syzbot


KASAN: null-ptr-deref Write in choke_reset

Status: fixed on 2020/07/17 17:58
Fix commit: 8738c85c72b3 sch_choke: avoid potential panic in choke_reset()
First crash: 1696d, last: 1663d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: WARNING in sysfs_warn_dup (log)
Repro: C syz .config
  
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 KASAN: null-ptr-deref Write in choke_reset C done 236 1671d 1696d 1/1 fixed on 2020/06/13 11:02
linux-4.14 KASAN: null-ptr-deref Write in choke_reset C done 283 1665d 1695d 1/1 fixed on 2020/06/19 13:29

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in memset include/linux/string.h:366 [inline]
BUG: KASAN: null-ptr-deref in choke_reset+0x208/0x340 net/sched/sch_choke.c:326
Write of size 8 at addr 0000000000000000 by task syz-executor684/7042

CPU: 1 PID: 7042 Comm: syz-executor684 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 __kasan_report.cold+0x5/0x4d mm/kasan/report.c:515
 kasan_report+0x33/0x50 mm/kasan/common.c:625
 check_memory_region_inline mm/kasan/generic.c:187 [inline]
 check_memory_region+0x141/0x190 mm/kasan/generic.c:193
 memset+0x20/0x40 mm/kasan/common.c:85
 memset include/linux/string.h:366 [inline]
 choke_reset+0x208/0x340 net/sched/sch_choke.c:326
 qdisc_reset+0x6b/0x520 net/sched/sch_generic.c:910
 dev_deactivate_queue.constprop.0+0x13c/0x240 net/sched/sch_generic.c:1138
 netdev_for_each_tx_queue include/linux/netdevice.h:2197 [inline]
 dev_deactivate_many+0xe2/0xba0 net/sched/sch_generic.c:1195
 dev_deactivate+0xf8/0x1c0 net/sched/sch_generic.c:1233
 qdisc_graft+0xd25/0x1120 net/sched/sch_api.c:1051
 tc_modify_qdisc+0xbab/0x1a00 net/sched/sch_api.c:1670
 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5454
 netlink_rcv_skb+0x15a/0x410 net/netlink/af_netlink.c:2469
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362
 ___sys_sendmsg+0x100/0x170 net/socket.c:2416
 __sys_sendmsg+0xec/0x1b0 net/socket.c:2449
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x4415c9
Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffe8f61eb58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004415c9
RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
RBP: 000000000000e006 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004023f0
R13: 0000000000402480 R14: 0000000000000000 R15: 0000000000000000
==================================================================

Crashes (1441):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/04/20 09:12 upstream 0fe5f9ca2235 9f7c6d12 .config console log report syz C ci-upstream-kasan-gce
2020/04/19 15:02 upstream 50cc09c18985 6dfd45e1 .config console log report syz C ci-upstream-kasan-gce
2020/04/19 14:32 upstream 50cc09c18985 6dfd45e1 .config console log report syz C ci-upstream-kasan-gce
2020/04/21 15:12 upstream ae83d0b416db 2e44d63e .config console log report syz C ci-upstream-kasan-gce-386
2020/04/20 22:59 upstream ae83d0b416db 347a5dc3 .config console log report syz C ci-upstream-kasan-gce-386
2020/04/20 11:07 net-old 9bacd256f135 9f7c6d12 .config console log report syz C ci-upstream-net-this-kasan-gce
2020/04/19 10:13 net-old 441870ee4240 365fba24 .config console log report syz C ci-upstream-net-this-kasan-gce
2020/04/19 09:48 net-old 441870ee4240 365fba24 .config console log report syz C ci-upstream-net-this-kasan-gce
2020/04/20 09:01 net-next-old 0fde6e3b55a1 9f7c6d12 .config console log report syz C ci-upstream-net-kasan-gce
2020/04/19 11:07 net-next-old 513a24ffb3f9 365fba24 .config console log report syz C ci-upstream-net-kasan-gce
2020/04/19 07:58 net-next-old 513a24ffb3f9 365fba24 .config console log report syz C ci-upstream-net-kasan-gce
2020/05/18 03:23 linux-next ac935d227366 37bccd4e .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/05/09 10:27 linux-next ac935d227366 e97b06d3 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/05/08 16:52 linux-next ac935d227366 2b98fdbc .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/05/07 05:56 upstream 3c40cdb0e93e 4618eb2d .config console log report ci-upstream-kasan-gce-selinux-root
2020/05/06 19:14 upstream 3c40cdb0e93e 4618eb2d .config console log report ci-upstream-kasan-gce
2020/05/06 18:13 upstream 3c40cdb0e93e 4618eb2d .config console log report ci-upstream-kasan-gce-smack-root
2020/05/06 12:53 upstream dc56c5acd850 4618eb2d .config console log report ci-upstream-kasan-gce-root
2020/05/06 20:11 upstream 3c40cdb0e93e 4618eb2d .config console log report ci-upstream-kasan-gce-386
2020/04/28 09:16 net-old 52a90612fa61 0ce7569e .config console log report ci-upstream-net-this-kasan-gce
2020/05/07 08:39 net-next-old 2f8649900b7d 4618eb2d .config console log report ci-upstream-net-kasan-gce
2020/04/19 07:38 net-next-old 513a24ffb3f9 365fba24 .config console log report ci-upstream-net-kasan-gce
2020/05/22 12:34 linux-next ac935d227366 5afa2ddd .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/22 09:08 linux-next ac935d227366 5afa2ddd .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/21 23:25 linux-next ac935d227366 1f30020f .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/21 21:15 linux-next ac935d227366 1f30020f .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/21 15:27 linux-next ac935d227366 1f30020f .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/21 12:15 linux-next ac935d227366 1f30020f .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/21 08:20 linux-next ac935d227366 c61086ab .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/21 00:46 linux-next ac935d227366 c61086ab .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/20 23:11 linux-next ac935d227366 1255f02a .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/20 12:12 linux-next ac935d227366 1255f02a .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/20 07:54 linux-next ac935d227366 67fa1f59 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/20 01:09 linux-next ac935d227366 67fa1f59 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/19 23:58 linux-next ac935d227366 67fa1f59 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/19 17:41 linux-next ac935d227366 6d882fd2 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/19 11:48 linux-next ac935d227366 6d882fd2 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/19 08:39 linux-next ac935d227366 684d3606 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/18 13:32 linux-next ac935d227366 684d3606 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/18 11:04 linux-next ac935d227366 37bccd4e .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/18 06:42 linux-next ac935d227366 37bccd4e .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/18 01:04 linux-next ac935d227366 37bccd4e .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/17 16:40 linux-next ac935d227366 37bccd4e .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/17 01:41 linux-next ac935d227366 37bccd4e .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/16 18:29 linux-next ac935d227366 37bccd4e .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/16 16:13 linux-next ac935d227366 37bccd4e .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/16 10:15 linux-next ac935d227366 37bccd4e .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/16 01:57 linux-next ac935d227366 37bccd4e .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/15 14:02 linux-next ac935d227366 d7f9fffa .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/14 11:32 linux-next ac935d227366 2d572622 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/14 10:52 linux-next ac935d227366 2d572622 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/13 23:03 linux-next ac935d227366 a885920d .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/13 16:20 linux-next ac935d227366 9a6d42fb .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/12 21:43 linux-next ac935d227366 a44eb8f7 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/12 19:10 linux-next ac935d227366 160c7698 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/12 15:59 linux-next ac935d227366 160c7698 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/12 09:15 linux-next ac935d227366 160c7698 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/11 21:55 linux-next ac935d227366 9eb09c40 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/11 09:37 linux-next ac935d227366 f8f57555 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/11 00:23 linux-next ac935d227366 8742a2b9 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/10 14:47 linux-next ac935d227366 8742a2b9 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/10 03:10 linux-next ac935d227366 8742a2b9 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/10 01:32 linux-next ac935d227366 88cb3e92 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.