syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1327]
Subsystems
🐞 Fixed [7156]
🐞 Invalid [18918]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in lowpan_xmit

Status: upstream: reported on 2026/06/03 07:27
Subsystems: wpan
Labels: prio:low
[Documentation on labels]
Reported-by: syzbot+f13c19f75e1097abd116@syzkaller.appspotmail.com
Fix commit: 3a5f3f7aff18 ieee802154: 6lowpan: only accept IPv6 packets in lowpan_xmit()
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci2-upstream-usb]
First crash: 41d, last: 8d20h
✨ AI Jobs (3)
ID Workflow Result Correct Bug Created Started Finished Revision Error
d2ce1b4e-4417-4d1a-add9-39b0000cf968 assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌ KMSAN: uninit-value in lowpan_xmit 2026/06/02 20:27 2026/06/02 20:27 2026/06/02 21:20 62fe15281f5011cd203d8845b8767b10e7443aa5
b9045e9b-f772-4706-87f3-a2ce207d9dab assessment-security 💥 KMSAN: uninit-value in lowpan_xmit 2026/05/30 05:28 2026/05/30 05:28 2026/05/30 05:28 6b4a844333e83556da95d61d7f207e7ef5cd4bc6 failed to run ["git" "-c" "core.hooksPath=/dev/null" "checkout" "e8c2f9fdadee7cbc75134dc463c1e0d856d6e5c7"]: exit status 128 error: Could not read 468af00fec2e7579c88b969e38a61f87fb6fab45
a9d4480e-cc66-46eb-9a1d-09e6b6f4eac9 assessment-security 💥 KMSAN: uninit-value in lowpan_xmit 2026/05/14 08:03 2026/05/14 08:03 2026/05/14 08:06 6ccb967e465e832a7bfd7a116ad00d52a0923a5d failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/35b92b0f92e93dfad21e78b6870fd4e49f8a9e66" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: error: unable to open output file 'kernel/futex/core.o': 'No such file or directory' error: unable to open output file 'drivers/tty/serdev/core.o': 'No such file or directory' /app/workdir/cache/src/f667aa61a6c19afbf475f9cae2fe8c478bc3495d/security/apparmor/apparmorfs.c:177:28: warning: unused function 'get_loaddata_common_ref' [-Wunused-function] 177 | static struct aa_loaddata *get_loaddata_common_ref(struct aa_common_ref *ref) | ^~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. fatal error: error in backend: IO failure on output stream: No space left on device PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script. Stack dump: 0. Program arguments: /usr/bin/clang --target=x86_64-linux-gnu -fintegrated-as -Werror=unknown-warning-option -Werror=ignored-optimization-argument -Werror=option-ignored -Werror=unused-command-line-argument -fmacro-prefix-map=/app/workdir/cache/src/f667aa61a6c19afbf475f9cae2fe8c478bc3495d/= -fshort-wchar -funsigned-char -fno-common -fno-PIE -fno-strict-aliasing -std=gnu11 -fms-extensions -Wno-gnu -Wno-microsoft-anon-tag -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -mno-sse4a -fcf-protection=branch -fno-jump-tables -m64 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mstack-alignment=8 -mskip-rax-setup -march=x86-64 -mtune=generic -mno-red-zone -mcmodel=kernel -Wno-sign-compare -fno-asynchronous-unwind-tables -mretpoline-external-thunk -mindirect-branch-cs-prefix -mfunction-return=thunk-extern -fpatchable-function-entry=16,16 -fno-delete-null-pointer-checks -O2 -fno-stack-protector -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-stack-clash-protection -falign-functions=16 -fstrict-flex-arrays=3 -fno-strict-overflow -fno-stack-check -fno-builtin-wcslen -Wall -Wextra -Wundef -Werror=implicit-function-declaration -Werror=implicit-int -Werror=return-type -Werror=strict-prototypes -Wno-format-security -Wno-trigraphs -Wno-frame-address -Wno-address-of-packed-member -Wmissing-declarations -Wmissing-prototypes -Wframe-larger-than=2048 -Wno-format-overflow-non-kprintf -Wno-format-truncation-non-kprintf -Wno-default-const-init-unsafe -Wno-type-limits -Wno-pointer-sign -Wcast-function-type -Wno-unterminated-string-initialization -Wimplicit-fallthrough -Werror=date-time -Werror=incompatible-pointer-types -Wenum-conversion -Wunused -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-format-overflow -Wno-override-init -Wno-pointer-to-enum-cast -Wno-tautological-constant-out-of-range-compare -Wno-unaligned-access -Wno-enum-compare-conditional -Wno-missing-field-initializers -Wno-shift-negative-value -Wno-enum-enum-conversion -Wno-sign-compare -Wno-unused-parameter -g -gdwarf-4 -fsanitize=kernel-memory -fsanitize-memory-param-retval -fsanitize-coverage=trace-pc -fsanitize-coverage=trace-cmp -fdebug-info-for-profiling -mllvm -enable-fs-discriminator=true -mllvm -improved-fs-discriminator=true -fbasic-block-address-map -nostdinc -I/app/workdir/cache/src/f667aa61a6c19afbf475f9cae2fe8c478bc3495d/arch/x86/include -I./arch/x86/include/generated -I/app/workdir/cache/src/f667aa61a6c19afbf475f9cae2fe8c478bc3495d/include -I./include -I/app/workdir/cache/src/f667aa61a6c19afbf475f9cae2fe8c478bc3495d/arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I/app/workdir/cache/src/f667aa61a6c19afbf475f9cae2fe8c478bc3495d/include/uapi -I./include/generated/uapi -include /app/workdir/cache/src/f667aa61a6c19afbf475f9cae2fe8c478bc3495d/include/linux/compiler-version.h -include /app/workdir/cache/src/f667aa61a6c19afbf475f9cae2fe8c478bc3495d/include/linux/kconfig.h -include /app/workdir/cache/src/f667aa61a6c19afbf475f9cae2fe8c478bc3495d/include/linux/compiler_types.h -D__KERNEL__ -I/app/workdir/
Discussions (2)
Title Replies (including bot) Last reply
[PATCH net] ieee802154: 6lowpan: only accept IPv6 packets in lowpan_xmit() 5 (5) 2026/06/04 16:00
[syzbot] [wpan?] KMSAN: uninit-value in lowpan_xmit 0 (1) 2026/06/03 07:27
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in hid_connect kernel 7 C 176 1319d 1670d 0/29 closed as invalid on 2022/11/03 08:52

Sample crash report:
 dev_queue_xmit include/linux/netdevice.h:3418 [inline]
 tx+0xb6/0x440 drivers/block/aoe/aoenet.c:62
 kthread+0x17d/0x370 drivers/block/aoe/aoecmd.c:1241
 kthread+0x53a/0x5f0 kernel/kthread.c:436
 ret_from_fork+0x20f/0x8d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace 0000000000000000 ]---
=====================================================
BUG: KMSAN: uninit-value in lowpan_header net/ieee802154/6lowpan/tx.c:240 [inline]
BUG: KMSAN: uninit-value in lowpan_xmit+0xa6b/0x1d00 net/ieee802154/6lowpan/tx.c:282
 lowpan_header net/ieee802154/6lowpan/tx.c:240 [inline]
 lowpan_xmit+0xa6b/0x1d00 net/ieee802154/6lowpan/tx.c:282
 __netdev_start_xmit include/linux/netdevice.h:5368 [inline]
 netdev_start_xmit include/linux/netdevice.h:5377 [inline]
 xmit_one net/core/dev.c:3888 [inline]
 dev_hard_start_xmit+0x22f/0xa80 net/core/dev.c:3904
 __dev_queue_xmit+0x2990/0x5a00 net/core/dev.c:4870
 dev_queue_xmit include/linux/netdevice.h:3418 [inline]
 tx+0xb6/0x440 drivers/block/aoe/aoenet.c:62
 kthread+0x17d/0x370 drivers/block/aoe/aoecmd.c:1241
 kthread+0x53a/0x5f0 kernel/kthread.c:436
 ret_from_fork+0x20f/0x8d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Uninit was stored to memory at:
 lowpan_header net/ieee802154/6lowpan/tx.c:231 [inline]
 lowpan_xmit+0x68f/0x1d00 net/ieee802154/6lowpan/tx.c:282
 __netdev_start_xmit include/linux/netdevice.h:5368 [inline]
 netdev_start_xmit include/linux/netdevice.h:5377 [inline]
 xmit_one net/core/dev.c:3888 [inline]
 dev_hard_start_xmit+0x22f/0xa80 net/core/dev.c:3904
 __dev_queue_xmit+0x2990/0x5a00 net/core/dev.c:4870
 dev_queue_xmit include/linux/netdevice.h:3418 [inline]
 tx+0xb6/0x440 drivers/block/aoe/aoenet.c:62
 kthread+0x17d/0x370 drivers/block/aoe/aoecmd.c:1241
 kthread+0x53a/0x5f0 kernel/kthread.c:436
 ret_from_fork+0x20f/0x8d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4577 [inline]
 slab_alloc_node mm/slub.c:4899 [inline]
 kmem_cache_alloc_node_noprof+0x3cd/0x12c0 mm/slub.c:4951
 kmalloc_reserve net/core/skbuff.c:613 [inline]
 __alloc_skb+0x855/0x1190 net/core/skbuff.c:713
 alloc_skb include/linux/skbuff.h:1385 [inline]
 new_skb+0x4a/0x550 drivers/block/aoe/aoecmd.c:66
 aoecmd_cfg_pkts drivers/block/aoe/aoecmd.c:430 [inline]
 aoecmd_cfg+0x2c2/0xb70 drivers/block/aoe/aoecmd.c:1374
 discover_timer+0x64/0x80 drivers/block/aoe/aoemain.c:25
 call_timer_fn+0x4c/0x510 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2374 [inline]
 __run_timer_base+0x80a/0xdb0 kernel/time/timer.c:2386
 run_timer_base kernel/time/timer.c:2395 [inline]
 run_timer_softirq+0x3a/0x70 kernel/time/timer.c:2405
 handle_softirqs+0x171/0x7b0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x9a/0x1e0 kernel/softirq.c:735
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:752
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0x84/0x90 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:697

CPU: 0 UID: 0 PID: 1303 Comm: aoe_tx0 Tainted: G        W           syzkaller #0 PREEMPT(lazy) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
=====================================================

Crashes (188):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/04 14:17 upstream ba3e43a9e601 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/26 07:02 upstream e8c2f9fdadee c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/23 00:55 upstream cca95436be15 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/22 13:30 upstream 6779b50faa56 e16cf9f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/22 10:17 upstream 6779b50faa56 e16cf9f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/22 04:21 upstream 6779b50faa56 e195359d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/22 04:21 upstream 6779b50faa56 e195359d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/21 16:59 upstream 8bc67e4db64a e195359d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/21 00:02 upstream df685633c3db 41b8c833 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/20 21:42 upstream df685633c3db 62fb93a2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/20 11:52 upstream 27fa82620cba 62fb93a2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/20 02:52 upstream 27fa82620cba 0909d65f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/19 15:02 upstream ab5fce87a778 223544dc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/19 15:01 upstream ab5fce87a778 223544dc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/19 01:36 upstream 4d3a2a466b8d 9f74d399 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/18 20:44 upstream 5200f5f493f7 55156e84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/05/04 12:37 upstream 6d35786de281 85f1bcf2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lowpan_xmit
2026/06/05 02:19 upstream 9154c4af7829 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/06/04 06:51 upstream ba3e43a9e601 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/06/04 06:45 upstream ba3e43a9e601 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/06/03 20:24 upstream 6f3ed7fec72f 234057e5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/06/03 20:18 upstream 6f3ed7fec72f 234057e5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/27 02:25 upstream d60ec36cab33 2b01f00e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/26 15:07 upstream e8c2f9fdadee a3e47276 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/18 14:41 upstream 5200f5f493f7 55156e84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/17 23:47 upstream e5d505e3664b de5aae85 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/16 16:04 upstream 6916d5703ddf a15a64a6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/16 01:05 upstream d458a240344c 81fb92f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/15 12:00 upstream 70eda68668d1 9cd3beaa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/15 01:13 upstream 66182ca873a4 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/14 03:09 upstream e1914add2799 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/13 16:49 upstream 1d5dcaa3bd65 fec2a7ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/13 00:42 upstream c21b90f77687 a0949470 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/12 12:04 upstream 50897c955902 d5b1a17d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/12 05:42 upstream 50897c955902 d168f260 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/12 00:23 upstream 5d6919055dec d168f260 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/11 12:17 upstream 5d6919055dec e6eb7c0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/10 21:11 upstream aa54b1d27fe0 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/10 02:21 upstream 1bfaee9d3351 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/09 12:31 upstream 70390501d194 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/08 23:52 upstream 81d6f7807536 0c5a8d8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/08 09:51 upstream 917719c412c4 5633175a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/07 21:20 upstream 19cbc75c56c0 e358bca5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/07 10:03 upstream 5862221fdded f250db59 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/07 10:03 upstream 5862221fdded f250db59 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/06 21:43 upstream adc1e5c6203c cbcd9ea0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
2026/05/06 21:42 upstream adc1e5c6203c cbcd9ea0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lowpan_xmit
* Struck through repros no longer work on HEAD.