syzbot

 sign-in | mailing list | source | docs
🐞 Open [1514]
Subsystems
🐞 Fixed [6483]
🐞 Invalid [16462]
Missing Backports [199]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: null-ptr-deref Write in dst_cache_per_cpu_get (2)

Status: closed as invalid on 2025/01/15 12:41
Subsystems: net
[Documentation on labels]
First crash: 308d, last: 264d
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Write in dst_cache_per_cpu_get net 12 3 417d 431d 0/29 auto-obsoleted due to no activity on 2024/09/18 11:41
upstream KASAN: null-ptr-deref Write in dst_cache_per_cpu_get (3) net 12 2 57d 103d 0/29 upstream: reported on 2025/04/23 07:51

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: null-ptr-deref in atomic_add_negative_relaxed include/linux/atomic/atomic-instrumented.h:1475 [inline]
BUG: KASAN: null-ptr-deref in rcuref_get include/linux/rcuref.h:67 [inline]
BUG: KASAN: null-ptr-deref in dst_hold include/net/dst.h:238 [inline]
BUG: KASAN: null-ptr-deref in dst_cache_per_cpu_get+0x7d/0x2b0 net/core/dst_cache.c:50
Write of size 4 at addr 0000000000000041 by task kworker/u8:6/1886

CPU: 0 UID: 0 PID: 1886 Comm: kworker/u8:6 Not tainted 6.12.0-rc7-syzkaller-00012-g3022e9d00ebe #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_report+0xe8/0x550 mm/kasan/report.c:491
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 atomic_add_negative_relaxed include/linux/atomic/atomic-instrumented.h:1475 [inline]
 rcuref_get include/linux/rcuref.h:67 [inline]
 dst_hold include/net/dst.h:238 [inline]
 dst_cache_per_cpu_get+0x7d/0x2b0 net/core/dst_cache.c:50
 dst_cache_get_ip4+0x93/0x140 net/core/dst_cache.c:84
 send4+0x442/0xfb0 drivers/net/wireguard/socket.c:49
 wg_socket_send_skb_to_peer+0xd5/0x1d0 drivers/net/wireguard/socket.c:175
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
 wg_packet_handshake_send_worker+0x1dd/0x330 drivers/net/wireguard/send.c:51
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/12 22:22 upstream 3022e9d00ebe 62026c85 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: null-ptr-deref Write in dst_cache_per_cpu_get
2024/10/04 01:09 upstream 8c245fe7dde3 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: null-ptr-deref Write in dst_cache_per_cpu_get
2024/09/30 05:09 upstream e7ed34365879 ba29ff75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: null-ptr-deref Write in dst_cache_per_cpu_get
* Struck through repros no longer work on HEAD.