syzbot

 sign-in | mailing list | source | docs
🐞 Open [1646]
Subsystems
🐞 Fixed [6009]
🐞 Invalid [14804]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in xfrm_state_find

Status: fixed on 2023/07/01 16:05
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+131cd4c6d21724b99a26@syzkaller.appspotmail.com
Fix commit: 3d776e31c841 xfrm: Reject optional tunnel/BEET mode templates in outbound policies
First crash: 2450d, last: 620d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit 3d776e31c841ba2f69895d2255a49320bec7cea6
Author: Tobias Brunner <tobias@strongswan.org>
Date: Tue May 9 08:59:58 2023 +0000

  xfrm: Reject optional tunnel/BEET mode templates in outbound policies

  
Discussions (3)
Title Replies (including bot) Last reply
KMSAN: uninit-value in xfrm_state_find 2 (4) 2023/06/20 09:13
Reminder: 26 open syzbot bugs in "net/xfrm" subsystem 1 (1) 2019/07/24 01:42
Reminder: 27 open syzbot bugs in "net/xfrm" subsystem 1 (1) 2019/06/25 05:51
Similar bugs (19)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in xfrm_state_find (2) net 19 294d 453d 0/28 auto-obsoleted due to no activity on 2024/07/18 11:50
upstream KMSAN: uninit-value in xfrm_state_find (3) net 1 151d 151d 0/28 closed as invalid on 2024/10/09 09:35
android-54 KASAN: stack-out-of-bounds Read in xfrm_state_find C 1 758d 758d 0/2 upstream: reported C repro on 2023/01/01 01:05
android-5-15 KASAN: stack-out-of-bounds Read in xfrm_state_find origin:upstream missing-backport C error error 2 273d 758d 0/2 upstream: reported C repro on 2023/01/01 00:40
upstream KASAN: slab-out-of-bounds Read in xfrm_state_find net 2 30d 63d 2/28 upstream: reported on 2024/11/26 14:50
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find (2) syz error error 1 758d 758d 0/2 auto-obsoleted due to no activity on 2023/05/14 02:28
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find 1 1178d 1178d 0/2 closed as invalid on 2022/02/03 13:56
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (3) net C 10353 2558d 2626d 4/28 fixed on 2018/01/31 00:24
android-44 KASAN: stack-out-of-bounds Read in xfrm_state_find C 842 1886d 2118d 0/2 public: reported C repro on 2019/04/12 00:00
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (5) net C done 654 2191d 2493d 13/28 fixed on 2019/11/11 16:48
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find net C 365 2654d 2727d 0/28 closed as invalid on 2017/10/23 16:19
android-49 KASAN: stack-out-of-bounds Read in xfrm_state_find C 4151 2219d 2730d 0/3 closed as invalid on 2019/01/01 20:10
android-414 KASAN: stack-out-of-bounds Read in xfrm_state_find C 137 2193d 2119d 0/1 public: reported C repro on 2019/04/11 00:00
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (2) net C 93 2636d 2645d 3/28 fixed on 2017/11/18 01:42
android-49 KASAN: stack-out-of-bounds Read in xfrm_state_find (2) C 392 1883d 2119d 0/3 public: reported C repro on 2019/04/11 08:44
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (4) net C 102 2503d 2554d 4/28 fixed on 2018/03/23 18:14
upstream KMSAN: uninit-value in virtqueue_add (3) virt 13 816d 1109d 0/28 auto-obsoleted due to no activity on 2023/02/12 03:53
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 704d 1056d 22/28 fixed on 2023/02/24 13:50
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) net C 748 1057d 1146d 20/28 fixed on 2022/03/08 16:11
Last patch testing requests (1)
Created Duration User Patch Repo Result
2020/10/31 23:48 1h00m anant.thazhemadam@gmail.com https://github.com/google/kmsan.git master error
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2023/06/20 00:34 6h06m bisect fix upstream OK (1) job log
2023/05/03 12:01 24m bisect fix upstream OK (0) job log log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in xfrm_state_find+0x1614/0x61f0 net/xfrm/xfrm_state.c:1094
 xfrm_state_find+0x1614/0x61f0 net/xfrm/xfrm_state.c:1094
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2392 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2437 [inline]
 xfrm_resolve_and_create_bundle+0x7dd/0x4ed0 net/xfrm/xfrm_policy.c:2730
 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2965 [inline]
 xfrm_lookup_with_ifid+0xd3f/0x4120 net/xfrm/xfrm_policy.c:3096
 xfrm_lookup net/xfrm/xfrm_policy.c:3193 [inline]
 xfrm_lookup_route+0x5f/0x2b0 net/xfrm/xfrm_policy.c:3204
 ip_route_output_flow+0x29b/0x340 net/ipv4/route.c:2880
 ip_route_output_ports include/net/route.h:183 [inline]
 igmpv3_newpack+0x43b/0x1440 net/ipv4/igmp.c:369
 add_grhead+0x86/0x390 net/ipv4/igmp.c:440
 add_grec+0x2185/0x2380 net/ipv4/igmp.c:574
 igmpv3_send_cr net/ipv4/igmp.c:711 [inline]
 igmp_ifc_timer_expire+0x11b6/0x1f30 net/ipv4/igmp.c:810
 call_timer_fn+0x43/0x480 kernel/time/timer.c:1474
 expire_timers+0x272/0x610 kernel/time/timer.c:1519
 __run_timers+0x5bd/0x8c0 kernel/time/timer.c:1790
 run_timer_softirq+0x64/0xe0 kernel/time/timer.c:1803
 __do_softirq+0x1c5/0x7b9 kernel/softirq.c:571
 invoke_softirq+0x8f/0x100 kernel/softirq.c:445
 __irq_exit_rcu+0x5a/0x110 kernel/softirq.c:650
 irq_exit_rcu+0xe/0x10 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x9a/0xc0 arch/x86/kernel/apic/apic.c:1107
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649
 arch_ptrace+0x27b/0x470 arch/x86/kernel/ptrace.c:828
 __do_sys_ptrace kernel/ptrace.c:1296 [inline]
 __se_sys_ptrace+0x2e5/0x780 kernel/ptrace.c:1269
 __x64_sys_ptrace+0xb9/0x110 kernel/ptrace.c:1269
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Local variable fl4 created at:
 igmpv3_newpack+0x7e/0x1440 net/ipv4/igmp.c:353
 add_grhead+0x86/0x390 net/ipv4/igmp.c:440

CPU: 1 PID: 3479 Comm: strace-static-x Not tainted 6.1.0-syzkaller-64311-g5c6259d6d19f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
=====================================================

Crashes (215):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/01 03:30 https://github.com/google/kmsan.git master 5c6259d6d19f ab32d508 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/02/27 18:10 upstream f3a2439f20d9 e792ae78 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/01/01 01:05 net-old d039535850ee ab32d508 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/01/01 08:10 net-next-old c183e6c3ec34 ab32d508 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/04/01 02:38 linux-next 4b0f4525dc4f f325deb0 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: stack-out-of-bounds Read in xfrm_state_find
2018/09/30 15:27 https://github.com/google/kmsan.git master 2b752aff835d 41e4b329 .config console log report syz C ci-upstream-kmsan-gce
2018/08/30 18:31 https://github.com/google/kmsan.git master 25114c64b719 938220fd .config console log report syz C ci-upstream-kmsan-gce
2018/06/16 20:45 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config console log report syz C ci-upstream-kmsan-gce
2018/05/16 02:19 https://github.com/google/kmsan.git master 06b2df0593a8 68ce85f1 .config console log report syz C ci-upstream-kmsan-gce
2018/05/15 17:12 https://github.com/google/kmsan.git master 1df165c8d2d6 661fd7b9 .config console log report syz C ci-upstream-kmsan-gce
2018/05/15 16:05 https://github.com/google/kmsan.git master 1df165c8d2d6 661fd7b9 .config console log report syz C ci-upstream-kmsan-gce
2023/01/01 04:43 upstream e4cf7c25bae5 ab32d508 .config strace log report syz C ci-upstream-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/05/19 12:13 https://github.com/google/kmsan.git master dad188c049f8 3bb7af1d .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/05/16 13:27 https://github.com/google/kmsan.git master dad188c049f8 11c89444 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/05/09 00:50 https://github.com/google/kmsan.git master 81af97bdef5e f4168103 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/04/01 18:12 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/17 14:29 https://github.com/google/kmsan.git master 34add094f9de 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/10 06:09 https://github.com/google/kmsan.git master e61893130d87 f08b59ac .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/01 08:07 https://github.com/google/kmsan.git master 97e36f4aa06f 95aee97a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/02/02 09:32 https://github.com/google/kmsan.git master eda666ff2276 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/22 21:59 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/15 12:36 https://github.com/google/kmsan.git master e919e2b1bc1c a63719e7 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/12 07:23 https://github.com/google/kmsan.git master 219e919e391d 96166539 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/09 11:55 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/12/22 22:15 https://github.com/google/kmsan.git master 5c6259d6d19f 9da18ae8 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/22 06:30 https://github.com/google/kmsan.git master 968c2729e576 c0b80a55 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/20 14:36 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/17 10:10 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/08 02:28 https://github.com/google/kmsan.git master 968c2729e576 0de35f24 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/20 19:49 https://github.com/google/kmsan.git master 97117d69c353 88cb1383 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/13 09:09 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/13 07:27 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/11 13:23 https://github.com/google/kmsan.git master 97117d69c353 da3d6955 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/02 03:28 https://github.com/google/kmsan.git master 97117d69c353 1434eec0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/01 14:12 https://github.com/google/kmsan.git master ef4d99f50920 1434eec0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/22 22:52 https://github.com/google/kmsan.git master 4b28366af7d9 912f5df7 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/20 15:56 https://github.com/google/kmsan.git master eb5e8c791e57 8d15e28d .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/20 07:00 https://github.com/google/kmsan.git master 74df87f93710 8f633d84 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/17 03:53 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/16 18:59 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/24 01:23 https://github.com/google/kmsan.git master c5c93da9af13 e7f9308d .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/22 12:29 https://github.com/google/kmsan.git master c5c93da9af13 7268fa62 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/16 12:41 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/14 10:13 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/10 23:49 https://github.com/google/kmsan.git master d6e2c8c7eb40 8d7b3b67 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/08 18:29 https://github.com/google/kmsan.git master d6e2c8c7eb40 e60b1103 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/04 16:37 https://github.com/google/kmsan.git master d6e2c8c7eb40 dc9e5259 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/04 00:01 https://github.com/google/kmsan.git master d6e2c8c7eb40 dc9e5259 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/04/30 16:51 https://github.com/google/kmsan.git master d6e2c8c7eb40 2df221f6 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/04/29 16:07 https://github.com/google/kmsan.git master d6e2c8c7eb40 44a5ca63 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/14 09:26 https://github.com/google/kmsan.git master 34add094f9de 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2023/03/13 22:46 https://github.com/google/kmsan.git master 34add094f9de 026e2200 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/09/01 17:27 https://github.com/google/kmsan.git master e23a6cc335d5 86c46e46 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/07/20 05:35 https://github.com/google/kmsan.git master 97117d69c353 775344bc .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/06/28 19:22 https://github.com/google/kmsan.git master ec1cbf8b060e 496a8536 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/06/14 02:58 https://github.com/google/kmsan.git master 2f3064574275 0f087040 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/05/19 16:25 https://github.com/google/kmsan.git master c5c93da9af13 50c53f39 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/05/14 17:43 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/05/02 02:19 https://github.com/google/kmsan.git master d6e2c8c7eb40 2df221f6 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2021/04/17 00:40 net-next-old e7ad33fa7bc5 7e2b734b .config console log report info ci-upstream-net-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2022/12/15 11:48 linux-next 459c73db4069 6f9c033e .config console log report info ci-upstream-linux-next-kasan-gce-root KASAN: slab-out-of-bounds Read in xfrm_state_find
2021/01/17 13:49 https://github.com/google/kmsan.git master 73d62e81b476 813be542 .config console log report info ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.