Re: [syzbot] [net?] BUG: unable to handle kernel paging request in nsim_queue_free
From: Kuniyuki Iwashima
Date: Wed Aug 13 2025 - 01:45:36 EST
On Tue, Aug 12, 2025 at 6:17 PM syzbot
<syzbot+8aa80c6232008f7b957d@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> KASAN: slab-use-after-free Read in udp_tunnel_nic_device_sync_work
>
> netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
> ==================================================================
> BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:577 [inline]
> BUG: KASAN: slab-use-after-free in __mutex_lock+0x147/0x1360 kernel/locking/mutex.c:760
> Read of size 8 at addr ffff8880434426b0 by task kworker/u4:10/1096
>
> CPU: 0 UID: 0 PID: 1096 Comm: kworker/u4:10 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f-dirty #0 PREEMPT(full)
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
> Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
> Call Trace:
> <TASK>
> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
> print_address_description mm/kasan/report.c:378 [inline]
> print_report+0xca/0x240 mm/kasan/report.c:482
> kasan_report+0x118/0x150 mm/kasan/report.c:595
> __mutex_lock_common kernel/locking/mutex.c:577 [inline]
> __mutex_lock+0x147/0x1360 kernel/locking/mutex.c:760
> udp_tunnel_nic_device_sync_work+0x39/0xa50 net/ipv4/udp_tunnel_nic.c:737
This is apparently another issue that I hold in the syzbot queue.