audit: type=1804 audit(1549748412.404:250): pid=10565 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir701319855/syzkaller.y7shmo/714/memory.events" dev="sda1" ino=16854 res=1 ================================================================== BUG: KASAN: null-ptr-deref in atomic_sub_return include/asm-generic/atomic-instrumented.h:305 [inline] BUG: KASAN: null-ptr-deref in dst_release net/core/dst.c:190 [inline] BUG: KASAN: null-ptr-deref in dst_release+0x2a/0xb0 net/core/dst.c:185 Write of size 4 at addr 0000000000000430 by task kworker/u4:0/7 CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.0.0-rc5+ #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 kasan_report.cold+0x5/0x40 mm/kasan/report.c:321 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x123/0x190 mm/kasan/generic.c:191 kasan_check_write+0x14/0x20 mm/kasan/common.c:106 atomic_sub_return include/asm-generic/atomic-instrumented.h:305 [inline] dst_release net/core/dst.c:190 [inline] dst_release+0x2a/0xb0 net/core/dst.c:185 dst_cache_destroy net/core/dst_cache.c:164 [inline] dst_cache_destroy+0xd3/0x1b0 net/core/dst_cache.c:156 ip_tunnel_dev_free+0x25/0x60 net/ipv4/ip_tunnel.c:995 netdev_run_todo+0x51c/0x7d0 net/core/dev.c:8951 rtnl_unlock+0xe/0x10 net/core/rtnetlink.c:116 ip_tunnel_delete_nets+0x423/0x5f0 net/ipv4/ip_tunnel.c:1108 ipgre_tap_exit_batch_net+0x23/0x30 net/ipv4/ip_gre.c:1576 ops_exit_list.isra.0+0x105/0x160 net/core/net_namespace.c:156 cleanup_net+0x3fb/0x960 net/core/net_namespace.c:551 process_one_work+0x98e/0x1790 kernel/workqueue.c:2173 worker_thread+0x98/0xe40 kernel/workqueue.c:2319 kthread+0x357/0x430 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 ==================================================================