syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5235] 🐞 Invalid [12495] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in ip_tunnel_xmit

Status: fixed on 2018/07/17 16:09
Subsystems: net
[Documentation on labels]
Fix commit: b84bbaf7a6c8 packet: in packet_snd start writing at link layer allocation
First crash: 2194d, last: 2107d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in ip_tunnel_xmit (3) net C 1516 565d 1252d 0/26 closed as invalid on 2022/10/12 18:48
upstream KMSAN: uninit-value in ip_tunnel_xmit (2) net C 11778 1258d 2083d 15/26 fixed on 2020/11/16 12:12
upstream KMSAN: uninit-value in ip_tunnel_xmit (4) net C 21 155d 232d 0/26 auto-obsoleted due to no activity on 2024/01/12 09:25

Sample crash report:
IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
==================================================================
BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x5dc/0x37c0 net/ipv4/ip_tunnel.c:645
CPU: 0 PID: 4578 Comm: syz-executor270 Not tainted 4.17.0+ #22
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x188/0x2a0 mm/kmsan/kmsan.c:990
 __msan_warning_32+0x70/0xc0 mm/kmsan/kmsan_instr.c:640
 ip_tunnel_xmit+0x5dc/0x37c0 net/ipv4/ip_tunnel.c:645
 __gre_xmit net/ipv4/ip_gre.c:449 [inline]
 ipgre_xmit+0xe16/0xef0 net/ipv4/ip_gre.c:689
 __netdev_start_xmit include/linux/netdevice.h:4087 [inline]
 netdev_start_xmit include/linux/netdevice.h:4096 [inline]
 xmit_one net/core/dev.c:3053 [inline]
 dev_hard_start_xmit+0x5f6/0xc80 net/core/dev.c:3069
 __dev_queue_xmit+0x2ad2/0x3540 net/core/dev.c:3584
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:3617
 packet_snd net/packet/af_packet.c:2953 [inline]
 packet_sendmsg+0x818b/0x8cc0 net/packet/af_packet.c:2978
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg net/socket.c:639 [inline]
 ___sys_sendmsg+0xec8/0x1320 net/socket.c:2117
 __sys_sendmsg net/socket.c:2155 [inline]
 __do_sys_sendmsg net/socket.c:2164 [inline]
 __se_sys_sendmsg net/socket.c:2162 [inline]
 __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x441199
RSP: 002b:00007ffc73cd6248 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441199
RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003
RBP: 00000000006cc018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000020 R11: 0000000000000213 R12: 0000000000402100
R13: 0000000000402190 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:256 [inline]
 kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:181
 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan_hooks.c:91
 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan_hooks.c:100
 slab_post_alloc_hook mm/slab.h:446 [inline]
 slab_alloc_node mm/slub.c:2753 [inline]
 __kmalloc_node_track_caller+0xb35/0x11b0 mm/slub.c:4395
 __kmalloc_reserve net/core/skbuff.c:138 [inline]
 __alloc_skb+0x2cb/0x9e0 net/core/skbuff.c:206
 alloc_skb include/linux/skbuff.h:988 [inline]
 alloc_skb_with_frags+0x1e6/0xb80 net/core/skbuff.c:5254
 sock_alloc_send_pskb+0xb56/0x11a0 net/core/sock.c:2088
 packet_alloc_skb net/packet/af_packet.c:2810 [inline]
 packet_snd net/packet/af_packet.c:2901 [inline]
 packet_sendmsg+0x6672/0x8cc0 net/packet/af_packet.c:2978
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg net/socket.c:639 [inline]
 ___sys_sendmsg+0xec8/0x1320 net/socket.c:2117
 __sys_sendmsg net/socket.c:2155 [inline]
 __do_sys_sendmsg net/socket.c:2164 [inline]
 __se_sys_sendmsg net/socket.c:2162 [inline]
 __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
==================================================================

Crashes (2594):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/08 04:37 https://github.com/google/kmsan.git master a00de5aa4da3 c9a7a4dc .config console log report syz C ci-upstream-kmsan-gce
2018/07/08 01:38 https://github.com/google/kmsan.git master a00de5aa4da3 ab89aea9 .config console log report syz C ci-upstream-kmsan-gce
2018/07/07 17:56 https://github.com/google/kmsan.git master a00de5aa4da3 ab89aea9 .config console log report syz C ci-upstream-kmsan-gce
2018/07/04 22:58 https://github.com/google/kmsan.git master accdc89e1dc3 e1b966c6 .config console log report syz C ci-upstream-kmsan-gce
2018/06/29 18:21 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report syz C ci-upstream-kmsan-gce
2018/06/29 13:41 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report syz C ci-upstream-kmsan-gce
2018/06/26 11:47 https://github.com/google/kmsan.git master 123906095e30 2064fc5c .config console log report syz C ci-upstream-kmsan-gce
2018/06/24 01:44 https://github.com/google/kmsan.git master 123906095e30 2064fc5c .config console log report syz C ci-upstream-kmsan-gce
2018/06/22 12:44 https://github.com/google/kmsan.git master 123906095e30 095ef806 .config console log report syz C ci-upstream-kmsan-gce
2018/06/20 07:42 https://github.com/google/kmsan.git master 123906095e30 095ef806 .config console log report syz C ci-upstream-kmsan-gce
2018/05/24 14:32 https://github.com/google/kmsan.git master 1b9cd4eccac9 f48c20b8 .config console log report syz C ci-upstream-kmsan-gce
2018/05/22 20:20 https://github.com/google/kmsan.git master 1b9cd4eccac9 f48c20b8 .config console log report syz C ci-upstream-kmsan-gce
2018/05/21 21:53 https://github.com/google/kmsan.git master 9f127b7ceaf7 f48c20b8 .config console log report syz C ci-upstream-kmsan-gce
2018/05/18 04:34 https://github.com/google/kmsan.git master cd34f1881058 738d58ad .config console log report syz C ci-upstream-kmsan-gce
2018/05/15 16:55 https://github.com/google/kmsan.git master 1df165c8d2d6 661fd7b9 .config console log report syz C ci-upstream-kmsan-gce
2018/04/27 00:45 https://github.com/google/kmsan.git master d2d741e5d189 73417389 .config console log report syz C ci-upstream-kmsan-gce
2018/04/22 03:35 https://github.com/google/kmsan.git master a7f95e9c8a95 d23fcf6c .config console log report syz C ci-upstream-kmsan-gce
2018/07/17 14:58 https://github.com/google/kmsan.git master 80ecacc456c1 13761366 .config console log report ci-upstream-kmsan-gce
2018/07/17 13:50 https://github.com/google/kmsan.git master 80ecacc456c1 13761366 .config console log report ci-upstream-kmsan-gce
2018/07/17 12:28 https://github.com/google/kmsan.git master 80ecacc456c1 13761366 .config console log report ci-upstream-kmsan-gce
2018/07/17 11:26 https://github.com/google/kmsan.git master 80ecacc456c1 13761366 .config console log report ci-upstream-kmsan-gce
2018/07/17 10:10 https://github.com/google/kmsan.git master 80ecacc456c1 13761366 .config console log report ci-upstream-kmsan-gce
2018/07/17 07:16 https://github.com/google/kmsan.git master 80ecacc456c1 13761366 .config console log report ci-upstream-kmsan-gce
2018/07/17 05:48 https://github.com/google/kmsan.git master 80ecacc456c1 13761366 .config console log report ci-upstream-kmsan-gce
2018/07/17 03:45 https://github.com/google/kmsan.git master 80ecacc456c1 40cb0c9a .config console log report ci-upstream-kmsan-gce
2018/07/17 02:41 https://github.com/google/kmsan.git master 80ecacc456c1 40cb0c9a .config console log report ci-upstream-kmsan-gce
2018/07/17 01:32 https://github.com/google/kmsan.git master 80ecacc456c1 40cb0c9a .config console log report ci-upstream-kmsan-gce
2018/07/16 23:43 https://github.com/google/kmsan.git master 80ecacc456c1 40cb0c9a .config console log report ci-upstream-kmsan-gce
2018/07/16 22:09 https://github.com/google/kmsan.git master 80ecacc456c1 40cb0c9a .config console log report ci-upstream-kmsan-gce
2018/07/16 21:23 https://github.com/google/kmsan.git master 80ecacc456c1 40cb0c9a .config console log report ci-upstream-kmsan-gce
2018/07/16 20:14 https://github.com/google/kmsan.git master 80ecacc456c1 40cb0c9a .config console log report ci-upstream-kmsan-gce
2018/07/16 18:53 https://github.com/google/kmsan.git master 80ecacc456c1 40cb0c9a .config console log report ci-upstream-kmsan-gce
2018/07/16 17:19 https://github.com/google/kmsan.git master 80ecacc456c1 40cb0c9a .config console log report ci-upstream-kmsan-gce
2018/07/16 16:10 https://github.com/google/kmsan.git master 80ecacc456c1 40cb0c9a .config console log report ci-upstream-kmsan-gce
2018/07/16 13:40 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/16 13:15 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/16 12:15 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/16 10:06 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/16 08:51 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/16 07:44 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/16 06:02 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/16 05:01 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/16 03:47 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/16 02:27 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/16 00:39 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 23:38 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 23:36 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 22:27 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 20:46 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 19:43 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 17:57 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 16:12 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 15:05 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 14:34 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 13:27 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 12:23 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 11:07 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 09:40 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 08:32 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 08:15 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/07/15 07:09 https://github.com/google/kmsan.git master 80ecacc456c1 92a49505 .config console log report ci-upstream-kmsan-gce
2018/04/21 15:05 https://github.com/google/kmsan.git master a7f95e9c8a95 d23fcf6c .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.