syzbot


KMSAN: uninit-value in IP6_ECN_decapsulate

Status: upstream: reported C repro on 2018/09/20 20:54
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+bf7e6250c7ce248f3ec9@syzkaller.appspotmail.com
Fix commit: 484b4833c604 hsr: Fix uninit-value access in fill_frame_info()
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm64-mte ci-qemu2-riscv64]
First crash: 1934d, last: 5h10m
Discussions (9)
Title Replies (including bot) Last reply
[PATCH net] hsr: Fix uninit-value access in fill_frame_info() 1 (1) 2023/09/08 10:17
[syzbot] Monthly net report (Jul 2023) 0 (1) 2023/08/01 12:53
[syzbot] Monthly net report (Jun 2023) 0 (1) 2023/06/29 12:38
[syzbot] Monthly net report (May 2023) 0 (1) 2023/05/30 10:56
[syzbot] Monthly net report (Apr 2023) 0 (1) 2023/04/27 10:45
[syzbot] Monthly net report 0 (1) 2023/03/27 11:04
Reminder: 99 open syzbot bugs in net subsystem 14 (14) 2019/07/31 15:13
Reminder: 94 open syzbot bugs in net subsystem 1 (1) 2019/06/25 05:48
KMSAN: uninit-value in IP6_ECN_decapsulate 0 (1) 2018/09/20 20:54
Similar bugs (27)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in hsr_register_frame_in net C 197 72d 1693d 0/25 upstream: reported C repro on 2019/02/11 21:53
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 116d 1284d 24/25 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in aes_encrypt (4) net C 15027 31d 1116d 0/25 upstream: reported C repro on 2020/09/10 14:09
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 220d 572d 24/25 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in skb_release_data (3) net C 10 439d 1118d 0/25 auto-obsoleted due to no activity on 2022/11/17 07:20
upstream KMSAN: uninit-value in ipv6_find_tlv net C 271 157d 1510d 24/25 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in bpf_prog_run_generic_xdp bpf 149 17h43m 318d 0/25 upstream: reported on 2022/11/18 11:39
upstream KMSAN: uninit-value in ax25cmp (2) hams C 51 376d 636d 0/25 closed as invalid on 2022/11/18 11:50
upstream KMSAN: uninit-value in virtqueue_add (3) virt 13 332d 624d 0/25 auto-obsoleted due to no activity on 2023/02/12 03:53
upstream KMSAN: kernel-infoleak in __skb_datagram_iter net 68 5d22h 110d 25/25 fixed on 2023/09/28 17:51
upstream KMSAN: uninit-value in can_send can C 630 314d 332d 24/25 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in inet_frag_find (2) net 2 628d 636d 0/25 auto-closed as invalid on 2022/04/11 17:13
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) net C 748 572d 661d 22/25 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in eth_type_trans (2) net C 3828 14h41m 1348d 0/25 upstream: reported C repro on 2020/01/22 16:47
upstream KMSAN: uninit-value in hsr_fill_frame_info (2) net C 65 71d 354d 0/25 upstream: reported C repro on 2022/10/12 19:10
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu (4) net 2 973d 991d 0/25 auto-closed as invalid on 2021/06/01 04:17
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu (2) net 1 1964d 1964d 0/25 closed as invalid on 2018/06/27 15:18
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu (5) net 1 671d 671d 0/25 auto-closed as invalid on 2022/02/28 08:56
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu (3) net 2 1290d 1315d 0/25 auto-closed as invalid on 2020/06/19 03:56
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu net 179 1972d 2003d 6/25 fixed on 2018/05/08 18:30
upstream KMSAN: uninit-value in hsr_get_node net 304 906d 1147d 0/25 auto-closed as invalid on 2021/07/08 06:23
upstream general protection fault in ip_route_output_key_hash_rcu net 46 1504d 1533d 0/25 closed as invalid on 2019/10/03 03:38
linux-4.19 general protection fault in ip_route_output_key_hash_rcu 2 1512d 1518d 0/1 auto-closed as invalid on 2019/12/10 05:04
upstream KMSAN: uninit-value in erspan_build_header net 40 265d 354d 0/25 auto-obsoleted due to no activity on 2023/05/10 10:26
upstream KMSAN: uninit-value in ip_tunnel_xmit (3) net C 1516 360d 1048d 0/25 closed as invalid on 2022/10/12 18:48
upstream KMSAN: uninit-value in br_dev_xmit bridge C 537 259d 1316d 0/25 auto-obsoleted due to no activity on 2023/05/15 13:28
upstream KMSAN: uninit-value in batadv_get_vid batman C 1947 211d 1316d 0/25 auto-obsoleted due to no activity on 2023/07/23 05:56
Last patch testing requests (1)
Created Duration User Patch Repo Result
2022/12/19 03:31 15m retest repro https://github.com/google/kmsan.git master report log

Sample crash report:
UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
hsr0: VLAN not yet supported
=====================================================
BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:601 [inline]
BUG: KMSAN: uninit-value in hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616
 fill_frame_info net/hsr/hsr_forward.c:601 [inline]
 hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616
 hsr_dev_xmit+0x192/0x330 net/hsr/hsr_device.c:223
 __netdev_start_xmit include/linux/netdevice.h:4910 [inline]
 netdev_start_xmit include/linux/netdevice.h:4924 [inline]
 xmit_one net/core/dev.c:3537 [inline]
 dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3553
 __dev_queue_xmit+0x34eb/0x50f0 net/core/dev.c:4203
 dev_queue_xmit include/linux/netdevice.h:3088 [inline]
 packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
 packet_snd net/packet/af_packet.c:3085 [inline]
 packet_sendmsg+0x8a5d/0x9de0 net/packet/af_packet.c:3117
 sock_sendmsg_nosec net/socket.c:725 [inline]
 sock_sendmsg net/socket.c:748 [inline]
 __sys_sendto+0x781/0xa30 net/socket.c:2134
 __do_sys_sendto net/socket.c:2146 [inline]
 __se_sys_sendto net/socket.c:2142 [inline]
 __x64_sys_sendto+0x125/0x1c0 net/socket.c:2142
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767
 slab_alloc_node mm/slub.c:3470 [inline]
 kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3515
 kmalloc_reserve+0x148/0x470 net/core/skbuff.c:559
 __alloc_skb+0x318/0x740 net/core/skbuff.c:644
 alloc_skb include/linux/skbuff.h:1289 [inline]
 alloc_skb_with_frags+0xbd/0xbb0 net/core/skbuff.c:6233
 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2793
 packet_alloc_skb net/packet/af_packet.c:2934 [inline]
 packet_snd net/packet/af_packet.c:3028 [inline]
 packet_sendmsg+0x6fc2/0x9de0 net/packet/af_packet.c:3117
 sock_sendmsg_nosec net/socket.c:725 [inline]
 sock_sendmsg net/socket.c:748 [inline]
 __sys_sendto+0x781/0xa30 net/socket.c:2134
 __do_sys_sendto net/socket.c:2146 [inline]
 __se_sys_sendto net/socket.c:2142 [inline]
 __x64_sys_sendto+0x125/0x1c0 net/socket.c:2142
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 1 PID: 5012 Comm: syz-executor296 Not tainted 6.5.0-rc7-syzkaller-00164-g382d4cd18475 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
=====================================================

Crashes (798):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/08/26 09:45 upstream 382d4cd18475 03d9c195 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/05/17 22:19 https://github.com/google/kmsan.git master dad188c049f8 eaac4681 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/02/05 15:27 https://github.com/google/kmsan.git master eda666ff2276 be607b78 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_rcv
2022/06/13 20:33 https://github.com/google/kmsan.git master 2f3064574275 0d5abf15 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_rcv
2018/06/17 13:07 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config console log report syz C ci-upstream-kmsan-gce
2018/06/16 08:29 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config console log report syz ci-upstream-kmsan-gce
2023/07/12 09:52 upstream 3f01e9fed845 2f19aa4f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in IP6_ECN_decapsulate
2023/10/02 07:01 upstream 8a749fd1a872 8e26a358 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/10/01 20:44 upstream e402b08634b3 8e26a358 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/10/01 17:49 upstream e402b08634b3 8e26a358 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/30 13:30 upstream 9f3ebbef746f 8e26a358 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/09/29 06:37 upstream 9ed22ae6be81 d265efd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/26 22:27 upstream 50768a425b46 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/26 20:55 upstream 50768a425b46 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/25 16:36 upstream 6465e260f487 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/23 10:23 upstream d90b0276af8f 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/22 16:04 upstream 27bbf45eae9c 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/21 23:27 upstream 27bbf45eae9c 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/21 09:23 upstream 42dc814987c1 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/09/20 20:08 upstream 5d2f53532ecc 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/19 12:20 upstream 2cf0f7156238 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/19 05:15 upstream 2cf0f7156238 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/09/18 06:17 upstream e789286468a9 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/18 00:07 upstream e789286468a9 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/17 22:24 upstream e789286468a9 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/16 17:42 upstream 57d88e8a5974 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/15 16:15 upstream 9fdfb15a3dbf 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/14 23:33 upstream 9fdfb15a3dbf 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/14 14:57 upstream aed8aee11130 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/14 05:38 upstream aed8aee11130 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/13 13:30 upstream 3669558bdf35 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/13 03:55 upstream a747acc0b752 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/12 15:20 upstream 0bb80ecc33a8 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/12 01:28 upstream 0bb80ecc33a8 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/11 21:19 upstream 0bb80ecc33a8 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/09/11 19:28 upstream 0bb80ecc33a8 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/11 03:15 upstream 0bb80ecc33a8 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/10 15:41 upstream 535a265d7f0d 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/10 07:05 upstream 2a5a4326e583 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/09/10 06:16 upstream 2a5a4326e583 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/09 18:33 upstream 6099776f9f26 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/09 15:59 upstream 6099776f9f26 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/09 00:31 upstream a48fa7efaf11 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_rcv
2023/09/08 22:26 upstream a48fa7efaf11 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/08 20:35 upstream a48fa7efaf11 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/08 20:21 upstream a48fa7efaf11 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/07 12:08 upstream 7ba2090ca64e 72324844 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ipv6_addr_type
2023/09/07 08:23 upstream 744a759492b5 72324844 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/09/06 22:03 upstream 744a759492b5 72324844 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/09/06 09:48 upstream 7733171926cc 8bc9053e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/09/05 14:14 upstream 3f86ed6ec0b3 8bc9053e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/09/28 01:10 upstream 633b47cb009d 2895a507 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hsr_forward_skb
2023/09/22 10:06 upstream 27bbf45eae9c 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_xmit_skb
2023/09/21 07:13 upstream 5d2f53532ecc 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hsr_get_node
2023/09/17 20:24 upstream f0b0d403eabb 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_xmit_skb
2023/09/16 05:20 upstream e42bebf6db29 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hsr_get_node
2023/09/15 16:20 upstream 9fdfb15a3dbf 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_xmit_skb
2023/09/11 00:37 upstream 535a265d7f0d 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hsr_forward_skb
2023/09/07 19:28 upstream 7ba2090ca64e 72324844 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hsr_forward_skb
2023/07/30 07:06 upstream 12214540ad87 92476829 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in geneve_udp_encap_recv
2023/07/29 06:24 upstream f837f0a3c948 92476829 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in batadv_get_vid
2023/06/23 16:25 net 6f68fc395f49 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip_route_output_key_hash_rcu
2018/06/16 04:24 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config console log report ci-upstream-kmsan-gce
2021/01/17 03:13 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config console log report info ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.