syzbot

 sign-in | mailing list | source | docs
🐞 Open [981] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12500] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: null-ptr-deref Write in dst_release

Status: auto-closed as invalid on 2019/10/25 08:50
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+1f4f4025b8564c8da9d4@syzkaller.appspotmail.com
First crash: 1935d, last: 1772d
Discussions (3)
Title Replies (including bot) Last reply
Reminder: 99 open syzbot bugs in net subsystem 14 (14) 2019/07/31 15:13
Reminder: 94 open syzbot bugs in net subsystem 1 (1) 2019/06/25 05:48
KASAN: null-ptr-deref Write in dst_release 0 (1) 2019/01/07 09:55
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Write in dst_release (2) net syz error 148 865d 1115d 0/26 closed as invalid on 2021/12/14 20:12
upstream KASAN: null-ptr-deref Write in dst_release (3) net 2 860d 860d 20/26 fixed on 2022/03/08 16:11

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in atomic_sub_return include/asm-generic/atomic-instrumented.h:159 [inline]
BUG: KASAN: null-ptr-deref in atomic_dec_return include/linux/atomic-fallback.h:455 [inline]
BUG: KASAN: null-ptr-deref in dst_release net/core/dst.c:174 [inline]
BUG: KASAN: null-ptr-deref in dst_release+0x2a/0xb0 net/core/dst.c:169
Write of size 4 at addr 0000000000000334 by task kworker/u4:7/8668

CPU: 0 PID: 8668 Comm: kworker/u4:7 Not tainted 5.2.0-rc3+ #56
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 __kasan_report.cold+0x5/0x40 mm/kasan/report.c:321
 kasan_report+0x12/0x20 mm/kasan/common.c:614
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x123/0x190 mm/kasan/generic.c:191
 kasan_check_write+0x14/0x20 mm/kasan/common.c:100
 atomic_sub_return include/asm-generic/atomic-instrumented.h:159 [inline]
 atomic_dec_return include/linux/atomic-fallback.h:455 [inline]
 dst_release net/core/dst.c:174 [inline]
 dst_release+0x2a/0xb0 net/core/dst.c:169
 dst_cache_destroy net/core/dst_cache.c:160 [inline]
 dst_cache_destroy+0xd3/0x1b0 net/core/dst_cache.c:152
 ipip6_dev_free+0x19/0x50 net/ipv6/sit.c:1356
 netdev_run_todo+0x48b/0x7c0 net/core/dev.c:8992
 rtnl_unlock+0xe/0x10 net/core/rtnetlink.c:112
 sit_exit_batch_net+0x565/0x750 net/ipv6/sit.c:1892
 ops_exit_list.isra.0+0xfc/0x150 net/core/net_namespace.c:157
 cleanup_net+0x3fb/0x960 net/core/net_namespace.c:553
 process_one_work+0x989/0x1790 kernel/workqueue.c:2269
 worker_thread+0x98/0xe40 kernel/workqueue.c:2415
 kthread+0x354/0x420 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
==================================================================

Crashes (27):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/18 05:55 net-old 6be8e297f9bc 442206d7 .config console log report ci-upstream-net-this-kasan-gce
2019/06/15 02:55 net-old 385097a36757 442206d7 .config console log report ci-upstream-net-this-kasan-gce
2019/05/31 18:36 net-old 100f6d8e0990 142ce681 .config console log report ci-upstream-net-this-kasan-gce
2019/05/26 08:47 net-old f4bcf14e3997 85c57315 .config console log report ci-upstream-net-this-kasan-gce
2019/05/24 15:51 net-old b5730061d105 0dadcd9d .config console log report ci-upstream-net-this-kasan-gce
2019/05/23 18:33 net-old 903869bd10e6 0dadcd9d .config console log report ci-upstream-net-this-kasan-gce
2019/05/15 07:38 net-old 0fe9f173d6cd bd4e3ac7 .config console log report ci-upstream-net-this-kasan-gce
2019/05/13 14:39 net-old 69dda13fdaff 16ab1e89 .config console log report ci-upstream-net-this-kasan-gce
2019/05/08 20:40 net-old 80f232121b69 1ab4c999 .config console log report ci-upstream-net-this-kasan-gce
2019/04/28 18:34 net-old 21f1b8a6636c b617407b .config console log report ci-upstream-net-this-kasan-gce
2019/04/14 17:33 net-old ed0de45a1008 505ab413 .config console log report ci-upstream-net-this-kasan-gce
2019/03/24 13:32 net-old 526949e877f4 acbc5b7d .config console log report ci-upstream-net-this-kasan-gce
2019/03/08 01:03 net-old 8a72b81e6df5 4b69c3cb .config console log report ci-upstream-net-this-kasan-gce
2019/03/05 03:16 net-old 822e44b45eb9 7c693b52 .config console log report ci-upstream-net-this-kasan-gce
2019/02/24 00:23 net-old 61a65d32fe91 7a06e792 .config console log report ci-upstream-net-this-kasan-gce
2019/02/23 10:25 net-old ea34a003645c 18107ce0 .config console log report ci-upstream-net-this-kasan-gce
2019/01/15 12:11 net-old 2f960bd05640 ebacf5cb .config console log report ci-upstream-net-this-kasan-gce
2019/06/15 19:25 net-next-old 877cd9ffbc9c 442206d7 .config console log report ci-upstream-net-kasan-gce
2019/05/24 14:27 net-next-old dfb569f2b96e 0dadcd9d .config console log report ci-upstream-net-kasan-gce
2019/02/27 05:27 net-next-old 7b2464d976c1 f2468c12 .config console log report ci-upstream-net-kasan-gce
2019/02/15 14:34 net-next-old 50f444aa50a4 f6f233c0 .config console log report ci-upstream-net-kasan-gce
2019/02/15 03:32 net-next-old f8b1f9f6459c 76dd003f .config console log report ci-upstream-net-kasan-gce
2019/02/09 21:40 net-next-old 3b5e74e0afe3 d75f7686 .config console log report ci-upstream-net-kasan-gce
2019/01/22 12:53 net-next-old fa7f3a8d56b3 985f75cc .config console log report ci-upstream-net-kasan-gce
2019/01/08 18:40 net-next-old b71acb0e3721 37dd2683 .config console log report ci-upstream-net-kasan-gce
2019/01/07 08:40 net-next-old b71acb0e3721 ee332608 .config console log report ci-upstream-net-kasan-gce
2019/01/07 00:53 net-next-old b71acb0e3721 ee332608 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.