syzbot

 sign-in | mailing list | source | docs
🐞 Open [1592]
Subsystems
🐞 Fixed [6233]
🐞 Invalid [15779]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: null-ptr-deref Write in dst_cache_per_cpu_get (3)

Status: upstream: reported on 2025/04/23 07:51
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+c71bf8ad5b74c29baa2f@syzkaller.appspotmail.com
First crash: 28d, last: 28d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [net?] KASAN: null-ptr-deref Write in dst_cache_per_cpu_get (3) 0 (1) 2025/04/23 07:51
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Write in dst_cache_per_cpu_get net 3 338d 352d 0/28 auto-obsoleted due to no activity on 2024/09/18 11:41
upstream KASAN: null-ptr-deref Write in dst_cache_per_cpu_get (2) net 3 185d 229d 0/28 closed as invalid on 2025/01/15 12:41

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: null-ptr-deref in atomic_add_negative_relaxed include/linux/atomic/atomic-instrumented.h:1475 [inline]
BUG: KASAN: null-ptr-deref in rcuref_get include/linux/rcuref.h:67 [inline]
BUG: KASAN: null-ptr-deref in dst_hold include/net/dst.h:238 [inline]
BUG: KASAN: null-ptr-deref in dst_cache_per_cpu_get+0x7d/0x2b0 net/core/dst_cache.c:50
Write of size 4 at addr 0000000000000043 by task kworker/1:0/24

CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: wg-crypt-wg2 wg_packet_tx_worker
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_report+0xe3/0x5b0 mm/kasan/report.c:524
 kasan_report+0x143/0x180 mm/kasan/report.c:634
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x28f/0x2a0 mm/kasan/generic.c:189
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 atomic_add_negative_relaxed include/linux/atomic/atomic-instrumented.h:1475 [inline]
 rcuref_get include/linux/rcuref.h:67 [inline]
 dst_hold include/net/dst.h:238 [inline]
 dst_cache_per_cpu_get+0x7d/0x2b0 net/core/dst_cache.c:50
 dst_cache_get_ip6+0x8c/0xf0 net/core/dst_cache.c:133
 send6+0x466/0xbf0 drivers/net/wireguard/socket.c:129
 wg_socket_send_skb_to_peer+0x115/0x1d0 drivers/net/wireguard/socket.c:178
 wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
 wg_packet_tx_worker+0x1bf/0x810 drivers/net/wireguard/send.c:276
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xac3/0x18e0 kernel/workqueue.c:3319
 worker_thread+0x870/0xd50 kernel/workqueue.c:3400
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/19 00:09 upstream fc96b232f8e7 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: null-ptr-deref Write in dst_cache_per_cpu_get
* Struck through repros no longer work on HEAD.