syzbot


KMSAN: uninit-value in ipv6_find_tlv

Status: upstream: reported C repro on 2019/08/13 14:48
Reported-by: syzbot+8257f4dcef79de670baf@syzkaller.appspotmail.com
First crash: 1058d, last: 52d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) C 372 23h02m 115d 21/22 internal: reported C repro on 2022/03/09 07:32
upstream KMSAN: uninit-value in inet_frag_find (2) 2 172d 180d 0/22 auto-closed as invalid on 2022/04/11 17:13
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) C 748 116d 205d 22/22 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in eth_type_trans (2) C 1875 8h02m 892d 0/22 upstream: reported C repro on 2020/01/22 16:47

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in ipv6_find_tlv+0x460/0x510 net/ipv6/exthdrs_core.c:147
 ipv6_find_tlv+0x460/0x510 net/ipv6/exthdrs_core.c:147
 ip6_find_1stfragopt+0x2af/0x610 net/ipv6/output_core.c:84
 ip6_fragment+0x26b/0x4550 net/ipv6/ip6_output.c:824
 __ip6_finish_output+0xcc6/0x10b0 net/ipv6/ip6_output.c:189
 ip6_finish_output+0x15c/0x590 net/ipv6/ip6_output.c:201
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x4b9/0x800 net/ipv6/ip6_output.c:224
 dst_output include/net/dst.h:451 [inline]
 ip6_local_out+0x180/0x1f0 net/ipv6/output_core.c:161
 ip6_send_skb net/ipv6/ip6_output.c:1925 [inline]
 ip6_push_pending_frames+0x252/0x570 net/ipv6/ip6_output.c:1945
 rawv6_push_pending_frames+0xcc1/0xd30 net/ipv6/raw.c:613
 rawv6_sendmsg+0x3079/0x33b0 net/ipv6/raw.c:956
 inet_sendmsg+0x15b/0x1d0 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmsg+0x704/0x840 net/socket.c:2496
 __do_sys_sendmsg net/socket.c:2505 [inline]
 __se_sys_sendmsg net/socket.c:2503 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2503
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x51/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:754 [inline]
 slab_alloc_node mm/slub.c:3231 [inline]
 __kmalloc_node_track_caller+0xde3/0x14f0 mm/slub.c:4962
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
 alloc_skb include/linux/skbuff.h:1300 [inline]
 alloc_skb_with_frags+0x1df/0xd60 net/core/skbuff.c:5995
 sock_alloc_send_pskb+0xdf4/0xfc0 net/core/sock.c:2600
 sock_alloc_send_skb+0xca/0xe0 net/core/sock.c:2617
 __ip6_append_data+0x4f13/0x72a0 net/ipv6/ip6_output.c:1633
 ip6_append_data+0x453/0x830 net/ipv6/ip6_output.c:1808
 rawv6_sendmsg+0x2e18/0x33b0 net/ipv6/raw.c:949
 inet_sendmsg+0x15b/0x1d0 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmsg+0x704/0x840 net/socket.c:2496
 __do_sys_sendmsg net/socket.c:2505 [inline]
 __se_sys_sendmsg net/socket.c:2503 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2503
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x51/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 0 PID: 3507 Comm: syz-executor227 Not tainted 5.18.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (16):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2022/05/12 01:09 https://github.com/google/kmsan.git master d6e2c8c7eb40 beb0b407 .config log report syz C KMSAN: uninit-value in ipv6_find_tlv
ci-upstream-kmsan-gce 2019/09/11 01:12 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report syz C
ci-upstream-kmsan-gce 2019/08/09 13:58 https://github.com/google/kmsan.git master 61ccdad1fcdf ede31a9b .config log report syz C
ci-upstream-kmsan-gce 2022/05/11 23:34 https://github.com/google/kmsan.git master d6e2c8c7eb40 beb0b407 .config log report info KMSAN: uninit-value in ipv6_find_tlv
ci-upstream-kmsan-gce 2021/07/03 15:47 https://github.com/google/kmsan.git master 57b5797c8013 55aa55c2 .config log report info KMSAN: uninit-value in ipv6_find_tlv
ci-upstream-kmsan-gce 2021/06/20 23:34 https://github.com/google/kmsan.git master 6a6a67f21dec aba2b2fb .config log report info KMSAN: uninit-value in ipv6_find_tlv
ci-upstream-kmsan-gce 2020/02/22 04:33 https://github.com/google/kmsan.git master 8bbbc5cf3dca 2ffa6679 .config log report
ci-upstream-kmsan-gce 2020/01/29 07:56 https://github.com/google/kmsan.git master 686a4f77cb0c c8e81ce4 .config log report
ci-upstream-kmsan-gce 2020/01/29 07:23 https://github.com/google/kmsan.git master 686a4f77cb0c c8e81ce4 .config log report
ci-upstream-kmsan-gce 2019/12/07 15:30 https://github.com/google/kmsan.git master f8f75f037ea5 85f26751 .config log report
ci-upstream-kmsan-gce 2019/12/01 11:04 https://github.com/google/kmsan.git master e2027b2c33b7 a76bf83f .config log report
ci-upstream-kmsan-gce 2019/11/27 20:38 https://github.com/google/kmsan.git master c543ab669ab8 0d63f89c .config log report
ci-upstream-kmsan-gce 2019/11/10 22:09 https://github.com/google/kmsan.git master e741088f2efa dc438b91 .config log report
ci-upstream-kmsan-gce 2019/11/01 05:48 https://github.com/google/kmsan.git master 6f88939b3fa3 a41ca8fa .config log report
ci-upstream-kmsan-gce 2019/10/20 09:40 https://github.com/google/kmsan.git master 3c8ca70889aa 8c88c9c1 .config log report
ci-upstream-kmsan-gce 2019/08/09 13:04 https://github.com/google/kmsan.git master 61ccdad1fcdf ede31a9b .config log report