syzbot

 sign-in | mailing list | source | docs
🐞 Open [1634]
Subsystems
🐞 Fixed [6116]
🐞 Invalid [15354]
Missing Backports [170]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in validate_xmit_skb

Status: fixed on 2024/01/30 15:47
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+7f4d0ea3df4d4fa9a65f@syzkaller.appspotmail.com
Fix commit: 9181d6f8a2bb net: add more sanity check in virtio_net_hdr_to_skb()
First crash: 461d, last: 427d
Discussions (3)
Title Replies (including bot) Last reply
[PATCH 5.10 4/5] net: add more sanity check in virtio_net_hdr_to_skb() 1 (1) 2025/01/31 08:31
[PATCH net] net: add more sanity check in virtio_net_hdr_to_skb() 6 (6) 2024/01/13 18:10
[syzbot] [net?] KMSAN: uninit-value in validate_xmit_skb 1 (4) 2024/01/11 20:34
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 662d 1831d 22/28 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in validate_xmit_skb (3) net C 9 311d 311d 0/28 closed as invalid on 2024/06/03 17:57
upstream KMSAN: uninit-value in validate_xmit_skb (2) net 15 417d 425d 0/28 auto-obsoleted due to no activity on 2024/04/10 02:16
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 766d 1118d 22/28 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in IP6_ECN_decapsulate net C 981 468d 2384d 25/28 fixed on 2023/12/21 03:45
Last patch testing requests (4)
Created Duration User Patch Repo Result
2024/01/11 20:34 1h25m edumazet@google.com patch upstream error
2024/01/09 18:45 35m edumazet@google.com patch upstream OK log
2024/01/09 17:07 18m edumazet@google.com patch upstream report log
2024/01/09 16:45 17m edumazet@google.com patch upstream report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in skb_gso_segment include/net/gso.h:83 [inline]
BUG: KMSAN: uninit-value in validate_xmit_skb+0x10f2/0x1930 net/core/dev.c:3629
 skb_gso_segment include/net/gso.h:83 [inline]
 validate_xmit_skb+0x10f2/0x1930 net/core/dev.c:3629
 __dev_queue_xmit+0x1eac/0x5130 net/core/dev.c:4341
 dev_queue_xmit include/linux/netdevice.h:3134 [inline]
 packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
 packet_snd net/packet/af_packet.c:3087 [inline]
 packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
 __sys_sendmsg net/socket.c:2667 [inline]
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was created at:
 slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
 slab_alloc_node mm/slub.c:3478 [inline]
 kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523
 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
 __alloc_skb+0x318/0x740 net/core/skbuff.c:651
 alloc_skb include/linux/skbuff.h:1286 [inline]
 alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334
 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2780
 packet_alloc_skb net/packet/af_packet.c:2936 [inline]
 packet_snd net/packet/af_packet.c:3030 [inline]
 packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
 __sys_sendmsg net/socket.c:2667 [inline]
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

CPU: 0 PID: 5025 Comm: syz-executor279 Not tainted 6.7.0-rc7-syzkaller-00003-gfbafc3e621c3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
=====================================================

Crashes (21):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/12/27 15:11 upstream fbafc3e621c3 fb427a07 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/29 10:42 upstream 9f8413c4a66f cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/27 21:05 upstream 9f8413c4a66f cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/26 22:18 upstream 9f8413c4a66f cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/24 23:36 upstream 9f8413c4a66f 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/24 15:27 upstream 9f8413c4a66f 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/24 00:22 upstream 9f8413c4a66f 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/22 03:28 upstream 9f8413c4a66f 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/22 03:25 upstream 9f8413c4a66f 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/21 09:50 upstream 9f8413c4a66f 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/21 01:47 upstream 9f8413c4a66f 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/19 05:31 upstream 9f8413c4a66f 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/12 08:27 upstream 9f8413c4a66f dda5a988 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2023/12/26 05:37 upstream fbafc3e621c3 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in validate_xmit_skb
2024/01/29 03:15 upstream 9f8413c4a66f cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in validate_xmit_skb
2024/01/26 22:21 upstream 9f8413c4a66f cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in validate_xmit_skb
2024/01/24 23:41 upstream 9f8413c4a66f 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in validate_xmit_skb
2024/01/22 03:30 upstream 9f8413c4a66f 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in validate_xmit_skb
2024/01/21 01:51 upstream 9f8413c4a66f 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in validate_xmit_skb
2024/01/20 01:45 upstream 9f8413c4a66f 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in validate_xmit_skb
2024/01/01 06:50 upstream 2639772a11c8 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in validate_xmit_skb
* Struck through repros no longer work on HEAD.