syzbot


KMSAN: uninit-value in IP6_ECN_decapsulate

Status: fixed on 2023/12/21 03:45
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+bf7e6250c7ce248f3ec9@syzkaller.appspotmail.com
Fix commit: 484b4833c604 hsr: Fix uninit-value access in fill_frame_info()
First crash: 2135d, last: 122d
Discussions (10)
Title Replies (including bot) Last reply
Re: KMSAN: uninit-value in IP6_ECN_decapsulate 1 (1) 2023/12/24 02:36
[PATCH net] hsr: Fix uninit-value access in fill_frame_info() 1 (1) 2023/09/08 10:17
[syzbot] Monthly net report (Jul 2023) 0 (1) 2023/08/01 12:53
[syzbot] Monthly net report (Jun 2023) 0 (1) 2023/06/29 12:38
[syzbot] Monthly net report (May 2023) 0 (1) 2023/05/30 10:56
[syzbot] Monthly net report (Apr 2023) 0 (1) 2023/04/27 10:45
[syzbot] Monthly net report 0 (1) 2023/03/27 11:04
Reminder: 99 open syzbot bugs in net subsystem 14 (14) 2019/07/31 15:13
Reminder: 94 open syzbot bugs in net subsystem 1 (1) 2019/06/25 05:48
KMSAN: uninit-value in IP6_ECN_decapsulate 0 (1) 2018/09/20 20:54
Similar bugs (36)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in IP6_ECN_decapsulate (2) net C 3 75d 90d 26/26 fixed on 2024/03/26 17:39
upstream KMSAN: uninit-value in hsr_register_frame_in net C 197 273d 1894d 0/26 auto-obsoleted due to no activity on 2024/02/18 18:09
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 317d 1485d 22/26 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in aes_encrypt (4) net C 15041 102d 1317d 0/26 auto-obsoleted due to no activity on 2024/03/19 00:25
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 420d 773d 22/26 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in ip_tunnel_rcv net C 7 82d 106d 0/26 closed as invalid on 2024/03/01 17:31
upstream KMSAN: uninit-value in ip_tunnel_rcv (2) net 1 44d 44d 26/26 fixed on 2024/04/11 08:41
upstream KMSAN: uninit-value in skb_release_data (3) net C 10 640d 1319d 0/26 auto-obsoleted due to no activity on 2022/11/17 07:20
upstream KMSAN: uninit-value in ipv6_find_tlv net C 271 358d 1711d 22/26 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in bpf_prog_run_generic_xdp net C 302 35m 518d 0/26 upstream: reported C repro on 2022/11/18 11:39
upstream KMSAN: uninit-value in ax25cmp (2) hams C 51 577d 837d 0/26 closed as invalid on 2022/11/18 11:50
upstream KMSAN: uninit-value in virtqueue_add (3) virt 13 533d 825d 0/26 auto-obsoleted due to no activity on 2023/02/12 03:53
upstream KMSAN: kernel-infoleak in __skb_datagram_iter net 68 206d 311d 23/26 fixed on 2023/09/28 17:51
upstream KMSAN: uninit-value in can_send can C 630 515d 533d 22/26 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in inet_frag_find (2) net 2 829d 837d 0/26 auto-closed as invalid on 2022/04/11 17:13
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) net C 748 773d 862d 20/26 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in eth_type_trans (2) net C 4442 4h09m 1549d 0/26 upstream: reported C repro on 2020/01/22 16:47
upstream KMSAN: uninit-value in hsr_fill_frame_info (2) net C 65 272d 555d 0/26 auto-obsoleted due to no activity on 2023/10/30 13:38
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu (4) net 2 1174d 1192d 0/26 auto-closed as invalid on 2021/06/01 04:17
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu (2) net 1 2165d 2165d 0/26 closed as invalid on 2018/06/27 15:18
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu (5) net 1 872d 872d 0/26 auto-closed as invalid on 2022/02/28 08:56
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu (3) net 2 1491d 1516d 0/26 auto-closed as invalid on 2020/06/19 03:56
upstream KMSAN: uninit-value in ip_route_output_key_hash_rcu net 179 2173d 2204d 5/26 fixed on 2018/05/08 18:30
upstream KMSAN: uninit-value in validate_xmit_skb net C 21 82d 99d 26/26 fixed on 2024/01/30 15:47
upstream KMSAN: uninit-value in validate_xmit_skb (2) net 15 71d 80d 0/26 auto-obsoleted due to no activity on 2024/04/10 02:16
upstream KMSAN: uninit-value in hsr_get_node (3) net C 3 1d17h 2d06h 0/26 upstream: reported C repro on 2024/04/18 04:08
upstream KMSAN: uninit-value in hsr_get_node net 304 1107d 1348d 0/26 auto-closed as invalid on 2021/07/08 06:23
upstream KMSAN: uninit-value in hsr_get_node (2) net C 49 11d 97d 26/26 fixed on 2024/04/10 03:59
upstream KMSAN: uninit-value in geneve_udp_encap_recv net C 2 55d 85d 26/26 fixed on 2024/04/10 03:59
upstream general protection fault in ip_route_output_key_hash_rcu net 46 1705d 1734d 0/26 closed as invalid on 2019/10/03 03:38
linux-4.19 general protection fault in ip_route_output_key_hash_rcu 2 1713d 1719d 0/1 auto-closed as invalid on 2019/12/10 05:04
upstream KMSAN: uninit-value in erspan_build_header net 40 466d 555d 0/26 auto-obsoleted due to no activity on 2023/05/10 10:26
upstream KMSAN: uninit-value in ip_tunnel_xmit (3) net C 1516 561d 1249d 0/26 closed as invalid on 2022/10/12 18:48
upstream KMSAN: uninit-value in br_dev_xmit bridge C 537 460d 1517d 0/26 auto-obsoleted due to no activity on 2023/05/15 13:28
upstream KMSAN: uninit-value in batadv_get_vid batman C 1947 412d 1517d 0/26 auto-obsoleted due to no activity on 2023/07/23 05:56
upstream KMSAN: uninit-value in batadv_get_vid (2) batman C 4 6d13h 108d 1/26 internal: reported C repro on 2024/01/02 12:26
Last patch testing requests (1)
Created Duration User Patch Repo Result
2022/12/19 03:31 15m retest repro https://github.com/google/kmsan.git master report log

Sample crash report:
UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
hsr0: VLAN not yet supported
=====================================================
BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:601 [inline]
BUG: KMSAN: uninit-value in hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616
 fill_frame_info net/hsr/hsr_forward.c:601 [inline]
 hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616
 hsr_dev_xmit+0x192/0x330 net/hsr/hsr_device.c:223
 __netdev_start_xmit include/linux/netdevice.h:4910 [inline]
 netdev_start_xmit include/linux/netdevice.h:4924 [inline]
 xmit_one net/core/dev.c:3537 [inline]
 dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3553
 __dev_queue_xmit+0x34eb/0x50f0 net/core/dev.c:4203
 dev_queue_xmit include/linux/netdevice.h:3088 [inline]
 packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
 packet_snd net/packet/af_packet.c:3085 [inline]
 packet_sendmsg+0x8a5d/0x9de0 net/packet/af_packet.c:3117
 sock_sendmsg_nosec net/socket.c:725 [inline]
 sock_sendmsg net/socket.c:748 [inline]
 __sys_sendto+0x781/0xa30 net/socket.c:2134
 __do_sys_sendto net/socket.c:2146 [inline]
 __se_sys_sendto net/socket.c:2142 [inline]
 __x64_sys_sendto+0x125/0x1c0 net/socket.c:2142
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767
 slab_alloc_node mm/slub.c:3470 [inline]
 kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3515
 kmalloc_reserve+0x148/0x470 net/core/skbuff.c:559
 __alloc_skb+0x318/0x740 net/core/skbuff.c:644
 alloc_skb include/linux/skbuff.h:1289 [inline]
 alloc_skb_with_frags+0xbd/0xbb0 net/core/skbuff.c:6233
 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2793
 packet_alloc_skb net/packet/af_packet.c:2934 [inline]
 packet_snd net/packet/af_packet.c:3028 [inline]
 packet_sendmsg+0x6fc2/0x9de0 net/packet/af_packet.c:3117
 sock_sendmsg_nosec net/socket.c:725 [inline]
 sock_sendmsg net/socket.c:748 [inline]
 __sys_sendto+0x781/0xa30 net/socket.c:2134
 __do_sys_sendto net/socket.c:2146 [inline]
 __se_sys_sendto net/socket.c:2142 [inline]
 __x64_sys_sendto+0x125/0x1c0 net/socket.c:2142
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 1 PID: 5012 Comm: syz-executor296 Not tainted 6.5.0-rc7-syzkaller-00164-g382d4cd18475 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
=====================================================

Crashes (981):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/08/26 09:45 upstream 382d4cd18475 03d9c195 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/05/17 22:19 https://github.com/google/kmsan.git master dad188c049f8 eaac4681 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/02/05 15:27 https://github.com/google/kmsan.git master eda666ff2276 be607b78 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_rcv
2022/06/13 20:33 https://github.com/google/kmsan.git master 2f3064574275 0d5abf15 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_rcv
2018/06/17 13:07 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config console log report syz C ci-upstream-kmsan-gce
2018/06/16 08:29 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config console log report syz ci-upstream-kmsan-gce
2023/11/27 17:02 upstream 2cc14f52aeb7 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in IP6_ECN_decapsulate
2023/12/19 20:02 upstream 2cf4f94d8e86 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/12/17 12:32 upstream 3b8a9b2e6809 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in geneve_udp_encap_recv
2023/12/16 21:01 upstream c8e97fc6b4c0 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_forward_skb
2023/12/14 21:11 upstream 5bd7ef53ffe5 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/12/09 02:05 upstream 5e3f5b81de80 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/12/08 19:55 upstream 5e3f5b81de80 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/12/08 17:21 upstream 5e3f5b81de80 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/12/07 08:45 upstream bee0e7762ad2 e3299f55 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ip_tunnel_rcv
2023/12/06 19:57 upstream bee0e7762ad2 e3299f55 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/12/06 19:46 upstream bee0e7762ad2 e3299f55 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/12/05 14:54 upstream bee0e7762ad2 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/12/05 09:58 upstream bee0e7762ad2 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/12/05 06:34 upstream bee0e7762ad2 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/29 16:37 upstream 18d46e76d7c2 6e78f9ce .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/29 08:26 upstream 18d46e76d7c2 1adfb6f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/29 08:18 upstream 18d46e76d7c2 1adfb6f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/26 11:45 upstream 090472ed9c92 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/24 21:23 upstream f1a09972a45a 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/24 08:20 upstream d3fa86b1a7b4 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/11/22 17:45 upstream c2d5304e6c64 03e12510 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/11/21 17:39 upstream 98b1cc82c4af cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/11/20 16:11 upstream 98b1cc82c4af cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/20 02:10 upstream eb3479bc23fa cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/19 23:57 upstream eb3479bc23fa cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/19 17:24 upstream 037266a5f723 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/19 14:12 upstream 037266a5f723 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/11/19 04:53 upstream 23dfa043f6d5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in geneve_udp_encap_recv
2023/11/17 13:47 upstream 7475e51b8796 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/17 11:28 upstream 7475e51b8796 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in validate_xmit_skb
2023/11/16 21:28 upstream 7475e51b8796 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in geneve_udp_encap_recv
2023/11/16 18:43 upstream 7475e51b8796 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/15 22:11 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in hsr_get_node
2023/11/01 22:12 upstream 8bc9e6515183 69904c9f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __ipv6_addr_type
2023/12/19 20:00 upstream 2cf4f94d8e86 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hsr_get_node
2023/12/14 10:13 upstream 5bd7ef53ffe5 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in geneve_udp_encap_recv
2023/12/10 05:53 upstream b10a3ccaf6e3 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in batadv_get_vid
2023/12/07 10:42 upstream bee0e7762ad2 e3299f55 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/12/06 06:49 upstream bee0e7762ad2 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/12/01 23:35 upstream 994d5c58e50e f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/12/01 11:20 upstream e8f60209d6cf f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/11/30 13:42 upstream 3b47bc037bd4 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/11/28 07:35 upstream 2cc14f52aeb7 9fe51b7c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/11/28 01:10 upstream 2cc14f52aeb7 9fe51b7c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/11/26 05:35 upstream b46ae77f6787 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hsr_get_node
2023/11/23 13:40 upstream 9b6de136b5f0 03e12510 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/11/22 14:05 upstream c2d5304e6c64 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hsr_get_node
2023/11/19 21:39 upstream 037266a5f723 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_xmit_skb
2023/11/15 20:31 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hsr_get_node
2023/11/14 14:32 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ip_route_output_key_hash_rcu
2023/11/14 05:00 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in batadv_get_vid
2023/06/23 16:25 net 6f68fc395f49 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce general protection fault in ip_route_output_key_hash_rcu
2018/06/16 04:24 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config console log report ci-upstream-kmsan-gce
2021/01/17 03:13 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config console log report info ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.