* [syzbot] [usb?] memory leak in es58x_open
@ 2025-12-22 5:27 syzbot
2026-01-12 15:06 ` Oliver Neukum
0 siblings, 1 reply; 3+ messages in thread
From: syzbot @ 2025-12-22 5:27 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: ea1013c15392 Merge tag 'bpf-fixes' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1607bdc2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=d60836e327fd6756
dashboard link: https://syzkaller.appspot.com/bug?extid=e8cb6691a7cf68256cb8
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=131add92580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5ee91238d53c/disk-ea1013c1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b8eb70b8203f/vmlinux-ea1013c1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3aed81c1b1c5/bzImage-ea1013c1.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e8cb6691a7cf68256cb8@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff88812623e000 (size 512):
comm "dhcpcd", pid 5478, jiffies 4294946142
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 0):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4958 [inline]
slab_alloc_node mm/slub.c:5263 [inline]
__do_kmalloc_node mm/slub.c:5656 [inline]
__kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
kmalloc_noprof include/linux/slab.h:961 [inline]
hcd_buffer_alloc+0x151/0x190 drivers/usb/core/buffer.c:134
usb_alloc_coherent+0x44/0x70 drivers/usb/core/usb.c:1010
es58x_alloc_urb+0x4c/0xc0 drivers/net/can/usb/etas_es58x/es58x_core.c:1553
es58x_alloc_rx_urbs drivers/net/can/usb/etas_es58x/es58x_core.c:1711 [inline]
es58x_open+0x1b3/0x470 drivers/net/can/usb/etas_es58x/es58x_core.c:1785
__dev_open+0x1be/0x3c0 net/core/dev.c:1683
__dev_change_flags+0x30c/0x380 net/core/dev.c:9734
netif_change_flags+0x35/0x90 net/core/dev.c:9797
dev_change_flags+0x64/0xf0 net/core/dev_api.c:68
devinet_ioctl+0x5bf/0xd30 net/ipv4/devinet.c:1199
inet_ioctl+0x27c/0x2b0 net/ipv4/af_inet.c:1009
sock_do_ioctl+0x84/0x1a0 net/socket.c:1254
sock_ioctl+0x149/0x480 net/socket.c:1375
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl fs/ioctl.c:583 [inline]
__x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888126112200 (size 512):
comm "dhcpcd", pid 5478, jiffies 4294946373
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 0):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4958 [inline]
slab_alloc_node mm/slub.c:5263 [inline]
__do_kmalloc_node mm/slub.c:5656 [inline]
__kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
kmalloc_noprof include/linux/slab.h:961 [inline]
hcd_buffer_alloc+0x151/0x190 drivers/usb/core/buffer.c:134
usb_alloc_coherent+0x44/0x70 drivers/usb/core/usb.c:1010
es58x_alloc_urb+0x4c/0xc0 drivers/net/can/usb/etas_es58x/es58x_core.c:1553
es58x_alloc_rx_urbs drivers/net/can/usb/etas_es58x/es58x_core.c:1711 [inline]
es58x_open+0x1b3/0x470 drivers/net/can/usb/etas_es58x/es58x_core.c:1785
__dev_open+0x1be/0x3c0 net/core/dev.c:1683
__dev_change_flags+0x30c/0x380 net/core/dev.c:9734
netif_change_flags+0x35/0x90 net/core/dev.c:9797
dev_change_flags+0x64/0xf0 net/core/dev_api.c:68
devinet_ioctl+0x5bf/0xd30 net/ipv4/devinet.c:1199
inet_ioctl+0x27c/0x2b0 net/ipv4/af_inet.c:1009
sock_do_ioctl+0x84/0x1a0 net/socket.c:1254
sock_ioctl+0x149/0x480 net/socket.c:1375
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl fs/ioctl.c:583 [inline]
__x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888126188800 (size 512):
comm "dhcpcd", pid 5478, jiffies 4294946404
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 0):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4958 [inline]
slab_alloc_node mm/slub.c:5263 [inline]
__do_kmalloc_node mm/slub.c:5656 [inline]
__kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
kmalloc_noprof include/linux/slab.h:961 [inline]
hcd_buffer_alloc+0x151/0x190 drivers/usb/core/buffer.c:134
usb_alloc_coherent+0x44/0x70 drivers/usb/core/usb.c:1010
es58x_alloc_urb+0x4c/0xc0 drivers/net/can/usb/etas_es58x/es58x_core.c:1553
es58x_alloc_rx_urbs drivers/net/can/usb/etas_es58x/es58x_core.c:1711 [inline]
es58x_open+0x1b3/0x470 drivers/net/can/usb/etas_es58x/es58x_core.c:1785
__dev_open+0x1be/0x3c0 net/core/dev.c:1683
__dev_change_flags+0x30c/0x380 net/core/dev.c:9734
netif_change_flags+0x35/0x90 net/core/dev.c:9797
dev_change_flags+0x64/0xf0 net/core/dev_api.c:68
devinet_ioctl+0x5bf/0xd30 net/ipv4/devinet.c:1199
inet_ioctl+0x27c/0x2b0 net/ipv4/af_inet.c:1009
sock_do_ioctl+0x84/0x1a0 net/socket.c:1254
sock_ioctl+0x149/0x480 net/socket.c:1375
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl fs/ioctl.c:583 [inline]
__x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [syzbot] [usb?] memory leak in es58x_open
2025-12-22 5:27 [syzbot] [usb?] memory leak in es58x_open syzbot
@ 2026-01-12 15:06 ` Oliver Neukum
2026-01-12 15:41 ` syzbot
0 siblings, 1 reply; 3+ messages in thread
From: Oliver Neukum @ 2026-01-12 15:06 UTC (permalink / raw)
To: syzbot, gregkh, linux-kernel, linux-usb, syzkaller-bugs
[-- Attachment #1: Type: text/plain, Size: 6581 bytes --]
#syz test: upstream ea1013c15392
On 22.12.25 06:27, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: ea1013c15392 Merge tag 'bpf-fixes' of git://git.kernel.org..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1607bdc2580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=d60836e327fd6756
> dashboard link: https://syzkaller.appspot.com/bug?extid=e8cb6691a7cf68256cb8
> compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=131add92580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/5ee91238d53c/disk-ea1013c1.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/b8eb70b8203f/vmlinux-ea1013c1.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/3aed81c1b1c5/bzImage-ea1013c1.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+e8cb6691a7cf68256cb8@syzkaller.appspotmail.com
>
> BUG: memory leak
> unreferenced object 0xffff88812623e000 (size 512):
> comm "dhcpcd", pid 5478, jiffies 4294946142
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace (crc 0):
> kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
> slab_post_alloc_hook mm/slub.c:4958 [inline]
> slab_alloc_node mm/slub.c:5263 [inline]
> __do_kmalloc_node mm/slub.c:5656 [inline]
> __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
> kmalloc_noprof include/linux/slab.h:961 [inline]
> hcd_buffer_alloc+0x151/0x190 drivers/usb/core/buffer.c:134
> usb_alloc_coherent+0x44/0x70 drivers/usb/core/usb.c:1010
> es58x_alloc_urb+0x4c/0xc0 drivers/net/can/usb/etas_es58x/es58x_core.c:1553
> es58x_alloc_rx_urbs drivers/net/can/usb/etas_es58x/es58x_core.c:1711 [inline]
> es58x_open+0x1b3/0x470 drivers/net/can/usb/etas_es58x/es58x_core.c:1785
> __dev_open+0x1be/0x3c0 net/core/dev.c:1683
> __dev_change_flags+0x30c/0x380 net/core/dev.c:9734
> netif_change_flags+0x35/0x90 net/core/dev.c:9797
> dev_change_flags+0x64/0xf0 net/core/dev_api.c:68
> devinet_ioctl+0x5bf/0xd30 net/ipv4/devinet.c:1199
> inet_ioctl+0x27c/0x2b0 net/ipv4/af_inet.c:1009
> sock_do_ioctl+0x84/0x1a0 net/socket.c:1254
> sock_ioctl+0x149/0x480 net/socket.c:1375
> vfs_ioctl fs/ioctl.c:51 [inline]
> __do_sys_ioctl fs/ioctl.c:597 [inline]
> __se_sys_ioctl fs/ioctl.c:583 [inline]
> __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
> do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> BUG: memory leak
> unreferenced object 0xffff888126112200 (size 512):
> comm "dhcpcd", pid 5478, jiffies 4294946373
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace (crc 0):
> kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
> slab_post_alloc_hook mm/slub.c:4958 [inline]
> slab_alloc_node mm/slub.c:5263 [inline]
> __do_kmalloc_node mm/slub.c:5656 [inline]
> __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
> kmalloc_noprof include/linux/slab.h:961 [inline]
> hcd_buffer_alloc+0x151/0x190 drivers/usb/core/buffer.c:134
> usb_alloc_coherent+0x44/0x70 drivers/usb/core/usb.c:1010
> es58x_alloc_urb+0x4c/0xc0 drivers/net/can/usb/etas_es58x/es58x_core.c:1553
> es58x_alloc_rx_urbs drivers/net/can/usb/etas_es58x/es58x_core.c:1711 [inline]
> es58x_open+0x1b3/0x470 drivers/net/can/usb/etas_es58x/es58x_core.c:1785
> __dev_open+0x1be/0x3c0 net/core/dev.c:1683
> __dev_change_flags+0x30c/0x380 net/core/dev.c:9734
> netif_change_flags+0x35/0x90 net/core/dev.c:9797
> dev_change_flags+0x64/0xf0 net/core/dev_api.c:68
> devinet_ioctl+0x5bf/0xd30 net/ipv4/devinet.c:1199
> inet_ioctl+0x27c/0x2b0 net/ipv4/af_inet.c:1009
> sock_do_ioctl+0x84/0x1a0 net/socket.c:1254
> sock_ioctl+0x149/0x480 net/socket.c:1375
> vfs_ioctl fs/ioctl.c:51 [inline]
> __do_sys_ioctl fs/ioctl.c:597 [inline]
> __se_sys_ioctl fs/ioctl.c:583 [inline]
> __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
> do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> BUG: memory leak
> unreferenced object 0xffff888126188800 (size 512):
> comm "dhcpcd", pid 5478, jiffies 4294946404
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace (crc 0):
> kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
> slab_post_alloc_hook mm/slub.c:4958 [inline]
> slab_alloc_node mm/slub.c:5263 [inline]
> __do_kmalloc_node mm/slub.c:5656 [inline]
> __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
> kmalloc_noprof include/linux/slab.h:961 [inline]
> hcd_buffer_alloc+0x151/0x190 drivers/usb/core/buffer.c:134
> usb_alloc_coherent+0x44/0x70 drivers/usb/core/usb.c:1010
> es58x_alloc_urb+0x4c/0xc0 drivers/net/can/usb/etas_es58x/es58x_core.c:1553
> es58x_alloc_rx_urbs drivers/net/can/usb/etas_es58x/es58x_core.c:1711 [inline]
> es58x_open+0x1b3/0x470 drivers/net/can/usb/etas_es58x/es58x_core.c:1785
> __dev_open+0x1be/0x3c0 net/core/dev.c:1683
> __dev_change_flags+0x30c/0x380 net/core/dev.c:9734
> netif_change_flags+0x35/0x90 net/core/dev.c:9797
> dev_change_flags+0x64/0xf0 net/core/dev_api.c:68
> devinet_ioctl+0x5bf/0xd30 net/ipv4/devinet.c:1199
> inet_ioctl+0x27c/0x2b0 net/ipv4/af_inet.c:1009
> sock_do_ioctl+0x84/0x1a0 net/socket.c:1254
> sock_ioctl+0x149/0x480 net/socket.c:1375
> vfs_ioctl fs/ioctl.c:51 [inline]
> __do_sys_ioctl fs/ioctl.c:597 [inline]
> __se_sys_ioctl fs/ioctl.c:583 [inline]
> __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
> do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
[-- Attachment #2: 0001-net-can-etas_es58x-full-cleanup-in-the-error-case.patch --]
[-- Type: text/x-patch, Size: 1015 bytes --]
From 2c7239b8c86df91fad816365f5ae79806726780f Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@suse.com>
Date: Mon, 12 Jan 2026 16:01:39 +0100
Subject: [PATCH] net: can: etas_es58x: full cleanup in the error case
Memory allocation can fail in the middle. Hence the cleanup
needs to be called in every case.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
---
drivers/net/can/usb/etas_es58x/es58x_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/can/usb/etas_es58x/es58x_core.c b/drivers/net/can/usb/etas_es58x/es58x_core.c
index f799233c2b72..8a8764374713 100644
--- a/drivers/net/can/usb/etas_es58x/es58x_core.c
+++ b/drivers/net/can/usb/etas_es58x/es58x_core.c
@@ -1783,8 +1783,9 @@ static int es58x_open(struct net_device *netdev)
if (!es58x_dev->opened_channel_cnt) {
ret = es58x_alloc_rx_urbs(es58x_dev);
+ /* can fail partially */
if (ret)
- return ret;
+ goto free_urbs;
ret = es58x_set_realtime_diff_ns(es58x_dev);
if (ret)
--
2.52.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [syzbot] [usb?] memory leak in es58x_open
2026-01-12 15:06 ` Oliver Neukum
@ 2026-01-12 15:41 ` syzbot
0 siblings, 0 replies; 3+ messages in thread
From: syzbot @ 2026-01-12 15:41 UTC (permalink / raw)
To: gregkh, linux-kernel, linux-usb, oneukum, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
SYZFAIL: failed to recv rpc
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
Warning: Permanently added '10.128.1.250' (ED25519) to the list of known hosts.
2026/01/12 15:39:49 parsed 1 programs
[ 39.963494][ T5813] cgroup: Unknown subsys name 'net'
[ 40.103368][ T5813] cgroup: Unknown subsys name 'cpuset'
[ 40.109916][ T5813] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 48.347269][ T5813] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 49.687016][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 49.785190][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 49.793415][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 49.801131][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 49.808915][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 49.817199][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 50.057495][ T5862] chnl_net:caif_netlink_parms(): no params data found
[ 50.132087][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.139201][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.146327][ T5862] bridge_slave_0: entered allmulticast mode
[ 50.152825][ T5862] bridge_slave_0: entered promiscuous mode
[ 50.160009][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.167192][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.174469][ T5862] bridge_slave_1: entered allmulticast mode
[ 50.180779][ T5862] bridge_slave_1: entered promiscuous mode
[ 50.198949][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 50.210355][ T3872] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 50.242429][ T3872] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 50.256034][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 50.305124][ T5862] team0: Port device team_slave_0 added
[ 50.311524][ T5862] team0: Port device team_slave_1 added
[ 50.353622][ T3872] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 50.372727][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 50.379702][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 50.382412][ T3872] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 50.422457][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 50.443561][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 50.450530][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 50.479376][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 50.520286][ T5862] hsr_slave_0: entered promiscuous mode
[ 50.528206][ T5862] hsr_slave_1: entered promiscuous mode
[ 50.575270][ T5862] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 50.583434][ T5862] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 50.593529][ T5862] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 50.601231][ T5862] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 50.612864][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.620170][ T5862] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.627441][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.634675][ T5862] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.652277][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0
[ 50.662027][ T3872] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.669584][ T3872] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.678510][ T5862] 8021q: adding VLAN 0 to HW filter on device team0
[ 50.687662][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.696353][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.706281][ T3872] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.713530][ T3872] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.755069][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 50.770311][ T5862] veth0_vlan: entered promiscuous mode
[ 50.778084][ T5862] veth1_vlan: entered promiscuous mode
[ 50.789108][ T5862] veth0_macvtap: entered promiscuous mode
[ 50.796333][ T5862] veth1_macvtap: entered promiscuous mode
[ 50.805818][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 50.815297][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 50.824977][ T66] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 50.834158][ T66] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 50.843049][ T66] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
2026/01/12 15:40:01 executed programs: 0
[ 50.851843][ T66] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 50.903025][ T5134] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 50.910733][ T5134] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 50.918124][ T5134] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 50.926133][ T5134] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 50.933518][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 50.970628][ T5923] chnl_net:caif_netlink_parms(): no params data found
[ 50.989625][ T5923] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.997000][ T5923] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.004306][ T5923] bridge_slave_0: entered allmulticast mode
[ 51.010653][ T5923] bridge_slave_0: entered promiscuous mode
[ 51.017676][ T5923] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.024890][ T5923] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.032192][ T5923] bridge_slave_1: entered allmulticast mode
[ 51.038673][ T5923] bridge_slave_1: entered promiscuous mode
[ 51.050271][ T5923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 51.060029][ T5923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 51.074182][ T5923] team0: Port device team_slave_0 added
[ 51.080381][ T5923] team0: Port device team_slave_1 added
[ 51.090562][ T5923] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 51.097738][ T5923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 51.124023][ T5923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 51.135475][ T5923] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 51.142668][ T5923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 51.169658][ T5923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 51.189046][ T5923] hsr_slave_0: entered promiscuous mode
[ 51.195147][ T5923] hsr_slave_1: entered promiscuous mode
[ 51.201004][ T5923] debugfs: 'hsr0' already exists in 'hsr'
[ 51.207042][ T5923] Cannot create hsr debugfs directory
[ 51.234064][ T5923] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 51.241753][ T5923] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 51.249447][ T5923] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 51.257093][ T5923] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 51.269460][ T5923] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.276582][ T5923] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.283826][ T5923] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.290841][ T5923] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.308368][ T5923] 8021q: adding VLAN 0 to HW filter on device bond0
[ 51.316859][ T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.325225][ T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.335401][ T5923] 8021q: adding VLAN 0 to HW filter on device team0
[ 51.344297][ T66] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.351609][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.360918][ T35] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.368021][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.409057][ T5923] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 51.424572][ T5923] veth0_vlan: entered promiscuous mode
[ 51.432514][ T5923] veth1_vlan: entered promiscuous mode
[ 51.444137][ T5923] veth0_macvtap: entered promiscuous mode
[ 51.451047][ T5923] veth1_macvtap: entered promiscuous mode
[ 51.460333][ T5923] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 51.469762][ T5923] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 51.479272][ T3872] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.488352][ T3872] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.497509][ T3872] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.506403][ T3872] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.526202][ T3872] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 51.534861][ T3872] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 51.545823][ T3872] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 51.553870][ T3872] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3306654363=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=<nil>)
HEAD detached at d6526ea3e
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d6526ea3e6ad9081c902859bbb80f9f840377cb4\"
/usr/bin/ld: /tmp/ccZk5Jco.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null
Tested on:
commit: ea1013c1 Merge tag 'bpf-fixes' of git://git.kernel.org..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel config: https://syzkaller.appspot.com/x/.config?x=d60836e327fd6756
dashboard link: https://syzkaller.appspot.com/bug?extid=e8cb6691a7cf68256cb8
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=122ee5fa580000
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-01-12 15:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-22 5:27 [syzbot] [usb?] memory leak in es58x_open syzbot
2026-01-12 15:06 ` Oliver Neukum
2026-01-12 15:41 ` syzbot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox