syzbot


KASAN: user-memory-access Write in dst_release

Status: auto-closed as invalid on 2019/10/25 08:49
Reported-by: syzbot+29ffc731816e0995ad54@syzkaller.appspotmail.com
First crash: 1488d, last: 1330d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Write in dst_release (2) syz error 148 419d 669d 0/24 closed as invalid on 2021/12/14 20:12
upstream KASAN: null-ptr-deref Write in dst_release (3) 2 414d 414d 22/24 fixed on 2022/03/08 16:11

Sample crash report:
binder: undelivered TRANSACTION_ERROR: 29189
==================================================================
BUG: KASAN: user-memory-access in atomic_sub_return include/asm-generic/atomic-instrumented.h:305 [inline]
BUG: KASAN: user-memory-access in dst_release net/core/dst.c:190 [inline]
BUG: KASAN: user-memory-access in dst_release+0x2a/0xb0 net/core/dst.c:185
Write of size 4 at addr 000000000001a494 by task kworker/u4:3/13552

CPU: 0 PID: 13552 Comm: kworker/u4:3 Not tainted 5.0.0+ #7
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 kasan_report.cold+0x5/0x40 mm/kasan/report.c:321
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x123/0x190 mm/kasan/generic.c:191
 kasan_check_write+0x14/0x20 mm/kasan/common.c:106
 atomic_sub_return include/asm-generic/atomic-instrumented.h:305 [inline]
 dst_release net/core/dst.c:190 [inline]
 dst_release+0x2a/0xb0 net/core/dst.c:185
 dst_cache_destroy net/core/dst_cache.c:164 [inline]
 dst_cache_destroy+0xd3/0x1b0 net/core/dst_cache.c:156
 ipip6_dev_free+0x19/0x50 net/ipv6/sit.c:1355
 netdev_run_todo+0x51c/0x7d0 net/core/dev.c:8970
 rtnl_unlock+0xe/0x10 net/core/rtnetlink.c:116
 sit_exit_batch_net+0x565/0x750 net/ipv6/sit.c:1891
 ops_exit_list.isra.0+0x105/0x160 net/core/net_namespace.c:156
 cleanup_net+0x3fb/0x960 net/core/net_namespace.c:551
 process_one_work+0x98e/0x1790 kernel/workqueue.c:2173
 worker_thread+0x98/0xe40 kernel/workqueue.c:2319
 kthread+0x357/0x430 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
==================================================================

Crashes (18):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce 2019/03/06 01:32 upstream 63bdf4284c38 16559f86 .config console log report
ci-upstream-kasan-gce-root 2019/02/26 23:29 upstream 7d762d69145a f2468c12 .config console log report
ci-upstream-kasan-gce 2019/02/17 06:05 upstream 64c0133eb88a f42dee6d .config console log report
ci-upstream-kasan-gce 2019/02/08 13:31 upstream 74e96711e337 aa4feb03 .config console log report
ci-upstream-kasan-gce-386 2019/03/02 07:04 upstream a215ce8f0e00 1c0e457a .config console log report
ci-upstream-net-this-kasan-gce 2019/06/14 01:33 net b8003cef2e63 a139f92f .config console log report
ci-upstream-net-this-kasan-gce 2019/06/02 05:50 net e8d67fa5696e 53c81ea5 .config console log report
ci-upstream-net-this-kasan-gce 2019/06/02 03:14 net e8d67fa5696e 53c81ea5 .config console log report
ci-upstream-net-this-kasan-gce 2019/05/27 16:46 net 3e66b7cc50ef 562efd79 .config console log report
ci-upstream-net-this-kasan-gce 2019/03/27 22:56 net 8c838f53e149 4e668495 .config console log report
ci-upstream-net-this-kasan-gce 2019/03/23 10:26 net 5f543a54eec0 3361bde5 .config console log report
ci-upstream-net-kasan-gce 2019/06/01 22:04 net-next 0462eaacee49 53c81ea5 .config console log report
ci-upstream-net-kasan-gce 2019/05/28 14:40 net-next cec4f328c929 6bd61501 .config console log report
ci-upstream-net-kasan-gce 2019/05/27 07:35 net-next 9b3c520e9628 85c57315 .config console log report
ci-upstream-net-kasan-gce 2019/05/04 05:06 net-next 8ef988b914bd d28f4ce5 .config console log report
ci-upstream-net-kasan-gce 2019/03/24 03:35 net-next 3b0f31f2b8c9 a2cef203 .config console log report
ci-upstream-net-kasan-gce 2019/02/24 07:17 net-next dccd3ab55ead 7a06e792 .config console log report
ci-upstream-net-kasan-gce 2019/01/07 09:51 net-next b71acb0e3721 ee332608 .config console log report
* Struck through repros no longer work on HEAD.