syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1345]
Subsystems
🐞 Fixed [7101]
🐞 Invalid [18769]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

BUG: corrupted list in dev_deactivate_many

Status: fixed on 2026/05/06 16:40
Subsystems: net
[Documentation on labels]
Fix commit: 83b67cc9be92 linkwatch: use __dev_put() in callers to prevent UAF
First crash: 261d, last: 22d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: stack-out-of-bounds Read in dev_deactivate_many net 17 1 591d 591d 0/29 auto-obsoleted due to no activity on 2025/01/13 04:11
Last patch testing requests (3)
Created Duration User Patch Repo Result
2025/12/11 18:48 23m edumazet@google.com https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing report log
2025/10/12 21:34 16m edumazet@google.com https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing report log
2025/10/08 11:59 22m retest repro https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing report log

Sample crash report:
list_del corruption, ffff888126c56580->next is NULL
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:52!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 2991 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: events_unbound linkwatch_event
RIP: 0010:__list_del_entry_valid_or_report+0xf2/0x200 lib/list_debug.c:52
Code: 00 49 3b 5c 24 08 0f 85 a8 00 00 00 5b b8 01 00 00 00 5d 41 5c c3 cc cc cc cc 48 89 de 48 c7 c7 c0 66 89 87 e8 9f 87 ce fe 90 <0f> 0b 48 89 de 48 c7 c7 20 67 89 87 e8 8d 87 ce fe 90 0f 0b 4c 89
RSP: 0018:ffffc900018bf888 EFLAGS: 00010082
RAX: 0000000000000033 RBX: ffff888126c56580 RCX: ffffffff815cfb09
RDX: 0000000000000000 RSI: ffffffff815d79a6 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000202 R11: 0000000000000001 R12: 0000000000000000
R13: ffffc900018bf8d8 R14: ffff88810376c630 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888268ff9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055c4e9b8bce8 CR3: 00000000090a4000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 __list_del_entry_valid include/linux/list.h:124 [inline]
 __list_del_entry include/linux/list.h:215 [inline]
 list_move_tail include/linux/list.h:310 [inline]
 ref_tracker_free+0x1a5/0x830 lib/ref_tracker.c:330
 netdev_tracker_free include/linux/netdevice.h:4369 [inline]
 netdev_put include/linux/netdevice.h:4386 [inline]
 netdev_put include/linux/netdevice.h:4382 [inline]
 netdev_watchdog_down net/sched/sch_generic.c:572 [inline]
 dev_deactivate_many+0x286/0xd30 net/sched/sch_generic.c:1370
 dev_deactivate+0xf8/0x1c0 net/sched/sch_generic.c:1401
 linkwatch_do_dev+0x11e/0x160 net/core/link_watch.c:184
 __linkwatch_run_queue+0x2a3/0x7a0 net/core/link_watch.c:244
 linkwatch_event+0x8f/0xc0 net/core/link_watch.c:304
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x5b6/0x6c0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xf2/0x200 lib/list_debug.c:52
Code: 00 49 3b 5c 24 08 0f 85 a8 00 00 00 5b b8 01 00 00 00 5d 41 5c c3 cc cc cc cc 48 89 de 48 c7 c7 c0 66 89 87 e8 9f 87 ce fe 90 <0f> 0b 48 89 de 48 c7 c7 20 67 89 87 e8 8d 87 ce fe 90 0f 0b 4c 89
RSP: 0018:ffffc900018bf888 EFLAGS: 00010082
RAX: 0000000000000033 RBX: ffff888126c56580 RCX: ffffffff815cfb09
RDX: 0000000000000000 RSI: ffffffff815d79a6 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000202 R11: 0000000000000001 R12: 0000000000000000
R13: ffffc900018bf8d8 R14: ffff88810376c630 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888268ff9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055c4e9b8bce8 CR3: 00000000090a4000 CR4: 00000000003506f0

Crashes (22):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/01 21:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 3474a19736f3 807a3b61 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/03/08 15:44 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bb375c251ab4 5cb44a80 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/04/28 18:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 25bd55f46032 ce741359 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/04/24 20:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 2e6803928193 1c2b9291 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/04/16 21:01 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 87117347a0e7 4743f87d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/04/12 21:36 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 87117347a0e7 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/04/04 03:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1df7a7652f03 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/03/20 04:20 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 84db3719d273 2f245add .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/03/07 01:57 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bb375c251ab4 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/03/06 12:59 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bb375c251ab4 41d8037d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/03/06 12:27 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bb375c251ab4 41d8037d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/03/06 08:24 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bb375c251ab4 31e9c887 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/03/05 09:34 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bb375c251ab4 a9fe5c9e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/02/23 00:24 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 8bf22c33e7a1 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/02/22 12:39 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 8bf22c33e7a1 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/02/22 08:41 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 8bf22c33e7a1 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2025/11/17 04:21 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 18514fd70ea4 f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2025/09/24 01:28 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a4e143636d5d e667a34f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2025/09/10 01:12 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 6f9871b3e8c3 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2025/09/07 11:00 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 6f9871b3e8c3 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2025/09/01 13:09 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 3474a19736f3 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb BUG: corrupted list in dev_deactivate_many
2026/04/27 01:45 upstream 20b64cf8705a 9c2d0995 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in dev_deactivate_many
* Struck through repros no longer work on HEAD.