syzbot


KMSAN: uninit-value in __tipc_nl_bearer_enable

Status: fixed on 2023/02/24 13:50
Subsystems: tipc
[Documentation on labels]
Reported-by: syzbot+e820fdc8ce362f2dea51@syzkaller.appspotmail.com
Fix commit: 7f36f798f89b tipc: check attribute length for bearer name
First crash: 2187d, last: 658d
Discussions (12)
Title Replies (including bot) Last reply
[PATCH 5.4 000/411] 5.4.198-rc1 review 417 (417) 2022/06/14 15:17
[PATCH 5.15 000/247] 5.15.47-rc1 review 253 (253) 2022/06/14 14:05
[PATCH 4.19 000/287] 4.19.247-rc1 review 293 (293) 2022/06/14 10:27
[PATCH 5.18 000/339] 5.18.4-rc1 review 342 (342) 2022/06/14 07:23
[PATCH 5.10 000/172] 5.10.122-rc1 review 174 (174) 2022/06/13 11:59
[PATCH 5.17 000/298] 5.17.15-rc1 review 299 (299) 2022/06/13 10:13
[net v3] tipc: check attribute length for bearer name 2 (2) 2022/06/02 18:20
[net v3] tipc: check attribute length for bearer name 2 (2) 2022/06/02 06:22
[net v2] tipc: check attribute length for bearer name 3 (3) 2022/06/02 06:21
[net] tipc: check attribute length for bearer name 2 (2) 2022/06/02 00:53
KMSAN: uninit-value in __tipc_nl_bearer_enable 0 (2) 2022/05/14 06:24
Reminder: 14 open syzbot bugs in "net/tipc" subsystem 1 (1) 2019/07/24 01:46
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __tipc_nl_bearer_enable (2) tipc C 21 404d 449d 25/28 fixed on 2023/12/21 03:45
upstream KMSAN: uninit-value in fib_get_nhs net C 14 1029d 1099d 20/28 fixed on 2022/03/08 16:11
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 658d 1010d 22/28 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in tipc_nl_compat_name_table_dump (3) tipc C 65 754d 770d 22/28 fixed on 2023/02/24 13:51
upstream general protection fault in __fget_files (2) reiserfs C done done 1 351d 347d 25/28 fixed on 2024/02/21 18:23
upstream KMSAN: uninit-value in tipc_nl_node_reset_link_stats tipc C 2 439d 449d 25/28 fixed on 2023/12/21 03:45
upstream KMSAN: uninit-value in validate_set openvswitch C 7 412d 450d 0/28 closed as invalid on 2023/12/22 16:00

Sample crash report:
netlink: 20 bytes leftover after parsing attributes in process `syz-executor377'.
=====================================================
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:644 [inline]
BUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725
 string_nocheck lib/vsprintf.c:644 [inline]
 string+0x4f9/0x6f0 lib/vsprintf.c:725
 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
 vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158
 vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256
 vprintk_default+0x86/0xa0 kernel/printk/printk.c:2283
 vprintk+0x15f/0x180 kernel/printk/printk_safe.c:50
 _printk+0x18d/0x1cf kernel/printk/printk.c:2293
 tipc_enable_bearer net/tipc/bearer.c:371 [inline]
 __tipc_nl_bearer_enable+0x2022/0x22a0 net/tipc/bearer.c:1033
 tipc_nl_bearer_enable+0x6c/0xb0 net/tipc/bearer.c:1042
 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
 genl_rcv_msg+0x157f/0x1660 net/netlink/genetlink.c:792
 netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2503
 genl_rcv+0x63/0x80 net/netlink/genetlink.c:803
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x109c/0x1370 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x14dc/0x1720 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmsg+0x704/0x840 net/socket.c:2496
 __do_sys_sendmsg net/socket.c:2505 [inline]
 __se_sys_sendmsg net/socket.c:2503 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2503
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x51/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:754 [inline]
 slab_alloc_node mm/slub.c:3231 [inline]
 __kmalloc_node_track_caller+0xde3/0x14f0 mm/slub.c:4962
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
 alloc_skb include/linux/skbuff.h:1300 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1191 [inline]
 netlink_sendmsg+0xde3/0x1720 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmsg+0x704/0x840 net/socket.c:2496
 __do_sys_sendmsg net/socket.c:2505 [inline]
 __se_sys_sendmsg net/socket.c:2503 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2503
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x51/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 0 PID: 3475 Comm: syz-executor377 Not tainted 5.18.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (1288):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/05/14 06:23 https://github.com/google/kmsan.git master d6e2c8c7eb40 107f6434 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2019/03/27 01:46 https://github.com/google/kmsan.git master 3c26d882e695 55684ce1 .config console log report syz ci-upstream-kmsan-gce
2019/03/23 11:35 https://github.com/google/kmsan.git master c10a026b8dee 3361bde5 .config console log report syz ci-upstream-kmsan-gce
2019/03/21 01:12 https://github.com/google/kmsan.git master c10a026b8dee a664c187 .config console log report syz ci-upstream-kmsan-gce
2019/02/07 15:30 https://github.com/google/kmsan.git master fa1981bee40f aa4feb03 .config console log report syz ci-upstream-kmsan-gce
2019/02/02 18:09 https://github.com/google/kmsan.git master fa1981bee40f c198d5dd .config console log report syz ci-upstream-kmsan-gce
2019/01/06 08:01 https://github.com/google/kmsan.git master 11587f6ee534 53be0a37 .config console log report syz ci-upstream-kmsan-gce
2019/01/01 20:33 https://github.com/google/kmsan.git master 8ba10281f9e5 3d85f48c .config console log report syz ci-upstream-kmsan-gce
2019/01/01 13:00 https://github.com/google/kmsan.git master 8ba10281f9e5 3d85f48c .config console log report syz ci-upstream-kmsan-gce
2018/12/26 09:42 https://github.com/google/kmsan.git master 79fc24ff6184 8a41a0ad .config console log report syz ci-upstream-kmsan-gce
2018/12/18 09:44 https://github.com/google/kmsan.git master 0a602458c72c def91db3 .config console log report syz ci-upstream-kmsan-gce
2023/02/20 03:08 https://github.com/google/kmsan.git master 31b504f219a9 bcdf85f8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/18 11:25 https://github.com/google/kmsan.git master 31b504f219a9 d02e9a70 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/17 10:08 https://github.com/google/kmsan.git master 9c866a280876 851bc19a .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/13 04:11 https://github.com/google/kmsan.git master 8c89ecf5c13b 93e26d60 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/08 02:57 https://github.com/google/kmsan.git master 8c89ecf5c13b 15c3d445 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/06 21:18 https://github.com/google/kmsan.git master eda666ff2276 0a9c11b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/06 11:03 https://github.com/google/kmsan.git master eda666ff2276 be607b78 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/03 01:17 https://github.com/google/kmsan.git master eda666ff2276 16d19e30 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/01 18:46 https://github.com/google/kmsan.git master eda666ff2276 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/01 16:17 https://github.com/google/kmsan.git master eda666ff2276 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/01 07:42 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/01 00:23 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/01/30 18:39 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/01/24 10:50 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/01/21 02:19 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/01/13 05:52 https://github.com/google/kmsan.git master e919e2b1bc1c 96166539 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/01/11 05:37 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/01/10 23:47 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/01/09 23:59 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/12/20 12:02 https://github.com/google/kmsan.git master 5c6259d6d19f d3e76707 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/12/19 17:06 https://github.com/google/kmsan.git master 5c6259d6d19f c52b2efb .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/11/22 02:47 https://github.com/google/kmsan.git master 6b3059a0a074 1c576c23 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/11/16 05:49 https://github.com/google/kmsan.git master cb231e2f67ec 3a127a31 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/27 08:22 https://github.com/google/kmsan.git master 1aa4f78e4630 86777b7f .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/25 15:10 https://github.com/google/kmsan.git master 4a3e741a3d6a 45645420 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/23 05:49 https://github.com/google/kmsan.git master 968c2729e576 c0b80a55 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/20 15:45 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/18 23:52 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/17 08:20 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/17 05:53 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/16 17:18 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/11 09:42 https://github.com/google/kmsan.git master 968c2729e576 2b253ced .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/08 18:08 https://github.com/google/kmsan.git master 968c2729e576 aea5da89 .config console log report info [disk image] [vmlinux] ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/07 10:42 https://github.com/google/kmsan.git master 968c2729e576 8a212197 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/05 21:15 https://github.com/google/kmsan.git master 968c2729e576 267e3bb1 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/04 10:20 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/03 22:35 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/10/01 22:13 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/09/30 11:30 https://github.com/google/kmsan.git master 968c2729e576 1d385642 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/09/28 22:35 https://github.com/google/kmsan.git master 879600fbb6d3 e2556bc3 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/09/26 04:45 https://github.com/google/kmsan.git master 523d2ce66d07 0042f2b4 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/09/23 08:42 https://github.com/google/kmsan.git master 523d2ce66d07 0042f2b4 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in __tipc_nl_bearer_enable
2023/02/08 02:55 https://github.com/google/kmsan.git master 8c89ecf5c13b 15c3d445 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __tipc_nl_bearer_enable
2022/08/22 09:45 https://github.com/google/kmsan.git master 1b070a5d1a2c 26a13b38 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_set
2022/05/14 15:58 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in vlan_dev_set_ingress_priority
2022/04/19 19:50 https://github.com/google/kmsan.git master 33d9269ef6e0 c334415e .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in tipc_nl_node_set_link
2018/12/17 18:03 https://github.com/google/kmsan.git master 0a602458c72c def91db3 .config console log report ci-upstream-kmsan-gce
2023/02/23 19:44 https://github.com/google/kmsan.git master 97e36f4aa06f 9e2ebb3c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bpf_sk_storage_diag_alloc
2023/01/26 09:27 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bpf_sk_storage_diag_alloc
2023/01/25 14:33 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bpf_sk_storage_diag_alloc
2023/01/07 02:46 https://github.com/google/kmsan.git master 5c6259d6d19f 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bpf_sk_storage_diag_alloc
2022/11/12 11:24 https://github.com/google/kmsan.git master cb231e2f67ec 3ead01ad .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bpf_sk_storage_diag_alloc
2022/10/02 14:47 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config console log report info [disk image] [vmlinux] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bpf_sk_storage_diag_alloc
2022/08/13 08:47 https://github.com/google/kmsan.git master 1b070a5d1a2c 8dfcaa3d .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in nsh_key_put_from_nlattr
2022/07/07 04:49 https://github.com/google/kmsan.git master 97117d69c353 bff65f44 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in tipc_nl_node_reset_link_stats
2022/07/06 05:21 https://github.com/google/kmsan.git master 97117d69c353 bff65f44 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in tipc_nl_node_get_link
2022/04/26 20:38 https://github.com/google/kmsan.git master e8cbf4e6e3e8 1fa34c1b .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __fget_files
2021/01/09 03:31 https://github.com/google/kmsan.git master 73d62e81b476 c104d4a3 .config console log report info ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.