syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| upstream | KMSAN: uninit-value in nf_conntrack_tcp_packet netfilter | 7 | syz | 3 | 2204d | 2207d | 15/29 | fixed on 2020/01/08 01:06 | ||
| upstream | KMSAN: uninit-value in nf_conntrack_tcp_packet (2) netfilter | 7 | 3 | 1978d | 1978d | 0/29 | closed as invalid on 2020/07/22 14:12 |
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. ===================================================== BUG: KMSAN: uninit-value in tcp_in_window net/netfilter/nf_conntrack_proto_tcp.c:607 [inline] BUG: KMSAN: uninit-value in nf_conntrack_tcp_packet+0x50fb/0x91a0 net/netfilter/nf_conntrack_proto_tcp.c:1119 tcp_in_window net/netfilter/nf_conntrack_proto_tcp.c:607 [inline] nf_conntrack_tcp_packet+0x50fb/0x91a0 net/netfilter/nf_conntrack_proto_tcp.c:1119 nf_conntrack_handle_packet net/netfilter/nf_conntrack_core.c:1827 [inline] nf_conntrack_in+0x1260/0x2fe0 net/netfilter/nf_conntrack_core.c:1918 ipv6_conntrack_local+0x68/0x80 net/netfilter/nf_conntrack_proto.c:414 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline] nf_hook_slow+0x184/0x480 net/netfilter/core.c:619 nf_hook include/linux/netfilter.h:262 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ip6_xmit+0x27b6/0x2880 net/ipv6/ip6_output.c:324 tcp_v6_send_synack+0x13ae/0x1500 net/ipv6/tcp_ipv6.c:561 tcp_conn_request+0x2f28/0x4c70 net/ipv4/tcp_input.c:6945 tcp_v6_conn_request+0x406/0x550 net/ipv6/tcp_ipv6.c:1215 tcp_rcv_state_process+0x2c5/0x3280 net/ipv4/tcp_input.c:6406 tcp_v6_do_rcv+0x1487/0x2030 net/ipv6/tcp_ipv6.c:1546 tcp_v6_rcv+0x4496/0x4d80 net/ipv6/tcp_ipv6.c:1754 ip6_protocol_deliver_rcu+0xe7c/0x2ab0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] ip6_input+0x130/0x390 net/ipv6/ip6_input.c:472 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish+0x670/0x850 net/ipv6/ip6_input.c:76 NF_HOOK include/linux/netfilter.h:307 [inline] ipv6_rcv+0x1d1/0x460 net/ipv6/ip6_input.c:297 __netif_receive_skb_one_core net/core/dev.c:5465 [inline] __netif_receive_skb+0x1ec/0x630 net/core/dev.c:5579 process_backlog+0x54b/0xc10 net/core/dev.c:6455 __napi_poll+0x14c/0xc00 net/core/dev.c:7023 napi_poll net/core/dev.c:7090 [inline] net_rx_action+0x7e2/0x1820 net/core/dev.c:7177 __do_softirq+0x1ee/0x7c5 kernel/softirq.c:558 do_softirq+0x16d/0x220 kernel/softirq.c:459 __local_bh_enable_ip+0xd5/0xe0 kernel/softirq.c:383 local_bh_enable+0x36/0x40 include/linux/bottom_half.h:33 rcu_read_unlock_bh include/linux/rcupdate.h:758 [inline] ip6_finish_output2+0x24e2/0x2c50 net/ipv6/ip6_output.c:127 __ip6_finish_output+0xf46/0x10a0 net/ipv6/ip6_output.c:191 ip6_finish_output+0x15c/0x4d0 net/ipv6/ip6_output.c:201 NF_HOOK_COND include/linux/netfilter.h:296 [inline] ip6_output+0x4ac/0x7f0 net/ipv6/ip6_output.c:224 dst_output include/net/dst.h:450 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] ip6_xmit+0x20da/0x2880 net/ipv6/ip6_output.c:324 inet6_csk_xmit+0x5b4/0x720 net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0x4ac6/0x5cd0 net/ipv4/tcp_output.c:1402 tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline] tcp_send_syn_data net/ipv4/tcp_output.c:3798 [inline] tcp_connect+0x3052/0x3ce0 net/ipv4/tcp_output.c:3837 tcp_v6_connect+0x2883/0x2af0 net/ipv6/tcp_ipv6.c:334 __inet_stream_connect+0x456/0x1830 net/ipv4/af_inet.c:660 tcp_sendmsg_fastopen+0x897/0xc20 net/ipv4/tcp.c:1162 tcp_sendmsg_locked+0xb40/0x6dc0 net/ipv4/tcp.c:1204 tcp_sendmsg+0xb2/0x100 net/ipv4/tcp.c:1440 inet6_sendmsg+0x15b/0x1d0 net/ipv6/af_inet6.c:644 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] __sys_sendto+0x9ef/0xc70 net/socket.c:2036 __do_sys_sendto net/socket.c:2048 [inline] __se_sys_sendto net/socket.c:2044 [inline] __ia32_sys_sendto+0x1a4/0x220 net/socket.c:2044 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c Uninit was stored to memory at: tcp_in_window net/netfilter/nf_conntrack_proto_tcp.c:507 [inline] nf_conntrack_tcp_packet+0x47d3/0x91a0 net/netfilter/nf_conntrack_proto_tcp.c:1119 nf_conntrack_handle_packet net/netfilter/nf_conntrack_core.c:1827 [inline] nf_conntrack_in+0x1260/0x2fe0 net/netfilter/nf_conntrack_core.c:1918 ipv6_conntrack_local+0x68/0x80 net/netfilter/nf_conntrack_proto.c:414 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline] nf_hook_slow+0x184/0x480 net/netfilter/core.c:619 nf_hook include/linux/netfilter.h:262 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ip6_xmit+0x27b6/0x2880 net/ipv6/ip6_output.c:324 tcp_v6_send_synack+0x13ae/0x1500 net/ipv6/tcp_ipv6.c:561 tcp_conn_request+0x2f28/0x4c70 net/ipv4/tcp_input.c:6945 tcp_v6_conn_request+0x406/0x550 net/ipv6/tcp_ipv6.c:1215 tcp_rcv_state_process+0x2c5/0x3280 net/ipv4/tcp_input.c:6406 tcp_v6_do_rcv+0x1487/0x2030 net/ipv6/tcp_ipv6.c:1546 tcp_v6_rcv+0x4496/0x4d80 net/ipv6/tcp_ipv6.c:1754 ip6_protocol_deliver_rcu+0xe7c/0x2ab0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] ip6_input+0x130/0x390 net/ipv6/ip6_input.c:472 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish+0x670/0x850 net/ipv6/ip6_input.c:76 NF_HOOK include/linux/netfilter.h:307 [inline] ipv6_rcv+0x1d1/0x460 net/ipv6/ip6_input.c:297 __netif_receive_skb_one_core net/core/dev.c:5465 [inline] __netif_receive_skb+0x1ec/0x630 net/core/dev.c:5579 process_backlog+0x54b/0xc10 net/core/dev.c:6455 __napi_poll+0x14c/0xc00 net/core/dev.c:7023 napi_poll net/core/dev.c:7090 [inline] net_rx_action+0x7e2/0x1820 net/core/dev.c:7177 __do_softirq+0x1ee/0x7c5 kernel/softirq.c:558 Uninit was stored to memory at: tcp_make_synack+0x1832/0x1c00 net/ipv4/tcp_output.c:3576 tcp_v6_send_synack+0x259/0x1500 net/ipv6/tcp_ipv6.c:538 tcp_conn_request+0x2f28/0x4c70 net/ipv4/tcp_input.c:6945 tcp_v6_conn_request+0x406/0x550 net/ipv6/tcp_ipv6.c:1215 tcp_rcv_state_process+0x2c5/0x3280 net/ipv4/tcp_input.c:6406 tcp_v6_do_rcv+0x1487/0x2030 net/ipv6/tcp_ipv6.c:1546 tcp_v6_rcv+0x4496/0x4d80 net/ipv6/tcp_ipv6.c:1754 ip6_protocol_deliver_rcu+0xe7c/0x2ab0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] ip6_input+0x130/0x390 net/ipv6/ip6_input.c:472 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish+0x670/0x850 net/ipv6/ip6_input.c:76 NF_HOOK include/linux/netfilter.h:307 [inline] ipv6_rcv+0x1d1/0x460 net/ipv6/ip6_input.c:297 __netif_receive_skb_one_core net/core/dev.c:5465 [inline] __netif_receive_skb+0x1ec/0x630 net/core/dev.c:5579 process_backlog+0x54b/0xc10 net/core/dev.c:6455 __napi_poll+0x14c/0xc00 net/core/dev.c:7023 napi_poll net/core/dev.c:7090 [inline] net_rx_action+0x7e2/0x1820 net/core/dev.c:7177 __do_softirq+0x1ee/0x7c5 kernel/softirq.c:558 Uninit was stored to memory at: tcp_conn_request+0x3aa5/0x4c70 net/ipv4/tcp_input.c:6918 tcp_v6_conn_request+0x406/0x550 net/ipv6/tcp_ipv6.c:1215 tcp_rcv_state_process+0x2c5/0x3280 net/ipv4/tcp_input.c:6406 tcp_v6_do_rcv+0x1487/0x2030 net/ipv6/tcp_ipv6.c:1546 tcp_v6_rcv+0x4496/0x4d80 net/ipv6/tcp_ipv6.c:1754 ip6_protocol_deliver_rcu+0xe7c/0x2ab0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] ip6_input+0x130/0x390 net/ipv6/ip6_input.c:472 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish+0x670/0x850 net/ipv6/ip6_input.c:76 NF_HOOK include/linux/netfilter.h:307 [inline] ipv6_rcv+0x1d1/0x460 net/ipv6/ip6_input.c:297 __netif_receive_skb_one_core net/core/dev.c:5465 [inline] __netif_receive_skb+0x1ec/0x630 net/core/dev.c:5579 process_backlog+0x54b/0xc10 net/core/dev.c:6455 __napi_poll+0x14c/0xc00 net/core/dev.c:7023 napi_poll net/core/dev.c:7090 [inline] net_rx_action+0x7e2/0x1820 net/core/dev.c:7177 __do_softirq+0x1ee/0x7c5 kernel/softirq.c:558 Local variable combined.i12 created at: cookie_hash net/ipv6/syncookies.c:50 [inline] secure_tcp_syn_cookie+0x1f0/0x590 net/ipv6/syncookies.c:71 __cookie_v6_init_sequence net/ipv6/syncookies.c:104 [inline] cookie_v6_init_sequence+0x411/0x470 net/ipv6/syncookies.c:114 CPU: 1 PID: 7824 Comm: syz-executor.1 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 =====================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2022/01/30 15:45 | https://github.com/google/kmsan.git master | 85cfd6e539bd | 495e00c5 | .config | console log | report | info | ci-upstream-kmsan-gce-386 | KMSAN: uninit-value in nf_conntrack_tcp_packet | |||
| 2021/12/08 05:06 | https://github.com/google/kmsan.git master | 8b936c96768e | 0230ba3e | .config | console log | report | info | ci-upstream-kmsan-gce-386 | KMSAN: uninit-value in nf_conntrack_tcp_packet |