KMSAN: uninit-value in ip6_tnl_parse_tlv_enc

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim netfilter				1	2110d	2110d	0/26	closed as invalid on 2018/09/05 16:30

upstream

KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim netfilter

2110d

0/26

closed as invalid on 2018/09/05 16:30


Created	Duration	User	Patch	Repo	Result
2024/01/05 16:59	41m	edumazet@google.com	patch	upstream	OK log
2024/01/05 16:16	20m	edumazet@google.com	patch	upstream	OK log
2023/12/05 11:40	18m	retest repro		upstream	report log

===================================================== BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4918 [inline] netdev_start_xmit include/linux/netdevice.h:4932 [inline] xmit_one net/core/dev.c:3543 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3559 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4344 dev_queue_xmit include/linux/netdevice.h:3112 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1585 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_write_iter+0x491/0x610 net/socket.c:1158 do_iter_write+0xceb/0x1340 fs/read_write.c:860 vfs_writev+0x329/0x7b0 fs/read_write.c:933 do_writev+0x251/0x5b0 fs/read_write.c:976 __do_sys_writev fs/read_write.c:1049 [inline] __se_sys_writev fs/read_write.c:1046 [inline] __x64_sys_writev+0x98/0xe0 fs/read_write.c:1046 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0xa2a/0xbb0 net/ipv6/ip6_tunnel.c:430 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4918 [inline] netdev_start_xmit include/linux/netdevice.h:4932 [inline] xmit_one net/core/dev.c:3543 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3559 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4344 dev_queue_xmit include/linux/netdevice.h:3112 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1585 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_write_iter+0x491/0x610 net/socket.c:1158 do_iter_write+0xceb/0x1340 fs/read_write.c:860 vfs_writev+0x329/0x7b0 fs/read_write.c:933 do_writev+0x251/0x5b0 fs/read_write.c:976 __do_sys_writev fs/read_write.c:1049 [inline] __se_sys_writev fs/read_write.c:1046 [inline] __x64_sys_writev+0x98/0xe0 fs/read_write.c:1046 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 1 PID: 5029 Comm: syz-executor185 Not tainted 6.7.0-rc1-syzkaller-00019-gc42d9eeef8e5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 =====================================================

Crashes (17):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2023/11/16 15:44	upstream	c42d9eeef8e5	cb976f63	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2024/01/30 23:46	upstream	9f8413c4a66f	7f400fcb	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2024/01/21 02:42	upstream	9f8413c4a66f	9bd8dcda	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2024/01/06 05:07	upstream	6d0dc8559c84	d0304e9c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2024/01/04 06:02	upstream	ac865f00af29	28c42cff	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/12/25 13:43	upstream	861deac3b092	fb427a07	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/12/25 13:34	upstream	861deac3b092	fb427a07	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/12/12 10:23	upstream	26aff849438c	28b24332	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/11/21 11:38	upstream	98b1cc82c4af	cb976f63	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/11/21 11:30	upstream	98b1cc82c4af	cb976f63	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/11/16 13:42	upstream	c42d9eeef8e5	cb976f63	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/11/16 13:36	upstream	c42d9eeef8e5	cb976f63	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/11/16 13:26	upstream	c42d9eeef8e5	cb976f63	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/11/16 13:23	upstream	c42d9eeef8e5	cb976f63	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/12/25 14:33	upstream	861deac3b092	fb427a07	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-386-root	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/12/25 13:47	upstream	861deac3b092	fb427a07	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-386-root	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim
2023/11/16 13:39	upstream	c42d9eeef8e5	cb976f63	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-386	KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim

Crashes (17):

Assets (help?)