syzbot

 sign-in | mailing list | source | docs
🐞 Open [1639]
Subsystems
🐞 Fixed [6115]
🐞 Invalid [15314]
Missing Backports [171]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: null-ptr-deref Read in tcf_idrinfo_destroy

Status: fixed on 2021/04/09 19:46
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+151e3e714d34ae4ce7e8@syzkaller.appspotmail.com
Fix commit: 396d7f23adf9 net: sched: fix police ext initialization
First crash: 1645d, last: 1452d
Discussions (5)
Title Replies (including bot) Last reply
[PATCH 5.10 000/663] 5.10.20-rc1 review 673 (673) 2021/03/05 18:03
[PATCH 5.4 000/340] 5.4.102-rc1 review 348 (348) 2021/03/04 09:26
[PATCH 5.11 000/775] 5.11.3-rc1 review 776 (776) 2021/03/01 16:15
[PATCH net] net: sched: fix police ext initialization 2 (2) 2021/02/16 19:05
KASAN: null-ptr-deref Read in tcf_idrinfo_destroy 2 (4) 2021/02/16 16:12
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 KASAN: null-ptr-deref Read in tcf_idrinfo_destroy C 7056 58m 688d 0/2 upstream: reported C repro on 2023/05/10 22:23
Last patch testing requests (2)
Created Duration User Patch Repo Result
2021/02/16 18:33 19m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git net OK
2021/02/15 23:43 11m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git net report log
Cause bisection attempts (1)
Created Duration User Patch Repo Result
2021/02/11 05:52 0m bisect upstream error job log

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:71 [inline]
BUG: KASAN: null-ptr-deref in atomic_read include/asm-generic/atomic-instrumented.h:27 [inline]
BUG: KASAN: null-ptr-deref in __tcf_idr_release net/sched/act_api.c:178 [inline]
BUG: KASAN: null-ptr-deref in tcf_idrinfo_destroy+0x129/0x1d0 net/sched/act_api.c:598
Read of size 4 at addr 0000000000000010 by task kworker/u4:5/204

CPU: 0 PID: 204 Comm: kworker/u4:5 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 __kasan_report mm/kasan/report.c:400 [inline]
 kasan_report.cold+0x5f/0xd5 mm/kasan/report.c:413
 check_memory_region_inline mm/kasan/generic.c:179 [inline]
 check_memory_region+0x13d/0x180 mm/kasan/generic.c:185
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 atomic_read include/asm-generic/atomic-instrumented.h:27 [inline]
 __tcf_idr_release net/sched/act_api.c:178 [inline]
 tcf_idrinfo_destroy+0x129/0x1d0 net/sched/act_api.c:598
 tc_action_net_exit include/net/act_api.h:151 [inline]
 police_exit_net+0x168/0x360 net/sched/act_police.c:390
 ops_exit_list+0x10d/0x160 net/core/net_namespace.c:190
 cleanup_net+0x4ea/0xb10 net/core/net_namespace.c:604
 process_one_work+0x98d/0x15f0 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
==================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 204 Comm: kworker/u4:5 Tainted: G    B             5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 panic+0x306/0x73d kernel/panic.c:231
 end_report+0x58/0x5e mm/kasan/report.c:100
 __kasan_report mm/kasan/report.c:403 [inline]
 kasan_report.cold+0x67/0xd5 mm/kasan/report.c:413
 check_memory_region_inline mm/kasan/generic.c:179 [inline]
 check_memory_region+0x13d/0x180 mm/kasan/generic.c:185
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 atomic_read include/asm-generic/atomic-instrumented.h:27 [inline]
 __tcf_idr_release net/sched/act_api.c:178 [inline]
 tcf_idrinfo_destroy+0x129/0x1d0 net/sched/act_api.c:598
 tc_action_net_exit include/net/act_api.h:151 [inline]
 police_exit_net+0x168/0x360 net/sched/act_police.c:390
 ops_exit_list+0x10d/0x160 net/core/net_namespace.c:190
 cleanup_net+0x4ea/0xb10 net/core/net_namespace.c:604
 process_one_work+0x98d/0x15f0 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (115):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/11 05:52 upstream 291009f656e8 a52ee10a .config console log report syz C ci-upstream-kasan-gce-selinux-root KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/04/03 15:26 net-old a14d273ba159 6a81331a .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/04/03 01:35 net-old 990b03b05b2f 6a81331a .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/02/15 21:47 net-old 4773acf3d4b5 98682e5e .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/02/15 05:55 net-old 57baf8cc70ea 98682e5e .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/02/13 09:17 net-old 57baf8cc70ea 98682e5e .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/02/12 10:07 net-old 308daa19e2d0 a5f86b15 .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/02/10 22:21 net-old 291009f656e8 a52ee10a .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/02/10 20:30 net-old b8776f14a470 a52ee10a .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/02/10 00:53 net-old 49c2547b82c6 2bd9619f .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/01/24 10:44 net-old 344db93ae3ee 52e37319 .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/01/23 08:30 net-old 0607a2cddb60 52e37319 .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/01/22 05:57 net-old 35c715c30b95 d4f4eca5 .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/01/20 23:31 net-old 75439bc439e0 d4f4eca5 .config console log report info ci-upstream-net-this-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/02/11 12:42 net-next-old e4b62cf7559f a52ee10a .config console log report info ci-upstream-net-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/02/06 19:06 net-next-old c90597bdebb5 0655e081 .config console log report info ci-upstream-net-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/01/31 03:21 net-next-old 14e8e0f60088 fc9fd31e .config console log report info ci-upstream-net-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/01/29 21:43 net-next-old 46eb3c108fe1 fc9fd31e .config console log report info ci-upstream-net-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/01/22 04:14 net-next-old fdb6b338d2e5 d4f4eca5 .config console log report info ci-upstream-net-kasan-gce KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2021/04/06 13:40 linux-next 9c54130cd255 6a81331a .config console log report info ci-upstream-linux-next-kasan-gce-root KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
2020/12/26 00:11 upstream 5814bc2d4cc2 821e0b09 .config console log report info ci-upstream-kasan-gce
2020/12/24 23:29 upstream 3913d00ac51a c2c1d1dd .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/24 03:04 upstream 58cf05f597b0 c2c1d1dd .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/22 23:08 upstream 614cb5894306 04201c06 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/17 12:26 upstream accefff5b547 04201c06 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/16 21:25 upstream 5e60366d56c6 04201c06 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/16 20:20 upstream 5e60366d56c6 04201c06 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/15 19:00 upstream 148842c98a24 97183ed7 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/14 00:03 upstream 6bff9bb8a292 b22a7ec3 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/13 22:17 upstream 6bff9bb8a292 b22a7ec3 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/12 07:51 upstream 7f376f1917d7 bca53db9 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/10 16:55 upstream a2f5ea9e314b f900b48c .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/10 12:59 upstream a2f5ea9e314b c090b4da .config console log report info ci-upstream-kasan-gce-selinux-root
2020/10/11 01:03 upstream da690031a5d6 4a77ae0b .config console log report info ci-upstream-kasan-gce-root
2020/11/04 22:43 upstream 4ef8451b3326 64069d48 .config console log report info ci-upstream-kasan-gce-386
2021/01/17 12:39 net-old 66c556025d68 813be542 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/09 16:21 net-old c49243e88982 2c1f2513 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/04 13:24 net-old 4bfc4714849d 79264ae3 .config console log report info ci-upstream-net-this-kasan-gce
2020/12/31 08:18 net-old 4bfc4714849d 5cc121d6 .config console log report info ci-upstream-net-this-kasan-gce
2020/12/25 09:32 net-old 1f45dc220667 b982b3ea .config console log report info ci-upstream-net-this-kasan-gce
2020/12/20 00:19 net-old fec6079b2eea 04201c06 .config console log report info ci-upstream-net-this-kasan-gce
2020/12/10 09:08 net-old 323a391a220c c090b4da .config console log report info ci-upstream-net-this-kasan-gce
2020/09/27 00:27 net-old 059432495e20 2d5ea0cb .config console log report info ci-upstream-net-this-kasan-gce
2020/09/25 16:50 net-old ad2b9b0f8d01 4a006f63 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/16 14:18 net-next-old 9ab7e76aefc9 65a7a854 .config console log report info ci-upstream-net-kasan-gce
2021/01/15 07:04 net-next-old 1d9f03c0a15f 65a7a854 .config console log report info ci-upstream-net-kasan-gce
2021/01/14 00:48 net-next-old f50e2f9f7916 269d24e8 .config console log report info ci-upstream-net-kasan-gce
2021/01/11 15:11 net-next-old 73b7a6047971 2c1f2513 .config console log report info ci-upstream-net-kasan-gce
2021/01/10 02:46 net-next-old 09b5b5fb3902 2c1f2513 .config console log report info ci-upstream-net-kasan-gce
2021/01/09 21:20 net-next-old 09b5b5fb3902 2c1f2513 .config console log report info ci-upstream-net-kasan-gce
2021/01/05 10:41 net-next-old 3db1a3fa9880 a0234d98 .config console log report info ci-upstream-net-kasan-gce
2021/01/04 21:00 net-next-old 3db1a3fa9880 2a28ff1f .config console log report info ci-upstream-net-kasan-gce
2021/01/04 01:25 net-next-old 3db1a3fa9880 79264ae3 .config console log report info ci-upstream-net-kasan-gce
2020/12/23 11:59 net-next-old 3db1a3fa9880 c2c1d1dd .config console log report info ci-upstream-net-kasan-gce
2020/12/18 06:22 net-next-old 3db1a3fa9880 04201c06 .config console log report info ci-upstream-net-kasan-gce
2020/10/05 18:37 linux-next 2172e358cd17 1880b4a9 .config console log report info ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.