syzbot

 sign-in | mailing list | source | docs
🐞 Open [1136] 🐞 Fixed [4220] 🐞 Invalid [9372] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in xfrm_state_find

Status: upstream: reported C repro on 2018/06/15 07:30
Reported-by: syzbot+131cd4c6d21724b99a26@syzkaller.appspotmail.com
First crash: 1669d, last: 48d
similar bugs (10):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find 1 397d 397d 0/2 closed as invalid on 2022/02/03 13:56
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (3) C 10353 1778d 1845d 4/24 fixed on 2018/01/31 00:24
android-44 KASAN: stack-out-of-bounds Read in xfrm_state_find C 842 1105d 1338d 0/2 public: reported C repro on 2019/04/12 00:00
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (5) C done 654 1410d 1712d 14/24 fixed on 2019/11/11 16:48
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find C 365 1873d 1946d 0/24 closed as invalid on 2017/10/23 16:19
android-49 KASAN: stack-out-of-bounds Read in xfrm_state_find C 4151 1438d 1949d 0/3 closed as invalid on 2019/01/01 20:10
android-414 KASAN: stack-out-of-bounds Read in xfrm_state_find C 137 1412d 1339d 0/1 public: reported C repro on 2019/04/11 00:00
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (2) C 93 1855d 1864d 3/24 fixed on 2017/11/18 01:42
android-49 KASAN: stack-out-of-bounds Read in xfrm_state_find (2) C 392 1102d 1338d 0/3 public: reported C repro on 2019/04/11 08:44
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (4) C 102 1722d 1773d 4/24 fixed on 2018/03/23 18:14
Patch testing requests:
Created Duration User Patch Repo Result
2020/10/31 23:48 1h00m anant.thazhemadam@gmail.com https://github.com/google/kmsan.git master error

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
==================================================================
BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
BUG: KMSAN: uninit-value in __fswab32 include/uapi/linux/swab.h:59 [inline]
BUG: KMSAN: uninit-value in __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
BUG: KMSAN: uninit-value in __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
BUG: KMSAN: uninit-value in xfrm_dst_hash net/xfrm/xfrm_state.c:61 [inline]
BUG: KMSAN: uninit-value in xfrm_state_find+0x2723/0x4ae0 net/xfrm/xfrm_state.c:952
CPU: 0 PID: 4855 Comm: syz-executor277 Not tainted 4.19.0-rc4+ #61
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x2f6/0x430 lib/dump_stack.c:113
 kmsan_report+0x183/0x2b0 mm/kmsan/kmsan.c:917
 __msan_warning+0x70/0xc0 mm/kmsan/kmsan_instr.c:500
 __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
 __fswab32 include/uapi/linux/swab.h:59 [inline]
 __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
 __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
 xfrm_dst_hash net/xfrm/xfrm_state.c:61 [inline]
 xfrm_state_find+0x2723/0x4ae0 net/xfrm/xfrm_state.c:952
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:1413 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:1458 [inline]
 xfrm_resolve_and_create_bundle+0xa06/0x49a0 net/xfrm/xfrm_policy.c:1753
 xfrm_lookup_with_ifid+0x9c7/0x3e60 net/xfrm/xfrm_policy.c:2076
 xfrm_lookup net/xfrm/xfrm_policy.c:2200 [inline]
 xfrm_lookup_route+0x104/0x370 net/xfrm/xfrm_policy.c:2211
 ip_route_output_flow+0x33f/0x3a0 net/ipv4/route.c:2592
 udp_sendmsg+0x2c6a/0x3cd0 net/ipv4/udp.c:1082
 udpv6_sendmsg+0x12e2/0x4cf0 net/ipv6/udp.c:1196
 inet_sendmsg+0x4c5/0x7d0 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:621 [inline]
 sock_sendmsg net/socket.c:631 [inline]
 ___sys_sendmsg+0xe70/0x1290 net/socket.c:2114
 __sys_sendmmsg+0x4ac/0x930 net/socket.c:2209
 __do_sys_sendmmsg net/socket.c:2238 [inline]
 __se_sys_sendmmsg+0xbd/0xe0 net/socket.c:2235
 __x64_sys_sendmmsg+0x56/0x70 net/socket.c:2235
 do_syscall_64+0xb8/0x100 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x4403f9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffca93ab3b8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403f9
RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401c80
R13: 0000000000401d10 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----fl4_stack@udp_sendmsg
Variable was created at:
 udp_sendmsg+0x105/0x3cd0 net/ipv4/udp.c:904
 udpv6_sendmsg+0x12e2/0x4cf0 net/ipv6/udp.c:1196
==================================================================

Crashes (193):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2018/09/30 15:27 https://github.com/google/kmsan.git master 2b752aff835d 41e4b329 .config log report syz C
ci-upstream-kmsan-gce 2018/08/30 18:31 https://github.com/google/kmsan.git master 25114c64b719 938220fd .config log report syz C
ci-upstream-kmsan-gce 2018/06/16 20:45 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config log report syz C
ci-upstream-kmsan-gce 2018/05/16 02:19 https://github.com/google/kmsan.git master 06b2df0593a8 68ce85f1 .config log report syz C
ci-upstream-kmsan-gce 2018/05/15 17:12 https://github.com/google/kmsan.git master 1df165c8d2d6 661fd7b9 .config log report syz C
ci-upstream-kmsan-gce 2018/05/15 16:05 https://github.com/google/kmsan.git master 1df165c8d2d6 661fd7b9 .config log report syz C
ci-upstream-kmsan-gce 2022/10/22 06:30 https://github.com/google/kmsan.git master 968c2729e576 c0b80a55 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/10/20 14:36 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/10/17 10:10 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/10/08 02:28 https://github.com/google/kmsan.git master 968c2729e576 0de35f24 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/07/20 19:49 https://github.com/google/kmsan.git master 97117d69c353 88cb1383 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/07/13 09:09 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/07/13 07:27 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/07/11 13:23 https://github.com/google/kmsan.git master 97117d69c353 da3d6955 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/07/02 03:28 https://github.com/google/kmsan.git master 97117d69c353 1434eec0 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/07/01 14:12 https://github.com/google/kmsan.git master ef4d99f50920 1434eec0 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/06/22 22:52 https://github.com/google/kmsan.git master 4b28366af7d9 912f5df7 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/06/20 15:56 https://github.com/google/kmsan.git master eb5e8c791e57 8d15e28d .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/06/20 07:00 https://github.com/google/kmsan.git master 74df87f93710 8f633d84 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/06/17 03:53 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/06/16 18:59 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/05/24 01:23 https://github.com/google/kmsan.git master c5c93da9af13 e7f9308d .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/05/22 12:29 https://github.com/google/kmsan.git master c5c93da9af13 7268fa62 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/05/16 12:41 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/05/14 10:13 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/05/10 23:49 https://github.com/google/kmsan.git master d6e2c8c7eb40 8d7b3b67 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/05/08 18:29 https://github.com/google/kmsan.git master d6e2c8c7eb40 e60b1103 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/05/04 16:37 https://github.com/google/kmsan.git master d6e2c8c7eb40 dc9e5259 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/05/04 00:01 https://github.com/google/kmsan.git master d6e2c8c7eb40 dc9e5259 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/04/30 16:51 https://github.com/google/kmsan.git master d6e2c8c7eb40 2df221f6 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/04/29 16:07 https://github.com/google/kmsan.git master d6e2c8c7eb40 44a5ca63 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/04/29 14:29 https://github.com/google/kmsan.git master d6e2c8c7eb40 e9076525 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/04/24 02:52 https://github.com/google/kmsan.git master b834db009dc5 131df97d .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/04/23 10:06 https://github.com/google/kmsan.git master b834db009dc5 131df97d .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/04/07 21:39 https://github.com/google/kmsan.git master 33d9269ef6e0 c6ff3e05 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2022/02/02 14:58 https://github.com/google/kmsan.git master 85cfd6e539bd 4ebb2798 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2021/12/14 16:38 https://github.com/google/kmsan.git master b1e1bb6f7a2e d018dd31 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2021/10/17 16:32 https://github.com/google/kmsan.git master d6493d2046c4 0c5d9412 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2021/08/22 14:21 https://github.com/google/kmsan.git master 40b1d724c752 b599f2fc .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2021/08/21 22:31 https://github.com/google/kmsan.git master 40b1d724c752 b599f2fc .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2021/07/16 00:19 https://github.com/google/kmsan.git master 57b5797c8013 f115ae98 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce 2021/07/15 19:07 https://github.com/google/kmsan.git master 57b5797c8013 b9a2f64e .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386 2022/09/01 17:27 https://github.com/google/kmsan.git master e23a6cc335d5 86c46e46 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386 2022/07/20 05:35 https://github.com/google/kmsan.git master 97117d69c353 775344bc .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386 2022/06/28 19:22 https://github.com/google/kmsan.git master ec1cbf8b060e 496a8536 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386 2022/06/14 02:58 https://github.com/google/kmsan.git master 2f3064574275 0f087040 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386 2022/05/19 16:25 https://github.com/google/kmsan.git master c5c93da9af13 50c53f39 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386 2022/05/14 17:43 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386 2022/05/02 02:19 https://github.com/google/kmsan.git master d6e2c8c7eb40 2df221f6 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386 2021/12/31 11:17 https://github.com/google/kmsan.git master 81c325bbf94e 36bd2e48 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386 2021/12/15 00:00 https://github.com/google/kmsan.git master b1e1bb6f7a2e d018dd31 .config log report info KMSAN: uninit-value in xfrm_state_find
ci-upstream-net-kasan-gce 2021/04/17 00:40 net-next e7ad33fa7bc5 7e2b734b .config log report info KASAN: stack-out-of-bounds Read in xfrm_state_find
ci-upstream-kmsan-gce 2021/01/17 13:49 https://github.com/google/kmsan.git master 73d62e81b476 813be542 .config log report info
* Struck through repros no longer work on HEAD.