c:51
process_one_work+0x85c/0xfa0 kernel/workqueue.c:2282
worker_thread+0xa9b/0x1430 kernel/workqueue.c:2428
kthread+0x360/0x3e0 kernel/kthread.c:328
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
================================================================================
Kernel panic - not syncing: UBSAN: panic_on_warn set ...
CPU: 0 PID: 43 Comm: kworker/u4:2 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker
Call Trace:
dump_stack+0xfd/0x16e lib/dump_stack.c:118
panic+0x2f0/0x9c0 kernel/panic.c:308
check_panic_on_warn+0x95/0xe0 kernel/panic.c:228
handle_overflow+0x192/0x1b0 lib/ubsan.c:180
arch_atomic_add_return arch/x86/include/asm/atomic.h:165 [inline]
atomic_add_return include/asm-generic/atomic-instrumented.h:73 [inline]
ip_idents_reserve+0x14a/0x170 net/ipv4/route.c:521
__ip_select_ident+0xe4/0x1c0 net/ipv4/route.c:538
iptunnel_xmit+0x466/0x7b0 net/ipv4/ip_tunnel_core.c:80
udp_tunnel_xmit_skb+0x1ba/0x290 net/ipv4/udp_tunnel_core.c:190
send4+0x5d4/0xaf0 drivers/net/wireguard/socket.c:85
wg_socket_send_skb_to_peer+0xcd/0x1c0 drivers/net/wireguard/socket.c:175
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
wg_packet_handshake_send_worker+0x16b/0x280 drivers/net/wireguard/send.c:51
process_one_work+0x85c/0xfa0 kernel/workqueue.c:2282
worker_thread+0xa9b/0x1430 kernel/workqueue.c:2428
kthread+0x360/0x3e0 kernel/kthread.c:328
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
Kernel Offset: disabled
Rebooting in 86400 seconds..


Tested on:

commit: d3d0b4e2 Linux 5.10.245
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.10.y
console output: https://syzkaller.appspot.com/x/log.txt?x=165e9be2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=39182a54870857eb

dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8

patch: https://syzkaller.appspot.com/x/patch.diff?x=15ba8c92580000

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+505447...@syzkaller.appspotmail.com
Tested-by: syzbot+505447...@syzkaller.appspotmail.com

Tested on:

commit: 8e6e2188 Linux 6.1.157
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11e993e2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=3fff88b67220f824

dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8

patch: https://syzkaller.appspot.com/x/patch.diff?x=174e63cd980000

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+505447...@syzkaller.appspotmail.com
Tested-by: syzbot+505447...@syzkaller.appspotmail.com

Tested on:

commit: 4fc43deb Linux 6.12.55
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.12.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12097734580000
kernel config: https://syzkaller.appspot.com/x/.config?x=52b41b67187b07bc

dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8

patch: https://syzkaller.appspot.com/x/patch.diff?x=11f28258580000

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+505447...@syzkaller.appspotmail.com
Tested-by: syzbot+505447...@syzkaller.appspotmail.com

Tested on:

commit: fd575722 Merge tag 'sched_ext-for-6.18-rc3-fixes' of g..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=111c77e2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f0fd60646ed018d

dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8

patch: https://syzkaller.appspot.com/x/patch.diff?x=12ac3614580000

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to checkout kernel repo https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/linux-5.10.y: failed to run ["git" "fetch" "--force" "4d52a57a3858a6eee0d0b25cc3a0c9533f747d8f" "linux-5.10.y"]: exit status 128


Tested on:

commit: [unknown
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux-5.10.y
kernel config: https://syzkaller.appspot.com/x/.config?x=cae1291240e8962a

dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler:

patch: https://syzkaller.appspot.com/x/patch.diff?x=157157e2580000

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to checkout kernel repo https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/linux-6.1.y: failed to run ["git" "fetch" "--force" "4d52a57a3858a6eee0d0b25cc3a0c9533f747d8f" "linux-6.1.y"]: exit status 128


Tested on:

commit: [unknown
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux-6.1.y

kernel config: https://syzkaller.appspot.com/x/.config?x=cae1291240e8962a
dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler:

patch: https://syzkaller.appspot.com/x/patch.diff?x=11746932580000

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to checkout kernel repo https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/linux-6.12.y: failed to run ["git" "fetch" "--force" "4d52a57a3858a6eee0d0b25cc3a0c9533f747d8f" "linux-6.12.y"]: exit status 128


Tested on:

commit: [unknown
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git linux-6.12.y

kernel config: https://syzkaller.appspot.com/x/.config?x=cae1291240e8962a
dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler:

patch: https://syzkaller.appspot.com/x/patch.diff?x=10781f34580000

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

fs/ocfs2/ocfs2_fs.h:474:40: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:489:40: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:502:43: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:646:26: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:659:16: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:807:37: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:943:43: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:1030:39: error: expected ';' at end of declaration list

Tested on:

commit: d3d0b4e2 Linux 5.10.245
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.10.y

kernel config: https://syzkaller.appspot.com/x/.config?x=cae1291240e8962a
dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416

compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8

patch: https://syzkaller.appspot.com/x/patch.diff?x=13dd5e7c580000

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

fs/ocfs2/ocfs2_fs.h:472:40: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:487:40: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:500:43: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:644:26: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:657:16: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:805:37: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:941:43: error: expected ';' at end of declaration list
fs/ocfs2/ocfs2_fs.h:1028:39: error: expected ';' at end of declaration list


Tested on:

commit: 8e6e2188 Linux 6.1.157
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.1.y

kernel config: https://syzkaller.appspot.com/x/.config?x=cae1291240e8962a
dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8

patch: https://syzkaller.appspot.com/x/patch.diff?x=10ac432f980000

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+505447...@syzkaller.appspotmail.com
Tested-by: syzbot+505447...@syzkaller.appspotmail.com

Tested on:

commit: 4fc43deb Linux 6.12.55
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.12.y

console output: https://syzkaller.appspot.com/x/log.txt?x=104cf614580000
kernel config: https://syzkaller.appspot.com/x/.config?x=52b41b67187b07bc

dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8

patch: https://syzkaller.appspot.com/x/patch.diff?x=16db57e2580000

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 50.603759][ T6071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 50.628055][ T6071] device hsr_slave_0 entered promiscuous mode
[ 50.634560][ T6071] device hsr_slave_1 entered promiscuous mode
[ 50.690268][ T6071] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 50.700195][ T6071] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 50.709781][ T6071] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 50.722637][ T6071] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 50.757730][ T6071] 8021q: adding VLAN 0 to HW filter on device bond0
[ 50.772305][ T680] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 50.781426][ T680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 50.789385][ T680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 50.801728][ T6071] 8021q: adding VLAN 0 to HW filter on device team0
[ 50.812600][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 50.821807][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 50.831543][ T495] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.838798][ T495] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.847790][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 50.857308][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 50.866275][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.874998][ T495] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.882080][ T495] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.908369][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 50.917270][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 50.926633][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.935710][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.945718][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 50.954815][ T6071] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 51.012168][ T843] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 51.020300][ T843] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 51.030927][ T6071] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 51.044963][ T843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 51.063818][ T843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 51.073031][ T843] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 51.080851][ T843] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 51.090327][ T6071] device veth0_vlan entered promiscuous mode
[ 51.100297][ T6071] device veth1_vlan entered promiscuous mode
[ 51.115040][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 51.123244][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 51.131473][ T495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 51.141583][ T6071] device veth0_macvtap entered promiscuous mode
[ 51.149837][ T6071] device veth1_macvtap entered promiscuous mode
[ 51.162533][ T6071] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 51.170055][ T680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.179726][ T680] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 51.190174][ T6071] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 51.198081][ T680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.210537][ T6071] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.219647][ T6071] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.228883][ T6071] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.237581][ T6071] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.286123][ C0] ================================================================================
[ 51.295816][ C0] UBSAN: signed-integer-overflow in ./arch/x86/include/asm/atomic.h:165:11
[ 51.304667][ C0] 1999955851 + 717459701 cannot be represented in type 'int'
[ 51.312050][ C0] CPU: 0 PID: 6087 Comm: modprobe Not tainted syzkaller #0
[ 51.319308][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 51.329714][ C0] Call Trace:
[ 51.333454][ C0] <IRQ>
[ 51.336393][ C0] dump_stack+0xfd/0x16e
[ 51.340707][ C0] ubsan_epilogue+0xa/0x30
[ 51.345100][ C0] handle_overflow+0x192/0x1b0
[ 51.350225][ C0] ? prandom_u32+0x1d/0x1f0
[ 51.354817][ C0] ip_idents_reserve+0x14a/0x170
[ 51.359753][ C0] __ip_select_ident+0xe4/0x1c0
[ 51.364781][ C0] iptunnel_xmit+0x466/0x7b0
[ 51.369445][ C0] udp_tunnel_xmit_skb+0x1ba/0x290
[ 51.374631][ C0] geneve_xmit+0x1d05/0x2140
[ 51.379381][ C0] dev_hard_start_xmit+0x294/0x780
[ 51.384692][ C0] __dev_queue_xmit+0x1678/0x28b0
[ 51.390007][ C0] ip6_finish_output2+0x1020/0x1490
[ 51.395956][ C0] NF_HOOK+0x45/0x2c0
[ 51.400108][ C0] ? NF_HOOK+0x2c0/0x2c0
[ 51.404792][ C0] mld_sendpack+0x5f9/0xa70
[ 51.409535][ C0] mld_ifc_timer_expire+0x7e1/0x990
[ 51.415000][ C0] ? lock_acquire+0x78/0x310
[ 51.419746][ C0] ? lock_release+0x69/0x610
[ 51.424991][ C0] ? debug_object_deactivate+0x9b/0x250
[ 51.430534][ C0] ? mld_gq_timer_expire+0xe0/0xe0
[ 51.435630][ C0] call_timer_fn+0x105/0x440
[ 51.440234][ C0] ? mld_gq_timer_expire+0xe0/0xe0
[ 51.445680][ C0] __run_timers+0x5d8/0x7a0
[ 51.450943][ C0] ? __do_softirq+0x164/0x8ae
[ 51.455910][ C0] run_timer_softirq+0x19/0x30
[ 51.460883][ C0] __do_softirq+0x23c/0x8ae
[ 51.465518][ C0] ? asm_call_irq_on_stack+0xf/0x20
[ 51.471090][ C0] asm_call_irq_on_stack+0xf/0x20
[ 51.476189][ C0] </IRQ>
[ 51.479317][ C0] do_softirq_own_stack+0x6d/0xb0
[ 51.484818][ C0] __irq_exit_rcu+0x1e1/0x1f0
[ 51.489844][ C0] irq_exit_rcu+0x5/0x20
[ 51.494403][ C0] sysvec_apic_timer_interrupt+0x9d/0xb0
[ 51.500226][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 51.506392][ C0] RIP: 0010:find_next_bit+0x4d/0x100
[ 51.512330][ C0] Code: 49 39 de 0f 83 c9 00 00 00 49 bd 00 00 00 00 00 fc ff df 4c 89 f0 48 c1 e8 06 4d 8d 24 c7 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 <74> 08 4c 89 e7 e8 69 40 2b fe 4d 8b 24 24 44 89 f1 49 d3 ec 49 d3
[ 51.532540][ C0] RSP: 0000:ffffc9000197fb88 EFLAGS: 00000246
[ 51.539059][ C0] RAX: 1ffff1100369cd09 RBX: 0000000000000008 RCX: ffff88802a750000
[ 51.548074][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000
[ 51.557334][ C0] RBP: 00007fbce0785000 R08: dffffc0000000000 R09: fffffbfff1843df6
[ 51.565473][ C0] R10: fffffbfff1843df6 R11: 1ffffffff1843df5 R12: ffff88801b4e6848
[ 51.573525][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88801b4e6848
[ 51.581589][ C0] ? find_next_bit+0x23/0x100
[ 51.586345][ C0] ? cpumask_any_but+0x34/0x240
[ 51.591189][ C0] cpumask_any_but+0x4f/0x240
[ 51.596049][ C0] ? flush_tlb_mm_range+0x201/0x380
[ 51.601359][ C0] flush_tlb_mm_range+0x215/0x380
[ 51.606382][ C0] ptep_clear_flush+0x112/0x150
[ 51.611245][ C0] wp_page_copy+0x9d6/0x1460
[ 51.616083][ C0] handle_mm_fault+0xe2f/0x2930
[ 51.620923][ C0] ? lock_acquire+0x78/0x310
[ 51.625527][ C0] do_user_addr_fault+0x468/0xa50
[ 51.630531][ C0] ? asm_exc_page_fault+0x8/0x30
[ 51.635455][ C0] exc_page_fault+0x67/0x100
[ 51.640033][ C0] asm_exc_page_fault+0x1e/0x30
[ 51.644957][ C0] RIP: 0033:0x7fbce0a8d418
[ 51.649464][ C0] Code: fe ff ff 0f 1f 80 00 00 00 00 48 85 f6 0f 84 af 00 00 00 41 f6 85 56 03 00 00 20 0f 85 a1 00 00 00 49 8b 45 60 48 85 c0 74 04 <48> 01 70 08 49 8b 45 58 48 85 c0 74 04 48 01 70 08 49 8b 45 68 48
[ 51.669510][ C0] RSP: 002b:00007fff1b7ea470 EFLAGS: 00010206
[ 51.675853][ C0] RAX: 00007fbce0784e48 RBX: 0000000000000030 RCX: 00007fbce0787100
[ 51.684075][ C0] RDX: 00007fbce0784f78 RSI: 00007fbce077d000 RDI: 000000006fffffff
[ 51.692270][ C0] RBP: 00007fff1b7ea5c0 R08: 0000000000000006 R09: 00000000effffef5
[ 51.700403][ C0] R10: 0000000070000029 R11: 00007fff1b7ea6a8 R12: 00007fff1b7ea320
[ 51.708359][ C0] R13: 00007fbce07870c0 R14: 00007fff1b7ea660 R15: 00007fbce0786000
[ 51.716524][ C0] ================================================================================
[ 51.726370][ C0] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 51.733553][ C0] CPU: 0 PID: 6087 Comm: modprobe Not tainted syzkaller #0
[ 51.741165][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 51.751296][ C0] Call Trace:
[ 51.754602][ C0] <IRQ>
[ 51.757794][ C0] dump_stack+0xfd/0x16e
[ 51.762149][ C0] panic+0x2f0/0x9c0
[ 51.766043][ C0] check_panic_on_warn+0x95/0xe0
[ 51.771275][ C0] handle_overflow+0x192/0x1b0
[ 51.776058][ C0] ? prandom_u32+0x1d/0x1f0
[ 51.780668][ C0] ip_idents_reserve+0x14a/0x170
[ 51.785686][ C0] __ip_select_ident+0xe4/0x1c0
[ 51.790861][ C0] iptunnel_xmit+0x466/0x7b0
[ 51.795429][ C0] udp_tunnel_xmit_skb+0x1ba/0x290
[ 51.800528][ C0] geneve_xmit+0x1d05/0x2140
[ 51.805139][ C0] dev_hard_start_xmit+0x294/0x780
[ 51.810503][ C0] __dev_queue_xmit+0x1678/0x28b0
[ 51.815601][ C0] ip6_finish_output2+0x1020/0x1490
[ 51.820885][ C0] NF_HOOK+0x45/0x2c0
[ 51.825036][ C0] ? NF_HOOK+0x2c0/0x2c0
[ 51.829388][ C0] mld_sendpack+0x5f9/0xa70
[ 51.833972][ C0] mld_ifc_timer_expire+0x7e1/0x990
[ 51.839158][ C0] ? lock_acquire+0x78/0x310
[ 51.843815][ C0] ? lock_release+0x69/0x610
[ 51.848385][ C0] ? debug_object_deactivate+0x9b/0x250
[ 51.854001][ C0] ? mld_gq_timer_expire+0xe0/0xe0
[ 51.859287][ C0] call_timer_fn+0x105/0x440
[ 51.863873][ C0] ? mld_gq_timer_expire+0xe0/0xe0
[ 51.869096][ C0] __run_timers+0x5d8/0x7a0
[ 51.873677][ C0] ? __do_softirq+0x164/0x8ae
[ 51.878688][ C0] run_timer_softirq+0x19/0x30
[ 51.883527][ C0] __do_softirq+0x23c/0x8ae
[ 51.888285][ C0] ? asm_call_irq_on_stack+0xf/0x20
[ 51.893620][ C0] asm_call_irq_on_stack+0xf/0x20
[ 51.898854][ C0] </IRQ>
[ 51.901776][ C0] do_softirq_own_stack+0x6d/0xb0
[ 51.907074][ C0] __irq_exit_rcu+0x1e1/0x1f0
[ 51.911821][ C0] irq_exit_rcu+0x5/0x20
[ 51.916139][ C0] sysvec_apic_timer_interrupt+0x9d/0xb0
[ 51.922175][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 51.928546][ C0] RIP: 0010:find_next_bit+0x4d/0x100
[ 51.934285][ C0] Code: 49 39 de 0f 83 c9 00 00 00 49 bd 00 00 00 00 00 fc ff df 4c 89 f0 48 c1 e8 06 4d 8d 24 c7 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 <74> 08 4c 89 e7 e8 69 40 2b fe 4d 8b 24 24 44 89 f1 49 d3 ec 49 d3
[ 51.954297][ C0] RSP: 0000:ffffc9000197fb88 EFLAGS: 00000246
[ 51.961947][ C0] RAX: 1ffff1100369cd09 RBX: 0000000000000008 RCX: ffff88802a750000
[ 51.970379][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000
[ 51.978484][ C0] RBP: 00007fbce0785000 R08: dffffc0000000000 R09: fffffbfff1843df6
[ 51.987016][ C0] R10: fffffbfff1843df6 R11: 1ffffffff1843df5 R12: ffff88801b4e6848
[ 51.995520][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88801b4e6848
[ 52.003868][ C0] ? find_next_bit+0x23/0x100
[ 52.008862][ C0] ? cpumask_any_but+0x34/0x240
[ 52.014719][ C0] cpumask_any_but+0x4f/0x240
[ 52.020280][ C0] ? flush_tlb_mm_range+0x201/0x380
[ 52.026063][ C0] flush_tlb_mm_range+0x215/0x380
[ 52.032125][ C0] ptep_clear_flush+0x112/0x150
[ 52.037062][ C0] wp_page_copy+0x9d6/0x1460
[ 52.041758][ C0] handle_mm_fault+0xe2f/0x2930
[ 52.046829][ C0] ? lock_acquire+0x78/0x310
[ 52.051409][ C0] do_user_addr_fault+0x468/0xa50
[ 52.056512][ C0] ? asm_exc_page_fault+0x8/0x30
[ 52.061484][ C0] exc_page_fault+0x67/0x100
[ 52.066226][ C0] asm_exc_page_fault+0x1e/0x30
[ 52.071050][ C0] RIP: 0033:0x7fbce0a8d418
[ 52.075555][ C0] Code: fe ff ff 0f 1f 80 00 00 00 00 48 85 f6 0f 84 af 00 00 00 41 f6 85 56 03 00 00 20 0f 85 a1 00 00 00 49 8b 45 60 48 85 c0 74 04 <48> 01 70 08 49 8b 45 58 48 85 c0 74 04 48 01 70 08 49 8b 45 68 48
[ 52.095670][ C0] RSP: 002b:00007fff1b7ea470 EFLAGS: 00010206
[ 52.101714][ C0] RAX: 00007fbce0784e48 RBX: 0000000000000030 RCX: 00007fbce0787100
[ 52.109674][ C0] RDX: 00007fbce0784f78 RSI: 00007fbce077d000 RDI: 000000006fffffff
[ 52.117882][ C0] RBP: 00007fff1b7ea5c0 R08: 0000000000000006 R09: 00000000effffef5
[ 52.126099][ C0] R10: 0000000070000029 R11: 00007fff1b7ea6a8 R12: 00007fff1b7ea320
[ 52.134305][ C0] R13: 00007fbce07870c0 R14: 00007fff1b7ea660 R15: 00007fbce0786000
[ 52.142669][ C0] Kernel Offset: disabled
[ 52.147032][ C0] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2982762739=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at 7368264b463
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=7368264b463a401571d2eb381f50ea2a758e9d05 -X github.com/google/syzkaller/prog.gitRevisionDate=20250801-160258" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"7368264b463a401571d2eb381f50ea2a758e9d05\"
/usr/bin/ld: /tmp/ccSiEudZ.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=14449c92580000

Tested on:

commit: d3d0b4e2 Linux 5.10.245
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.10.y

kernel config: https://syzkaller.appspot.com/x/.config?x=39182a54870857eb

dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8

patch: https://syzkaller.appspot.com/x/patch.diff?x=145b6704580000

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+505447...@syzkaller.appspotmail.com
Tested-by: syzbot+505447...@syzkaller.appspotmail.com

Tested on:

commit: 8e6e2188 Linux 6.1.157
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.1.y

console output: https://syzkaller.appspot.com/x/log.txt?x=12424bcd980000
kernel config: https://syzkaller.appspot.com/x/.config?x=3fff88b67220f824

dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8

patch: https://syzkaller.appspot.com/x/patch.diff?x=1737c32f980000

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+505447...@syzkaller.appspotmail.com
Tested-by: syzbot+505447...@syzkaller.appspotmail.com

Tested on:

commit: 4408a3d6 Linux 6.12.56

git tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.12.y

console output: https://syzkaller.appspot.com/x/log.txt?x=11e10e14580000
kernel config: https://syzkaller.appspot.com/x/.config?x=52b41b67187b07bc

dashboard link: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8

patch: https://syzkaller.appspot.com/x/patch.diff?x=136bf614580000