syzbot

 sign-in | mailing list | source | docs
🐞 Open [1130] 🐞 Fixed [4212] 🐞 Invalid [9343] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in ipv6_find_tlv

Status: upstream: reported C repro on 2019/08/13 14:48
Reported-by: syzbot+8257f4dcef79de670baf@syzkaller.appspotmail.com
First crash: 1214d, last: 3d04h
similar bugs (9):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in skb_release_data (3) C 10 138d 817d 0/24 auto-obsoleted due to no activity on 2022/11/17 07:20
upstream KMSAN: uninit-value in bpf_prog_run_generic_xdp 104 10h04m 17d 0/24 upstream: reported on 2022/11/18 11:39
upstream KMSAN: uninit-value in ax25cmp (2) C 51 75d 336d 0/24 closed as invalid on 2022/11/18 11:50
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) C 71411 now 271d 23/24 internal: reported C repro on 2022/03/09 07:32
upstream KMSAN: uninit-value in can_send C 630 14d 32d 23/24 upstream: reported C repro on 2022/11/03 16:22
upstream KMSAN: uninit-value in inet_frag_find (2) 2 328d 336d 0/24 auto-closed as invalid on 2022/04/11 17:13
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) C 748 272d 361d 22/24 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in eth_type_trans (2) C 3022 2h33m 1048d 0/24 upstream: reported C repro on 2020/01/22 16:47
upstream KMSAN: uninit-value in hsr_fill_frame_info (2) C 63 68d 54d 0/24 upstream: reported C repro on 2022/10/12 19:10
Patch testing requests:
Created Duration User Patch Repo Result
2022/09/28 23:30 13m retest repro https://github.com/google/kmsan.git master report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in ipv6_find_tlv+0x398/0x410 net/ipv6/exthdrs_core.c:147
 ipv6_find_tlv+0x398/0x410 net/ipv6/exthdrs_core.c:147
 ip6_find_1stfragopt+0x287/0x520 net/ipv6/output_core.c:84
 ip6_fragment+0x1d7/0x3dc0 net/ipv6/ip6_output.c:846
 __ip6_finish_output net/ipv6/ip6_output.c:193 [inline]
 ip6_finish_output+0xd0e/0x1230 net/ipv6/ip6_output.c:206
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x396/0x640 net/ipv6/ip6_output.c:227
 dst_output include/net/dst.h:451 [inline]
 ip6_local_out+0xe5/0x140 net/ipv6/output_core.c:161
 ip6_send_skb net/ipv6/ip6_output.c:1969 [inline]
 ip6_push_pending_frames+0x1f4/0x550 net/ipv6/ip6_output.c:1989
 rawv6_push_pending_frames+0xb12/0xb90 net/ipv6/raw.c:579
 rawv6_sendmsg+0x2ba7/0x2ea0 net/ipv6/raw.c:922
 inet_sendmsg+0x101/0x180 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 sock_write_iter+0x495/0x5e0 net/socket.c:1108
 call_write_iter include/linux/fs.h:2187 [inline]
 aio_write+0x63a/0x950 fs/aio.c:1603
 io_submit_one+0x1a36/0x3ad0 fs/aio.c:2022
 __do_sys_io_submit fs/aio.c:2081 [inline]
 __se_sys_io_submit+0x293/0x770 fs/aio.c:2051
 __x64_sys_io_submit+0x92/0xd0 fs/aio.c:2051
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:732 [inline]
 slab_alloc_node mm/slub.c:3258 [inline]
 __kmalloc_node_track_caller+0x814/0x1250 mm/slub.c:4970
 kmalloc_reserve net/core/skbuff.c:362 [inline]
 __alloc_skb+0x346/0xcf0 net/core/skbuff.c:434
 alloc_skb include/linux/skbuff.h:1257 [inline]
 __ip6_append_data+0x51d5/0x6b80 net/ipv6/ip6_output.c:1682
 ip6_append_data+0x437/0x5b0 net/ipv6/ip6_output.c:1852
 rawv6_sendmsg+0x28dc/0x2ea0 net/ipv6/raw.c:915
 inet_sendmsg+0x101/0x180 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 sock_write_iter+0x495/0x5e0 net/socket.c:1108
 call_write_iter include/linux/fs.h:2187 [inline]
 aio_write+0x63a/0x950 fs/aio.c:1603
 io_submit_one+0x1a36/0x3ad0 fs/aio.c:2022
 __do_sys_io_submit fs/aio.c:2081 [inline]
 __se_sys_io_submit+0x293/0x770 fs/aio.c:2051
 __x64_sys_io_submit+0x92/0xd0 fs/aio.c:2051
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 1 PID: 3514 Comm: syz-executor191 Not tainted 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
=====================================================

Crashes (112):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2022/10/02 18:26 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report syz C KMSAN: uninit-value in ipv6_find_tlv
ci-upstream-kmsan-gce 2022/05/12 01:09 https://github.com/google/kmsan.git master d6e2c8c7eb40 beb0b407 .config log report syz C KMSAN: uninit-value in ipv6_find_tlv
ci-upstream-kmsan-gce 2019/09/11 01:12 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report syz C
ci-upstream-kmsan-gce 2019/08/09 13:58 https://github.com/google/kmsan.git master 61ccdad1fcdf ede31a9b .config log report syz C
ci-upstream-kmsan-gce 2022/12/02 15:01 https://github.com/google/kmsan.git master 49a9a20768f5 e080de16 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/12/02 02:51 https://github.com/google/kmsan.git master 49a9a20768f5 e080de16 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/12/01 22:14 https://github.com/google/kmsan.git master 49a9a20768f5 e080de16 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/30 12:59 https://github.com/google/kmsan.git master 49a9a20768f5 4c2a66e8 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/30 11:30 https://github.com/google/kmsan.git master 49a9a20768f5 4c2a66e8 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/30 11:21 https://github.com/google/kmsan.git master 49a9a20768f5 4c2a66e8 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/25 08:11 https://github.com/google/kmsan.git master a472f15b3d1e 74a66371 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/24 19:22 https://github.com/google/kmsan.git master e889f323ec44 62e26685 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/15 10:42 https://github.com/google/kmsan.git master cb231e2f67ec 97de9cfc .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/15 06:51 https://github.com/google/kmsan.git master cb231e2f67ec 943f4cb8 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/12 04:25 https://github.com/google/kmsan.git master cb231e2f67ec 3ead01ad .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/11 18:41 https://github.com/google/kmsan.git master cb231e2f67ec 3ead01ad .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/10 23:29 https://github.com/google/kmsan.git master 9b1ac640862d 3ead01ad .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/06 15:20 https://github.com/google/kmsan.git master 53d6b047b069 6d752409 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/06 09:17 https://github.com/google/kmsan.git master 53d6b047b069 6d752409 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/04 16:45 https://github.com/google/kmsan.git master 02b1fb26100c 6d752409 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/11/01 19:35 https://github.com/google/kmsan.git master be8b0d020631 edac4fd1 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/10/29 14:04 https://github.com/google/kmsan.git master be8b0d020631 899d812a .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/10/29 05:27 https://github.com/google/kmsan.git master be8b0d020631 ea12ae9b .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/10/29 04:47 https://github.com/google/kmsan.git master be8b0d020631 ea12ae9b .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/10/28 09:51 https://github.com/google/kmsan.git master be8b0d020631 86777b7f .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/10/28 01:05 https://github.com/google/kmsan.git master 1aa4f78e4630 86777b7f .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/10/28 00:05 https://github.com/google/kmsan.git master 1aa4f78e4630 86777b7f .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/10/28 00:05 https://github.com/google/kmsan.git master 1aa4f78e4630 86777b7f .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/10/28 00:05 https://github.com/google/kmsan.git master 1aa4f78e4630 86777b7f .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/10/28 00:05 https://github.com/google/kmsan.git master 1aa4f78e4630 86777b7f .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2022/10/28 00:00 https://github.com/google/kmsan.git master 1aa4f78e4630 86777b7f .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce 2020/02/22 04:33 https://github.com/google/kmsan.git master 8bbbc5cf3dca 2ffa6679 .config log report
ci-upstream-kmsan-gce-386 2022/12/03 02:02 https://github.com/google/kmsan.git master 49a9a20768f5 e080de16 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/11/29 20:28 https://github.com/google/kmsan.git master 49a9a20768f5 05dc7993 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/11/27 10:15 https://github.com/google/kmsan.git master a472f15b3d1e 74a66371 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/11/23 15:32 https://github.com/google/kmsan.git master ddce02aa9c40 75740b3f .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/11/20 21:07 https://github.com/google/kmsan.git master cb231e2f67ec 5bb70014 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/11/16 23:09 https://github.com/google/kmsan.git master cb231e2f67ec 3a127a31 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/11/15 07:05 https://github.com/google/kmsan.git master cb231e2f67ec 943f4cb8 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/11/11 12:45 https://github.com/google/kmsan.git master cb231e2f67ec 3ead01ad .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/11/10 23:46 https://github.com/google/kmsan.git master 9b1ac640862d 3ead01ad .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/11/06 22:18 https://github.com/google/kmsan.git master 53d6b047b069 6d752409 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/11/06 04:21 https://github.com/google/kmsan.git master 53d6b047b069 6d752409 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/11/02 08:53 https://github.com/google/kmsan.git master be8b0d020631 edac4fd1 .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/10/30 13:12 https://github.com/google/kmsan.git master be8b0d020631 2a71366b .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/10/30 09:45 https://github.com/google/kmsan.git master be8b0d020631 2a71366b .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/10/30 05:01 https://github.com/google/kmsan.git master be8b0d020631 2a71366b .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/10/29 04:49 https://github.com/google/kmsan.git master be8b0d020631 ea12ae9b .config log report info KMSAN: uninit-value in __ip6_make_skb
ci-upstream-kmsan-gce-386 2022/10/28 00:36 https://github.com/google/kmsan.git master 1aa4f78e4630 86777b7f .config log report info KMSAN: uninit-value in __ip6_make_skb
* Struck through repros no longer work on HEAD.