syzbot


KMSAN: uninit-value in esp6_init_state

Status: auto-closed as invalid on 2022/04/16 22:31
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 362d, last: 313d
similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in snd_pcm_hw_rule_add (2) 18 162d 430d 0/24 auto-closed as invalid on 2022/09/15 02:38
upstream KMSAN: uninit-value in seq_printf (2) C 99 164d 430d 0/24 auto-closed as invalid on 2022/09/30 02:43
upstream KMSAN: uninit-value in nsim_udp_tunnel_unset_port C 114 295d 374d 0/24 auto-closed as invalid on 2022/09/27 06:37
upstream KMSAN: uninit-value in p9pdu_vwritef 544 93d 323d 0/24 auto-obsoleted due to no activity on 2022/11/22 23:51
upstream KMSAN: uninit-value in __vmalloc_node_range 5 313d 357d 0/24 auto-closed as invalid on 2022/04/17 19:38
upstream KMSAN: uninit-value in ptr_to_id C 5 319d 340d 0/24 auto-closed as invalid on 2022/09/27 03:12
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) C 748 263d 352d 22/24 fixed on 2022/03/08 16:11

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in check_pointer lib/vsprintf.c:705 [inline]
BUG: KMSAN: uninit-value in string+0x3cf/0x6f0 lib/vsprintf.c:717
 check_pointer lib/vsprintf.c:705 [inline]
 string+0x3cf/0x6f0 lib/vsprintf.c:717
 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2805
 snprintf+0x24a/0x290 lib/vsprintf.c:2938
 esp_init_authenc net/ipv6/esp6.c:1114 [inline]
 esp6_init_state+0x536/0x1a70 net/ipv6/esp6.c:1192
 __xfrm_init_state+0x14a2/0x19e0 net/xfrm/xfrm_state.c:2648
 xfrm_state_construct net/xfrm/xfrm_user.c:627 [inline]
 xfrm_add_sa+0x3f45/0x5000 net/xfrm/xfrm_user.c:684
 xfrm_user_rcv_msg+0xe07/0x1180 net/xfrm/xfrm_user.c:2912
 netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2496
 xfrm_netlink_rcv+0xb2/0xf0 net/xfrm/xfrm_user.c:2934
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x1075/0x1340 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x14cf/0x1710 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmsg+0x704/0x840 net/socket.c:2492
 __do_sys_sendmsg net/socket.c:2501 [inline]
 __se_sys_sendmsg net/socket.c:2499 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2499
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Local variable rec.i created at:
 perf_log_itrace_start kernel/events/core.c:9074 [inline]
 event_sched_in+0x1344/0x35c0 kernel/events/core.c:2557
 group_sched_in kernel/events/core.c:2595 [inline]
 merge_sched_in kernel/events/core.c:3746 [inline]
 visit_groups_merge+0x2919/0x7460 kernel/events/core.c:3696

CPU: 0 PID: 16233 Comm: syz-executor.5 Tainted: G        W         5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2022/01/16 22:30 https://github.com/google/kmsan.git master fa3879a274df 723cfaf0 .config log report info KMSAN: uninit-value in esp6_init_state
ci-upstream-kmsan-gce 2021/11/29 04:11 https://github.com/google/kmsan.git master a535b0caaa2f 63eeac02 .config log report info KMSAN: uninit-value in esp6_init_state
* Struck through repros no longer work on HEAD.