syzbot


KMSAN: uninit-value in esp6_init_state

Status: auto-closed as invalid on 2022/04/16 22:31
Subsystems: net
[Documentation on labels]
First crash: 873d, last: 825d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in snd_pcm_hw_rule_add (2) sound 18 674d 941d 0/26 auto-closed as invalid on 2022/09/15 02:38
upstream KMSAN: uninit-value in seq_printf (2) fs C 99 675d 941d 0/26 auto-closed as invalid on 2022/09/30 02:43
upstream KMSAN: uninit-value in nsim_udp_tunnel_unset_port kernel C 114 806d 886d 0/26 auto-closed as invalid on 2022/09/27 06:37
upstream KMSAN: uninit-value in number (4) kernel C 7189 514d 893d 0/26 closed as invalid on 2022/11/28 10:01
upstream KMSAN: uninit-value in p9pdu_vwritef v9fs 544 605d 834d 0/26 auto-obsoleted due to no activity on 2022/11/22 23:51
upstream KMSAN: uninit-value in __vmalloc_node_range block 5 824d 869d 0/26 auto-closed as invalid on 2022/04/17 19:38
upstream KMSAN: uninit-value in ptr_to_id fs C 5 831d 852d 0/26 auto-closed as invalid on 2022/09/27 03:12
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) net C 748 774d 863d 20/26 fixed on 2022/03/08 16:11

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in check_pointer lib/vsprintf.c:705 [inline]
BUG: KMSAN: uninit-value in string+0x3cf/0x6f0 lib/vsprintf.c:717
 check_pointer lib/vsprintf.c:705 [inline]
 string+0x3cf/0x6f0 lib/vsprintf.c:717
 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2805
 snprintf+0x24a/0x290 lib/vsprintf.c:2938
 esp_init_authenc net/ipv6/esp6.c:1114 [inline]
 esp6_init_state+0x536/0x1a70 net/ipv6/esp6.c:1192
 __xfrm_init_state+0x14a2/0x19e0 net/xfrm/xfrm_state.c:2648
 xfrm_state_construct net/xfrm/xfrm_user.c:627 [inline]
 xfrm_add_sa+0x3f45/0x5000 net/xfrm/xfrm_user.c:684
 xfrm_user_rcv_msg+0xe07/0x1180 net/xfrm/xfrm_user.c:2912
 netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2496
 xfrm_netlink_rcv+0xb2/0xf0 net/xfrm/xfrm_user.c:2934
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x1075/0x1340 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x14cf/0x1710 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmsg+0x704/0x840 net/socket.c:2492
 __do_sys_sendmsg net/socket.c:2501 [inline]
 __se_sys_sendmsg net/socket.c:2499 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2499
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Local variable rec.i created at:
 perf_log_itrace_start kernel/events/core.c:9074 [inline]
 event_sched_in+0x1344/0x35c0 kernel/events/core.c:2557
 group_sched_in kernel/events/core.c:2595 [inline]
 merge_sched_in kernel/events/core.c:3746 [inline]
 visit_groups_merge+0x2919/0x7460 kernel/events/core.c:3696

CPU: 0 PID: 16233 Comm: syz-executor.5 Tainted: G        W         5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/01/16 22:30 https://github.com/google/kmsan.git master fa3879a274df 723cfaf0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in esp6_init_state
2021/11/29 04:11 https://github.com/google/kmsan.git master a535b0caaa2f 63eeac02 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in esp6_init_state
* Struck through repros no longer work on HEAD.