Hello, syzbot found the following issue on: HEAD commit: db87114dcf13 Merge tag 'x86_urgent_for_v6.12_rc4' of git:/.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=160ce0a7980000 kernel config: https://syzkaller.appspot.com/x/.config?x=32b00a87124c18b7 dashboard link: https://syzkaller.appspot.com/bug?extid=524a32a528b99d65b7fb compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-db87114d.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/2a1e6237c364/vmlinux-db87114d.xz kernel image: https://storage.googleapis.com/syzbot-assets/6fc6ee2adb43/bzImage-db87114d.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+524a32a528b99d65b7fb@xxxxxxxxxxxxxxxxxxxxxxxxx Oct 21 06:58:24 syzkaller daemon.err dhcpcd[5056]: libudev: received NULL device Oct 21 06:58:24 syzkaller daemon.err dhcpcd[5056]: libudev: received NULL device Oct 21 06:58:24 syzkaller daemon.err dhcpcd[5056]: libudev: received NULOct 21 06:58:24 [ 69.594319][ C3] ------------[ cut here ]------------ syzkaller daemon[ 69.595934][ C3] WARNING: CPU: 3 PID: 1196 at net/mac80211/tx.c:5038 __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5038 [inline] syzkaller daemon[ 69.595934][ C3] WARNING: CPU: 3 PID: 1196 at net/mac80211/tx.c:5038 __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5033 [inline] syzkaller daemon[ 69.595934][ C3] WARNING: CPU: 3 PID: 1196 at net/mac80211/tx.c:5038 __ieee80211_beacon_get+0x14ac/0x16b0 net/mac80211/tx.c:5467 .err dhcpcd[5056[ 69.598652][ C3] Modules linked in: ]: libudev: rece[ 69.604315][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 ived NULL device[ 69.607401][ C3] Workqueue: events_unbound toggle_allocation_gate Oct 21 06:58:2[ 69.611283][ C3] Code: 00 89 df 44 89 e6 e8 63 18 f3 f6 44 38 e3 72 a1 e8 39 17 f3 f6 48 89 ef e8 61 db 49 f7 31 ed e9 9c fe ff ff e8 25 17 f3 f6 90 <0f> 0b 90 e9 86 f6 ff ff 48 89 c6 48 c7 c7 60 66 2d 90 48 89 04 24 4 syzkaller daem[ 69.611297][ C3] RSP: 0018:ffffc90000908b88 EFLAGS: 00010246 on.err dhcpcd[50[ 69.611322][ C3] RBP: ffffc90000908c38 R08: 0000000000000001 R09: 0000000000000000 56]: libudev: re[ 69.611329][ C3] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888027b6f400 ceived NULL devi[ 69.630354][ C3] FS: 0000000000000000(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000 ce Oct 21 06:58[ 69.633091][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 :24 syzkaller da[ 69.637300][ C3] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 emon.err dhcpcd[[ 69.639870][ C3] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 5056]: libudev: [ 69.642360][ C3] Call Trace: received NULL de[ 69.642367][ C3] <IRQ> vice Oct 21 06:[ 69.642372][ C3] ? __warn+0xea/0x3d0 kernel/panic.c:746 58:24 syzkaller [ 69.642406][ C3] ? __report_bug lib/bug.c:199 [inline] 58:24 syzkaller [ 69.642406][ C3] ? report_bug+0x3c0/0x580 lib/bug.c:219 daemon.err dhcpc[ 69.649312][ C3] ? handle_bug+0x54/0xa0 arch/x86/kernel/traps.c:285 d[5056]: libudev[ 69.650853][ C3] ? exc_invalid_op+0x17/0x50 arch/x86/kernel/traps.c:309 : received NULL [ 69.650866][ C3] ? asm_exc_invalid_op+0x1a/0x20 arch/x86/include/asm/idtentry.h:621 device Oct 21 0[ 69.650882][ C3] ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5038 [inline] Oct 21 0[ 69.650882][ C3] ? __ieee80211_beacon_get+0xb32/0x16b0 net/mac80211/tx.c:5467 6:58:24 syzkalle[ 69.656059][ C3] ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5038 [inline] 6:58:24 syzkalle[ 69.656059][ C3] ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5033 [inline] 6:58:24 syzkalle[ 69.656059][ C3] ? __ieee80211_beacon_get+0x14ab/0x16b0 net/mac80211/tx.c:5467 r daemon.err dhc[ 69.659451][ C3] ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5038 [inline] r daemon.err dhc[ 69.659451][ C3] ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5033 [inline] r daemon.err dhc[ 69.659451][ C3] ? __ieee80211_beacon_get+0x14ab/0x16b0 net/mac80211/tx.c:5467 pcd[5056]: libud[ 69.659470][ C3] ieee80211_beacon_get_tim+0xa7/0x280 net/mac80211/tx.c:5594 ev: received NUL[ 69.659484][ C3] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 net/mac80211/tx.c:5585 L device Oct 21[ 69.665141][ C3] ieee80211_beacon_get include/net/mac80211.h:5607 [inline] Oct 21[ 69.665141][ C3] mac80211_hwsim_beacon_tx+0x4ea/0xa00 drivers/net/wireless/virtual/mac80211_hwsim.c:2311 06:58:24 syzkal[ 69.667026][ C3] ? rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline] 06:58:24 syzkal[ 69.667026][ C3] ? rcu_is_watching+0x12/0xc0 kernel/rcu/tree.c:737 ler daemon.err d[ 69.667042][ C3] ? trace_lock_acquire+0x14a/0x1d0 include/trace/events/lock.h:24 hcpcd[5056]: lib[ 69.667058][ C3] __iterate_interfaces+0x2d0/0x5d0 net/mac80211/util.c:774 udev: received N[ 69.672136][ C3] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 drivers/net/wireless/virtual/mac80211_hwsim.c:2254 ULL device Oct [ 69.674142][ C3] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 drivers/net/wireless/virtual/mac80211_hwsim.c:2254 21 06:58:24 syzk[ 69.679503][ C3] mac80211_hwsim_beacon+0x105/0x200 drivers/net/wireless/virtual/mac80211_hwsim.c:2345 aller daemon.err[ 69.679519][ C3] __run_hrtimer kernel/time/hrtimer.c:1691 [inline] aller daemon.err[ 69.679519][ C3] __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1755 dhcpcd[5056]: l[ 69.679534][ C3] ? __pfx___hrtimer_run_queues+0x10/0x10 kernel/time/hrtimer.c:650 ibudev: received[ 69.686553][ C3] hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1772 NULL device Oc[ 69.688256][ C3] handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 t 21 06:58:24 sy[ 69.691323][ C3] __do_softirq kernel/softirq.c:588 [inline] t 21 06:58:24 sy[ 69.691323][ C3] invoke_softirq kernel/softirq.c:428 [inline] t 21 06:58:24 sy[ 69.691323][ C3] __irq_exit_rcu kernel/softirq.c:637 [inline] t 21 06:58:24 sy[ 69.691323][ C3] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 zkaller daemon.e[ 69.691336][ C3] instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] zkaller daemon.e[ 69.691336][ C3] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049 rr dhcpcd[5056]:[ 69.691361][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 libudev: receiv[ 69.698332][ C3] RIP: 0010:__sanitizer_cov_trace_pc+0x41/0x70 kernel/kcov.c:217 ed NULL device Oct 21 06:58:24 [ 69.709576][ C3] RDX: ffff888027810000 RSI: ffffffff81816396 RDI: 0000000000000005 syzkaller daemon[ 69.712049][ C3] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 .err dhcpcd[5056[ 69.714525][ C3] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed100d4c8d49 ]: libudev: rece[ 69.719057][ C3] ? csd_lock_wait kernel/smp.c:340 [inline] ]: libudev: rece[ 69.719057][ C3] ? smp_call_function_many_cond+0x47c/0x1300 kernel/smp.c:884 Oct 21 06:58:24 [ 69.721031][ C3] ? rep_nop arch/x86/include/asm/vdso/processor.h:13 [inline] Oct 21 06:58:24 [ 69.721031][ C3] ? cpu_relax arch/x86/include/asm/vdso/processor.h:18 [inline] Oct 21 06:58:24 [ 69.721031][ C3] ? csd_lock_wait kernel/smp.c:340 [inline] Oct 21 06:58:24 [ 69.721031][ C3] ? smp_call_function_many_cond+0x456/0x1300 kernel/smp.c:884 syzkaller daemon[ 69.723074][ C3] rep_nop arch/x86/include/asm/vdso/processor.h:13 [inline] syzkaller daemon[ 69.723074][ C3] cpu_relax arch/x86/include/asm/vdso/processor.h:18 [inline] syzkaller daemon[ 69.723074][ C3] csd_lock_wait kernel/smp.c:340 [inline] syzkaller daemon[ 69.723074][ C3] smp_call_function_many_cond+0x456/0x1300 kernel/smp.c:884 .err dhcpcd[5056[ 69.723089][ C3] ? __pfx_do_sync_core+0x10/0x10 arch/x86/include/asm/pgtable_64.h:67 ]: libudev: rece[ 69.728248][ C3] on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1051 ived NULL device[ 69.731304][ C3] ? arch_static_branch arch/x86/include/asm/jump_label.h:27 [inline] ived NULL device[ 69.731304][ C3] ? kfence_alloc include/linux/kfence.h:121 [inline] ived NULL device[ 69.731304][ C3] ? slab_alloc_node mm/slub.c:4118 [inline] ived NULL device[ 69.731304][ C3] ? __do_kmalloc_node mm/slub.c:4263 [inline] ived NULL device[ 69.731304][ C3] ? __kmalloc_node_track_caller_noprof+0xe5/0x430 mm/slub.c:4283 Oct 21 06:58:2[ 69.733405][ C3] ? __pfx_text_poke_bp_batch+0x10/0x10 arch/x86/include/asm/atomic.h:23 4 syzkaller daem[ 69.735201][ C3] ? __jump_label_patch+0x1db/0x400 arch/x86/kernel/jump_label.c:79 on.err dhcpcd[50[ 69.736952][ C3] ? arch_jump_label_transform_queue+0xc0/0x120 arch/x86/kernel/jump_label.c:140 56]: libudev: re[ 69.739139][ C3] text_poke_flush arch/x86/kernel/alternative.c:2486 [inline] 56]: libudev: re[ 69.739139][ C3] text_poke_flush arch/x86/kernel/alternative.c:2483 [inline] 56]: libudev: re[ 69.739139][ C3] text_poke_finish+0x30/0x40 arch/x86/kernel/alternative.c:2493 ceived NULL devi[ 69.739156][ C3] arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146 ce Oct 21 06:58[ 69.739171][ C3] jump_label_update+0x1d7/0x400 kernel/jump_label.c:920 :24 syzkaller da[ 69.744441][ C3] static_key_disable_cpuslocked+0x158/0x1c0 kernel/jump_label.c:240 emon.err dhcpcd[[ 69.747683][ C3] toggle_allocation_gate mm/kfence/core.c:854 [inline] emon.err dhcpcd[[ 69.747683][ C3] toggle_allocation_gate+0x147/0x260 mm/kfence/core.c:841 5056]: libudev: [ 69.749452][ C3] ? __pfx_toggle_allocation_gate+0x10/0x10 mm/kfence/core.c:825 received NULL de[ 69.751402][ C3] ? trace_lock_acquire+0x14a/0x1d0 include/trace/events/lock.h:24 vice Oct 21 06:[ 69.751419][ C3] ? process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205 58:24 syzkaller [ 69.757416][ C3] process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229 daemon.err dhcpc[ 69.759072][ C3] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 drivers/net/netdevsim/dev.c:1250 d[5056]: libudev[ 69.762489][ C3] ? assign_work+0x1a0/0x250 kernel/workqueue.c:1200 : received NULL [ 69.764121][ C3] process_scheduled_works kernel/workqueue.c:3310 [inline] : received NULL [ 69.764121][ C3] worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391 device Oct 21 0[ 69.765757][ C3] ? __kthread_parkme+0x148/0x220 kernel/kthread.c:293 6:58:24 syzkalle[ 69.765783][ C3] kthread+0x2c1/0x3a0 kernel/kthread.c:389 r daemon.err dhc[ 69.770228][ C3] ? __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline] r daemon.err dhc[ 69.770228][ C3] ? _raw_spin_unlock_irq+0x23/0x50 kernel/locking/spinlock.c:202 pcd[5056]: libud[ 69.773274][ C3] ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ev: received NUL[ 69.773299][ C3] ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 L device Oct 21[ 69.777769][ C3] </TASK> --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup