syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in ax25_connect

Status: fixed on 2020/09/16 22:51
Subsystems: hams
[Documentation on labels]
Reported-by: syzbot+c82752228ed975b0a623@syzkaller.appspotmail.com
Fix commit: 2f2a7ffad5c6 AX.25: Fix out-of-bounds read in ax25_connect()
First crash: 1504d, last: 1326d
Discussions (8)
Title Replies (including bot) Last reply
[PATCH 5.4 00/19] 5.4.55-rc1 review 24 (24) 2020/07/31 17:15
[PATCH 5.7 00/20] 5.7.12-rc1 review 24 (24) 2020/07/31 17:15
[PATCH 4.4 00/54] 4.4.232-rc1 review 57 (57) 2020/07/31 12:47
[PATCH 4.9 00/61] 4.9.232-rc1 review 64 (64) 2020/07/31 12:43
[PATCH 4.14 00/14] 4.14.191-rc1 review 17 (17) 2020/07/31 12:15
[PATCH 4.19 00/17] 4.19.136-rc1 review 20 (20) 2020/07/31 12:00
[Linux-kernel-mentees] [PATCH net] AX.25: Fix out-of-bounds read in ax25_connect() 10 (10) 2020/07/23 21:41
KMSAN: uninit-value in ax25_connect 0 (1) 2020/04/28 19:38

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in ax25_connect+0x92d/0x1e00 net/ax25/af_ax25.c:1203
CPU: 1 PID: 11844 Comm: syz-executor808 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 ax25_connect+0x92d/0x1e00 net/ax25/af_ax25.c:1203
 __sys_connect_file net/socket.c:1857 [inline]
 __sys_connect+0x6f7/0x770 net/socket.c:1874
 __do_sys_connect net/socket.c:1885 [inline]
 __se_sys_connect net/socket.c:1882 [inline]
 __ia32_sys_connect+0xdb/0x130 net/socket.c:1882
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7ff7d99
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000ff80833c EFLAGS: 00000246 ORIG_RAX: 000000000000016a
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
RDX: 000000000000003c RSI: 00000000080ea078 RDI: 00000000ff808390
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Local variable ----address@__sys_connect created at:
 __sys_connect+0xf7/0x770 net/socket.c:1870
 __sys_connect+0xf7/0x770 net/socket.c:1870
=====================================================

Crashes (15):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/16 15:39 https://github.com/google/kmsan.git master 8bbbc5cf3dca 749688d2 .config console log report syz C ci-upstream-kmsan-gce-386
2020/09/08 12:34 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/08 07:02 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/07 15:07 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/05 16:33 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/08/28 07:35 https://github.com/google/kmsan.git master ce8056d1f79e 816e0689 .config console log report ci-upstream-kmsan-gce-386
2020/08/28 07:32 https://github.com/google/kmsan.git master ce8056d1f79e 816e0689 .config console log report ci-upstream-kmsan-gce-386
2020/08/20 02:15 https://github.com/google/kmsan.git master ce8056d1f79e 94b45706 .config console log report ci-upstream-kmsan-gce-386
2020/08/04 22:33 https://github.com/google/kmsan.git master 93f54a72361a 80a06902 .config console log report ci-upstream-kmsan-gce-386
2020/07/31 23:39 https://github.com/google/kmsan.git master 93f54a72361a d895b3be .config console log report ci-upstream-kmsan-gce-386
2020/06/24 12:59 https://github.com/google/kmsan.git master f0d5ec902b23 54566aff .config console log report ci-upstream-kmsan-gce-386
2020/06/24 12:59 https://github.com/google/kmsan.git master f0d5ec902b23 54566aff .config console log report ci-upstream-kmsan-gce-386
2020/06/24 12:59 https://github.com/google/kmsan.git master f0d5ec902b23 54566aff .config console log report ci-upstream-kmsan-gce-386
2020/04/03 20:13 https://github.com/google/kmsan.git master 75303409203b 5ed396e6 .config console log report ci-upstream-kmsan-gce-386
2020/03/14 14:03 https://github.com/google/kmsan.git master 8bbbc5cf3dca 749688d2 .config console log report ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.