syzbot

 sign-in | mailing list | source | docs
🐞 Open [1525]
Subsystems
🐞 Fixed [6466]
🐞 Invalid [16390]
Missing Backports [198]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in xfrm_state_find

Status: fixed on 2023/07/01 16:05
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+131cd4c6d21724b99a26@syzkaller.appspotmail.com
Fix commit: 3d776e31c841 xfrm: Reject optional tunnel/BEET mode templates in outbound policies
First crash: 2632d, last: 802d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit 3d776e31c841ba2f69895d2255a49320bec7cea6
Author: Tobias Brunner <tobias@strongswan.org>
Date: Tue May 9 08:59:58 2023 +0000

  xfrm: Reject optional tunnel/BEET mode templates in outbound policies

  
Discussions (3)
Title Replies (including bot) Last reply
KMSAN: uninit-value in xfrm_state_find 2 (4) 2023/06/20 09:13
Reminder: 26 open syzbot bugs in "net/xfrm" subsystem 1 (1) 2019/07/24 01:42
Reminder: 27 open syzbot bugs in "net/xfrm" subsystem 1 (1) 2019/06/25 05:51
Similar bugs (20)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in xfrm_state_find (2) net 17 19 476d 634d 0/29 auto-obsoleted due to no activity on 2024/07/18 11:50
upstream KMSAN: uninit-value in xfrm_state_find (3) net 7 1 333d 333d 0/29 closed as invalid on 2024/10/09 09:35
upstream KASAN: slab-out-of-bounds Read in xfrm_state_find net 17 10 91d 245d 28/29 fixed on 2025/05/06 15:33
upstream KMSAN: uninit-value in xfrm_state_find (4) net 19 125 20m 68d 23/29 upstream: reported on 2025/05/21 19:14
android-54 KASAN: stack-out-of-bounds Read in xfrm_state_find 17 C 1 940d 940d 0/2 upstream: reported C repro on 2023/01/01 01:05
android-5-15 KASAN: stack-out-of-bounds Read in xfrm_state_find origin:upstream missing-backport 17 C error error 2 455d 940d 0/2 upstream: reported C repro on 2023/01/01 00:40
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find (2) 17 syz error error 1 940d 940d 0/2 auto-obsoleted due to no activity on 2023/05/14 02:28
android-5-10 KASAN: stack-out-of-bounds Read in xfrm_state_find 17 1 1360d 1360d 0/2 closed as invalid on 2022/02/03 13:56
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (3) net 17 C 10353 2740d 2807d 4/29 fixed on 2018/01/31 00:24
android-44 KASAN: stack-out-of-bounds Read in xfrm_state_find 17 C 842 2068d 2300d 0/2 public: reported C repro on 2019/04/12 00:00
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (5) net 17 C done 654 2373d 2675d 13/29 fixed on 2019/11/11 16:48
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find net 17 C 365 2836d 2909d 0/29 closed as invalid on 2017/10/23 16:19
android-49 KASAN: stack-out-of-bounds Read in xfrm_state_find 17 C 4151 2401d 2912d 0/3 closed as invalid on 2019/01/01 20:10
android-414 KASAN: stack-out-of-bounds Read in xfrm_state_find 17 C 137 2374d 2301d 0/1 public: reported C repro on 2019/04/11 00:00
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (2) net 17 C 93 2818d 2826d 3/29 fixed on 2017/11/18 01:42
android-49 KASAN: stack-out-of-bounds Read in xfrm_state_find (2) 17 C 392 2065d 2301d 0/3 public: reported C repro on 2019/04/11 08:44
upstream KASAN: stack-out-of-bounds Read in xfrm_state_find (4) net 17 C 102 2685d 2736d 4/29 fixed on 2018/03/23 18:14
upstream KMSAN: uninit-value in virtqueue_add (3) virt 7 13 998d 1291d 0/29 auto-obsoleted due to no activity on 2023/02/12 03:53
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net 23 C 138977 886d 1238d 22/29 fixed on 2023/02/24 13:50
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) net 9 C 748 1239d 1328d 20/29 fixed on 2022/03/08 16:11
Last patch testing requests (1)
Created Duration User Patch Repo Result
2020/10/31 23:48 1h00m anant.thazhemadam@gmail.com https://github.com/google/kmsan.git master error
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2023/06/20 00:34 6h06m bisect fix upstream OK (1) job log
2023/05/03 12:01 24m bisect fix upstream OK (0) job log log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in xfrm_state_find+0x1614/0x61f0 net/xfrm/xfrm_state.c:1094
 xfrm_state_find+0x1614/0x61f0 net/xfrm/xfrm_state.c:1094
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2392 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2437 [inline]
 xfrm_resolve_and_create_bundle+0x7dd/0x4ed0 net/xfrm/xfrm_policy.c:2730
 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2965 [inline]
 xfrm_lookup_with_ifid+0xd3f/0x4120 net/xfrm/xfrm_policy.c:3096
 xfrm_lookup net/xfrm/xfrm_policy.c:3193 [inline]
 xfrm_lookup_route+0x5f/0x2b0 net/xfrm/xfrm_policy.c:3204
 ip_route_output_flow+0x29b/0x340 net/ipv4/route.c:2880
 ip_route_output_ports include/net/route.h:183 [inline]
 igmpv3_newpack+0x43b/0x1440 net/ipv4/igmp.c:369
 add_grhead+0x86/0x390 net/ipv4/igmp.c:440
 add_grec+0x2185/0x2380 net/ipv4/igmp.c:574
 igmpv3_send_cr net/ipv4/igmp.c:711 [inline]
 igmp_ifc_timer_expire+0x11b6/0x1f30 net/ipv4/igmp.c:810
 call_timer_fn+0x43/0x480 kernel/time/timer.c:1474
 expire_timers+0x272/0x610 kernel/time/timer.c:1519
 __run_timers+0x5bd/0x8c0 kernel/time/timer.c:1790
 run_timer_softirq+0x64/0xe0 kernel/time/timer.c:1803
 __do_softirq+0x1c5/0x7b9 kernel/softirq.c:571
 invoke_softirq+0x8f/0x100 kernel/softirq.c:445
 __irq_exit_rcu+0x5a/0x110 kernel/softirq.c:650
 irq_exit_rcu+0xe/0x10 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x9a/0xc0 arch/x86/kernel/apic/apic.c:1107
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649
 arch_ptrace+0x27b/0x470 arch/x86/kernel/ptrace.c:828
 __do_sys_ptrace kernel/ptrace.c:1296 [inline]
 __se_sys_ptrace+0x2e5/0x780 kernel/ptrace.c:1269
 __x64_sys_ptrace+0xb9/0x110 kernel/ptrace.c:1269
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Local variable fl4 created at:
 igmpv3_newpack+0x7e/0x1440 net/ipv4/igmp.c:353
 add_grhead+0x86/0x390 net/ipv4/igmp.c:440

CPU: 1 PID: 3479 Comm: strace-static-x Not tainted 6.1.0-syzkaller-64311-g5c6259d6d19f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
=====================================================

Crashes (215):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/01 03:30 https://github.com/google/kmsan.git master 5c6259d6d19f ab32d508 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/02/27 18:10 upstream f3a2439f20d9 e792ae78 .config strace log report syz C ci-upstream-kasan-gce-root KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/01/01 01:05 net-old d039535850ee ab32d508 .config strace log report syz C ci-upstream-net-this-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/01/01 08:10 net-next-old c183e6c3ec34 ab32d508 .config strace log report syz C ci-upstream-net-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/04/01 02:38 linux-next 4b0f4525dc4f f325deb0 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: stack-out-of-bounds Read in xfrm_state_find
2018/09/30 15:27 https://github.com/google/kmsan.git master 2b752aff835d 41e4b329 .config console log report syz C ci-upstream-kmsan-gce
2018/08/30 18:31 https://github.com/google/kmsan.git master 25114c64b719 938220fd .config console log report syz C ci-upstream-kmsan-gce
2018/06/16 20:45 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config console log report syz C ci-upstream-kmsan-gce
2018/05/16 02:19 https://github.com/google/kmsan.git master 06b2df0593a8 68ce85f1 .config console log report syz C ci-upstream-kmsan-gce
2018/05/15 17:12 https://github.com/google/kmsan.git master 1df165c8d2d6 661fd7b9 .config console log report syz C ci-upstream-kmsan-gce
2018/05/15 16:05 https://github.com/google/kmsan.git master 1df165c8d2d6 661fd7b9 .config console log report syz C ci-upstream-kmsan-gce
2023/01/01 04:43 upstream e4cf7c25bae5 ab32d508 .config strace log report syz C ci-upstream-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2023/05/19 12:13 https://github.com/google/kmsan.git master dad188c049f8 3bb7af1d .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/05/16 13:27 https://github.com/google/kmsan.git master dad188c049f8 11c89444 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/05/09 00:50 https://github.com/google/kmsan.git master 81af97bdef5e f4168103 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/04/01 18:12 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/17 14:29 https://github.com/google/kmsan.git master 34add094f9de 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/10 06:09 https://github.com/google/kmsan.git master e61893130d87 f08b59ac .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/01 08:07 https://github.com/google/kmsan.git master 97e36f4aa06f 95aee97a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/02/02 09:32 https://github.com/google/kmsan.git master eda666ff2276 9dfcf09c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/22 21:59 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/15 12:36 https://github.com/google/kmsan.git master e919e2b1bc1c a63719e7 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/12 07:23 https://github.com/google/kmsan.git master 219e919e391d 96166539 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/01/09 11:55 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/12/22 22:15 https://github.com/google/kmsan.git master 5c6259d6d19f 9da18ae8 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/22 06:30 https://github.com/google/kmsan.git master 968c2729e576 c0b80a55 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/20 14:36 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/17 10:10 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/10/08 02:28 https://github.com/google/kmsan.git master 968c2729e576 0de35f24 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/20 19:49 https://github.com/google/kmsan.git master 97117d69c353 88cb1383 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/13 09:09 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/13 07:27 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/11 13:23 https://github.com/google/kmsan.git master 97117d69c353 da3d6955 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/02 03:28 https://github.com/google/kmsan.git master 97117d69c353 1434eec0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/07/01 14:12 https://github.com/google/kmsan.git master ef4d99f50920 1434eec0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/22 22:52 https://github.com/google/kmsan.git master 4b28366af7d9 912f5df7 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/20 15:56 https://github.com/google/kmsan.git master eb5e8c791e57 8d15e28d .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/20 07:00 https://github.com/google/kmsan.git master 74df87f93710 8f633d84 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/17 03:53 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/06/16 18:59 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/24 01:23 https://github.com/google/kmsan.git master c5c93da9af13 e7f9308d .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/22 12:29 https://github.com/google/kmsan.git master c5c93da9af13 7268fa62 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/16 12:41 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/14 10:13 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/10 23:49 https://github.com/google/kmsan.git master d6e2c8c7eb40 8d7b3b67 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/08 18:29 https://github.com/google/kmsan.git master d6e2c8c7eb40 e60b1103 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/04 16:37 https://github.com/google/kmsan.git master d6e2c8c7eb40 dc9e5259 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/05/04 00:01 https://github.com/google/kmsan.git master d6e2c8c7eb40 dc9e5259 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/04/30 16:51 https://github.com/google/kmsan.git master d6e2c8c7eb40 2df221f6 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2022/04/29 16:07 https://github.com/google/kmsan.git master d6e2c8c7eb40 44a5ca63 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in xfrm_state_find
2023/03/14 09:26 https://github.com/google/kmsan.git master 34add094f9de 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2023/03/13 22:46 https://github.com/google/kmsan.git master 34add094f9de 026e2200 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/09/01 17:27 https://github.com/google/kmsan.git master e23a6cc335d5 86c46e46 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/07/20 05:35 https://github.com/google/kmsan.git master 97117d69c353 775344bc .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/06/28 19:22 https://github.com/google/kmsan.git master ec1cbf8b060e 496a8536 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/06/14 02:58 https://github.com/google/kmsan.git master 2f3064574275 0f087040 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/05/19 16:25 https://github.com/google/kmsan.git master c5c93da9af13 50c53f39 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/05/14 17:43 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2022/05/02 02:19 https://github.com/google/kmsan.git master d6e2c8c7eb40 2df221f6 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in xfrm_state_find
2021/04/17 00:40 net-next-old e7ad33fa7bc5 7e2b734b .config console log report info ci-upstream-net-kasan-gce KASAN: stack-out-of-bounds Read in xfrm_state_find
2022/12/15 11:48 linux-next 459c73db4069 6f9c033e .config console log report info ci-upstream-linux-next-kasan-gce-root KASAN: slab-out-of-bounds Read in xfrm_state_find
2021/01/17 13:49 https://github.com/google/kmsan.git master 73d62e81b476 813be542 .config console log report info ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.