syzbot

 sign-in | mailing list | source | docs
🐞 Open [1598]
Subsystems
🐞 Fixed [6231]
🐞 Invalid [15772]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in xfrm_state_find (3)

Status: closed as invalid on 2024/10/09 09:35
Subsystems: net
[Documentation on labels]
First crash: 259d, last: 259d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in xfrm_state_find (2) net 19 401d 560d 0/28 auto-obsoleted due to no activity on 2024/07/18 11:50
upstream KASAN: slab-out-of-bounds Read in xfrm_state_find net 10 17d 170d 28/28 fixed on 2025/05/06 15:33
upstream KMSAN: uninit-value in xfrm_state_find net C error done 215 727d 2527d 22/28 fixed on 2023/07/01 16:05
android-54 KASAN: stack-out-of-bounds Read in xfrm_state_find C 1 866d 866d 0/2 upstream: reported C repro on 2023/01/01 01:05
android-5-15 KASAN: stack-out-of-bounds Read in xfrm_state_find origin:upstream missing-backport C error error 2 381d 866d 0/2 upstream: reported C repro on 2023/01/01 00:40
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find (2) syz error error 1 866d 866d 0/2 auto-obsoleted due to no activity on 2023/05/14 02:28
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find 1 1285d 1285d 0/2 closed as invalid on 2022/02/03 13:56

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in xfrm_state_find+0x17d0/0x8a40 net/xfrm/xfrm_state.c:1219
 xfrm_state_find+0x17d0/0x8a40 net/xfrm/xfrm_state.c:1219
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2489 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2540 [inline]
 xfrm_resolve_and_create_bundle+0x7d7/0x51f0 net/xfrm/xfrm_policy.c:2834
 xfrm_lookup_with_ifid+0x3f7/0x35b0 net/xfrm/xfrm_policy.c:3168
 xfrm_lookup net/xfrm/xfrm_policy.c:3297 [inline]
 xfrm_lookup_route+0x63/0x2b0 net/xfrm/xfrm_policy.c:3308
 ip_route_output_flow+0x21d/0x2b0 net/ipv4/route.c:2859
 ip_route_connect include/net/route.h:334 [inline]
 __ip4_datagram_connect+0xbfc/0x1290 net/ipv4/datagram.c:49
 __ip6_datagram_connect+0x200/0x1580
 ip6_datagram_connect net/ipv6/datagram.c:279 [inline]
 ip6_datagram_connect_v6_only+0xa7/0x110 net/ipv6/datagram.c:291
 inet_dgram_connect+0x2e9/0x6a0 net/ipv4/af_inet.c:594
 __sys_connect_file net/socket.c:2061 [inline]
 __sys_connect+0x606/0x690 net/socket.c:2078
 __do_sys_connect net/socket.c:2088 [inline]
 __se_sys_connect net/socket.c:2085 [inline]
 __x64_sys_connect+0x91/0xe0 net/socket.c:2085
 x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable tmp.i.i created at:
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2467 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2540 [inline]
 xfrm_resolve_and_create_bundle+0x36c/0x51f0 net/xfrm/xfrm_policy.c:2834
 xfrm_lookup_with_ifid+0x3f7/0x35b0 net/xfrm/xfrm_policy.c:3168

CPU: 1 UID: 0 PID: 29847 Comm: syz.1.10915 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/30 09:07 upstream 20371ba12063 54fe8471 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in xfrm_state_find
* Struck through repros no longer work on HEAD.