lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <6847f1f6.a70a0220.27c366.0061.GAE@google.com>
Date: Tue, 10 Jun 2025 01:51:02 -0700
From: syzbot <syzbot+1ec2f6a450f0b54af8c8@...kaller.appspotmail.com>
To: hdanton@...a.com, linux-kernel@...r.kernel.org, 
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] KASAN: use-after-free Read in __linkwatch_run_queue

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

[  190.178605][ T3436]      task_work_run+0x78/0xd4
[  190.178605][ T3436]      do_exit+0x24c/0x930
[  190.178605][ T3436]      do_group_exit+0x34/0x90
[  190.178605][ T3436]      pid_child_should_wake+0x0/0x5c
[  190.178605][ T3436]      invoke_syscall+0x48/0x110
[  190.178605][ T3436]      el0_svc_common.constprop.0+0x40/0xe0
[  190.178605][ T3436]      do_el0_svc+0x1c/0x28
[  190.178605][ T3436]      el0_svc+0xa8/0x124
[  190.178605][ T3436]      el0t_64_sync_handler+0x10c/0x138
[  190.178605][ T3436]      el0t_64_sync+0x1a4/0x1a8
[  190.178605][ T3436] 
[  190.228833][ T2102] unregister_netdevice: waiting for netdevsim3 to become free. Usage count = 2
[  190.230735][ T2102] ref_tracker: eth%d@...00000c82ae5fb has 1/1 users at
[  190.230735][ T2102]      linkwatch_fire_event+0x124/0x170
[  190.230735][ T2102]      netif_carrier_off+0x3c/0x94
[  190.230735][ T2102]      nsim_stop+0x20/0xd4
[  190.230735][ T2102]      __dev_close_many+0xbc/0x208
[  190.230735][ T2102]      dev_close_many+0xb0/0x184
[  190.230735][ T2102]      unregister_netdevice_many_notify+0x194/0xadc
[  190.230735][ T2102]      unregister_netdevice_queue+0xec/0x12c
[  190.230735][ T2102]      nsim_destroy+0x60/0x150
[  190.230735][ T2102]      __nsim_dev_port_del+0x58/0x8c
[  190.230735][ T2102]      nsim_dev_reload_destroy+0x70/0x130
[  190.230735][ T2102]      nsim_dev_reload_down+0x24/0x5c
[  190.230735][ T2102]      devlink_reload+0x78/0x2cc
[  190.230735][ T2102]      devlink_pernet_pre_exit+0xd4/0x148
[  190.230735][ T2102]      ops_undo_list+0x8c/0x23c
[  190.230735][ T2102]      cleanup_net+0x1f8/0x3d0
[  190.230735][ T2102]      process_one_work+0x178/0x2cc
[  190.230735][ T2102] 

VM DIAGNOSIS:
08:49:39  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000808cbe78 X00=0000000000000002 X01=0000000000000018
X02=ffff800082cd5018 X03=ffff800082a93160 X04=f9f00000030dd080
X05=0000000000000072 X06=000000000000000a X07=0000000000000000
X08=7f7f7f7f7f7f7f7f X09=ffff800082a93190 X10=0000000000000001
X11=ffff8000830b3e10 X12=ffff8000829e0168 X13=ffff8000830b3b7d
X14=ffff8000830b3b88 X15=ffff8000830b39f0 X16=00000000b21b6dbc
X17=00000000cb486fb5 X18=00000000ffffffff X19=f6f000000303b077
X20=ffff8000808cbf28 X21=f9f00000030dd080 X22=f6f000000303b077
X23=ffff8000808cbf28 X24=000000000000037d X25=0000000000000001
X26=f2f00000032b5b40 X27=0000000000000000 X28=0000000000000000
X29=ffff8000830b3c90 X30=ffff8000808cbf50  SP=ffff8000830b3c90
PSTATE=814020c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000010
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3fd040b9c43ccc73
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3fd3333333333333
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:4192950384000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:72f1afb4f1977729:f160d24104bbfccb
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bf898c0527c9d117:e9b5e5f6290a35f7
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:155438e8b0885b01:6424fbf699fd98b4
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:caac770d9cb4e7f1:2264182514179617
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6b9a14e76a498dfa:e66bf7d2cde7cab3
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c3e8b28178f8a364:28b175fbdd869837
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f1fd7ae76558d840:c289317c1109b285
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:cd8eb63f771925cc:9c6f0f49a83bcb7f
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:775e3ea536d2040f:099b24d7639968aa
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:a58046e2fb7bf1bd:cb546256d4d6994f
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:7d5540a18e90912b:66de107f74d3e462
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f9af977d8c41e6cf:6bb516ffe6268900
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:612c18dc0ceed46d:f73a681b6535faac
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:4ed35c21df472cd3
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:8f1bbcdc8f1bbcdc
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ca62c1d6ca62c1d6
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6ed9eba15a827999
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6f453a7d6f453a7d:6f453a7d6f453a7d
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:7402081e7402081e:7402081e7402081e
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:62c20b1762c20b17:62c20b1762c20b17
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:55799b9b55799b9b:55799b9b55799b9b
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2f21a6f82f21a6f8:2f21a6f82f21a6f8
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:cfde6eb1cfde6eb1:cfde6eb1cfde6eb1
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6036fbdf6036fbdf:6036fbdf6036fbdf
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b09738e5b09738e5:b09738e5b09738e5
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000002:7962a9c3309ca05e
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0e0d0c0f0a09080b:0605040702010003
info registers vcpu 1

CPU#1
 PC=ffff800080020cfc X00=0000000000000001 X01=ffff8000891b3830
X02=ffff8000891b3b30 X03=0000000000000040 X04=ffff8000891b4000
X05=ffff8000891b32f8 X06=ffff8000891b3310 X07=ffff8000891b3d80
X08=ffff8000891b3298 X09=0000000000002d40 X10=f4f000008866959a
X11=0101010101010101 X12=0000000000000029 X13=0000000000000000
X14=ffffffffffffffff X15=ffff8000891b3560 X16=0000000000000000
X17=0000000000000000 X18=00000000ffffffff X19=0000000000002d40
X20=0000000000000003 X21=0000000000002d40 X22=0000000000000050
X23=0000000000136780 X24=fff000007a336780 X25=fff000007a200000
X26=faf0000005a96ec0 X27=ffff800082c44180 X28=000000008a113678
X29=ffff8000891b3290 X30=ffff800080135d8c  SP=ffff8000891b3280
PSTATE=81402809 N--- EL2h  SVCR=00000000 --  BTYPE=2     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6b000a32203d2074:6e756f6320656761
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00ff000000000000:0000000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0100000000000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000ff0000ff00:00ff0000000000ff
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000f00f00f00000f
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:726f6620676e6974:696177203a656369
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:696177203a656369:76656474656e5f72
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6e75745f7a797320:726f6620676e6974
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffcb805360:0000ffffcb805360
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffcb805330
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000


syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/toolchain@...0.1-go1.23.7.linux-amd64'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/toolchain@...0.1-go1.23.7.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.7'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build4094526140=/tmp/go-build -gno-record-gcc-switches'

git status (err=<nil>)
HEAD detached at 4826c28ef2
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go: downloading github.com/prometheus/client_golang v1.22.0
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=arm64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=4826c28ef2aca1ee7dba7111e48d3b6a9c83d9a8 -X github.com/google/syzkaller/prog.gitRevisionDate=20250606-171009"  -o ./bin/linux_arm64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_arm64
aarch64-linux-gnu-g++ -o ./bin/linux_arm64/syz-executor executor/executor.cc \
	-O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_arm64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"4826c28ef2aca1ee7dba7111e48d3b6a9c83d9a8\"
go: downloading github.com/klauspost/compress v1.18.0
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: /tmp/cc4lBGkG.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0xd8): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1472aa82580000


Tested on:

commit:         f09079bd Merge tag 'powerpc-6.16-2' of git://git.kerne..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=2f8ce980f626e3f9
dashboard link: https://syzkaller.appspot.com/bug?extid=1ec2f6a450f0b54af8c8
compiler:       aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch:          https://syzkaller.appspot.com/x/patch.diff?x=127669d4580000

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ