syzbot

 sign-in | mailing list | source | docs
🐞 Open [1432]
Subsystems
🐞 Fixed [6917]
🐞 Invalid [17999]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: null-ptr-deref Write in dst_cache_per_cpu_get (4)

Status: closed as invalid on 2026/01/07 12:42
Subsystems: net
[Documentation on labels]
First crash: 62d, last: 62d
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Write in dst_cache_per_cpu_get net 12 3 609d 624d 0/29 auto-obsoleted due to no activity on 2024/09/18 11:41
upstream KASAN: null-ptr-deref Write in dst_cache_per_cpu_get (2) net 12 3 456d 500d 0/29 closed as invalid on 2025/01/15 12:41
upstream KASAN: null-ptr-deref Write in dst_cache_per_cpu_get (3) net 12 2 249d 295d 0/29 auto-obsoleted due to no activity on 2025/09/15 21:13

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: null-ptr-deref in atomic_add_negative_relaxed include/linux/atomic/atomic-instrumented.h:1475 [inline]
BUG: KASAN: null-ptr-deref in rcuref_get include/linux/rcuref.h:87 [inline]
BUG: KASAN: null-ptr-deref in dst_hold include/net/dst.h:241 [inline]
BUG: KASAN: null-ptr-deref in dst_cache_per_cpu_get+0x7d/0x290 net/core/dst_cache.c:51
Write of size 4 at addr 00000000000000d4 by task kworker/u8:12/3492

CPU: 0 UID: 0 PID: 3492 Comm: kworker/u8:12 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 kasan_report+0x118/0x150 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:200
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 atomic_add_negative_relaxed include/linux/atomic/atomic-instrumented.h:1475 [inline]
 rcuref_get include/linux/rcuref.h:87 [inline]
 dst_hold include/net/dst.h:241 [inline]
 dst_cache_per_cpu_get+0x7d/0x290 net/core/dst_cache.c:51
 dst_cache_get_ip4+0x235/0x800 net/core/dst_cache.c:91
 send4+0x354/0xed0 drivers/net/wireguard/socket.c:49
 wg_socket_send_skb_to_peer+0xd1/0x1d0 drivers/net/wireguard/socket.c:175
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
 wg_packet_handshake_send_worker+0x1db/0x320 drivers/net/wireguard/send.c:51
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/12 15:15 net-next 8f7aa3d3c732 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce KASAN: null-ptr-deref Write in dst_cache_per_cpu_get
* Struck through repros no longer work on HEAD.