From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ot1-f69.google.com (mail-ot1-f69.google.com [209.85.210.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 81F84296BA7 for ; Sun, 4 Jan 2026 20:09:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.69 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767557346; cv=none; b=oiwpY5Y9x0f/P1XYP+HJhQXIx2ek5byn8J1fjdoKTTeW8DlNVF8OQD0kH0zk1+mJRB7ptu7ctNj07rI1L4k2kNaairlvcw/k9aAfkFMsqREOS2Zzxjap4ocSvMVeLCsTJhmrI90TMlTovS4RCxttYRaWFxdBDSrMH9TgleN8UAo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767557346; c=relaxed/simple; bh=T36VNg4XIPH4i45NqMzFPTKpgoBOKA4xgMrI5wCIdmg=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=CeJFND2Unp2bkTHnT1Va2MIwT24f/EhqchQGzUOYwpEjnNLxE689+/KrblawQGCm9+qdNiv61pG1etJpmcSNwEPrK+79xATUj4U0EtMKz6Ro9GMApPd3WM15A6u2Q61OAIlWVtatF491e5wQ/OGE25bYy/mlX+6aX8VMqLk6Oqc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.210.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-ot1-f69.google.com with SMTP id 46e09a7af769-7c75290862cso30938872a34.2 for ; Sun, 04 Jan 2026 12:09:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767557342; x=1768162142; h=content-transfer-encoding:to:from:subject:message-id:in-reply-to :date:mime-version:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=bozITHKuOCBPJOD92lW0dHlJhtUWLOxoWb2eNzrXePI=; b=Kt8KemO+YaT5zGxxbO+gHb5HKHw82zlkYEzh8kOvgWo9ilwkGBM2O637W5R2NpuJ1u /PUDR/5xAlEPFMD/WhPsb5UPs28NVMwmFBmfqrXiT4K7Uj1JWhd2hQpuovHxCBWCqC07 oE31TM2alrVYzvwvyI+qTk7oCq7MES0RlAbUNOiNv/sizQ11feUYkUyac/R8TF2rmg5W 9bXqGty29GTQM3JtOwK37TWJBUxYrkXZ2K94OSzjURuK5vWfo1zD7Ustbz5Klvg7pMpo XPv7pOVqvN342PHXVYEz9smX+o6C5ShOMiCzazGIBFyFIPsF6HI1QmjADcgjuIaQmJGw FHow== X-Forwarded-Encrypted: i=1; AJvYcCU4C2jM1BXD3xkq+Kk6QT97YwRDUSOI83l/HJ6gNWFiFinPhUoxZZAi66KK83yhcHPoPd6NVpEiT5R5Hxg=@vger.kernel.org X-Gm-Message-State: AOJu0Yz+lnTeYOZ263oeTj1tEnF8YiwyLGXBrBj1/mZscZGmaVGawAhf fnxp47Nwx5Cno8IeXeQpXlzNCv6khUz7wlz/LV110al0NZHpFUS4EJf4npbtAtZLyezxezoc3rJ zd4u3JNzRgfMHaDVdqqnnxP56xEaycp7PaXoP8jPzUtppKBypdj1YiHImK/Y= X-Google-Smtp-Source: AGHT+IHzcSUt6iwWrUpLEiTQ6DnoAVVAHlZXj/68EGHPn38kNnOMHYkWrPkqWRvu7GOd051YWn51P4ucDYrARf+jfscFsqi/AIK/ Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:2224:b0:65c:ff42:c862 with SMTP id 006d021491bc7-65d0e9f39b8mr22352446eaf.10.1767557342324; Sun, 04 Jan 2026 12:09:02 -0800 (PST) Date: Sun, 04 Jan 2026 12:09:02 -0800 In-Reply-To: <20260104182922.971326-1-contact@arnaud-lcm.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <695ac8de.050a0220.a5285.000a.GAE@google.com> Subject: Re: [syzbot] [bpf?] KASAN: stack-out-of-bounds Write in __bpf_get_stack From: syzbot To: contact@arnaud-lcm.com, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello, syzbot tried to test the proposed patch but the build/boot failed: SYZFAIL: failed to recv rpc SYZFAIL: failed to recv rpc fd=3D3 want=3D4 recv=3D0 n=3D0 (errno 9: Bad file descriptor) Warning: Permanently added '10.128.0.125' (ED25519) to the list of known ho= sts. 2026/01/04 20:08:05 parsed 1 programs [ 79.730779][ T5830] cgroup: Unknown subsys name 'net' [ 79.857873][ T5830] cgroup: Unknown subsys name 'cpuset' [ 79.866524][ T5830] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size =3D 127995904 bytes [ 81.320295][ T5830] Adding 124996k swap on ./swap-file. Priority:0 exte= nts:1 across:124996k=20 [ 84.221144][ T5848] soft_limit_in_bytes is deprecated and will be remove= d. Please report your usecase to linux-mm@kvack.org if you depend on this f= unctionality. [ 84.415568][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 84.924026][ T5850] bridge0: port 1(bridge_slave_0) entered blocking sta= te [ 84.939498][ T5850] bridge0: port 1(bridge_slave_0) entered disabled sta= te [ 84.954819][ T5850] bridge_slave_0: entered allmulticast mode [ 84.966272][ T5850] bridge_slave_0: entered promiscuous mode [ 85.069500][ T5850] bridge0: port 2(bridge_slave_1) entered blocking sta= te [ 85.083944][ T5850] bridge0: port 2(bridge_slave_1) entered disabled sta= te [ 85.091552][ T5850] bridge_slave_1: entered allmulticast mode [ 85.099656][ T5850] bridge_slave_1: entered promiscuous mode [ 85.261717][ T5850] bond0: (slave bond_slave_0): Enslaving as an active = interface with an up link [ 85.274934][ T5850] bond0: (slave bond_slave_1): Enslaving as an active = interface with an up link [ 85.565286][ T5850] team0: Port device team_slave_0 added [ 85.646765][ T5850] team0: Port device team_slave_1 added [ 85.855034][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_= 0 [ 85.862110][ T5850] batman_adv: batadv0: The MTU of interface batadv_sla= ve_0 is too small (1500) to handle the transport of batman-adv packets. Pac= kets going over this interface will be fragmented on layer2 which could imp= act the performance. Setting the MTU to 1532 would solve the problem. [ 85.890810][ T5850] batman_adv: batadv0: Not using interface batadv_slav= e_0 (retrying later): interface not active [ 85.937899][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_= 1 [ 85.955505][ T5850] batman_adv: batadv0: The MTU of interface batadv_sla= ve_1 is too small (1500) to handle the transport of batman-adv packets. Pac= kets going over this interface will be fragmented on layer2 which could imp= act the performance. Setting the MTU to 1532 would solve the problem. [ 85.983082][ T5850] batman_adv: batadv0: Not using interface batadv_slav= e_1 (retrying later): interface not active [ 86.096947][ T3011] wlan0: Created IBSS using preconfigured BSSID 50:50:= 50:50:50:50 [ 86.119091][ T3011] wlan0: Creating new IBSS network, BSSID 50:50:50:50:= 50:50 [ 86.222916][ T5850] hsr_slave_0: entered promiscuous mode [ 86.231976][ T5850] hsr_slave_1: entered promiscuous mode [ 86.386654][ T3011] wlan1: Created IBSS using preconfigured BSSID 50:50:= 50:50:50:50 [ 86.408435][ T3011] wlan1: Creating new IBSS network, BSSID 50:50:50:50:= 50:50 [ 86.852590][ T10] cfg80211: failed to load regulatory.db [ 86.916761][ T5915] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > = 1 [ 86.926505][ T5915] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > = 9 [ 86.934375][ T5915] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > = 9 [ 86.942612][ T5915] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > = 4 [ 86.950324][ T5915] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > = 2 [ 87.486879][ T5850] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 87.547161][ T5850] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 87.628902][ T5850] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 87.675708][ T5850] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 88.020388][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.043725][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.072115][ T3011] bridge0: port 1(bridge_slave_0) entered blocking sta= te [ 88.079410][ T3011] bridge0: port 1(bridge_slave_0) entered forwarding s= tate [ 88.110616][ T50] bridge0: port 2(bridge_slave_1) entered blocking sta= te [ 88.117968][ T50] bridge0: port 2(bridge_slave_1) entered forwarding s= tate [ 88.378710][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.578669][ T5850] veth0_vlan: entered promiscuous mode [ 88.590813][ T5850] veth1_vlan: entered promiscuous mode [ 88.622078][ T5850] veth0_macvtap: entered promiscuous mode [ 88.632051][ T5850] veth1_macvtap: entered promiscuous mode [ 88.648977][ T5850] batman_adv: batadv0: Interface activated: batadv_sla= ve_0 [ 88.663182][ T5850] batman_adv: batadv0: Interface activated: batadv_sla= ve_1 [ 88.678972][ T50] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 f= amily 0 port 6081 - 0 [ 88.690533][ T50] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 f= amily 0 port 6081 - 0 [ 88.700858][ T50] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 f= amily 0 port 6081 - 0 [ 88.710553][ T50] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 f= amily 0 port 6081 - 0 2026/01/04 20:08:16 executed programs: 0 [ 88.865865][ T5915] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > = 1 [ 88.876934][ T5915] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > = 9 [ 88.885437][ T5915] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > = 9 [ 88.893744][ T5915] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > = 4 [ 88.901576][ T5915] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > = 2 [ 88.995249][ T5151] Bluetooth: hci0: command tx timeout [ 89.100161][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 89.177370][ T5949] bridge0: port 1(bridge_slave_0) entered blocking sta= te [ 89.184801][ T5949] bridge0: port 1(bridge_slave_0) entered disabled sta= te [ 89.191961][ T5949] bridge_slave_0: entered allmulticast mode [ 89.199570][ T5949] bridge_slave_0: entered promiscuous mode [ 89.207774][ T5949] bridge0: port 2(bridge_slave_1) entered blocking sta= te [ 89.215047][ T5949] bridge0: port 2(bridge_slave_1) entered disabled sta= te [ 89.222237][ T5949] bridge_slave_1: entered allmulticast mode [ 89.229908][ T5949] bridge_slave_1: entered promiscuous mode [ 89.259789][ T5949] bond0: (slave bond_slave_0): Enslaving as an active = interface with an up link [ 89.271299][ T5949] bond0: (slave bond_slave_1): Enslaving as an active = interface with an up link [ 89.302556][ T5949] team0: Port device team_slave_0 added [ 89.310953][ T5949] team0: Port device team_slave_1 added [ 89.338706][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_= 0 [ 89.345761][ T5949] batman_adv: batadv0: The MTU of interface batadv_sla= ve_0 is too small (1500) to handle the transport of batman-adv packets. Pac= kets going over this interface will be fragmented on layer2 which could imp= act the performance. Setting the MTU to 1532 would solve the problem. [ 89.372170][ T5949] batman_adv: batadv0: Not using interface batadv_slav= e_0 (retrying later): interface not active [ 89.384318][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_= 1 [ 89.391316][ T5949] batman_adv: batadv0: The MTU of interface batadv_sla= ve_1 is too small (1500) to handle the transport of batman-adv packets. Pac= kets going over this interface will be fragmented on layer2 which could imp= act the performance. Setting the MTU to 1532 would solve the problem. [ 89.417983][ T5949] batman_adv: batadv0: Not using interface batadv_slav= e_1 (retrying later): interface not active [ 89.468539][ T5949] hsr_slave_0: entered promiscuous mode [ 89.475789][ T5949] hsr_slave_1: entered promiscuous mode [ 89.481886][ T5949] debugfs: 'hsr0' already exists in 'hsr' [ 89.488687][ T5949] Cannot create hsr debugfs directory [ 89.630976][ T5949] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.646717][ T5949] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.657293][ T5949] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.668667][ T5949] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.739310][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.757774][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.770803][ T50] bridge0: port 1(bridge_slave_0) entered blocking sta= te [ 89.778040][ T50] bridge0: port 1(bridge_slave_0) entered forwarding s= tate [ 89.792156][ T1140] bridge0: port 2(bridge_slave_1) entered blocking sta= te [ 89.799296][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding s= tate [ 89.960666][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.002819][ T5949] veth0_vlan: entered promiscuous mode [ 90.014073][ T5949] veth1_vlan: entered promiscuous mode [ 90.043369][ T5949] veth0_macvtap: entered promiscuous mode [ 90.054407][ T5949] veth1_macvtap: entered promiscuous mode [ 90.072472][ T5949] batman_adv: batadv0: Interface activated: batadv_sla= ve_0 [ 90.088593][ T5949] batman_adv: batadv0: Interface activated: batadv_sla= ve_1 [ 90.101621][ T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 f= amily 0 port 6081 - 0 [ 90.111812][ T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 f= amily 0 port 6081 - 0 [ 90.124276][ T50] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 f= amily 0 port 6081 - 0 [ 90.137103][ T50] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 f= amily 0 port 6081 - 0 [ 90.202203][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:= 50:50:50:50 [ 90.210471][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:= 50:50 [ 90.241519][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:= 50:50:50:50 [ 90.250208][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:= 50:50 SYZFAIL: failed to recv rpc fd=3D3 want=3D4 recv=3D0 n=3D0 (errno 9: Bad file descriptor) [ 90.511972][ T36] netdevsim netdevsim4 netdevsim3 (unregistering): uns= et [1, 0] type 2 family 0 port 6081 - 0 syzkaller build log: go env (err=3D) AR=3D'ar' CC=3D'gcc' CGO_CFLAGS=3D'-O2 -g' CGO_CPPFLAGS=3D'' CGO_CXXFLAGS=3D'-O2 -g' CGO_ENABLED=3D'1' CGO_FFLAGS=3D'-O2 -g' CGO_LDFLAGS=3D'-O2 -g' CXX=3D'g++' GCCGO=3D'gccgo' GO111MODULE=3D'auto' GOAMD64=3D'v1' GOARCH=3D'amd64' GOAUTH=3D'netrc' GOBIN=3D'' GOCACHE=3D'/syzkaller/.cache/go-build' GOCACHEPROG=3D'' GODEBUG=3D'' GOENV=3D'/syzkaller/.config/go/env' GOEXE=3D'' GOEXPERIMENT=3D'' GOFIPS140=3D'off' GOFLAGS=3D'' GOGCCFLAGS=3D'-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=3D0= -ffile-prefix-map=3D/tmp/go-build2271743110=3D/tmp/go-build -gno-record-gc= c-switches' GOHOSTARCH=3D'amd64' GOHOSTOS=3D'linux' GOINSECURE=3D'' GOMOD=3D'/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.= mod' GOMODCACHE=3D'/syzkaller/jobs-2/linux/gopath/pkg/mod' GONOPROXY=3D'' GONOSUMDB=3D'' GOOS=3D'linux' GOPATH=3D'/syzkaller/jobs-2/linux/gopath' GOPRIVATE=3D'' GOPROXY=3D'https://proxy.golang.org,direct' GOROOT=3D'/usr/local/go' GOSUMDB=3D'sum.golang.org' GOTELEMETRY=3D'local' GOTELEMETRYDIR=3D'/syzkaller/.config/go/telemetry' GOTMPDIR=3D'' GOTOOLCHAIN=3D'auto' GOTOOLDIR=3D'/usr/local/go/pkg/tool/linux_amd64' GOVCS=3D'' GOVERSION=3D'go1.24.4' GOWORK=3D'' PKG_CONFIG=3D'pkg-config' git status (err=3D) HEAD detached at 4e1406b4d nothing to commit, working tree clean tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contribut= ing.md#using-syz-env go list -f '{{.Stale}}' -ldflags=3D"-s -w -X github.com/google/syzkaller/pr= og.GitRevision=3D4e1406b4defac0e2a9d9424c70706f79a7750cf3 -X github.com/goo= gle/syzkaller/prog.gitRevisionDate=3D20251106-151142" ./sys/syz-sysgen | g= rep -q false || go install -ldflags=3D"-s -w -X github.com/google/syzkaller= /prog.GitRevision=3D4e1406b4defac0e2a9d9424c70706f79a7750cf3 -X github.com/= google/syzkaller/prog.gitRevisionDate=3D20251106-151142" ./sys/syz-sysgen make .descriptions tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contribut= ing.md#using-syz-env bin/syz-sysgen touch .descriptions GOOS=3Dlinux GOARCH=3Damd64 go build -ldflags=3D"-s -w -X github.com/google= /syzkaller/prog.GitRevision=3D4e1406b4defac0e2a9d9424c70706f79a7750cf3 -X g= ithub.com/google/syzkaller/prog.gitRevisionDate=3D20251106-151142" -o ./bi= n/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog mkdir -p ./bin/linux_amd64 g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \ -m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wfr= ame-larger-than=3D16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-forma= t-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -= static-pie -std=3Dc++17 -I. -Iexecutor/_include -DGOOS_linux=3D1 -DGOARCH= _amd64=3D1 \ -DHOSTGOOS_linux=3D1 -DGIT_REVISION=3D\"4e1406b4defac0e2a9d9424c70706f79a7= 750cf3\" /usr/bin/ld: /tmp/ccfgb6KF.o: in function `Connection::Connect(char const*,= char const*)': executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEP= KcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applicat= ions requires at runtime the shared libraries from the glibc version used f= or linking ./tools/check-syzos.sh 2>/dev/null Tested on: commit: a069190b bpf: Replace __opt annotation with __nullable.. git tree: bpf-next kernel config: https://syzkaller.appspot.com/x/.config?x=3D9c5e9eccee9bc2f= e dashboard link: https://syzkaller.appspot.com/bug?extid=3Dd1b7fa1092def3628= bd7 compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-= 1~exp1~20250708183702.136), Debian LLD 20.1.8 patch: https://syzkaller.appspot.com/x/patch.diff?x=3D12414f925800= 00