| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68fb4792.050a0220.346f24.00b8.GAE@google.com>
Date: Fri, 24 Oct 2025 02:32:02 -0700
From: syzbot <syzbot+7aef76bdb53b83d62a9e@...kaller.appspotmail.com>
To: dmantipov@...dex.ru, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [ocfs2?] kernel BUG in ocfs2_set_new_buffer_uptodate (2)
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
ace will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 47.395182][ T5971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 47.416728][ T5971] device hsr_slave_0 entered promiscuous mode
[ 47.423245][ T5971] device hsr_slave_1 entered promiscuous mode
[ 47.471639][ T5971] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 47.480389][ T5971] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 47.489086][ T5971] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 47.497565][ T5971] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 47.513466][ T5971] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.520632][ T5971] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 47.528003][ T5971] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.535131][ T5971] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.561198][ T5971] 8021q: adding VLAN 0 to HW filter on device bond0
[ 47.573567][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 47.582072][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.589977][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.597565][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 47.607679][ T5971] 8021q: adding VLAN 0 to HW filter on device team0
[ 47.616985][ T677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 47.625385][ T677] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.632487][ T677] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.642855][ T677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 47.651418][ T677] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.658498][ T677] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 47.672523][ T677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 47.681721][ T677] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 47.691754][ T786] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 47.702417][ T786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 47.713153][ T786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 47.723012][ T5971] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 47.769360][ T786] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 47.776980][ T786] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 47.788069][ T5971] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 47.802087][ T786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 47.817286][ T786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 47.825559][ T786] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 47.833747][ T786] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 47.843065][ T5971] device veth0_vlan entered promiscuous mode
[ 47.853007][ T5971] device veth1_vlan entered promiscuous mode
[ 47.868131][ T608] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 47.876210][ T608] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 47.884528][ T608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 47.894414][ T5971] device veth0_macvtap entered promiscuous mode
[ 47.903703][ T5971] device veth1_macvtap entered promiscuous mode
[ 47.916303][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 47.924143][ T677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 47.932868][ T677] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 47.943246][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 47.950987][ T677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 47.961028][ T5971] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 47.969989][ T5971] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 47.978838][ T5971] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 47.987799][ T5971] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 48.035897][ C1] ================================================================================
[ 48.045345][ C1] UBSAN: signed-integer-overflow in ./arch/x86/include/asm/atomic.h:165:11
[ 48.053952][ C1] 1251854394 + 1856889025 cannot be represented in type 'int'
[ 48.061418][ C1] CPU: 1 PID: 5984 Comm: modprobe Not tainted syzkaller #0
[ 48.068591][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 48.078727][ C1] Call Trace:
[ 48.081999][ C1] <IRQ>
[ 48.084847][ C1] dump_stack+0xfd/0x16e
[ 48.089084][ C1] ubsan_epilogue+0xa/0x30
[ 48.093473][ C1] handle_overflow+0x192/0x1b0
[ 48.098230][ C1] ? prandom_u32+0x1d/0x1f0
[ 48.102709][ C1] ip_idents_reserve+0x14a/0x170
[ 48.107672][ C1] __ip_select_ident+0xe4/0x1c0
[ 48.112497][ C1] iptunnel_xmit+0x466/0x7b0
[ 48.117065][ C1] udp_tunnel_xmit_skb+0x1ba/0x290
[ 48.122153][ C1] geneve_xmit+0x1d05/0x2140
[ 48.126729][ C1] dev_hard_start_xmit+0x294/0x780
[ 48.132192][ C1] __dev_queue_xmit+0x1678/0x28b0
[ 48.137274][ C1] ip6_finish_output2+0x1020/0x1490
[ 48.142557][ C1] NF_HOOK+0x45/0x2c0
[ 48.146551][ C1] ? NF_HOOK+0x2c0/0x2c0
[ 48.150889][ C1] mld_sendpack+0x5f9/0xa70
[ 48.155387][ C1] mld_ifc_timer_expire+0x7e1/0x990
[ 48.160579][ C1] ? lock_acquire+0x78/0x310
[ 48.165155][ C1] ? lock_release+0x69/0x610
[ 48.169820][ C1] ? debug_object_deactivate+0x9b/0x250
[ 48.175350][ C1] ? mld_gq_timer_expire+0xe0/0xe0
[ 48.180456][ C1] call_timer_fn+0x105/0x440
[ 48.185031][ C1] ? mld_gq_timer_expire+0xe0/0xe0
[ 48.190128][ C1] __run_timers+0x5d8/0x7a0
[ 48.194970][ C1] ? __do_softirq+0x164/0x8ae
[ 48.199635][ C1] run_timer_softirq+0x19/0x30
[ 48.204496][ C1] __do_softirq+0x23c/0x8ae
[ 48.208985][ C1] ? asm_call_irq_on_stack+0xf/0x20
[ 48.214251][ C1] asm_call_irq_on_stack+0xf/0x20
[ 48.219386][ C1] </IRQ>
[ 48.222309][ C1] do_softirq_own_stack+0x6d/0xb0
[ 48.227317][ C1] __irq_exit_rcu+0x1e1/0x1f0
[ 48.231975][ C1] irq_exit_rcu+0x5/0x20
[ 48.236201][ C1] sysvec_apic_timer_interrupt+0x9d/0xb0
[ 48.241991][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 48.247952][ C1] RIP: 0010:xas_next_entry+0x96/0x3d0
[ 48.253418][ C1] Code: b6 04 18 84 c0 0f 85 19 03 00 00 41 0f b6 2c 24 31 ff 89 ee e8 1b 31 de ff 85 ed 0f 85 f5 02 00 00 4c 89 64 24 18 49 8d 4f 12 <48> 89 0c 24 48 c1 e9 03 48 89 4c 24 20 0f b6 04 19 84 c0 0f 85 fc
[ 48.273552][ C1] RSP: 0000:ffffc900018ffc60 EFLAGS: 00000246
[ 48.279869][ C1] RAX: ffffffff81918485 RBX: dffffc0000000000 RCX: ffffc900018ffd2a
[ 48.287824][ C1] RDX: ffff888021f18000 RSI: 0000000000000000 RDI: 0000000000000000
[ 48.295956][ C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffff940000ad161
[ 48.304003][ C1] R10: fffff940000ad161 R11: 1ffffd40000ad160 R12: ffff8880245a3180
[ 48.312223][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc900018ffd18
[ 48.320216][ C1] ? xas_next_entry+0x85/0x3d0
[ 48.324967][ C1] ? unlock_page+0x17c/0x210
[ 48.329645][ C1] filemap_map_pages+0x5fe/0xa30
[ 48.334573][ C1] handle_mm_fault+0x16b8/0x2930
[ 48.339498][ C1] do_user_addr_fault+0x468/0xa50
[ 48.344635][ C1] ? asm_exc_page_fault+0x8/0x30
[ 48.349551][ C1] exc_page_fault+0x67/0x100
[ 48.354134][ C1] asm_exc_page_fault+0x1e/0x30
[ 48.359062][ C1] RIP: 0033:0x7f8f0a2e0a55
[ 48.363612][ C1] Code: d2 39 c1 0f 8f 7c 00 00 00 2d 80 0f 00 00 0f 86 a8 fc ff ff 45 31 c0 83 e8 60 0f 8f 8d 00 00 00 0f 1f 44 00 00 c5 fe 6f 04 17 <c5> fd 74 0c 16 c5 85 74 d0 c5 ed df c9 c5 fd d7 c9 ff c1 75 28 83
[ 48.383203][ C1] RSP: 002b:00007ffe9e48a9e8 EFLAGS: 00010283
[ 48.389369][ C1] RAX: 00000000ffffffbf RBX: 0000560d57518000 RCX: 00000000000003f0
[ 48.397494][ C1] RDX: 0000000000000000 RSI: 00007f8f0a4003f0 RDI: 00007ffe9e48af9f
[ 48.405577][ C1] RBP: 00007ffe9e48ab38 R08: 0000000000000000 R09: 00007f8f0a42fa60
[ 48.413539][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 48.421495][ C1] R13: 00007ffe9e48ab60 R14: 00007f8f0a460000 R15: 0000560d57519d98
[ 48.429493][ C1] ================================================================================
[ 48.438917][ C1] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 48.446229][ C1] CPU: 1 PID: 5984 Comm: modprobe Not tainted syzkaller #0
[ 48.453574][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 48.463620][ C1] Call Trace:
[ 48.466930][ C1] <IRQ>
[ 48.469786][ C1] dump_stack+0xfd/0x16e
[ 48.474260][ C1] panic+0x2f0/0x9c0
[ 48.478304][ C1] check_panic_on_warn+0x95/0xe0
[ 48.483324][ C1] handle_overflow+0x192/0x1b0
[ 48.488166][ C1] ? prandom_u32+0x1d/0x1f0
[ 48.492648][ C1] ip_idents_reserve+0x14a/0x170
[ 48.497566][ C1] __ip_select_ident+0xe4/0x1c0
[ 48.502403][ C1] iptunnel_xmit+0x466/0x7b0
[ 48.507007][ C1] udp_tunnel_xmit_skb+0x1ba/0x290
[ 48.512102][ C1] geneve_xmit+0x1d05/0x2140
[ 48.516699][ C1] dev_hard_start_xmit+0x294/0x780
[ 48.521904][ C1] __dev_queue_xmit+0x1678/0x28b0
[ 48.526917][ C1] ip6_finish_output2+0x1020/0x1490
[ 48.532265][ C1] NF_HOOK+0x45/0x2c0
[ 48.536362][ C1] ? NF_HOOK+0x2c0/0x2c0
[ 48.540600][ C1] mld_sendpack+0x5f9/0xa70
[ 48.545084][ C1] mld_ifc_timer_expire+0x7e1/0x990
[ 48.550256][ C1] ? lock_acquire+0x78/0x310
[ 48.554818][ C1] ? lock_release+0x69/0x610
[ 48.559386][ C1] ? debug_object_deactivate+0x9b/0x250
[ 48.564916][ C1] ? mld_gq_timer_expire+0xe0/0xe0
[ 48.570159][ C1] call_timer_fn+0x105/0x440
[ 48.574730][ C1] ? mld_gq_timer_expire+0xe0/0xe0
[ 48.580362][ C1] __run_timers+0x5d8/0x7a0
[ 48.584876][ C1] ? __do_softirq+0x164/0x8ae
[ 48.589741][ C1] run_timer_softirq+0x19/0x30
[ 48.594575][ C1] __do_softirq+0x23c/0x8ae
[ 48.599107][ C1] ? asm_call_irq_on_stack+0xf/0x20
[ 48.604286][ C1] asm_call_irq_on_stack+0xf/0x20
[ 48.609288][ C1] </IRQ>
[ 48.612210][ C1] do_softirq_own_stack+0x6d/0xb0
[ 48.617294][ C1] __irq_exit_rcu+0x1e1/0x1f0
[ 48.621954][ C1] irq_exit_rcu+0x5/0x20
[ 48.626175][ C1] sysvec_apic_timer_interrupt+0x9d/0xb0
[ 48.631799][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 48.637759][ C1] RIP: 0010:xas_next_entry+0x96/0x3d0
[ 48.643107][ C1] Code: b6 04 18 84 c0 0f 85 19 03 00 00 41 0f b6 2c 24 31 ff 89 ee e8 1b 31 de ff 85 ed 0f 85 f5 02 00 00 4c 89 64 24 18 49 8d 4f 12 <48> 89 0c 24 48 c1 e9 03 48 89 4c 24 20 0f b6 04 19 84 c0 0f 85 fc
[ 48.662984][ C1] RSP: 0000:ffffc900018ffc60 EFLAGS: 00000246
[ 48.669035][ C1] RAX: ffffffff81918485 RBX: dffffc0000000000 RCX: ffffc900018ffd2a
[ 48.677198][ C1] RDX: ffff888021f18000 RSI: 0000000000000000 RDI: 0000000000000000
[ 48.685542][ C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffff940000ad161
[ 48.693603][ C1] R10: fffff940000ad161 R11: 1ffffd40000ad160 R12: ffff8880245a3180
[ 48.701553][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc900018ffd18
[ 48.709709][ C1] ? xas_next_entry+0x85/0x3d0
[ 48.714730][ C1] ? unlock_page+0x17c/0x210
[ 48.719314][ C1] filemap_map_pages+0x5fe/0xa30
[ 48.724318][ C1] handle_mm_fault+0x16b8/0x2930
[ 48.729240][ C1] do_user_addr_fault+0x468/0xa50
[ 48.734236][ C1] ? asm_exc_page_fault+0x8/0x30
[ 48.739360][ C1] exc_page_fault+0x67/0x100
[ 48.743925][ C1] asm_exc_page_fault+0x1e/0x30
[ 48.748752][ C1] RIP: 0033:0x7f8f0a2e0a55
[ 48.753345][ C1] Code: d2 39 c1 0f 8f 7c 00 00 00 2d 80 0f 00 00 0f 86 a8 fc ff ff 45 31 c0 83 e8 60 0f 8f 8d 00 00 00 0f 1f 44 00 00 c5 fe 6f 04 17 <c5> fd 74 0c 16 c5 85 74 d0 c5 ed df c9 c5 fd d7 c9 ff c1 75 28 83
[ 48.773588][ C1] RSP: 002b:00007ffe9e48a9e8 EFLAGS: 00010283
[ 48.779672][ C1] RAX: 00000000ffffffbf RBX: 0000560d57518000 RCX: 00000000000003f0
[ 48.787743][ C1] RDX: 0000000000000000 RSI: 00007f8f0a4003f0 RDI: 00007ffe9e48af9f
[ 48.796300][ C1] RBP: 00007ffe9e48ab38 R08: 0000000000000000 R09: 00007f8f0a42fa60
[ 48.804330][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 48.812278][ C1] R13: 00007ffe9e48ab60 R14: 00007f8f0a460000 R15: 0000560d57519d98
[ 48.820381][ C1] Kernel Offset: disabled
[ 48.824731][ C1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3457238269=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=<nil>)
HEAD detached at e2beed91937
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=e2beed91937c0ace342f19a2e9afb67adb3a828a -X github.com/google/syzkaller/prog.gitRevisionDate=20250911-084951" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=e2beed91937c0ace342f19a2e9afb67adb3a828a -X github.com/google/syzkaller/prog.gitRevisionDate=20250911-084951" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=e2beed91937c0ace342f19a2e9afb67adb3a828a -X github.com/google/syzkaller/prog.gitRevisionDate=20250911-084951" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"e2beed91937c0ace342f19a2e9afb67adb3a828a\"
/usr/bin/ld: /tmp/cciE1xKJ.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=166e93e2580000
Tested on:
commit: d3d0b4e2 Linux 5.10.245
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.10.y
kernel config: https://syzkaller.appspot.com/x/.config?x=39182a54870857eb
dashboard link: https://syzkaller.appspot.com/bug?extid=7aef76bdb53b83d62a9e
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=111d0be2580000
Powered by blists - more mailing lists