syzbot

 sign-in | mailing list | source | docs
🐞 Open [1139] 🐞 Fixed [4217] 🐞 Invalid [9347] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in batadv_get_vid

Status: upstream: reported C repro on 2020/02/24 08:38
Reported-by: syzbot+0adb190024de0a0e265b@syzkaller.appspotmail.com
First crash: 1020d, last: 8d00h
similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __skb_checksum_complete (5) C 617 6h03m 844d 0/24 upstream: reported C repro on 2020/08/14 15:09
upstream KMSAN: uninit-value in erspan_build_header 38 13d 55d 0/24 upstream: reported on 2022/10/12 16:59
upstream KMSAN: uninit-value in bpf_prog_run_generic_xdp 104 1d13h 18d 0/24 upstream: reported on 2022/11/18 11:39
upstream KMSAN: uninit-value in ip_tunnel_xmit (3) C 1516 61d 749d 0/24 closed as invalid on 2022/10/12 18:48
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) C 73199 now 273d 23/24 internal: reported C repro on 2022/03/09 07:32
upstream KMSAN: uninit-value in br_dev_xmit C 536 95d 1017d 0/24 upstream: reported C repro on 2020/02/24 08:38
upstream KMSAN: uninit-value in eth_type_trans (2) C 3023 7h48m 1049d 0/24 upstream: reported C repro on 2020/01/22 16:47

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in batadv_get_vid+0x1fd/0x340 net/batman-adv/main.c:650
CPU: 0 PID: 12317 Comm: syz-executor026 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 batadv_get_vid+0x1fd/0x340 net/batman-adv/main.c:650
 batadv_interface_tx+0x30a/0x2450 net/batman-adv/soft-interface.c:212
 __netdev_start_xmit include/linux/netdevice.h:4524 [inline]
 netdev_start_xmit include/linux/netdevice.h:4538 [inline]
 xmit_one net/core/dev.c:3470 [inline]
 dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3486
 __dev_queue_xmit+0x37de/0x4220 net/core/dev.c:4063
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4096
 __bpf_tx_skb net/core/filter.c:2061 [inline]
 __bpf_redirect_common net/core/filter.c:2100 [inline]
 __bpf_redirect+0x11d5/0x1440 net/core/filter.c:2107
 ____bpf_clone_redirect net/core/filter.c:2140 [inline]
 bpf_clone_redirect+0x466/0x620 net/core/filter.c:2112
 bpf_prog_bb15b996d00816f9+0x7a4/0x1000
 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline]
 bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48
 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388
 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline]
 __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414
 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline]
 __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7fc8d99
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000ff9adc0c EFLAGS: 00000246 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000280
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000005b
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127
 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:82
 slab_alloc_node mm/slub.c:2793 [inline]
 __kmalloc_node_track_caller+0xb40/0x1200 mm/slub.c:4401
 __kmalloc_reserve net/core/skbuff.c:142 [inline]
 pskb_expand_head+0x20b/0x1b00 net/core/skbuff.c:1629
 skb_ensure_writable+0x3ea/0x490 net/core/skbuff.c:5453
 __bpf_try_make_writable net/core/filter.c:1635 [inline]
 bpf_try_make_writable net/core/filter.c:1641 [inline]
 bpf_try_make_head_writable net/core/filter.c:1649 [inline]
 ____bpf_clone_redirect net/core/filter.c:2134 [inline]
 bpf_clone_redirect+0x251/0x620 net/core/filter.c:2112
 bpf_prog_bb15b996d00816f9+0x7a4/0x1000
 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline]
 bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48
 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388
 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline]
 __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414
 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline]
 __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
=====================================================

Crashes (1943):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce-386 2020/02/22 06:30 https://github.com/google/kmsan.git master 8bbbc5cf3dca 2ffa6679 .config log report syz C
ci-upstream-kmsan-gce-386 2022/11/29 09:13 https://github.com/google/kmsan.git master 49a9a20768f5 ca9683b8 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/09/17 15:54 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/08/30 03:50 https://github.com/google/kmsan.git master ac3859c02d7f 5b44472d .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/08/16 16:42 https://github.com/google/kmsan.git master 1b070a5d1a2c 7a7cb304 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/08/13 12:39 https://github.com/google/kmsan.git master 1b070a5d1a2c 8dfcaa3d .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/08/09 07:43 https://github.com/google/kmsan.git master 1b070a5d1a2c da700653 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/08/07 00:42 https://github.com/google/kmsan.git master bba47a4b6421 88e3a122 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/08/06 02:58 https://github.com/google/kmsan.git master bba47a4b6421 e853abd9 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/07/30 08:57 https://github.com/google/kmsan.git master 3ea9edba19ef fef302b1 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/07/23 12:09 https://github.com/google/kmsan.git master 97117d69c353 22343af4 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/07/16 18:19 https://github.com/google/kmsan.git master 97117d69c353 95cb00d1 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/06/30 11:54 https://github.com/google/kmsan.git master ec1cbf8b060e 1434eec0 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/06/29 04:49 https://github.com/google/kmsan.git master ec1cbf8b060e 496a8536 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/06/28 07:58 https://github.com/google/kmsan.git master d60755a5e2cb ef82eb2c .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/06/24 21:58 https://github.com/google/kmsan.git master 4b28366af7d9 a5dbd430 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/06/22 01:51 https://github.com/google/kmsan.git master 4b28366af7d9 0fc5c330 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/06/17 22:26 https://github.com/google/kmsan.git master 2d0ce79ea812 cb58b3b2 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/06/14 10:28 https://github.com/google/kmsan.git master 2f3064574275 0f087040 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/06/13 21:05 https://github.com/google/kmsan.git master 2f3064574275 0d5abf15 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/06/13 16:31 https://github.com/google/kmsan.git master 2f3064574275 0d5abf15 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/06/13 14:01 https://github.com/google/kmsan.git master 2f3064574275 0d5abf15 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/05/25 17:59 https://github.com/google/kmsan.git master c5c93da9af13 647c0e27 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/05/23 02:38 https://github.com/google/kmsan.git master c5c93da9af13 7268fa62 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/05/11 11:40 https://github.com/google/kmsan.git master d6e2c8c7eb40 8d7b3b67 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/05/11 06:33 https://github.com/google/kmsan.git master d6e2c8c7eb40 8d7b3b67 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/04/29 23:01 https://github.com/google/kmsan.git master d6e2c8c7eb40 44a5ca63 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/04/29 02:14 https://github.com/google/kmsan.git master d6e2c8c7eb40 e9076525 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/04/26 20:52 https://github.com/google/kmsan.git master e8cbf4e6e3e8 1fa34c1b .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/04/26 19:12 https://github.com/google/kmsan.git master e8cbf4e6e3e8 1fa34c1b .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/04/09 18:46 https://github.com/google/kmsan.git master 33d9269ef6e0 e22c3da3 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/04/09 09:42 https://github.com/google/kmsan.git master 33d9269ef6e0 e22c3da3 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/04/07 13:53 https://github.com/google/kmsan.git master 33d9269ef6e0 c6ff3e05 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/03/25 00:38 https://github.com/google/kmsan.git master 97c7732c2bb6 89bc8608 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/03/23 15:52 https://github.com/google/kmsan.git master 97c7732c2bb6 5ff41e94 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/03/23 00:06 https://github.com/google/kmsan.git master 97c7732c2bb6 d88ef0c5 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/03/15 19:26 https://github.com/google/kmsan.git master 724946410067 9e8eaa75 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/03/08 13:09 https://github.com/google/kmsan.git master 724946410067 7bdd8b2c .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/02/25 08:27 https://github.com/google/kmsan.git master 724946410067 7c337266 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/02/25 08:06 https://github.com/google/kmsan.git master 724946410067 7c337266 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/02/22 01:50 https://github.com/google/kmsan.git master 724946410067 6e821dbf .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/02/18 23:24 https://github.com/google/kmsan.git master 724946410067 3cd800e4 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/02/17 06:23 https://github.com/google/kmsan.git master 85cfd6e539bd 2bea8a27 .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2022/02/08 17:23 https://github.com/google/kmsan.git master 85cfd6e539bd 0b33604d .config log report info KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386 2021/01/16 20:47 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config log report info
ci-upstream-kmsan-gce-386 2020/02/21 03:30 https://github.com/google/kmsan.git master 8bbbc5cf3dca bd2a74a3 .config log report
* Struck through repros no longer work on HEAD.