syzbot

 sign-in | mailing list | source | docs
🐞 Open [1224]
Subsystems
🐞 Fixed [5669]
🐞 Invalid [13806]
Missing Backports [100]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in __netif_receive_skb_core (2)

Status: closed as invalid on 2024/05/28 18:05
Subsystems: bpf net
[Documentation on labels]
First crash: 271d, last: 165d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __netif_receive_skb_core wireguard wireless C done 353 391d 2360d 23/28 fixed on 2023/10/12 12:47
linux-4.19 KASAN: use-after-free Read in __netif_receive_skb_core syz error 20 909d 1450d 0/1 upstream: reported syz repro on 2020/10/08 04:31
upstream KASAN: null-ptr-deref Read in __netif_receive_skb_core wireguard 8 599d 877d 0/28 auto-obsoleted due to no activity on 2023/05/19 08:04
linux-4.14 KASAN: use-after-free Read in __netif_receive_skb_core syz error 19 1177d 1595d 0/1 upstream: reported syz repro on 2020/05/16 19:24

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in __netif_receive_skb_core+0x4a4/0x6190 net/core/dev.c:5368
 __netif_receive_skb_core+0x4a4/0x6190 net/core/dev.c:5368
 __netif_receive_skb_list_core+0x31e/0x1670 net/core/dev.c:5614
 __netif_receive_skb_list net/core/dev.c:5681 [inline]
 netif_receive_skb_list_internal+0x1085/0x1700 net/core/dev.c:5773
 netif_receive_skb_list+0x5a/0x460 net/core/dev.c:5825
 xdp_recv_frames net/bpf/test_run.c:278 [inline]
 xdp_test_run_batch net/bpf/test_run.c:356 [inline]
 bpf_test_run_xdp_live+0x2a56/0x2f70 net/bpf/test_run.c:384
 bpf_prog_test_run_xdp+0xf02/0x1a40 net/bpf/test_run.c:1267
 bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4240
 __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5649
 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]
 __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5736
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Uninit was stored to memory at:
 __xdp_build_skb_from_frame+0x8d7/0x9e0 net/core/xdp.c:639
 xdp_recv_frames net/bpf/test_run.c:270 [inline]
 xdp_test_run_batch net/bpf/test_run.c:356 [inline]
 bpf_test_run_xdp_live+0x262a/0x2f70 net/bpf/test_run.c:384
 bpf_prog_test_run_xdp+0xf02/0x1a40 net/bpf/test_run.c:1267
 bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4240
 __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5649
 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]
 __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5736
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Uninit was created at:
 __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598
 __alloc_pages_bulk+0x19e/0x21e0 mm/page_alloc.c:4523
 alloc_pages_bulk_array_node include/linux/gfp.h:211 [inline]
 __page_pool_alloc_pages_slow+0x1ad/0xdc0 net/core/page_pool.c:500
 page_pool_alloc_pages+0x10b/0x1c0 net/core/page_pool.c:549
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:92 [inline]
 xdp_test_run_batch net/bpf/test_run.c:301 [inline]
 bpf_test_run_xdp_live+0x937/0x2f70 net/bpf/test_run.c:384
 bpf_prog_test_run_xdp+0xf02/0x1a40 net/bpf/test_run.c:1267
 bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4240
 __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5649
 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]
 __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5736
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

CPU: 0 PID: 6759 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
=====================================================

Crashes (22):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/26 05:00 upstream 4cece7649650 0ea90952 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/03/25 18:36 upstream 4cece7649650 0ea90952 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/03/24 11:58 upstream 70293240c5ce 0ea90952 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/03/23 07:51 upstream 4f55aa85a874 0ea90952 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/03/19 05:36 upstream 0a7b0acecea2 baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/03/19 05:34 upstream 0a7b0acecea2 baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/03/16 16:34 upstream 66a27abac311 d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/03/12 18:26 upstream 855684c7d938 c35c26ec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/03/05 21:43 upstream 90d35da658da f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/03/03 12:28 upstream 04b8076df253 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/02/23 02:24 upstream 1c892cdd8fe0 8d446f15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/02/22 17:57 upstream 39133352cbed 345111b5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/02/22 03:02 upstream 39133352cbed 345111b5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/02/03 23:37 upstream 9f8413c4a66f a67b2c42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/01/25 03:58 upstream 9f8413c4a66f 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/01/15 02:29 upstream 9f8413c4a66f 551587c1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/01/15 02:28 upstream 9f8413c4a66f 551587c1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/01/13 13:17 upstream 9f8413c4a66f 551587c1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2023/12/31 10:16 upstream 453f5db0619e fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __netif_receive_skb_core
2024/04/15 01:27 upstream 7efd0a74039f c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __netif_receive_skb_core
2024/03/21 18:05 upstream 23956900041d 6753db5c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __netif_receive_skb_core
2024/03/19 05:29 upstream f6cef5f8c37f baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __netif_receive_skb_core
* Struck through repros no longer work on HEAD.