KASAN: null-ptr-deref Write in choke

similar bugs (2):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	KASAN: null-ptr-deref Write in choke_reset	C		done	236	999d	1024d	1/1	fixed on 2020/06/13 11:02
upstream	KASAN: null-ptr-deref Write in choke_reset	C	done		1441	991d	1024d	17/24	fixed on 2020/07/17 17:58

similar bugs (2):

linux-4.19

KASAN: null-ptr-deref Write in choke_reset

done

236

999d

1024d

1/1

fixed on 2020/06/13 11:02

upstream

KASAN: null-ptr-deref Write in choke_reset

done

1441

991d

1024d

17/24

fixed on 2020/07/17 17:58

audit: type=1400 audit(1589147950.113:8): avc:  denied  { execmem } for  pid=6340 comm="syz-executor271" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
==================================================================
BUG: KASAN: null-ptr-deref in memset include/linux/string.h:332 [inline]
BUG: KASAN: null-ptr-deref in choke_reset+0x1fc/0x330 net/sched/sch_choke.c:330
Write of size 8 at addr           (null) by task syz-executor271/6340

CPU: 0 PID: 6340 Comm: syz-executor271 Not tainted 4.14.180-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x13e/0x194 lib/dump_stack.c:58
 kasan_report_error mm/kasan/report.c:349 [inline]
 kasan_report mm/kasan/report.c:409 [inline]
 kasan_report.cold+0x127/0x2ae mm/kasan/report.c:393
 memset+0x20/0x40 mm/kasan/kasan.c:285
 memset include/linux/string.h:332 [inline]
 choke_reset+0x1fc/0x330 net/sched/sch_choke.c:330
 qdisc_reset+0x61/0x1e0 net/sched/sch_generic.c:678
 dev_deactivate_queue.constprop.0+0xc5/0x150 net/sched/sch_generic.c:867
 netdev_for_each_tx_queue include/linux/netdevice.h:1970 [inline]
 dev_deactivate_many+0xd6/0x960 net/sched/sch_generic.c:922
 dev_deactivate+0xe2/0x190 net/sched/sch_generic.c:955
 qdisc_graft+0x989/0xcd0 net/sched/sch_api.c:919
 tc_modify_qdisc+0x99e/0x1181 net/sched/sch_api.c:1446
 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4315
 netlink_rcv_skb+0x127/0x370 net/netlink/af_netlink.c:2433
 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
 netlink_unicast+0x437/0x620 net/netlink/af_netlink.c:1313
 netlink_sendmsg+0x733/0xbe0 net/netlink/af_netlink.c:1878
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xc5/0x100 net/socket.c:656
 ___sys_sendmsg+0x70a/0x840 net/socket.c:2062
 __sys_sendmsg+0xa3/0x120 net/socket.c:2096
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0x27/0x40 net/socket.c:2103
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x440719
RSP: 002b:00007ffd0563b2c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000440719
RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000006
RBP: 0000000000000001 R08: 00000000ffffffff R09: 00000000004002c8
R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000007166
R13: 0000000000402030 R14: 0000000000000000 R15: 0000000000000000
==================================================================

Crashes (283):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci2-linux-4-14	2020/05/10 22:01	linux-4.14.y	ab9dfda23248	8742a2b9	.config	console log	report	syz	C
ci2-linux-4-14	2020/04/26 09:47	linux-4.14.y	050272a0423e	0ce7569e	.config	console log	report	syz	C
ci2-linux-4-14	2020/04/26 09:27	linux-4.14.y	050272a0423e	0ce7569e	.config	console log	report	syz	C
ci2-linux-4-14	2020/04/20 06:25	linux-4.14.y	c10b57a567e4	9f7c6d12	.config	console log	report	syz	C
ci2-linux-4-14	2020/05/20 03:55	linux-4.14.y	ab9dfda23248	6d882fd2	.config	console log	report
ci2-linux-4-14	2020/05/19 23:30	linux-4.14.y	ab9dfda23248	6d882fd2	.config	console log	report
ci2-linux-4-14	2020/05/19 17:29	linux-4.14.y	ab9dfda23248	6d882fd2	.config	console log	report
ci2-linux-4-14	2020/05/19 16:44	linux-4.14.y	ab9dfda23248	6d882fd2	.config	console log	report
ci2-linux-4-14	2020/05/19 12:58	linux-4.14.y	ab9dfda23248	6d882fd2	.config	console log	report
ci2-linux-4-14	2020/05/19 10:21	linux-4.14.y	ab9dfda23248	684d3606	.config	console log	report
ci2-linux-4-14	2020/05/19 05:47	linux-4.14.y	ab9dfda23248	684d3606	.config	console log	report
ci2-linux-4-14	2020/05/19 04:43	linux-4.14.y	ab9dfda23248	684d3606	.config	console log	report
ci2-linux-4-14	2020/05/19 01:01	linux-4.14.y	ab9dfda23248	684d3606	.config	console log	report
ci2-linux-4-14	2020/05/18 23:53	linux-4.14.y	ab9dfda23248	684d3606	.config	console log	report
ci2-linux-4-14	2020/05/18 22:44	linux-4.14.y	ab9dfda23248	684d3606	.config	console log	report
ci2-linux-4-14	2020/05/18 19:39	linux-4.14.y	ab9dfda23248	24d91142	.config	console log	report
ci2-linux-4-14	2020/05/18 12:24	linux-4.14.y	ab9dfda23248	24d91142	.config	console log	report
ci2-linux-4-14	2020/05/18 11:18	linux-4.14.y	ab9dfda23248	24d91142	.config	console log	report
ci2-linux-4-14	2020/05/18 08:57	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/18 04:05	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/18 00:05	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/17 22:37	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/17 21:02	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/17 19:23	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/17 17:13	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/17 14:55	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/17 12:29	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/17 10:56	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/17 05:36	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/17 02:39	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/17 01:07	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/17 01:01	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/16 23:36	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/16 22:08	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/16 14:08	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/16 11:51	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/16 10:25	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/16 09:16	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/16 04:38	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/16 02:36	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/16 00:35	linux-4.14.y	ab9dfda23248	37bccd4e	.config	console log	report
ci2-linux-4-14	2020/05/15 13:03	linux-4.14.y	ab9dfda23248	d7f9fffa	.config	console log	report
ci2-linux-4-14	2020/05/15 11:40	linux-4.14.y	ab9dfda23248	2d572622	.config	console log	report
ci2-linux-4-14	2020/05/15 09:29	linux-4.14.y	ab9dfda23248	2d572622	.config	console log	report
ci2-linux-4-14	2020/05/15 07:20	linux-4.14.y	ab9dfda23248	2d572622	.config	console log	report
ci2-linux-4-14	2020/05/15 05:48	linux-4.14.y	ab9dfda23248	2d572622	.config	console log	report
ci2-linux-4-14	2020/05/15 00:52	linux-4.14.y	ab9dfda23248	2d572622	.config	console log	report
ci2-linux-4-14	2020/04/20 06:08	linux-4.14.y	c10b57a567e4	9f7c6d12	.config	console log	report

Crashes (283):

ci2-linux-4-14

2020/05/10 22:01

linux-4.14.y

ci2-linux-4-14

2020/04/26 09:47

linux-4.14.y

ci2-linux-4-14

2020/04/26 09:27

linux-4.14.y

ci2-linux-4-14

2020/04/20 06:25

linux-4.14.y

ci2-linux-4-14

2020/05/20 03:55

linux-4.14.y

ci2-linux-4-14

2020/05/19 23:30

linux-4.14.y

ci2-linux-4-14

2020/05/19 17:29

linux-4.14.y

ci2-linux-4-14

2020/05/19 16:44

linux-4.14.y

ci2-linux-4-14

2020/05/19 12:58

linux-4.14.y

ci2-linux-4-14

2020/05/19 10:21

linux-4.14.y

ci2-linux-4-14

2020/05/19 05:47

linux-4.14.y

ci2-linux-4-14

2020/05/19 04:43

linux-4.14.y

ci2-linux-4-14

2020/05/19 01:01

linux-4.14.y

ci2-linux-4-14

2020/05/18 23:53

linux-4.14.y

ci2-linux-4-14

2020/05/18 22:44

linux-4.14.y

ci2-linux-4-14

2020/05/18 19:39

linux-4.14.y

ci2-linux-4-14

2020/05/18 12:24

linux-4.14.y

ci2-linux-4-14

2020/05/18 11:18

linux-4.14.y

ci2-linux-4-14

2020/05/18 08:57

linux-4.14.y

ci2-linux-4-14

2020/05/18 04:05

linux-4.14.y

ci2-linux-4-14

2020/05/18 00:05

linux-4.14.y

ci2-linux-4-14

2020/05/17 22:37

linux-4.14.y

ci2-linux-4-14

2020/05/17 21:02

linux-4.14.y

ci2-linux-4-14

2020/05/17 19:23

linux-4.14.y

ci2-linux-4-14

2020/05/17 17:13

linux-4.14.y

ci2-linux-4-14

2020/05/17 14:55

linux-4.14.y

ci2-linux-4-14

2020/05/17 12:29

linux-4.14.y

ci2-linux-4-14

2020/05/17 10:56

linux-4.14.y

ci2-linux-4-14

2020/05/17 05:36

linux-4.14.y

ci2-linux-4-14

2020/05/17 02:39

linux-4.14.y

ci2-linux-4-14

2020/05/17 01:07

linux-4.14.y

ci2-linux-4-14

2020/05/17 01:01

linux-4.14.y

ci2-linux-4-14

2020/05/16 23:36

linux-4.14.y

ci2-linux-4-14

2020/05/16 22:08

linux-4.14.y

ci2-linux-4-14

2020/05/16 14:08

linux-4.14.y

ci2-linux-4-14

2020/05/16 11:51

linux-4.14.y

ci2-linux-4-14

2020/05/16 10:25

linux-4.14.y

ci2-linux-4-14

2020/05/16 09:16

linux-4.14.y

ci2-linux-4-14

2020/05/16 04:38

linux-4.14.y

ci2-linux-4-14

2020/05/16 02:36

linux-4.14.y

ci2-linux-4-14

2020/05/16 00:35

linux-4.14.y

ci2-linux-4-14

2020/05/15 13:03

linux-4.14.y

ci2-linux-4-14

2020/05/15 11:40

linux-4.14.y

ci2-linux-4-14

2020/05/15 09:29

linux-4.14.y

ci2-linux-4-14

2020/05/15 07:20

linux-4.14.y

ci2-linux-4-14

2020/05/15 05:48

linux-4.14.y

ci2-linux-4-14

2020/05/15 00:52

linux-4.14.y

ci2-linux-4-14

2020/04/20 06:08

linux-4.14.y