syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1338]
Subsystems
🐞 Fixed [7130]
🐞 Invalid [18877]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

WARNING in hsr_addr_is_self

Status: upstream: reported on 2026/05/30 06:39
Subsystems: net
Labels: prio:low
[Documentation on labels]
Reported-by: syzbot+652670cf249077eb498b@syzkaller.appspotmail.com
Fix commit: hsr: Remove WARN_ONCE() in hsr_addr_is_self().
Patched on: [ci-upstream-net-this-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 48d, last: 9h10m
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
e575fce0-6095-4b20-b3d3-ace95866d221 assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌ WARNING in hsr_addr_is_self 2026/05/21 11:26 2026/05/21 11:26 2026/05/21 12:15 cf874a1cf36318c06202027159ddac14acf00db7
Discussions (2)
Title Replies (including bot) Last reply
[PATCH v1 net-next] hsr: Remove WARN_ONCE() in hsr_addr_is_self(). 3 (3) 2026/06/02 19:20
[syzbot] [net?] WARNING in hsr_addr_is_self 0 (1) 2026/05/30 06:39

Sample crash report:
------------[ cut here ]------------
HSR: No self node
WARNING: net/hsr/hsr_framereg.c:39 at hsr_addr_is_self+0x3e8/0x450 net/hsr/hsr_framereg.c:39, CPU#1: syz.1.1672/12168
Modules linked in:
CPU: 1 UID: 0 PID: 12168 Comm: syz.1.1672 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:hsr_addr_is_self+0x3e8/0x450 net/hsr/hsr_framereg.c:39
Code: 8d be 47 03 00 00 48 c7 c7 60 a3 27 8d c6 05 42 dc 54 05 01 e8 79 67 79 f6 e9 7e fc ff ff e8 ef df 9d f6 48 8d 3d 38 e9 7d 05 <67> 48 0f b9 3a 45 31 f6 e9 1f fe ff ff e8 96 c2 0b f7 e9 6f fd ff
RSP: 0018:ffffc90002fc7088 EFLAGS: 00010283
RAX: 0000000000001154 RBX: 0000000000000000 RCX: ffffc90007939000
RDX: 0000000000080000 RSI: ffffffff8b6ab071 RDI: ffffffff90e899b0
RBP: ffff888026256a42 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000008 R14: 000000000000000e R15: ffff88807cf24e40
FS:  00007f24e8fb66c0(0000) GS:ffff888124483000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f24e8fb5ff8 CR3: 0000000079e1c000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 check_local_dest net/hsr/hsr_forward.c:592 [inline]
 fill_frame_info net/hsr/hsr_forward.c:728 [inline]
 hsr_forward_skb+0x9a5/0x28b0 net/hsr/hsr_forward.c:739
 hsr_dev_xmit+0x213/0x400 net/hsr/hsr_device.c:236
 __netdev_start_xmit include/linux/netdevice.h:5368 [inline]
 netdev_start_xmit include/linux/netdevice.h:5377 [inline]
 xmit_one net/core/dev.c:3888 [inline]
 dev_hard_start_xmit+0x128/0x7a0 net/core/dev.c:3904
 __dev_queue_xmit+0x1baa/0x4950 net/core/dev.c:4870
 dev_queue_xmit include/linux/netdevice.h:3418 [inline]
 neigh_connected_output+0x3b7/0x5d0 net/core/neighbour.c:1648
 neigh_output include/net/neighbour.h:560 [inline]
 ip_finish_output2+0x851/0x2400 net/ipv4/ip_output.c:237
 __ip_finish_output.part.0+0x444/0x6f0 net/ipv4/ip_output.c:315
 __ip_finish_output include/linux/skbuff.h:1167 [inline]
 ip_finish_output net/ipv4/ip_output.c:325 [inline]
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_mc_output+0x466/0xd70 net/ipv4/ip_output.c:422
 dst_output include/net/dst.h:470 [inline]
 ip_local_out net/ipv4/ip_output.c:131 [inline]
 ip_send_skb net/ipv4/ip_output.c:1510 [inline]
 ip_push_pending_frames+0x29e/0x300 net/ipv4/ip_output.c:1530
 raw_sendmsg+0x1509/0x3590 net/ipv4/raw.c:659
 inet_sendmsg+0x11c/0x140 net/ipv4/af_inet.c:866
 sock_sendmsg_nosec net/socket.c:787 [inline]
 __sock_sendmsg net/socket.c:802 [inline]
 ____sys_sendmsg+0x98d/0xb70 net/socket.c:2698
 ___sys_sendmsg+0x190/0x1e0 net/socket.c:2752
 __sys_sendmsg+0x170/0x220 net/socket.c:2784
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x115/0x870 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f24e819ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f24e8fb6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f24e8416090 RCX: 00007f24e819ce59
RDX: ffff000000000000 RSI: 0000200000000000 RDI: 0000000000000004
RBP: 00007f24e8232d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f24e8416128 R14: 00007f24e8416090 R15: 00007ffecd0258f8
 </TASK>
----------------
Code disassembly (best guess):
   0:	8d be 47 03 00 00    	lea    0x347(%rsi),%edi
   6:	48 c7 c7 60 a3 27 8d 	mov    $0xffffffff8d27a360,%rdi
   d:	c6 05 42 dc 54 05 01 	movb   $0x1,0x554dc42(%rip)        # 0x554dc56
  14:	e8 79 67 79 f6       	call   0xf6796792
  19:	e9 7e fc ff ff       	jmp    0xfffffc9c
  1e:	e8 ef df 9d f6       	call   0xf69de012
  23:	48 8d 3d 38 e9 7d 05 	lea    0x57de938(%rip),%rdi        # 0x57de962
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	45 31 f6             	xor    %r14d,%r14d
  32:	e9 1f fe ff ff       	jmp    0xfffffe56
  37:	e8 96 c2 0b f7       	call   0xf70bc2d2
  3c:	e9                   	.byte 0xe9
  3d:	6f                   	outsl  %ds:(%rsi),(%dx)
  3e:	fd                   	std
  3f:	ff                   	.byte 0xff

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/31 13:19 upstream 9d87d0fc8c8e 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in hsr_addr_is_self
2026/05/13 11:29 upstream 1d5dcaa3bd65 fec2a7ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in hsr_addr_is_self
2026/04/17 03:00 upstream 3cd8b194bf34 de0a551d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in hsr_addr_is_self
2026/06/04 00:15 net-next dfcc2ff12925 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING in hsr_addr_is_self
2026/05/27 05:15 net-next 18b9f739d3f2 2b01f00e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING in hsr_addr_is_self
2026/05/20 02:13 net-next 9bf93cb2e180 0909d65f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING in hsr_addr_is_self
2026/05/12 23:20 net-next 73d587ae684d a0949470 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING in hsr_addr_is_self
2026/05/09 21:37 linux-next e98d21c170b0 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in hsr_addr_is_self
* Struck through repros no longer work on HEAD.