| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KMSAN: uninit-value in ip_rcv_core net | C | 141 | 1008d | 2042d | 20/26 | fixed on 2021/11/10 00:50 |
syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [984] ≡ Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] ⬇ Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KMSAN: uninit-value in ip_rcv_core net | C | 141 | 1008d | 2042d | 20/26 | fixed on 2021/11/10 00:50 |
===================================================== BUG: KMSAN: uninit-value in ip_rcv_core+0x114b/0x1500 net/ipv4/ip_input.c:486 ip_rcv_core+0x114b/0x1500 net/ipv4/ip_input.c:486 ip_rcv+0xc7/0x830 net/ipv4/ip_input.c:536 __netif_receive_skb_one_core net/core/dev.c:5465 [inline] __netif_receive_skb+0x1ec/0x630 net/core/dev.c:5579 process_backlog+0x54b/0xc10 net/core/dev.c:6455 __napi_poll+0x14c/0xc00 net/core/dev.c:7023 napi_poll net/core/dev.c:7090 [inline] net_rx_action+0x7e2/0x1820 net/core/dev.c:7177 __do_softirq+0x1ee/0x7c5 kernel/softirq.c:558 do_softirq+0x16d/0x220 kernel/softirq.c:459 __local_bh_enable_ip+0xd5/0xe0 kernel/softirq.c:383 local_bh_enable+0x36/0x40 include/linux/bottom_half.h:33 rcu_read_unlock_bh include/linux/rcupdate.h:758 [inline] ip_finish_output2+0x199e/0x1bb0 net/ipv4/ip_output.c:222 __ip_finish_output+0x35e/0x960 ip_finish_output+0x15c/0x4d0 net/ipv4/ip_output.c:309 NF_HOOK_COND include/linux/netfilter.h:296 [inline] ip_output+0x333/0x6d0 net/ipv4/ip_output.c:423 dst_output include/net/dst.h:450 [inline] ip_local_out net/ipv4/ip_output.c:126 [inline] __ip_queue_xmit+0x1eb9/0x2540 net/ipv4/ip_output.c:525 ip_queue_xmit+0xcc/0xf0 net/ipv4/ip_output.c:539 __tcp_transmit_skb+0x4ac6/0x5cd0 net/ipv4/tcp_output.c:1402 tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline] tcp_write_xmit+0x4835/0xaae0 net/ipv4/tcp_output.c:2680 __tcp_push_pending_frames+0x159/0x5b0 net/ipv4/tcp_output.c:2864 tcp_push+0x99a/0xa30 net/ipv4/tcp.c:725 tcp_sendmsg_locked+0x657d/0x6dc0 net/ipv4/tcp.c:1412 tcp_sendmsg+0xb2/0x100 net/ipv4/tcp.c:1440 inet_sendmsg+0x15b/0x1d0 net/ipv4/af_inet.c:819 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409 ___sys_sendmsg net/socket.c:2463 [inline] __sys_sendmmsg+0x845/0xf60 net/socket.c:2542 __compat_sys_sendmmsg net/compat.c:361 [inline] __do_compat_sys_sendmmsg net/compat.c:368 [inline] __se_compat_sys_sendmmsg net/compat.c:365 [inline] __ia32_compat_sys_sendmmsg+0x127/0x180 net/compat.c:365 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c Uninit was stored to memory at: pskb_expand_head+0x3c9/0x1ca0 net/core/skbuff.c:1710 skb_unclone include/linux/skbuff.h:1690 [inline] skb_copy_ubufs+0x3db/0x2870 net/core/skbuff.c:1422 skb_orphan_frags_rx include/linux/skbuff.h:2853 [inline] __netif_receive_skb_core+0x5938/0x5de0 net/core/dev.c:5430 __netif_receive_skb_one_core net/core/dev.c:5463 [inline] __netif_receive_skb+0xf2/0x630 net/core/dev.c:5579 process_backlog+0x54b/0xc10 net/core/dev.c:6455 __napi_poll+0x14c/0xc00 net/core/dev.c:7023 napi_poll net/core/dev.c:7090 [inline] net_rx_action+0x7e2/0x1820 net/core/dev.c:7177 __do_softirq+0x1ee/0x7c5 kernel/softirq.c:558 Uninit was created at: slab_post_alloc_hook mm/slab.h:524 [inline] slab_alloc_node mm/slub.c:3251 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb_fclone include/linux/skbuff.h:1176 [inline] tcp_stream_alloc_skb+0x133/0x9e0 net/ipv4/tcp.c:861 tcp_sendmsg_locked+0x1fe4/0x6dc0 net/ipv4/tcp.c:1281 tcp_sendmsg+0xb2/0x100 net/ipv4/tcp.c:1440 inet_sendmsg+0x15b/0x1d0 net/ipv4/af_inet.c:819 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409 ___sys_sendmsg net/socket.c:2463 [inline] __sys_sendmmsg+0x845/0xf60 net/socket.c:2542 __compat_sys_sendmmsg net/compat.c:361 [inline] __do_compat_sys_sendmmsg net/compat.c:368 [inline] __se_compat_sys_sendmmsg net/compat.c:365 [inline] __ia32_compat_sys_sendmmsg+0x127/0x180 net/compat.c:365 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c CPU: 0 PID: 24031 Comm: syz-executor.4 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 =====================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2021/12/27 07:50 | https://github.com/google/kmsan.git master | 81c325bbf94e | e4f103c4 | .config | console log | report | info | ci-upstream-kmsan-gce-386 | KMSAN: uninit-value in ip_rcv_core |