syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in virtio_transport_recv_pkt

Status: fixed on 2023/12/21 03:45
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+0c8ce1da0ac31abbadcd@syzkaller.appspotmail.com
Fix commit: 34c4effacfc3 virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt()
First crash: 417d, last: 169d
Discussions (3)
Title Replies (including bot) Last reply
[PATCH net v2] virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt() 4 (4) 2023/11/08 03:10
[syzbot] [net?] KMSAN: uninit-value in virtio_transport_recv_pkt 3 (5) 2023/11/03 01:57
Re: [PATCH net] virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt() 2 (2) 2023/10/27 08:50
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 KASAN: use-after-free Write in virtio_transport_recv_pkt C 1 9d07h 23d 0/2 upstream: reported C repro on 2024/04/03 23:46
android-5-15 KASAN: use-after-free Write in virtio_transport_recv_pkt origin:upstream C 1 8d21h 23d 0/2 upstream: reported C repro on 2024/04/04 06:14
android-6-1 KASAN: use-after-free Write in virtio_transport_recv_pkt origin:upstream C 2 9d07h 23d 0/2 upstream: reported C repro on 2024/04/03 23:05
Last patch testing requests (2)
Created Duration User Patch Repo Result
2023/11/03 01:57 35m syoshida@redhat.com patch upstream OK log
2023/10/27 08:27 25m sgarzare@redhat.com patch upstream OK log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in virtio_transport_recv_pkt+0x1c42/0x2580 net/vmw_vsock/virtio_transport_common.c:1421
 virtio_transport_recv_pkt+0x1c42/0x2580 net/vmw_vsock/virtio_transport_common.c:1421
 vsock_loopback_work+0x3e2/0x5d0 net/vmw_vsock/vsock_loopback.c:120
 process_one_work kernel/workqueue.c:2630 [inline]
 process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2703
 worker_thread+0xf45/0x1490 kernel/workqueue.c:2784
 kthread+0x3e8/0x540 kernel/kthread.c:388
 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304

Uninit was stored to memory at:
 virtio_transport_space_update net/vmw_vsock/virtio_transport_common.c:1274 [inline]
 virtio_transport_recv_pkt+0x1ea4/0x2580 net/vmw_vsock/virtio_transport_common.c:1415
 vsock_loopback_work+0x3e2/0x5d0 net/vmw_vsock/vsock_loopback.c:120
 process_one_work kernel/workqueue.c:2630 [inline]
 process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2703
 worker_thread+0xf45/0x1490 kernel/workqueue.c:2784
 kthread+0x3e8/0x540 kernel/kthread.c:388
 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304

Uninit was created at:
 slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767
 slab_alloc_node mm/slub.c:3478 [inline]
 kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523
 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559
 __alloc_skb+0x318/0x740 net/core/skbuff.c:650
 alloc_skb include/linux/skbuff.h:1286 [inline]
 virtio_vsock_alloc_skb include/linux/virtio_vsock.h:66 [inline]
 virtio_transport_alloc_skb+0x8b/0x1170 net/vmw_vsock/virtio_transport_common.c:58
 virtio_transport_reset_no_sock net/vmw_vsock/virtio_transport_common.c:957 [inline]
 virtio_transport_recv_pkt+0x1531/0x2580 net/vmw_vsock/virtio_transport_common.c:1387
 vsock_loopback_work+0x3e2/0x5d0 net/vmw_vsock/vsock_loopback.c:120
 process_one_work kernel/workqueue.c:2630 [inline]
 process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2703
 worker_thread+0xf45/0x1490 kernel/workqueue.c:2784
 kthread+0x3e8/0x540 kernel/kthread.c:388
 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304

CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.6.0-rc2-syzkaller-00337-gd90b0276af8f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Workqueue: vsock-loopback vsock_loopback_work
=====================================================

Crashes (20713):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/09/23 11:51 upstream d90b0276af8f 0b6a67ac .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/06/15 06:30 https://github.com/google/kmsan.git master 7cccf3be6dcb 76decb82 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/03/07 03:57 https://github.com/google/kmsan.git master e61893130d87 f8902b57 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/10 05:31 upstream 4bbdb725a36b 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/10 04:19 upstream 4bbdb725a36b 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/10 03:08 upstream 4bbdb725a36b 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/10 02:18 upstream 4bbdb725a36b 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 22:13 upstream 6bc986ab839c 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 21:04 upstream 6bc986ab839c 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 20:04 upstream 6bc986ab839c 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 19:40 upstream 6bc986ab839c 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 16:50 upstream 6bc986ab839c 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 14:26 upstream 6bc986ab839c 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 12:05 upstream 6bc986ab839c 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 10:35 upstream 6bc986ab839c 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 09:16 upstream 6bc986ab839c 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 07:29 upstream 6bc986ab839c 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 07:28 upstream 6bc986ab839c 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 01:22 upstream 305230142ae0 df3908d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 00:13 upstream 305230142ae0 df3908d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 23:38 upstream 305230142ae0 df3908d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 22:02 upstream 305230142ae0 df3908d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 20:51 upstream 305230142ae0 df3908d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 19:50 upstream 305230142ae0 df3908d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 19:50 upstream 305230142ae0 df3908d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 18:38 upstream 305230142ae0 df3908d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 17:10 upstream 305230142ae0 df3908d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 14:13 upstream 305230142ae0 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 08:39 upstream 13d88ac54ddd 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 06:12 upstream 13d88ac54ddd 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 04:59 upstream 13d88ac54ddd 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 04:40 upstream 13d88ac54ddd 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 03:37 upstream 13d88ac54ddd 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 02:12 upstream 13d88ac54ddd 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/08 00:53 upstream 13d88ac54ddd 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 23:42 upstream 13d88ac54ddd 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 18:32 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 17:21 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 14:33 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 13:29 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 13:17 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 11:57 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 10:54 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 07:25 upstream be3ca57cfb77 78fae24e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/10/16 23:50 upstream 58720809f527 6388bc36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/09 13:15 upstream 6bc986ab839c 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 22:06 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 20:07 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtio_transport_recv_pkt
2023/11/07 15:33 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtio_transport_recv_pkt
* Struck through repros no longer work on HEAD.