syzbot

 sign-in | mailing list | source | docs
🐞 Open [1166] 🐞 Fixed [4299] 🐞 Invalid [9646] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in ppp_send_frame

Status: fixed on 2022/03/08 16:11
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: 44073187990d ppp: ensure minimum packet size in ppp_write()
First crash: 397d, last: 370d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in slhc_compress (2) C 22 345d 967d 0/24 auto-obsoleted due to no activity on 2022/09/27 10:07
upstream KMSAN: uninit-value in ppp_async_push (2) C 323 346d 418d 22/24 fixed on 2022/03/08 16:11

Sample crash report:
RBP: 00007ffdece9db00 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
 </TASK>
=====================================================
BUG: KMSAN: uninit-value in ppp_send_frame+0x28d/0x27c0 drivers/net/ppp/ppp_generic.c:1740
 ppp_send_frame+0x28d/0x27c0 drivers/net/ppp/ppp_generic.c:1740
 __ppp_xmit_process+0x23e/0x4b0 drivers/net/ppp/ppp_generic.c:1640
 ppp_xmit_process+0x1fe/0x480 drivers/net/ppp/ppp_generic.c:1661
 ppp_write+0x5cb/0x5e0 drivers/net/ppp/ppp_generic.c:513
 do_iter_write+0xb0c/0x1500 fs/read_write.c:853
 vfs_writev fs/read_write.c:924 [inline]
 do_writev+0x645/0xe00 fs/read_write.c:967
 __do_sys_writev fs/read_write.c:1040 [inline]
 __se_sys_writev fs/read_write.c:1037 [inline]
 __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:524 [inline]
 slab_alloc_node mm/slub.c:3251 [inline]
 __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
 alloc_skb include/linux/skbuff.h:1126 [inline]
 ppp_write+0x11d/0x5e0 drivers/net/ppp/ppp_generic.c:501
 do_iter_write+0xb0c/0x1500 fs/read_write.c:853
 vfs_writev fs/read_write.c:924 [inline]
 do_writev+0x645/0xe00 fs/read_write.c:967
 __do_sys_writev fs/read_write.c:1040 [inline]
 __se_sys_writev fs/read_write.c:1037 [inline]
 __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 1 PID: 3479 Comm: syz-executor849 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (5):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kmsan-gce 2021/12/27 20:26 https://github.com/google/kmsan.git master 81c325bbf94e 5140bd58 .config console log report syz C KMSAN: uninit-value in ppp_send_frame
ci-upstream-kmsan-gce 2022/01/24 06:44 https://github.com/google/kmsan.git master 85cfd6e539bd 214351e1 .config console log report info KMSAN: uninit-value in ppp_send_frame
ci-upstream-kmsan-gce 2022/01/19 03:06 https://github.com/google/kmsan.git master fa3879a274df 731a2d23 .config console log report info KMSAN: uninit-value in ppp_send_frame
ci-upstream-kmsan-gce 2021/12/27 19:28 https://github.com/google/kmsan.git master 81c325bbf94e 5140bd58 .config console log report info KMSAN: uninit-value in ppp_send_frame
ci-upstream-kmsan-gce-386 2022/01/15 18:59 https://github.com/google/kmsan.git master fa3879a274df 723cfaf0 .config console log report info KMSAN: uninit-value in ppp_send_frame
* Struck through repros no longer work on HEAD.