syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12518] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in xfrm_state_find (2)

Status: upstream: reported on 2023/11/02 18:11
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+23bbb17a7878e2b3d1d4@syzkaller.appspotmail.com
First crash: 283d, last: 18d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [net?] KMSAN: uninit-value in xfrm_state_find (2) 0 (1) 2023/11/02 18:11
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in xfrm_state_find net C error done 215 344d 2143d 22/26 fixed on 2023/07/01 16:05
android-54 KASAN: stack-out-of-bounds Read in xfrm_state_find C 1 482d 482d 0/2 upstream: reported C repro on 2023/01/01 01:05
android-5-15 KASAN: stack-out-of-bounds Read in xfrm_state_find origin:upstream missing-backport C error 2 28d 482d 0/2 upstream: reported C repro on 2023/01/01 00:40
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find (2) syz error error 1 482d 482d 0/2 auto-obsoleted due to no activity on 2023/05/14 02:28
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find 1 901d 901d 0/2 closed as invalid on 2022/02/03 13:56

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in xfrm_state_find+0x17c2/0x8af0 net/xfrm/xfrm_state.c:1160
 xfrm_state_find+0x17c2/0x8af0 net/xfrm/xfrm_state.c:1160
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2490 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2535 [inline]
 xfrm_resolve_and_create_bundle+0x815/0x5080 net/xfrm/xfrm_policy.c:2830
 xfrm_lookup_with_ifid+0x3f7/0x35a0 net/xfrm/xfrm_policy.c:3164
 xfrm_lookup net/xfrm/xfrm_policy.c:3293 [inline]
 xfrm_lookup_route+0x63/0x2b0 net/xfrm/xfrm_policy.c:3304
 ip6_dst_lookup_flow+0x133/0x170 net/ipv6/ip6_output.c:1256
 rawv6_sendmsg+0x205a/0x2e50 net/ipv6/raw.c:898
 inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x267/0x380 net/socket.c:745
 ____sys_sendmsg+0x903/0xb60 net/socket.c:2584
 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
 __sys_sendmmsg+0x3c4/0x950 net/socket.c:2724
 __do_sys_sendmmsg net/socket.c:2753 [inline]
 __se_sys_sendmmsg net/socket.c:2750 [inline]
 __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2750
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x72/0x7a

Local variable tmp.i.i created at:
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2468 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2535 [inline]
 xfrm_resolve_and_create_bundle+0x376/0x5080 net/xfrm/xfrm_policy.c:2830
 xfrm_lookup_with_ifid+0x3f7/0x35a0 net/xfrm/xfrm_policy.c:3164

CPU: 1 PID: 14202 Comm: syz-executor.2 Tainted: G        W          6.9.0-rc3-syzkaller-00011-g20cb38a7af88 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
=====================================================

Crashes (19):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/09 11:50 upstream 20cb38a7af88 56086b24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in xfrm_state_find
2024/03/06 00:35 upstream 29cd507cbec2 f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in xfrm_state_find
2023/12/08 15:49 upstream 5e3f5b81de80 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/12/07 23:13 upstream 9ace34a8e446 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/11/27 06:46 upstream d2da77f431ac 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/09/13 11:45 upstream 3669558bdf35 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/09/01 22:58 upstream b84acc11b1c9 696ea0d2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2024/03/29 11:18 upstream 317c7bc0ef03 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in xfrm_state_find
2024/02/26 18:37 upstream d206a76d7d27 edd6a5e9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in xfrm_state_find
2023/11/20 18:24 upstream 98b1cc82c4af cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2023/11/18 11:04 upstream 791c8ab095f7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2023/11/13 23:24 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2023/11/07 10:31 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2023/11/03 04:19 upstream 431f1051884e c4ac074c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2023/11/01 18:20 upstream 8bc9e6515183 69904c9f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2023/08/19 22:34 upstream 9e6c269de404 d216d8a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/07/18 19:52 upstream 74f1456c4a5f 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/11/02 11:14 upstream babe393974de b5f07fd3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in xfrm_state_find
2024/01/21 09:37 net-next 736b5545d39c 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce KASAN: slab-out-of-bounds Read in xfrm_state_find
* Struck through repros no longer work on HEAD.