| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <695e3ffb.050a0220.1c677c.0360.GAE@google.com>
Date: Wed, 07 Jan 2026 03:14:03 -0800
From: syzbot <syzbot+b4444e3c972a7a124187@...kaller.appspotmail.com>
To: chao@...nel.org, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [f2fs?] KASAN: use-after-free Read in f2fs_write_end_io (2)
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
nfigured BSSID 50:50:50:50:50:50
[ 100.257856][ T2781] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 101.371932][ T5396] chnl_net:caif_netlink_parms(): no params data found
[ 101.453583][ T5396] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.457639][ T5396] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.460714][ T5396] bridge_slave_0: entered allmulticast mode
[ 101.464837][ T5396] bridge_slave_0: entered promiscuous mode
[ 101.470155][ T5396] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.473256][ T5396] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.476836][ T5396] bridge_slave_1: entered allmulticast mode
[ 101.481154][ T5396] bridge_slave_1: entered promiscuous mode
[ 101.505814][ T5396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 101.511793][ T5396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 101.536111][ T5396] team0: Port device team_slave_0 added
[ 101.540599][ T5396] team0: Port device team_slave_1 added
[ 101.560790][ T5396] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 101.563830][ T5396] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 101.575130][ T5396] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 101.581701][ T5396] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 101.585906][ T5396] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 101.597285][ T5396] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 101.636014][ T5396] hsr_slave_0: entered promiscuous mode
[ 101.639181][ T5396] hsr_slave_1: entered promiscuous mode
[ 101.876756][ T5396] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 101.896280][ T5396] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 101.909331][ T5396] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 101.925590][ T5396] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 101.954391][ T5396] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.957643][ T5396] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 101.961577][ T5396] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.964901][ T5396] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 102.021878][ T5396] 8021q: adding VLAN 0 to HW filter on device bond0
[ 102.048170][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 102.052429][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 102.070087][ T5396] 8021q: adding VLAN 0 to HW filter on device team0
[ 102.090173][ T925] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.093477][ T925] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 102.110722][ T925] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.114037][ T925] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 102.178432][ T5396] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 102.428330][ T5396] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 102.500294][ T5396] veth0_vlan: entered promiscuous mode
[ 102.517479][ T5396] veth1_vlan: entered promiscuous mode
[ 102.561025][ T5396] veth0_macvtap: entered promiscuous mode
[ 102.577107][ T5396] veth1_macvtap: entered promiscuous mode
[ 102.602516][ T5396] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 102.626118][ T5396] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 102.647297][ T2642] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.656894][ T2642] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.677082][ T2642] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.689424][ T2642] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.892345][ T2642] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 102.956394][ T2642] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.026740][ T2642] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 103.136107][ T2642] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/01/07 11:13:24 executed programs: 0
[ 104.751420][ T46] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 104.758077][ T46] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 104.761677][ T46] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 104.765876][ T46] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 104.769685][ T46] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 104.912412][ T5436] chnl_net:caif_netlink_parms(): no params data found
[ 105.001561][ T5436] bridge0: port 1(bridge_slave_0) entered blocking state
[ 105.005158][ T5436] bridge0: port 1(bridge_slave_0) entered disabled state
[ 105.008448][ T5436] bridge_slave_0: entered allmulticast mode
[ 105.012249][ T5436] bridge_slave_0: entered promiscuous mode
[ 105.018886][ T5436] bridge0: port 2(bridge_slave_1) entered blocking state
[ 105.022146][ T5436] bridge0: port 2(bridge_slave_1) entered disabled state
[ 105.025711][ T5436] bridge_slave_1: entered allmulticast mode
[ 105.029956][ T5436] bridge_slave_1: entered promiscuous mode
[ 105.053264][ T5436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 105.059670][ T5436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 105.108629][ T5436] team0: Port device team_slave_0 added
[ 105.126216][ T5436] team0: Port device team_slave_1 added
[ 105.161624][ T5436] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 105.165010][ T5436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 105.177590][ T5436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 105.183670][ T5436] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 105.187495][ T5436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 105.200266][ T5436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 105.275262][ T5436] hsr_slave_0: entered promiscuous mode
[ 105.284607][ T5436] hsr_slave_1: entered promiscuous mode
[ 105.292649][ T5436] debugfs: 'hsr0' already exists in 'hsr'
[ 105.296130][ T5436] Cannot create hsr debugfs directory
[ 105.475509][ T2642] bridge_slave_1: left allmulticast mode
[ 105.478241][ T2642] bridge_slave_1: left promiscuous mode
[ 105.481543][ T2642] bridge0: port 2(bridge_slave_1) entered disabled state
[ 105.506238][ T2642] bridge_slave_0: left allmulticast mode
[ 105.508773][ T2642] bridge_slave_0: left promiscuous mode
[ 105.511341][ T2642] bridge0: port 1(bridge_slave_0) entered disabled state
[ 105.886322][ T2642] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 105.892992][ T2642] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 105.905613][ T2642] bond0 (unregistering): Released all slaves
[ 105.999430][ T2642] hsr_slave_0: left promiscuous mode
[ 106.004715][ T2642] hsr_slave_1: left promiscuous mode
[ 106.014745][ T2642] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 106.018213][ T2642] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 106.033799][ T2642] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 106.038368][ T2642] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 106.061634][ T2642] veth1_macvtap: left promiscuous mode
[ 106.071837][ T2642] veth0_macvtap: left promiscuous mode
[ 106.084326][ T2642] veth1_vlan: left promiscuous mode
[ 106.088805][ T2642] veth0_vlan: left promiscuous mode
[ 106.548267][ T2642] team0 (unregistering): Port device team_slave_1 removed
[ 106.570601][ T2642] team0 (unregistering): Port device team_slave_0 removed
[ 106.855281][ T46] Bluetooth: hci0: command tx timeout
[ 107.536913][ T5436] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 107.568089][ T5436] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 107.587709][ T5436] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 107.611328][ T5436] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 107.796353][ T5436] 8021q: adding VLAN 0 to HW filter on device bond0
[ 107.835009][ T5436] 8021q: adding VLAN 0 to HW filter on device team0
[ 107.848925][ T54] bridge0: port 1(bridge_slave_0) entered blocking state
[ 107.852072][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 107.879697][ T2642] bridge0: port 2(bridge_slave_1) entered blocking state
[ 107.883224][ T2642] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 108.180796][ T5436] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 108.253047][ T5436] veth0_vlan: entered promiscuous mode
[ 108.274611][ T5436] veth1_vlan: entered promiscuous mode
[ 108.326270][ T5436] veth0_macvtap: entered promiscuous mode
[ 108.337072][ T5436] veth1_macvtap: entered promiscuous mode
[ 108.369184][ T5436] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 108.385640][ T5436] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 108.420449][ T2781] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.436622][ T2781] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.443441][ T2781] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.477472][ T2781] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 108.552223][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.569980][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 108.614658][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 108.618211][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 109.867503][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 110.876798][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 111.584719][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 111.621395][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 111.727091][ T13] bridge_slave_1: left allmulticast mode
[ 111.729509][ T13] bridge_slave_1: left promiscuous mode
[ 111.732075][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 111.746340][ T13] bridge_slave_0: left allmulticast mode
[ 111.748648][ T13] bridge_slave_0: left promiscuous mode
[ 111.751051][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 112.145800][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 112.153209][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 112.158719][ T13] bond0 (unregistering): Released all slaves
[ 112.365086][ T13] hsr_slave_0: left promiscuous mode
[ 112.384247][ T13] hsr_slave_1: left promiscuous mode
[ 112.387287][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 112.390626][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 112.407206][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 112.410705][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 112.432088][ T13] veth1_macvtap: left promiscuous mode
[ 112.446121][ T13] veth0_macvtap: left promiscuous mode
[ 112.448802][ T13] veth1_vlan: left promiscuous mode
[ 112.451149][ T13] veth0_vlan: left promiscuous mode
[ 112.840491][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 112.867103][ T13] team0 (unregistering): Port device team_slave_0 removed
syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3375025284=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=<nil>)
HEAD detached at d1b870e1003b
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d1b870e1003b52891d2196c1e2ee42fe905010ba -X github.com/google/syzkaller/prog.gitRevisionDate=20251128-125159" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d1b870e1003b52891d2196c1e2ee42fe905010ba -X github.com/google/syzkaller/prog.gitRevisionDate=20251128-125159" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d1b870e1003b52891d2196c1e2ee42fe905010ba -X github.com/google/syzkaller/prog.gitRevisionDate=20251128-125159" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d1b870e1003b52891d2196c1e2ee42fe905010ba\"
/usr/bin/ld: /tmp/ccX6FRY7.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1106ef92580000
Tested on:
commit: 1860d530 f2fs: fix to avoid UAF in f2fs_write_end_io()
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git bugfix/syzbot
kernel config: https://syzkaller.appspot.com/x/.config?x=513255d80ab78f2b
dashboard link: https://syzkaller.appspot.com/bug?extid=b4444e3c972a7a124187
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Note: no patches were applied.
Powered by blists - more mailing lists