syzbot

 sign-in | mailing list | source | docs
🐞 Open [1166] 🐞 Fixed [4299] 🐞 Invalid [9646] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in __tipc_nl_bearer_enable

Status: upstream: reported C repro on 2018/12/18 13:01
Reported-by: syzbot+e820fdc8ce362f2dea51@syzkaller.appspotmail.com
Fix commit: 7f36f798f89b tipc: check attribute length for bearer name
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 1503d, last: 3d06h
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in fib_get_nhs C 14 345d 415d 22/24 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in strstr C 80 12d 917d 0/24 upstream: reported C repro on 2020/07/25 18:13
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) btrfs ntfs3 erofs udf C 135602 8m 326d 23/24 internal: reported C repro on 2022/03/09 07:32
upstream KMSAN: uninit-value in tipc_nl_compat_name_table_dump (3) C 65 70d 86d 23/24 upstream: reported C repro on 2022/11/03 16:22

Sample crash report:
netlink: 20 bytes leftover after parsing attributes in process `syz-executor377'.
=====================================================
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:644 [inline]
BUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725
 string_nocheck lib/vsprintf.c:644 [inline]
 string+0x4f9/0x6f0 lib/vsprintf.c:725
 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
 vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158
 vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256
 vprintk_default+0x86/0xa0 kernel/printk/printk.c:2283
 vprintk+0x15f/0x180 kernel/printk/printk_safe.c:50
 _printk+0x18d/0x1cf kernel/printk/printk.c:2293
 tipc_enable_bearer net/tipc/bearer.c:371 [inline]
 __tipc_nl_bearer_enable+0x2022/0x22a0 net/tipc/bearer.c:1033
 tipc_nl_bearer_enable+0x6c/0xb0 net/tipc/bearer.c:1042
 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
 genl_rcv_msg+0x157f/0x1660 net/netlink/genetlink.c:792
 netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2503
 genl_rcv+0x63/0x80 net/netlink/genetlink.c:803
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x109c/0x1370 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x14dc/0x1720 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmsg+0x704/0x840 net/socket.c:2496
 __do_sys_sendmsg net/socket.c:2505 [inline]
 __se_sys_sendmsg net/socket.c:2503 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2503
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x51/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:754 [inline]
 slab_alloc_node mm/slub.c:3231 [inline]
 __kmalloc_node_track_caller+0xde3/0x14f0 mm/slub.c:4962
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
 alloc_skb include/linux/skbuff.h:1300 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1191 [inline]
 netlink_sendmsg+0xde3/0x1720 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmsg+0x704/0x840 net/socket.c:2496
 __do_sys_sendmsg net/socket.c:2505 [inline]
 __se_sys_sendmsg net/socket.c:2503 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2503
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x51/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 0 PID: 3475 Comm: syz-executor377 Not tainted 5.18.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (1271):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kmsan-gce 2022/05/14 06:23 https://github.com/google/kmsan.git master d6e2c8c7eb40 107f6434 .config strace log report syz C KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2019/03/27 01:46 https://github.com/google/kmsan.git master 3c26d882e695 55684ce1 .config console log report syz
ci-upstream-kmsan-gce 2019/03/23 11:35 https://github.com/google/kmsan.git master c10a026b8dee 3361bde5 .config console log report syz
ci-upstream-kmsan-gce 2019/03/21 01:12 https://github.com/google/kmsan.git master c10a026b8dee a664c187 .config console log report syz
ci-upstream-kmsan-gce 2019/02/07 15:30 https://github.com/google/kmsan.git master fa1981bee40f aa4feb03 .config console log report syz
ci-upstream-kmsan-gce 2019/02/02 18:09 https://github.com/google/kmsan.git master fa1981bee40f c198d5dd .config console log report syz
ci-upstream-kmsan-gce 2019/01/06 08:01 https://github.com/google/kmsan.git master 11587f6ee534 53be0a37 .config console log report syz
ci-upstream-kmsan-gce 2019/01/01 20:33 https://github.com/google/kmsan.git master 8ba10281f9e5 3d85f48c .config console log report syz
ci-upstream-kmsan-gce 2019/01/01 13:00 https://github.com/google/kmsan.git master 8ba10281f9e5 3d85f48c .config console log report syz
ci-upstream-kmsan-gce 2018/12/26 09:42 https://github.com/google/kmsan.git master 79fc24ff6184 8a41a0ad .config console log report syz
ci-upstream-kmsan-gce 2018/12/18 09:44 https://github.com/google/kmsan.git master 0a602458c72c def91db3 .config console log report syz
ci-upstream-kmsan-gce 2023/01/24 10:50 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2023/01/21 02:19 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2023/01/13 05:52 https://github.com/google/kmsan.git master e919e2b1bc1c 96166539 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2023/01/11 05:37 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2023/01/10 23:47 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2023/01/09 23:59 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/12/20 12:02 https://github.com/google/kmsan.git master 5c6259d6d19f d3e76707 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/12/19 17:06 https://github.com/google/kmsan.git master 5c6259d6d19f c52b2efb .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/11/22 02:47 https://github.com/google/kmsan.git master 6b3059a0a074 1c576c23 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/11/16 05:49 https://github.com/google/kmsan.git master cb231e2f67ec 3a127a31 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/27 08:22 https://github.com/google/kmsan.git master 1aa4f78e4630 86777b7f .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/25 15:10 https://github.com/google/kmsan.git master 4a3e741a3d6a 45645420 .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/23 05:49 https://github.com/google/kmsan.git master 968c2729e576 c0b80a55 .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/20 15:45 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/18 23:52 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/17 08:20 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/17 05:53 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/16 17:18 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/11 09:42 https://github.com/google/kmsan.git master 968c2729e576 2b253ced .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/08 18:08 https://github.com/google/kmsan.git master 968c2729e576 aea5da89 .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/07 10:42 https://github.com/google/kmsan.git master 968c2729e576 8a212197 .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/05 21:15 https://github.com/google/kmsan.git master 968c2729e576 267e3bb1 .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/04 10:20 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/03 22:35 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/10/01 22:13 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/09/30 11:30 https://github.com/google/kmsan.git master 968c2729e576 1d385642 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/09/28 22:35 https://github.com/google/kmsan.git master 879600fbb6d3 e2556bc3 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/09/26 04:45 https://github.com/google/kmsan.git master 523d2ce66d07 0042f2b4 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/09/23 08:42 https://github.com/google/kmsan.git master 523d2ce66d07 0042f2b4 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/09/22 12:16 https://github.com/google/kmsan.git master 523d2ce66d07 60af5050 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/09/14 05:13 https://github.com/google/kmsan.git master faf04f9bcf05 b884348d .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/09/13 01:30 https://github.com/google/kmsan.git master 4367d178d9eb f371ed7e .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/09/12 07:02 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/09/11 12:48 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/09/11 08:29 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/09/07 20:16 https://github.com/google/kmsan.git master 4367d178d9eb c5b7bc57 .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce-386 2022/09/15 12:50 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce-386 2022/09/15 05:27 https://github.com/google/kmsan.git master 8f4ae27df775 b884348d .config console log report info KMSAN: uninit-value in __tipc_nl_bearer_enable
ci-upstream-kmsan-gce 2022/08/22 09:45 https://github.com/google/kmsan.git master 1b070a5d1a2c 26a13b38 .config console log report info KMSAN: uninit-value in validate_set
ci-upstream-kmsan-gce 2022/05/14 15:58 https://github.com/google/kmsan.git master d6e2c8c7eb40 744a39e2 .config console log report info KMSAN: uninit-value in vlan_dev_set_ingress_priority
ci-upstream-kmsan-gce 2022/04/19 19:50 https://github.com/google/kmsan.git master 33d9269ef6e0 c334415e .config console log report info KMSAN: uninit-value in tipc_nl_node_set_link
ci-upstream-kmsan-gce 2018/12/17 18:03 https://github.com/google/kmsan.git master 0a602458c72c def91db3 .config console log report
ci-upstream-kmsan-gce-386 2023/01/26 09:27 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in bpf_sk_storage_diag_alloc
ci-upstream-kmsan-gce-386 2023/01/25 14:33 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in bpf_sk_storage_diag_alloc
ci-upstream-kmsan-gce-386 2023/01/07 02:46 https://github.com/google/kmsan.git master 5c6259d6d19f 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in bpf_sk_storage_diag_alloc
ci-upstream-kmsan-gce-386 2022/11/12 11:24 https://github.com/google/kmsan.git master cb231e2f67ec 3ead01ad .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in bpf_sk_storage_diag_alloc
ci-upstream-kmsan-gce-386 2022/10/02 14:47 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in bpf_sk_storage_diag_alloc
ci-upstream-kmsan-gce-386 2022/09/10 07:48 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config console log report info KMSAN: uninit-value in bpf_sk_storage_diag_alloc
ci-upstream-kmsan-gce-386 2022/08/13 08:47 https://github.com/google/kmsan.git master 1b070a5d1a2c 8dfcaa3d .config console log report info KMSAN: uninit-value in nsh_key_put_from_nlattr
ci-upstream-kmsan-gce-386 2022/07/07 04:49 https://github.com/google/kmsan.git master 97117d69c353 bff65f44 .config console log report info KMSAN: uninit-value in tipc_nl_node_reset_link_stats
ci-upstream-kmsan-gce-386 2022/07/06 05:21 https://github.com/google/kmsan.git master 97117d69c353 bff65f44 .config console log report info KMSAN: uninit-value in tipc_nl_node_get_link
ci-upstream-kmsan-gce-386 2022/04/26 20:38 https://github.com/google/kmsan.git master e8cbf4e6e3e8 1fa34c1b .config console log report info KMSAN: uninit-value in __fget_files
ci-upstream-kmsan-gce-386 2021/01/09 03:31 https://github.com/google/kmsan.git master 73d62e81b476 c104d4a3 .config console log report info
* Struck through repros no longer work on HEAD.