syzbot

 sign-in | mailing list | source | docs
🐞 Open [1556]
Subsystems
🐞 Fixed [6198]
🐞 Invalid [15554]
Missing Backports [179]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: null-ptr-deref Write in dst_cache_per_cpu_get

Status: auto-obsoleted due to no activity on 2024/09/18 11:41
Subsystems: net
[Documentation on labels]
First crash: 325d, last: 310d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Write in dst_cache_per_cpu_get (2) net 3 157d 201d 0/28 closed as invalid on 2025/01/15 12:41

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: null-ptr-deref in atomic_add_negative_relaxed include/linux/atomic/atomic-instrumented.h:1475 [inline]
BUG: KASAN: null-ptr-deref in rcuref_get include/linux/rcuref.h:67 [inline]
BUG: KASAN: null-ptr-deref in dst_hold include/net/dst.h:238 [inline]
BUG: KASAN: null-ptr-deref in dst_cache_per_cpu_get+0x78/0x2f0 net/core/dst_cache.c:50
Write of size 4 at addr 0000000000000041 by task kworker/1:0/30

CPU: 1 PID: 30 Comm: kworker/1:0 Not tainted 6.10.0-rc3-syzkaller-00022-gcea2a26553ac #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 kasan_report+0xd9/0x110 mm/kasan/report.c:601
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 atomic_add_negative_relaxed include/linux/atomic/atomic-instrumented.h:1475 [inline]
 rcuref_get include/linux/rcuref.h:67 [inline]
 dst_hold include/net/dst.h:238 [inline]
 dst_cache_per_cpu_get+0x78/0x2f0 net/core/dst_cache.c:50
 dst_cache_get_ip6+0x8e/0x1c0 net/core/dst_cache.c:133
 send6+0x400/0xd20 drivers/net/wireguard/socket.c:129
 wg_socket_send_skb_to_peer+0xf9/0x220 drivers/net/wireguard/socket.c:178
 wg_socket_send_buffer_to_peer+0x12b/0x190 drivers/net/wireguard/socket.c:200
 wg_packet_send_handshake_response+0x297/0x310 drivers/net/wireguard/send.c:103
 wg_receive_handshake_packet+0x248/0xbf0 drivers/net/wireguard/receive.c:154
 wg_packet_handshake_receive_worker+0x17f/0x3a0 drivers/net/wireguard/receive.c:213
 process_one_work+0x958/0x1ad0 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/13 01:56 upstream cea2a26553ac c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_cache_per_cpu_get
2024/06/10 15:38 upstream 83a7eefedc9b c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_cache_per_cpu_get
2024/05/29 09:56 upstream e0cce98fe279 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_cache_per_cpu_get
* Struck through repros no longer work on HEAD.