syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12499] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in dst_release

Status: fixed on 2021/04/09 19:46
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+b53bbea2ad64f9cf80d8@syzkaller.appspotmail.com
Fix commit: e0be4931f3fe mptcp: reset last_snd on subflow close
First crash: 1163d, last: 1163d
Cause bisection: introduced by (bisect log) :
commit 40947e13997a1cba4e875893ca6e5d5e61a0689d
Author: Florian Westphal <fw@strlen.de>
Date: Fri Feb 12 23:59:56 2021 +0000

  mptcp: schedule worker when subflow is closed

Crash: WARNING in dst_release (log)
Repro: syz .config
  
Duplicate bugs (2)
duplicates (2):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
KASAN: use-after-free Read in tcp_current_mss net 1 1166d 1162d 0/26 closed as dup on 2021/02/17 18:42
KASAN: use-after-free Read in mptcp_established_options mptcp 10 1162d 1161d 0/26 closed as dup on 2021/02/17 18:39
Discussions (2)
Title Replies (including bot) Last reply
Re: WARNING in dst_release 1 (1) 2021/02/18 14:06
WARNING in dst_release 0 (1) 2021/02/17 17:31
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in dst_release (2) net syz error done 30 866d 1088d 0/26 closed as invalid on 2021/12/14 10:52
upstream WARNING in dst_release (3) net 3 781d 861d 20/26 fixed on 2022/03/08 16:11
Last patch testing requests (1)
Created Duration User Patch Repo Result
2021/02/18 12:24 17m fw@strlen.de git://git.breakpoint.cc/fw/net-next.git 06690d5c6466b604f674477b522a809673c17eff OK
Cause bisection attempts (3)
Created Duration User Patch Repo Result
2021/02/17 10:37 3h42m bisect net-next-old job log (1) log
2021/02/17 07:27 0m bisect net-next-old error job log (0)
2021/02/16 15:02 0m bisect net-next-old error job log (0)

Sample crash report:
------------[ cut here ]------------
dst_release underflow
WARNING: CPU: 0 PID: 9649 at net/core/dst.c:175 dst_release net/core/dst.c:175 [inline]
WARNING: CPU: 0 PID: 9649 at net/core/dst.c:175 dst_release+0xd2/0xe0 net/core/dst.c:169
Modules linked in:
CPU: 0 PID: 9649 Comm: syz-executor.0 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:dst_release net/core/dst.c:175 [inline]
RIP: 0010:dst_release+0xd2/0xe0 net/core/dst.c:169
Code: 89 c3 89 c6 e8 cf b3 77 fa 85 db 74 a4 e9 e4 66 fd 01 e8 41 ac 77 fa 48 c7 c7 c0 72 44 8a c6 05 0a 9b 94 06 01 e8 01 52 c1 01 <0f> 0b eb c6 66 2e 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55 48
RSP: 0018:ffffc90009cf7d20 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88801895d340 RSI: ffffffff815b7595 RDI: fffff5200139ef96
RBP: ffff888017c95e00 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815b076e R11: 0000000000000000 R12: ffff88802bad7200
R13: 00000000ffffffff R14: ffff888017c95e04 R15: 0000000000000000
FS:  00007ff13b462700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055e9f2997360 CR3: 0000000015dd0000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 sk_dst_set include/net/sock.h:1999 [inline]
 sk_dst_reset include/net/sock.h:2011 [inline]
 __inet_bind+0x71f/0xbc0 net/ipv4/af_inet.c:549
 inet_bind+0xf0/0x170 net/ipv4/af_inet.c:457
 mptcp_bind+0x112/0x210 net/mptcp/protocol.c:3147
 __sys_bind+0x1e9/0x250 net/socket.c:1635
 __do_sys_bind net/socket.c:1646 [inline]
 __se_sys_bind net/socket.c:1644 [inline]
 __x64_sys_bind+0x6f/0xb0 net/socket.c:1644
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x465d99
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff13b462188 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465d99
RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000005
RBP: 00000000004bcf27 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffd21708c7f R14: 00007ff13b462300 R15: 0000000000022000

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/16 15:02 net-next-old 9ec5eea5b6ac 98682e5e .config console log report syz ci-upstream-net-kasan-gce WARNING in dst_release
2021/02/16 13:34 net-next-old 9ec5eea5b6ac 98682e5e .config console log report info ci-upstream-net-kasan-gce WARNING in dst_release
* Struck through repros no longer work on HEAD.