syzbot

 sign-in | mailing list | source | docs
🐞 Open [1577]
Subsystems
🐞 Fixed [6251]
🐞 Invalid [15832]
Missing Backports [185]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in xfrm_state_find (4)

Status: upstream: reported on 2025/05/21 19:14
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+7ed9d47e15e88581dc5b@syzkaller.appspotmail.com
First crash: 6d22h, last: 6d22h
Discussions (2)
Title Replies (including bot) Last reply
[PATCH ipsec 0/2] xfrm: fixes for xfrm_state_find under preemption 3 (3) 2025/05/23 18:05
[syzbot] [net?] KMSAN: uninit-value in xfrm_state_find (4) 1 (2) 2025/05/22 11:54
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in xfrm_state_find (2) net 19 410d 568d 0/28 auto-obsoleted due to no activity on 2024/07/18 11:50
upstream KMSAN: uninit-value in xfrm_state_find (3) net 1 267d 267d 0/28 closed as invalid on 2024/10/09 09:35
upstream KASAN: slab-out-of-bounds Read in xfrm_state_find net 10 25d 179d 28/28 fixed on 2025/05/06 15:33
upstream KMSAN: uninit-value in xfrm_state_find net C error done 215 736d 2535d 22/28 fixed on 2023/07/01 16:05
android-54 KASAN: stack-out-of-bounds Read in xfrm_state_find C 1 874d 874d 0/2 upstream: reported C repro on 2023/01/01 01:05
android-5-15 KASAN: stack-out-of-bounds Read in xfrm_state_find origin:upstream missing-backport C error error 2 389d 874d 0/2 upstream: reported C repro on 2023/01/01 00:40
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find (2) syz error error 1 874d 874d 0/2 auto-obsoleted due to no activity on 2023/05/14 02:28
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find 1 1294d 1294d 0/2 closed as invalid on 2022/02/03 13:56

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in xfrm_state_find+0x2423/0xaae0 net/xfrm/xfrm_state.c:1438
 xfrm_state_find+0x2423/0xaae0 net/xfrm/xfrm_state.c:1438
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2519 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2570 [inline]
 xfrm_resolve_and_create_bundle+0xabc/0x58b0 net/xfrm/xfrm_policy.c:2868
 xfrm_lookup_with_ifid+0x48c/0x3ac0 net/xfrm/xfrm_policy.c:3202
 xfrm_lookup net/xfrm/xfrm_policy.c:3333 [inline]
 xfrm_lookup_route+0x63/0x2b0 net/xfrm/xfrm_policy.c:3344
 ip_route_output_flow+0x20d/0x2b0 net/ipv4/route.c:2918
 ip_route_connect include/net/route.h:352 [inline]
 tcp_v4_connect+0xa43/0x1cd0 net/ipv4/tcp_ipv4.c:252
 tcp_v6_connect+0x134a/0x1d40 net/ipv6/tcp_ipv6.c:240
 __inet_stream_connect+0x2d3/0x1760 net/ipv4/af_inet.c:677
 inet_stream_connect+0x69/0xd0 net/ipv4/af_inet.c:748
 __sys_connect_file net/socket.c:2038 [inline]
 __sys_connect+0x523/0x680 net/socket.c:2057
 __do_sys_connect net/socket.c:2063 [inline]
 __se_sys_connect net/socket.c:2060 [inline]
 __x64_sys_connect+0x95/0x100 net/socket.c:2060
 x64_sys_call+0x23bb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:43
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x1b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable tmp.i.i created at:
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2491 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2570 [inline]
 xfrm_resolve_and_create_bundle+0x3a7/0x58b0 net/xfrm/xfrm_policy.c:2868
 xfrm_lookup_with_ifid+0x48c/0x3ac0 net/xfrm/xfrm_policy.c:3202

CPU: 1 UID: 0 PID: 11691 Comm: syz.5.1451 Not tainted 6.15.0-rc6-syzkaller-00278-g172a9d94339c #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/17 19:07 upstream 172a9d94339c f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in xfrm_state_find
* Struck through repros no longer work on HEAD.