syzbot

 sign-in | mailing list | source | docs
🐞 Open [981] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12500] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in ip_route_output_key_hash_rcu (5)

Status: auto-closed as invalid on 2022/02/28 08:56
Subsystems: net
[Documentation on labels]
First crash: 876d, last: 876d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu (4) net 2 1178d 1197d 0/26 auto-closed as invalid on 2021/06/01 04:17
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu (2) net 1 2170d 2170d 0/26 closed as invalid on 2018/06/27 15:18
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 321d 1490d 22/26 fixed on 2023/06/08 14:41
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 425d 777d 22/26 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu (3) net 2 1495d 1520d 0/26 auto-closed as invalid on 2020/06/19 03:56
upstream KMSAN: uninit-value in IP6_ECN_decapsulate net C 981 127d 2043d 25/26 fixed on 2023/12/21 03:45
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu net 179 2178d 2209d 5/26 fixed on 2018/05/08 18:30

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in ip_route_output_key_hash_rcu+0x470/0x1d60 net/ipv4/route.c:2644
 ip_route_output_key_hash_rcu+0x470/0x1d60 net/ipv4/route.c:2644
 ip_route_output_key_hash net/ipv4/route.c:2627 [inline]
 __ip_route_output_key include/net/route.h:126 [inline]
 ip_route_output_flow+0x227/0x4c0 net/ipv4/route.c:2858
 ipvlan_process_v4_outbound drivers/net/ipvlan/ipvlan_core.c:431 [inline]
 ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:525 [inline]
 ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:587 [inline]
 ipvlan_queue_xmit+0x1e06/0x36c0 drivers/net/ipvlan/ipvlan_core.c:650
 ipvlan_start_xmit+0xa1/0x290 drivers/net/ipvlan/ipvlan_main.c:222
 __netdev_start_xmit include/linux/netdevice.h:4988 [inline]
 netdev_start_xmit include/linux/netdevice.h:5002 [inline]
 xmit_one+0x2eb/0x760 net/core/dev.c:3582
 dev_hard_start_xmit+0x18f/0x440 net/core/dev.c:3598
 __dev_queue_xmit+0x2092/0x2c80 net/core/dev.c:4209
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4242
 packet_snd net/packet/af_packet.c:3017 [inline]
 packet_sendmsg+0x8970/0x9c80 net/packet/af_packet.c:3044
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmmsg+0xa31/0xf50 net/socket.c:2549
 __do_sys_sendmmsg net/socket.c:2578 [inline]
 __se_sys_sendmmsg net/socket.c:2575 [inline]
 __x64_sys_sendmmsg+0x11c/0x170 net/socket.c:2575
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was stored to memory at:
 ipvlan_process_v4_outbound drivers/net/ipvlan/ipvlan_core.c:422 [inline]
 ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:525 [inline]
 ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:587 [inline]
 ipvlan_queue_xmit+0x24d9/0x36c0 drivers/net/ipvlan/ipvlan_core.c:650
 ipvlan_start_xmit+0xa1/0x290 drivers/net/ipvlan/ipvlan_main.c:222
 __netdev_start_xmit include/linux/netdevice.h:4988 [inline]
 netdev_start_xmit include/linux/netdevice.h:5002 [inline]
 xmit_one+0x2eb/0x760 net/core/dev.c:3582
 dev_hard_start_xmit+0x18f/0x440 net/core/dev.c:3598
 __dev_queue_xmit+0x2092/0x2c80 net/core/dev.c:4209
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4242
 packet_snd net/packet/af_packet.c:3017 [inline]
 packet_sendmsg+0x8970/0x9c80 net/packet/af_packet.c:3044
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmmsg+0xa31/0xf50 net/socket.c:2549
 __do_sys_sendmmsg net/socket.c:2578 [inline]
 __se_sys_sendmmsg net/socket.c:2575 [inline]
 __x64_sys_sendmmsg+0x11c/0x170 net/socket.c:2575
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:524 [inline]
 slab_alloc_node mm/slub.c:3227 [inline]
 __kmalloc_node_track_caller+0xa3b/0x13c0 mm/slub.c:4962
 kmalloc_reserve net/core/skbuff.c:356 [inline]
 __alloc_skb+0x4db/0xe40 net/core/skbuff.c:427
 alloc_skb include/linux/skbuff.h:1116 [inline]
 alloc_skb_with_frags+0x1dc/0xc10 net/core/skbuff.c:6083
 sock_alloc_send_pskb+0xe37/0x1010 net/core/sock.c:2493
 packet_alloc_skb net/packet/af_packet.c:2865 [inline]
 packet_snd net/packet/af_packet.c:2960 [inline]
 packet_sendmsg+0x6986/0x9c80 net/packet/af_packet.c:3044
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmmsg+0xa31/0xf50 net/socket.c:2549
 __do_sys_sendmmsg net/socket.c:2578 [inline]
 __se_sys_sendmmsg net/socket.c:2575 [inline]
 __x64_sys_sendmmsg+0x11c/0x170 net/socket.c:2575
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/11/30 08:48 https://github.com/google/kmsan.git master a535b0caaa2f d0830353 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ip_route_output_key_hash_rcu
* Struck through repros no longer work on HEAD.