syzbot

 sign-in | mailing list | source | docs
🐞 Open [962] Subsystems 🐞 Fixed [4564] 🐞 Invalid [10526] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in xfrm_state_find

Status: upstream: reported C repro on 2018/06/15 07:30
Labels: net (incorrect?)
Reported-by: syzbot+131cd4c6d21724b99a26@syzkaller.appspotmail.com
First crash: 1846d, last: 16d

Cause bisection: failed (error log, bisect log)
Discussions (3)
Title Replies (including bot) Last reply
Reminder: 26 open syzbot bugs in "net/xfrm" subsystem 1 (1) 2019/07/24 01:42
Reminder: 27 open syzbot bugs in "net/xfrm" subsystem 1 (1) 2019/06/25 05:51
KMSAN: uninit-value in xfrm_state_find 1 (2) 2018/06/15 07:31
Similar bugs (16)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 KASAN: stack-out-of-bounds Read in xfrm_state_find C 1 155d 155d 0/2 upstream: reported C repro on 2023/01/01 01:05
android-5-15 KASAN: stack-out-of-bounds Read in xfrm_state_find origin:upstream C error 2 2d00h 155d 0/2 upstream: reported C repro on 2023/01/01 00:40
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find (2) syz error error 1 155d 155d 0/2 auto-obsoleted due to no activity on 2023/05/14 02:28
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find 1 574d 574d 0/2 closed as invalid on 2022/02/03 13:56
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (3) net C 10353 1955d 2022d 4/24 fixed on 2018/01/31 00:24
android-44 KASAN: stack-out-of-bounds Read in xfrm_state_find C 842 1282d 1515d 0/2 public: reported C repro on 2019/04/12 00:00
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (5) net C done 654 1587d 1890d 14/24 fixed on 2019/11/11 16:48
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find C 365 2050d 2123d 0/24 closed as invalid on 2017/10/23 16:19
android-49 KASAN: stack-out-of-bounds Read in xfrm_state_find C 4151 1615d 2127d 0/3 closed as invalid on 2019/01/01 20:10
android-414 KASAN: stack-out-of-bounds Read in xfrm_state_find C 137 1589d 1516d 0/1 public: reported C repro on 2019/04/11 00:00
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (2) net C 93 2033d 2041d 3/24 fixed on 2017/11/18 01:42
android-49 KASAN: stack-out-of-bounds Read in xfrm_state_find (2) C 392 1279d 1515d 0/3 public: reported C repro on 2019/04/11 08:44
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (4) net C 102 1899d 1950d 4/24 fixed on 2018/03/23 18:14
upstream KMSAN: uninit-value in virtqueue_add (3) 13 213d 505d 0/24 auto-obsoleted due to no activity on 2023/02/12 03:53
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 100d 452d 24/24 fixed on 2023/02/24 13:50
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) net C 748 453d 542d 22/24 fixed on 2022/03/08 16:11
Last patch testing requests (1)
Created Duration User Patch Repo Result
2020/10/31 23:48 1h00m anant.thazhemadam@gmail.com https://github.com/google/kmsan.git master error
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2023/05/03 12:01 24m bisect fix upstream job log (0) log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in xfrm_state_find+0x1614/0x61f0 net/xfrm/xfrm_state.c:1094
 xfrm_state_find+0x1614/0x61f0 net/xfrm/xfrm_state.c:1094
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2392 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2437 [inline]
 xfrm_resolve_and_create_bundle+0x7dd/0x4ed0 net/xfrm/xfrm_policy.c:2730
 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2965 [inline]
 xfrm_lookup_with_ifid+0xd3f/0x4120 net/xfrm/xfrm_policy.c:3096
 xfrm_lookup net/xfrm/xfrm_policy.c:3193 [inline]
 xfrm_lookup_route+0x5f/0x2b0 net/xfrm/xfrm_policy.c:3204
 ip_route_output_flow+0x29b/0x340 net/ipv4/route.c:2880
 ip_route_output_ports include/net/route.h:183 [inline]
 igmpv3_newpack+0x43b/0x1440 net/ipv4/igmp.c:369
 add_grhead+0x86/0x390 net/ipv4/igmp.c:440
 add_grec+0x2185/0x2380 net/ipv4/igmp.c:574
 igmpv3_send_cr net/ipv4/igmp.c:711 [inline]
 igmp_ifc_timer_expire+0x11b6/0x1f30 net/ipv4/igmp.c:810
 call_timer_fn+0x43/0x480 kernel/time/timer.c:1474
 expire_timers+0x272/0x610 kernel/time/timer.c:1519
 __run_timers+0x5bd/0x8c0 kernel/time/timer.c:1790
 run_timer_softirq+0x64/0xe0 kernel/time/timer.c:1803
 __do_softirq+0x1c5/0x7b9 kernel/softirq.c:571
 invoke_softirq+0x8f/0x100 kernel/softirq.c:445
 __irq_exit_rcu+0x5a/0x110 kernel/softirq.c:650
 irq_exit_rcu+0xe/0x10 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x9a/0xc0 arch/x86/kernel/apic/apic.c:1107
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649
 arch_ptrace+0x27b/0x470 arch/x86/kernel/ptrace.c:828
 __do_sys_ptrace kernel/ptrace.c:1296 [inline]
 __se_sys_ptrace+0x2e5/0x780 kernel/ptrace.c:1269
 __x64_sys_ptrace+0xb9/0x110 kernel/ptrace.c:1269
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Local variable fl4 created at:
 igmpv3_newpack+0x7e/0x1440 net/ipv4/igmp.c:353
 add_grhead+0x86/0x390 net/ipv4/igmp.c:440

CPU: 1 PID: 3479 Comm: strace-static-x Not tainted 6.1.0-syzkaller-64311-g5c6259d6d19f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
=====================================================

Crashes (215):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/01/01 03:30 https://github.com/google/kmsan.git master 5c6259d6d19f ab32d508 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/02/27 18:10 upstream f3a2439f20d9 e792ae78 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/01/01 04:43 upstream e4cf7c25bae5 ab32d508 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/01/01 01:05 net-old d039535850ee ab32d508 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/01/01 08:10 net-next-old c183e6c3ec34 ab32d508 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/04/01 02:38 linux-next 4b0f4525dc4f f325deb0 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: stack-out-of-bounds Read in xfrm_state_find
2018/09/30 15:27 https://github.com/google/kmsan.git master 2b752aff835d 41e4b329 .config console log report syz C ci-upstream-kmsan-gce
2018/08/30 18:31 https://github.com/google/kmsan.git master 25114c64b719 938220fd .config console log report syz C ci-upstream-kmsan-gce
2018/06/16 20:45 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config console log report syz C ci-upstream-kmsan-gce
2018/05/16 02:19 https://github.com/google/kmsan.git master 06b2df0593a8 68ce85f1 .config console log report syz C ci-upstream-kmsan-gce
2018/05/15 17:12 https://github.com/google/kmsan.git master 1df165c8d2d6 661fd7b9 .config console log report syz C ci-upstream-kmsan-gce
2018/05/15 16:05 https://github.com/google/kmsan.git master 1df165c8d2d6 661fd7b9 .config console log report syz C ci-upstream-kmsan-gce
2023/05/19 12:13 https://github.com/google/kmsan.git master dad188c049f8 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/05/16 13:27 https://github.com/google/kmsan.git master dad188c049f8 11c89444 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/05/09 00:50 https://github.com/google/kmsan.git master 81af97bdef5e f4168103 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/04/01 18:12 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/17 14:29 https://github.com/google/kmsan.git master 34add094f9de 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/10 06:09 https://github.com/google/kmsan.git master e61893130d87 f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/01 08:07 https://github.com/google/kmsan.git master 97e36f4aa06f 95aee97a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/02/02 09:32 https://github.com/google/kmsan.git master eda666ff2276 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/22 21:59 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/15 12:36 https://github.com/google/kmsan.git master e919e2b1bc1c a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/12 07:23 https://github.com/google/kmsan.git master 219e919e391d 96166539 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/09 11:55 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/12/22 22:15 https://github.com/google/kmsan.git master 5c6259d6d19f 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/22 06:30 https://github.com/google/kmsan.git master 968c2729e576 c0b80a55 .config console log report info [disk image] [vmlinux] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/20 14:36 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config console log report info [disk image] [vmlinux] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/17 10:10 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/08 02:28 https://github.com/google/kmsan.git master 968c2729e576 0de35f24 .config console log report info [disk image] [vmlinux] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/20 19:49 https://github.com/google/kmsan.git master 97117d69c353 88cb1383 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/13 09:09 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/13 07:27 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/11 13:23 https://github.com/google/kmsan.git master 97117d69c353 da3d6955 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/02 03:28 https://github.com/google/kmsan.git master 97117d69c353 1434eec0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/01 14:12 https://github.com/google/kmsan.git master ef4d99f50920 1434eec0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/22 22:52 https://github.com/google/kmsan.git master 4b28366af7d9 912f5df7 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/20 15:56 https://github.com/google/kmsan.git master eb5e8c791e57 8d15e28d .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/20 07:00 https://github.com/google/kmsan.git master 74df87f93710 8f633d84 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/17 03:53 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/16 18:59 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/24 01:23 https://github.com/google/kmsan.git master c5c93da9af13 e7f9308d .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/22 12:29 https://github.com/google/kmsan.git master c5c93da9af13 7268fa62 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/16 12:41 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/14 10:13 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/10 23:49 https://github.com/google/kmsan.git master d6e2c8c7eb40 8d7b3b67 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/08 18:29 https://github.com/google/kmsan.git master d6e2c8c7eb40 e60b1103 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/04 16:37 https://github.com/google/kmsan.git master d6e2c8c7eb40 dc9e5259 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/04 00:01 https://github.com/google/kmsan.git master d6e2c8c7eb40 dc9e5259 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/04/30 16:51 https://github.com/google/kmsan.git master d6e2c8c7eb40 2df221f6 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/04/29 16:07 https://github.com/google/kmsan.git master d6e2c8c7eb40 44a5ca63 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/14 09:26 https://github.com/google/kmsan.git master 34add094f9de 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2023/03/13 22:46 https://github.com/google/kmsan.git master 34add094f9de 026e2200 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/09/01 17:27 https://github.com/google/kmsan.git master e23a6cc335d5 86c46e46 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/07/20 05:35 https://github.com/google/kmsan.git master 97117d69c353 775344bc .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/06/28 19:22 https://github.com/google/kmsan.git master ec1cbf8b060e 496a8536 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/06/14 02:58 https://github.com/google/kmsan.git master 2f3064574275 0f087040 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/05/19 16:25 https://github.com/google/kmsan.git master c5c93da9af13 50c53f39 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/05/14 17:43 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/05/02 02:19 https://github.com/google/kmsan.git master d6e2c8c7eb40 2df221f6 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2021/04/17 00:40 net-next-old e7ad33fa7bc5 7e2b734b .config console log report info ci-upstream-net-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2022/12/15 11:48 linux-next 459c73db4069 6f9c033e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-out-of-bounds Read in xfrm_state_find
2021/01/17 13:49 https://github.com/google/kmsan.git master 73d62e81b476 813be542 .config console log report info ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.