syzbot

 sign-in | mailing list | source | docs
🐞 Open [1569]
Subsystems
🐞 Fixed [5936]
🐞 Invalid [14430]
Missing Backports [102]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: null-ptr-deref Write in dst_release (4)

Status: fixed on 2024/11/29 14:58
Subsystems: net
[Documentation on labels]
Fix commit: ac888d58869b net: do not delay dst_entries_add() in dst_release()
First crash: 261d, last: 74d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Write in dst_release (2) net syz error 148 1106d 1356d 0/28 closed as invalid on 2021/12/14 20:12
upstream KASAN: null-ptr-deref Write in dst_release net 27 2013d 2175d 0/28 auto-closed as invalid on 2019/10/25 08:50
upstream KASAN: null-ptr-deref Write in dst_release (3) net 2 1101d 1101d 20/28 fixed on 2022/03/08 16:11

Sample crash report:
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): Released all slaves
bond0 (unregistering): Released all slaves
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: null-ptr-deref in atomic_add_negative_release include/linux/atomic/atomic-instrumented.h:1457 [inline]
BUG: KASAN: null-ptr-deref in __rcuref_put include/linux/rcuref.h:87 [inline]
BUG: KASAN: null-ptr-deref in rcuref_put include/linux/rcuref.h:150 [inline]
BUG: KASAN: null-ptr-deref in dst_release+0x4e/0x1e0 net/core/dst.c:164
Write of size 4 at addr 0000000000000041 by task kworker/u8:3/52

CPU: 0 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 kasan_report+0xd9/0x110 mm/kasan/report.c:601
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 atomic_add_negative_release include/linux/atomic/atomic-instrumented.h:1457 [inline]
 __rcuref_put include/linux/rcuref.h:87 [inline]
 rcuref_put include/linux/rcuref.h:150 [inline]
 dst_release+0x4e/0x1e0 net/core/dst.c:164
 dst_cache_destroy net/core/dst_cache.c:163 [inline]
 dst_cache_destroy+0x119/0x270 net/core/dst_cache.c:155
 netdev_run_todo+0x760/0x12d0 net/core/dev.c:10809
 cleanup_net+0x591/0xb40 net/core/net_namespace.c:622
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
==================================================================

Crashes (23):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/08 11:36 upstream 87d6aab2389e 402f1df0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: null-ptr-deref Write in dst_release
2024/09/10 11:24 upstream bc83b4d1f086 784df80e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: null-ptr-deref Write in dst_release
2024/09/02 00:04 upstream 431c1646e1f8 1eda0d14 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: null-ptr-deref Write in dst_release
2024/08/31 08:42 upstream fb24560f31f9 1eda0d14 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: null-ptr-deref Write in dst_release
2024/06/26 05:30 upstream 55027e689933 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/06/25 08:17 upstream 55027e689933 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/06/22 17:04 upstream 35bb670d65fc c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/06/22 02:24 upstream 66cc544fd75c c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/06/14 07:44 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/06/07 11:44 upstream 8a92980606e3 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/06/06 21:46 upstream d30d0e49da71 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/06/05 10:54 upstream 32f88d65f01b c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/06/05 04:33 upstream 32f88d65f01b c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/06/01 17:02 upstream cc8ed4d0a848 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/05/31 06:30 upstream 4a4be1ad3a6e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/05/30 23:17 upstream 4a4be1ad3a6e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/05/30 23:11 upstream 4a4be1ad3a6e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/05/28 08:52 upstream 2bfcfd584ff5 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/05/22 10:25 upstream 29c73fc794c8 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/05/22 00:57 upstream 2a8120d7b482 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/05/21 00:53 upstream 6e51b4b5bbc0 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/05/16 23:39 upstream 3c999d1ae3c7 ad5321c6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: null-ptr-deref Write in dst_release
2024/04/04 12:54 upstream c85af715cac0 0ee3535e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64 KASAN: null-ptr-deref Write in dst_release
* Struck through repros no longer work on HEAD.