syzbot

 sign-in | mailing list | source | docs
🐞 Open [1506]
Subsystems
🐞 Fixed [6514]
🐞 Invalid [16570]
Missing Backports [204]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in __mdb_fill_info

Status: closed as invalid on 2025/02/20 20:44
Subsystems: bridge
[Documentation on labels]
First crash: 201d, last: 200d

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in __mdb_fill_info+0xd9a/0xe90 net/bridge/br_mdb.c:303
 __mdb_fill_info+0xd9a/0xe90 net/bridge/br_mdb.c:303
 nlmsg_populate_mdb_fill net/bridge/br_mdb.c:438 [inline]
 br_mdb_notify+0x9ef/0x1010 net/bridge/br_mdb.c:535
 br_multicast_del_pg+0x880/0x12f0 net/bridge/br_multicast.c:817
 br_multicast_find_del_pg+0x1cb/0x220 net/bridge/br_multicast.c:850
 br_multicast_port_group_expired+0x9ec/0xd20 net/bridge/br_multicast.c:880
 call_timer_fn+0x49/0x580 kernel/time/timer.c:1789
 expire_timers kernel/time/timer.c:1840 [inline]
 __run_timers kernel/time/timer.c:2414 [inline]
 __run_timer_base+0x84e/0xe90 kernel/time/timer.c:2426
 run_timer_base kernel/time/timer.c:2435 [inline]
 run_timer_softirq+0x3a/0x70 kernel/time/timer.c:2445
 handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0x68/0x180 kernel/softirq.c:662
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x83/0x90 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:702
 __preempt_count_sub arch/x86/include/asm/preempt.h:84 [inline]
 kmsan_virt_addr_valid arch/x86/include/asm/kmsan.h:95 [inline]
 virt_to_page_or_null+0xfb/0x150 mm/kmsan/shadow.c:75
 kmsan_get_metadata+0x13e/0x1c0 mm/kmsan/shadow.c:141
 kmsan_get_shadow_origin_ptr+0x38/0xb0 mm/kmsan/shadow.c:97
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:38 [inline]
 __msan_metadata_ptr_for_load_8+0x24/0x40 mm/kmsan/instrumentation.c:94
 last_frame arch/x86/kernel/unwind_frame.c:82 [inline]
 is_last_frame arch/x86/kernel/unwind_frame.c:87 [inline]
 is_last_task_frame+0x5d/0x450 arch/x86/kernel/unwind_frame.c:156
 unwind_next_frame+0x5e/0x360 arch/x86/kernel/unwind_frame.c:276
 arch_stack_walk+0x1ab/0x260 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xaa/0xe0 kernel/stacktrace.c:122
 kmsan_save_stack_with_flags+0x2f/0x60 mm/kmsan/core.c:73
 kmsan_alloc_page+0x182/0x220 mm/kmsan/shadow.c:195
 __alloc_frozen_pages_noprof+0x9a7/0xe00 mm/page_alloc.c:4762
 alloc_pages_mpol+0x4cd/0x890 mm/mempolicy.c:2270
 folio_alloc_mpol_noprof+0x57/0x1c0 mm/mempolicy.c:2289
 shmem_alloc_folio mm/shmem.c:1863 [inline]
 shmem_alloc_and_add_folio+0xbdf/0x1b80 mm/shmem.c:1902
 shmem_get_folio_gfp+0xacd/0x1f30 mm/shmem.c:2522
 shmem_get_folio mm/shmem.c:2628 [inline]
 shmem_write_begin+0x158/0x3f0 mm/shmem.c:3278
 generic_perform_write+0x4d8/0x1080 mm/filemap.c:4189
 shmem_file_write_iter+0x2ba/0x2f0 mm/shmem.c:3454
 new_sync_write fs/read_write.c:586 [inline]
 vfs_write+0xb34/0x1540 fs/read_write.c:679
 ksys_write+0x240/0x4b0 fs/read_write.c:731
 __do_sys_write fs/read_write.c:742 [inline]
 __se_sys_write fs/read_write.c:739 [inline]
 __x64_sys_write+0x93/0xe0 fs/read_write.c:739
 x64_sys_call+0x3161/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:2
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4121 [inline]
 slab_alloc_node mm/slub.c:4164 [inline]
 __do_kmalloc_node mm/slub.c:4293 [inline]
 __kmalloc_node_track_caller_noprof+0x945/0x1240 mm/slub.c:4313
 kmemdup_noprof mm/util.c:135 [inline]
 kmemdup_array+0x5c/0xd0 mm/util.c:155
 nf_nat_register_fn+0x44f/0x9c0 net/netfilter/nf_nat_core.c:1221
 nf_nat_ipv4_register_fn+0x5e/0x80 net/netfilter/nf_nat_proto.c:861
 ipt_nat_register_lookups net/ipv4/netfilter/iptable_nat.c:77 [inline]
 iptable_nat_table_init+0x24a/0x820 net/ipv4/netfilter/iptable_nat.c:121
 xt_find_table_lock+0x456/0x840 net/netfilter/x_tables.c:1260
 xt_request_find_table_lock+0x4c/0x1e0 net/netfilter/x_tables.c:1285
 get_info net/ipv4/netfilter/ip_tables.c:963 [inline]
 do_ipt_get_ctl+0x16db/0x20a0 net/ipv4/netfilter/ip_tables.c:1659
 nf_getsockopt+0x429/0x480 net/netfilter/nf_sockopt.c:116
 ip_getsockopt+0x2ba/0x410 net/ipv4/ip_sockglue.c:1777
 tcp_getsockopt+0x15c/0x1a0 net/ipv4/tcp.c:4671
 sock_common_getsockopt+0xa1/0xe0 net/core/sock.c:3810
 do_sock_getsockopt+0x5f0/0xa10 net/socket.c:2359
 __sys_getsockopt net/socket.c:2388 [inline]
 __do_sys_getsockopt net/socket.c:2395 [inline]
 __se_sys_getsockopt net/socket.c:2392 [inline]
 __x64_sys_getsockopt+0x449/0x590 net/socket.c:2392
 x64_sys_call+0x1554/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:56
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 1 UID: 0 PID: 9282 Comm: syz.0.741 Tainted: G        W          6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
=====================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/01/29 22:52 upstream 05dbaf8dd8bf afe4eff5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __mdb_fill_info
2025/01/28 21:57 upstream f34b580514c9 f5427d7c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __mdb_fill_info
* Struck through repros no longer work on HEAD.