syzbot


KMSAN: uninit-value in ipv6_find_tlv

Status: fixed on 2023/06/08 14:41
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+8257f4dcef79de670baf@syzkaller.appspotmail.com
Fix commit: ea30388baebc ipv6: Fix an uninit variable access bug in __ip6_make_skb()
First crash: 1944d, last: 587d
Discussions (3)
Title Replies (including bot) Last reply
[PATCH net] ipv6: Fix an uninit variable access bug in __ip6_make_skb() 2 (2) 2023/04/03 09:20
[syzbot] Monthly net report 0 (1) 2023/03/27 11:04
KMSAN: uninit-value in ipv6_find_tlv 0 (1) 2019/08/13 14:48
Similar bugs (14)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in skb_release_data (3) net C 10 869d 1547d 0/28 auto-obsoleted due to no activity on 2022/11/17 07:20
upstream KMSAN: uninit-value in hsr_register_frame_in net C 197 502d 2123d 0/28 auto-obsoleted due to no activity on 2024/02/18 18:09
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 546d 1714d 22/28 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in bpf_prog_run_generic_xdp net C 974 10h55m 747d 0/28 upstream: reported C repro on 2022/11/18 11:39
upstream KMSAN: uninit-value in ax25cmp (2) hams C 51 806d 1066d 0/28 closed as invalid on 2022/11/18 11:50
upstream KMSAN: uninit-value in virtqueue_add (3) virt 13 762d 1054d 0/28 auto-obsoleted due to no activity on 2023/02/12 03:53
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 649d 1002d 22/28 fixed on 2023/02/24 13:50
upstream KMSAN: kernel-infoleak in __skb_datagram_iter net 68 435d 540d 23/28 fixed on 2023/09/28 17:51
upstream KMSAN: uninit-value in can_send can C 630 744d 762d 22/28 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in IP6_ECN_decapsulate net C 981 351d 2267d 25/28 fixed on 2023/12/21 03:45
upstream KMSAN: uninit-value in inet_frag_find (2) net 2 1058d 1066d 0/28 auto-closed as invalid on 2022/04/11 17:13
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) net C 748 1002d 1091d 20/28 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in eth_type_trans (2) net C 5976 41m 1778d 0/28 upstream: reported C repro on 2020/01/22 16:47
upstream KMSAN: uninit-value in hsr_fill_frame_info (2) net C 65 501d 784d 0/28 auto-obsoleted due to no activity on 2023/10/30 13:38
Last patch testing requests (1)
Created Duration User Patch Repo Result
2022/09/28 23:30 13m retest repro https://github.com/google/kmsan.git master report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in ipv6_find_tlv+0x398/0x410 net/ipv6/exthdrs_core.c:147
 ipv6_find_tlv+0x398/0x410 net/ipv6/exthdrs_core.c:147
 ip6_find_1stfragopt+0x287/0x520 net/ipv6/output_core.c:84
 ip6_fragment+0x1d7/0x3dc0 net/ipv6/ip6_output.c:846
 __ip6_finish_output net/ipv6/ip6_output.c:193 [inline]
 ip6_finish_output+0xd0e/0x1230 net/ipv6/ip6_output.c:206
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x396/0x640 net/ipv6/ip6_output.c:227
 dst_output include/net/dst.h:451 [inline]
 ip6_local_out+0xe5/0x140 net/ipv6/output_core.c:161
 ip6_send_skb net/ipv6/ip6_output.c:1969 [inline]
 ip6_push_pending_frames+0x1f4/0x550 net/ipv6/ip6_output.c:1989
 rawv6_push_pending_frames+0xb12/0xb90 net/ipv6/raw.c:579
 rawv6_sendmsg+0x2ba7/0x2ea0 net/ipv6/raw.c:922
 inet_sendmsg+0x101/0x180 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 sock_write_iter+0x495/0x5e0 net/socket.c:1108
 call_write_iter include/linux/fs.h:2187 [inline]
 aio_write+0x63a/0x950 fs/aio.c:1603
 io_submit_one+0x1a36/0x3ad0 fs/aio.c:2022
 __do_sys_io_submit fs/aio.c:2081 [inline]
 __se_sys_io_submit+0x293/0x770 fs/aio.c:2051
 __x64_sys_io_submit+0x92/0xd0 fs/aio.c:2051
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:732 [inline]
 slab_alloc_node mm/slub.c:3258 [inline]
 __kmalloc_node_track_caller+0x814/0x1250 mm/slub.c:4970
 kmalloc_reserve net/core/skbuff.c:362 [inline]
 __alloc_skb+0x346/0xcf0 net/core/skbuff.c:434
 alloc_skb include/linux/skbuff.h:1257 [inline]
 __ip6_append_data+0x51d5/0x6b80 net/ipv6/ip6_output.c:1682
 ip6_append_data+0x437/0x5b0 net/ipv6/ip6_output.c:1852
 rawv6_sendmsg+0x28dc/0x2ea0 net/ipv6/raw.c:915
 inet_sendmsg+0x101/0x180 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 sock_write_iter+0x495/0x5e0 net/socket.c:1108
 call_write_iter include/linux/fs.h:2187 [inline]
 aio_write+0x63a/0x950 fs/aio.c:1603
 io_submit_one+0x1a36/0x3ad0 fs/aio.c:2022
 __do_sys_io_submit fs/aio.c:2081 [inline]
 __se_sys_io_submit+0x293/0x770 fs/aio.c:2051
 __x64_sys_io_submit+0x92/0xd0 fs/aio.c:2051
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 1 PID: 3514 Comm: syz-executor191 Not tainted 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
=====================================================

Crashes (271):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/10/02 18:26 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in ipv6_find_tlv
2022/05/12 01:09 https://github.com/google/kmsan.git master d6e2c8c7eb40 beb0b407 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in ipv6_find_tlv
2023/01/13 21:22 https://github.com/google/kmsan.git master e919e2b1bc1c 529798b0 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2019/09/11 01:12 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config console log report syz C ci-upstream-kmsan-gce
2019/08/09 13:58 https://github.com/google/kmsan.git master 61ccdad1fcdf ede31a9b .config console log report syz C ci-upstream-kmsan-gce
2023/04/28 04:01 https://github.com/google/kmsan.git master 81af97bdef5e 70a605de .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ipv6_find_tlv
2023/04/21 17:26 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ipv6_find_tlv
2023/04/08 21:02 https://github.com/google/kmsan.git master 9189d4cb6980 71147e29 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/03/29 22:10 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/03/28 19:07 https://github.com/google/kmsan.git master 90ea0df61c98 48c74771 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/03/28 10:07 https://github.com/google/kmsan.git master 90ea0df61c98 47f3aaf1 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/03/28 00:56 https://github.com/google/kmsan.git master 90ea0df61c98 47f3aaf1 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/03/23 16:43 https://github.com/google/kmsan.git master 90ea0df61c98 f94b4a29 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/03/22 17:54 https://github.com/google/kmsan.git master 90ea0df61c98 d846e076 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/03/22 03:10 https://github.com/google/kmsan.git master 90ea0df61c98 8b4eb097 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/03/06 05:59 https://github.com/google/kmsan.git master 944070199c5e f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/25 15:51 https://github.com/google/kmsan.git master 97e36f4aa06f ee50e71c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/24 20:09 https://github.com/google/kmsan.git master 97e36f4aa06f ee50e71c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/24 19:47 https://github.com/google/kmsan.git master 97e36f4aa06f ee50e71c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/24 02:19 https://github.com/google/kmsan.git master 97e36f4aa06f 9e2ebb3c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/23 15:40 https://github.com/google/kmsan.git master 97e36f4aa06f 9e2ebb3c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/20 08:35 https://github.com/google/kmsan.git master 31b504f219a9 bcdf85f8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/20 01:01 https://github.com/google/kmsan.git master 31b504f219a9 bcdf85f8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/19 22:35 https://github.com/google/kmsan.git master 31b504f219a9 bcdf85f8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/18 11:22 https://github.com/google/kmsan.git master 31b504f219a9 d02e9a70 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/17 06:44 https://github.com/google/kmsan.git master 9c866a280876 851bc19a .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/16 16:23 https://github.com/google/kmsan.git master 9c866a280876 7338e3c4 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/16 02:28 https://github.com/google/kmsan.git master 9c866a280876 6be0f1f5 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/10 21:44 https://github.com/google/kmsan.git master 8c89ecf5c13b 95871dcc .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/02/09 11:00 https://github.com/google/kmsan.git master 8c89ecf5c13b 14a312c8 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/01/25 20:29 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/01/25 12:58 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/01/24 04:05 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2023/01/22 07:34 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip6_make_skb
2020/02/22 04:33 https://github.com/google/kmsan.git master 8bbbc5cf3dca 2ffa6679 .config console log report ci-upstream-kmsan-gce
2023/04/03 05:08 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/03/28 18:53 https://github.com/google/kmsan.git master 90ea0df61c98 48c74771 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/03/12 15:54 https://github.com/google/kmsan.git master e61893130d87 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/03/09 02:07 https://github.com/google/kmsan.git master e61893130d87 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/02/27 21:38 https://github.com/google/kmsan.git master 97e36f4aa06f e792ae78 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/02/23 16:56 https://github.com/google/kmsan.git master 97e36f4aa06f 9e2ebb3c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/01/30 03:12 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/01/28 02:02 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/01/28 01:00 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/01/27 06:37 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/01/26 11:37 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/01/23 01:47 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/01/22 23:24 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/01/22 07:35 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
2023/01/21 21:03 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip6_make_skb
* Struck through repros no longer work on HEAD.