syzbot

 sign-in | mailing list | source | docs
🐞 Open [957] Subsystems 🐞 Fixed [4569] 🐞 Invalid [10546] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in __skb_checksum_complete (5)

Status: upstream: reported C repro on 2020/08/14 15:09
Labels: netfilter (incorrect?)
Reported-by: syzbot+b024befb3ca7990fea37@syzkaller.appspotmail.com
First crash: 1027d, last: 2d16h
Discussions (1)
Title Replies (including bot) Last reply
KMSAN: uninit-value in __skb_checksum_complete (5) 0 (2) 2020/12/02 12:11
Similar bugs (25)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __skb_checksum_complete (3) 7 1507d 1674d 0/24 auto-closed as invalid on 2019/10/19 05:22
upstream KMSAN: uninit-value in __skb_checksum_complete (2) 2 1799d 1800d 0/24 closed as invalid on 2018/09/05 16:20
upstream KMSAN: uninit-value in __skb_checksum_complete (4) C 420 1050d 1292d 0/24 closed as invalid on 2020/07/22 16:42
upstream KMSAN: uninit-value in __skb_checksum_complete C 5 1872d 1873d 0/24 closed as invalid on 2018/04/22 15:44
upstream KMSAN: uninit-value in erspan_build_header net 40 148d 238d 0/24 auto-obsoleted due to no activity on 2023/05/10 10:26
upstream KMSAN: uninit-value in bpf_prog_run_generic_xdp net 130 6d03h 201d 0/24 upstream: reported on 2022/11/18 11:39
upstream KMSAN: uninit-value in ip_tunnel_xmit (3) C 1516 244d 931d 0/24 closed as invalid on 2022/10/12 18:48
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 103d 455d 24/24 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in br_dev_xmit bridge C 537 143d 1199d 0/24 auto-obsoleted due to no activity on 2023/05/15 13:28
upstream KMSAN: uninit-value in batadv_get_vid batman C 1947 95d 1199d 0/24 upstream: reported C repro on 2020/02/24 08:38
upstream KMSAN: uninit-value in eth_type_trans (2) net C 3672 23h47m 1232d 0/24 upstream: reported C repro on 2020/01/22 16:47
upstream KMSAN: uninit-value in ip_tunnel_xmit (2) net C 11778 937d 1762d 17/24 fixed on 2020/11/16 12:12
upstream KMSAN: uninit-value in ip_tunnel_xmit net C 2594 1786d 1873d 9/24 fixed on 2018/07/17 16:09
linux-4.14 KASAN: use-after-free Read in ip_tunnel_xmit C inconclusive 5 214d 827d 0/1 upstream: reported C repro on 2021/03/02 14:45
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) net C 748 456d 545d 22/24 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in skb_release_data (3) C 10 322d 1001d 0/24 auto-obsoleted due to no activity on 2022/11/17 07:20
upstream KMSAN: uninit-value in hsr_register_frame_in net C 197 26d 1577d 0/24 upstream: reported C repro on 2019/02/11 21:53
upstream KMSAN: kernel-infoleak in copyout (2) net C 6722 1h50m 1168d 23/24 upstream: reported C repro on 2020/03/26 17:19
upstream KMSAN: uninit-value in ipv6_find_tlv net C 271 40d 1394d 23/24 upstream: reported C repro on 2019/08/13 14:48
upstream KMSAN: uninit-value in ax25cmp (2) C 51 259d 520d 0/24 closed as invalid on 2022/11/18 11:50
upstream KMSAN: uninit-value in virtqueue_add (3) 13 215d 508d 0/24 auto-obsoleted due to no activity on 2023/02/12 03:53
upstream KMSAN: uninit-value in can_send can C 630 198d 216d 24/24 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in IP6_ECN_decapsulate net C 384 1d00h 1721d 0/24 upstream: reported C repro on 2018/09/20 20:54
upstream KMSAN: uninit-value in inet_frag_find (2) 2 512d 520d 0/24 auto-closed as invalid on 2022/04/11 17:13
upstream KMSAN: uninit-value in hsr_fill_frame_info (2) net C 65 25d 238d 0/24 upstream: reported C repro on 2022/10/12 19:10

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x8f1/0x4230 net/ipv4/ip_tunnel.c:661
 ip_tunnel_xmit+0x8f1/0x4230 net/ipv4/ip_tunnel.c:661
 __gre_xmit net/ipv4/ip_gre.c:469 [inline]
 ipgre_xmit+0xd29/0xe30 net/ipv4/ip_gre.c:661
 __netdev_start_xmit include/linux/netdevice.h:4884 [inline]
 netdev_start_xmit include/linux/netdevice.h:4898 [inline]
 xmit_one net/core/dev.c:3581 [inline]
 dev_hard_start_xmit+0x253/0xa20 net/core/dev.c:3597
 __dev_queue_xmit+0x3c7f/0x5ac0 net/core/dev.c:4247
 dev_queue_xmit include/linux/netdevice.h:3054 [inline]
 garp_queue_xmit net/802/garp.c:272 [inline]
 garp_join_timer+0x18e/0x2e0 net/802/garp.c:423
 call_timer_fn+0x45/0x4e0 kernel/time/timer.c:1700
 expire_timers kernel/time/timer.c:1751 [inline]
 __run_timers+0x861/0xf90 kernel/time/timer.c:2022
 run_timer_softirq+0x68/0xe0 kernel/time/timer.c:2035
 __do_softirq+0x1c9/0x7c5 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0xe5/0x220 kernel/softirq.c:650
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x9e/0xc0 arch/x86/kernel/apic/apic.c:1107
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:645
 smap_restore arch/x86/include/asm/smap.h:56 [inline]
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:37 [inline]
 __msan_metadata_ptr_for_store_8+0x2f/0x40 mm/kmsan/instrumentation.c:92
 update_stack_state+0x183/0x1e0
 unwind_next_frame+0x11d/0x360 arch/x86/kernel/unwind_frame.c:315
 arch_stack_walk+0x1bd/0x290 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xb6/0x100 kernel/stacktrace.c:122
 kmsan_save_stack_with_flags mm/kmsan/core.c:76 [inline]
 kmsan_internal_poison_memory+0x49/0xa0 mm/kmsan/core.c:60
 kmsan_slab_alloc+0xdd/0x150 mm/kmsan/hooks.c:68
 slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:774
 slab_alloc_node mm/slub.c:3452 [inline]
 kmem_cache_alloc_node+0x543/0xab0 mm/slub.c:3497
 kmalloc_reserve+0x148/0x470 net/core/skbuff.c:520
 __alloc_skb+0x3a7/0x850 net/core/skbuff.c:606
 alloc_skb_fclone include/linux/skbuff.h:1328 [inline]
 tcp_stream_alloc_skb+0x54/0x5c0 net/ipv4/tcp.c:863
 tcp_sendmsg_locked+0x1842/0x6360 net/ipv4/tcp.c:1326
 tcp_sendmsg+0x49/0x80 net/ipv4/tcp.c:1484
 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:825
 sock_sendmsg_nosec net/socket.c:724 [inline]
 sock_sendmsg net/socket.c:747 [inline]
 sock_write_iter+0x4b0/0x660 net/socket.c:1138
 call_write_iter include/linux/fs.h:1851 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x834/0x1580 fs/read_write.c:584
 ksys_write+0x21f/0x4f0 fs/read_write.c:637
 __do_sys_write fs/read_write.c:649 [inline]
 __se_sys_write fs/read_write.c:646 [inline]
 __x64_sys_write+0x93/0xd0 fs/read_write.c:646
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:774
 slab_alloc_node mm/slub.c:3452 [inline]
 __kmem_cache_alloc_node+0x518/0x920 mm/slub.c:3491
 __do_kmalloc_node mm/slab_common.c:966 [inline]
 __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:987
 kmalloc_reserve+0x248/0x470 net/core/skbuff.c:537
 __alloc_skb+0x3a7/0x850 net/core/skbuff.c:606
 alloc_skb include/linux/skbuff.h:1278 [inline]
 garp_pdu_init net/802/garp.c:225 [inline]
 garp_pdu_append_attr+0x299/0x1170 net/802/garp.c:296
 garp_attr_event+0x146/0x280 net/802/garp.c:338
 garp_gid_event net/802/garp.c:402 [inline]
 garp_join_timer+0xc5/0x2e0 net/802/garp.c:419
 call_timer_fn+0x45/0x4e0 kernel/time/timer.c:1700
 expire_timers kernel/time/timer.c:1751 [inline]
 __run_timers+0x861/0xf90 kernel/time/timer.c:2022
 run_timer_softirq+0x68/0xe0 kernel/time/timer.c:2035
 __do_softirq+0x1c9/0x7c5 kernel/softirq.c:571

CPU: 0 PID: 4951 Comm: sshd Not tainted 6.3.0-syzkaller-g81af97bdef5e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
=====================================================

Crashes (1380):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/04/28 18:52 https://github.com/google/kmsan.git master 81af97bdef5e 457a6e0a .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_xmit
2020/12/02 12:10 https://github.com/google/kmsan.git master 73d62e81b476 c42a35e9 .config console log report syz C ci-upstream-kmsan-gce
2023/04/09 11:30 https://github.com/google/kmsan.git master 9189d4cb6980 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __skb_checksum_complete
2023/06/05 06:18 https://github.com/google/kmsan.git master 2741f1b02117 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_xmit
2023/05/24 09:35 https://github.com/google/kmsan.git master f93f2feda5d6 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_xmit
2023/05/18 22:49 https://github.com/google/kmsan.git master dad188c049f8 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_xmit
2023/05/08 00:35 https://github.com/google/kmsan.git master 81af97bdef5e 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/07 22:48 https://github.com/google/kmsan.git master 81af97bdef5e 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/07 18:14 https://github.com/google/kmsan.git master 81af97bdef5e 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/05 08:08 https://github.com/google/kmsan.git master 81af97bdef5e 518a39a6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/05 06:57 https://github.com/google/kmsan.git master 81af97bdef5e 518a39a6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/05 04:22 https://github.com/google/kmsan.git master 81af97bdef5e 518a39a6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/04 03:52 https://github.com/google/kmsan.git master 81af97bdef5e b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_xmit
2023/05/04 00:32 https://github.com/google/kmsan.git master 81af97bdef5e b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_xmit
2023/05/03 19:14 https://github.com/google/kmsan.git master 81af97bdef5e b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/03 08:53 https://github.com/google/kmsan.git master 81af97bdef5e 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/02 15:53 https://github.com/google/kmsan.git master 81af97bdef5e 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/02 12:50 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/02 12:29 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/02 04:48 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/01 23:39 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/01 15:16 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_xmit
2023/05/01 08:02 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/05/01 02:11 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/04/30 13:58 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/04/30 10:22 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_xmit
2023/04/30 05:01 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/04/29 17:30 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_xmit
2023/04/29 02:32 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/04/28 20:03 https://github.com/google/kmsan.git master 81af97bdef5e 457a6e0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/04/28 18:55 https://github.com/google/kmsan.git master 81af97bdef5e 457a6e0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/04/28 16:46 https://github.com/google/kmsan.git master 81af97bdef5e 457a6e0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_xmit
2023/04/27 05:45 https://github.com/google/kmsan.git master 81af97bdef5e 19a3dabe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2023/04/26 11:00 https://github.com/google/kmsan.git master 81af97bdef5e 7560799c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ip_make_skb
2021/01/13 14:17 https://github.com/google/kmsan.git master 73d62e81b476 a945f0a3 .config console log report info ci-upstream-kmsan-gce
2020/08/14 06:17 https://github.com/google/kmsan.git master ce8056d1f79e 54ce1ed6 .config console log report ci-upstream-kmsan-gce
2023/06/03 14:21 https://github.com/google/kmsan.git master 2741f1b02117 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ipgre_xmit
2023/05/27 19:05 https://github.com/google/kmsan.git master f93f2feda5d6 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_tunnel_xmit
2023/05/26 15:23 https://github.com/google/kmsan.git master f93f2feda5d6 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_tunnel_xmit
2023/05/24 12:20 https://github.com/google/kmsan.git master f93f2feda5d6 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ipgre_xmit
2023/05/24 02:59 https://github.com/google/kmsan.git master f93f2feda5d6 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ipgre_xmit
2023/05/22 04:42 https://github.com/google/kmsan.git master dad188c049f8 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ipgre_xmit
2023/05/11 15:56 https://github.com/google/kmsan.git master 46e8b6e7cfeb 0fbd49f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ipgre_xmit
2023/05/09 21:31 https://github.com/google/kmsan.git master 81af97bdef5e 30aa2a7e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ipgre_xmit
2023/05/07 00:17 https://github.com/google/kmsan.git master 81af97bdef5e 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ipgre_xmit
2023/05/05 16:22 https://github.com/google/kmsan.git master 81af97bdef5e 518a39a6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip_make_skb
2023/05/05 07:05 https://github.com/google/kmsan.git master 81af97bdef5e 518a39a6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip_make_skb
2023/05/04 10:11 https://github.com/google/kmsan.git master 81af97bdef5e b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_tunnel_xmit
2023/05/03 20:25 https://github.com/google/kmsan.git master 81af97bdef5e b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip_make_skb
2023/05/01 17:10 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip_make_skb
2023/05/01 03:13 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ipgre_xmit
2023/04/30 22:14 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_tunnel_xmit
2023/04/29 22:27 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in __ip_make_skb
2023/04/29 18:45 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_tunnel_xmit
2023/04/27 14:53 https://github.com/google/kmsan.git master 81af97bdef5e 6f5b1cc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ipgre_xmit
2023/04/27 02:57 https://github.com/google/kmsan.git master 81af97bdef5e 19a3dabe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ipgre_xmit
* Struck through repros no longer work on HEAD.