syzbot

 sign-in | mailing list | source | docs
🐞 Open [1166] 🐞 Fixed [4299] 🐞 Invalid [9646] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in fib_get_nhs

Status: fixed on 2022/03/08 16:11
Reported-by: syzbot+d4b9a2851cc3ce998741@syzkaller.appspotmail.com
Fix commit: 7a3429bace0e ipv4: Check attribute length for RTA_GATEWAY in multipath route
First crash: 417d, last: 345d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in strstr C 80 12d 917d 0/24 upstream: reported C repro on 2020/07/25 18:13
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) btrfs ntfs3 erofs udf C 135605 10m 326d 23/24 internal: reported C repro on 2022/03/09 07:32
upstream KMSAN: uninit-value in __tipc_nl_bearer_enable C 1271 3d07h 1503d 23/24 upstream: reported C repro on 2018/12/18 13:01
upstream KMSAN: uninit-value in tipc_nl_compat_name_table_dump (3) C 65 70d 87d 23/24 upstream: reported C repro on 2022/11/03 16:22

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in fib_get_nhs+0xac4/0x1f80 net/ipv4/fib_semantics.c:708
 fib_get_nhs+0xac4/0x1f80 net/ipv4/fib_semantics.c:708
 fib_create_info+0x2411/0x4870 net/ipv4/fib_semantics.c:1453
 fib_table_insert+0x45c/0x3a10 net/ipv4/fib_trie.c:1224
 inet_rtm_newroute+0x289/0x420 net/ipv4/fib_frontend.c:886
 rtnetlink_rcv_msg+0x145d/0x18c0 net/core/rtnetlink.c:5571
 netlink_rcv_skb+0x447/0x800 net/netlink/af_netlink.c:2491
 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:5589
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x1095/0x1360 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x16f3/0x1870 net/netlink/af_netlink.c:1916
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmsg+0x4a5/0x640 net/socket.c:2492
 __do_sys_sendmsg net/socket.c:2501 [inline]
 __se_sys_sendmsg net/socket.c:2499 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2499
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:524 [inline]
 slab_alloc_node mm/slub.c:3251 [inline]
 __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
 alloc_skb include/linux/skbuff.h:1126 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1191 [inline]
 netlink_sendmsg+0xe93/0x1870 net/netlink/af_netlink.c:1891
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmsg+0x4a5/0x640 net/socket.c:2492
 __do_sys_sendmsg net/socket.c:2501 [inline]
 __se_sys_sendmsg net/socket.c:2499 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2499
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 0 PID: 6371 Comm: syz-executor193 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (14):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kmsan-gce 2021/12/08 16:46 https://github.com/google/kmsan.git master 8b936c96768e a4a2a501 .config console log report syz C KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce 2022/02/18 12:08 https://github.com/google/kmsan.git master 85cfd6e539bd 3cd800e4 .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce 2022/01/25 13:37 https://github.com/google/kmsan.git master 85cfd6e539bd 2cbffd88 .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce 2021/12/19 12:57 https://github.com/google/kmsan.git master b0a8b5053e8b 44068e19 .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce 2021/12/19 12:39 https://github.com/google/kmsan.git master b0a8b5053e8b 44068e19 .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce 2021/12/10 04:11 https://github.com/google/kmsan.git master 8b936c96768e 4d4ce9bc .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce 2021/12/08 20:25 https://github.com/google/kmsan.git master 8b936c96768e a4a2a501 .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce 2021/12/08 14:56 https://github.com/google/kmsan.git master 8b936c96768e a4a2a501 .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce-386 2022/01/25 13:44 https://github.com/google/kmsan.git master 85cfd6e539bd 2cbffd88 .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce-386 2021/12/19 12:31 https://github.com/google/kmsan.git master b0a8b5053e8b 44068e19 .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce-386 2021/12/19 12:24 https://github.com/google/kmsan.git master b0a8b5053e8b 44068e19 .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce-386 2021/12/09 06:21 https://github.com/google/kmsan.git master 8b936c96768e a4a2a501 .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce-386 2021/12/08 20:32 https://github.com/google/kmsan.git master 8b936c96768e a4a2a501 .config console log report info KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce-386 2021/12/07 21:19 https://github.com/google/kmsan.git master 8b936c96768e 0230ba3e .config console log report info KMSAN: uninit-value in fib_get_nhs
* Struck through repros no longer work on HEAD.