syzbot |
sign-in | mailing list | source | docs | 🏰 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2026/05/17 15:57 | 41m | retest repro | upstream | log | |
| 2026/05/17 15:56 | 32m | retest repro | upstream | log | |
| 2026/03/08 13:42 | 28m | edumazet@google.com | upstream | report log | |
| 2026/01/19 15:42 | 25m | edumazet@google.com | patch | upstream | report log |
| 2026/01/15 20:47 | 3h17m | edumazet@google.com | upstream | report log | |
| 2025/12/04 21:43 | 32m | retest repro | upstream | report log | |
| 2025/09/25 20:31 | 21m | retest repro | upstream | report log |
===================================================== BUG: KMSAN: uninit-value in icmpv6_push_pending_frames+0x661/0x6d0 net/ipv6/icmp.c:293 icmpv6_push_pending_frames+0x661/0x6d0 net/ipv6/icmp.c:293 icmp6_send+0x29de/0x2c60 net/ipv6/icmp.c:634 __icmpv6_send include/linux/icmpv6.h:28 [inline] icmpv6_send include/linux/icmpv6.h:49 [inline] ip6_link_failure+0x40/0x310 net/ipv6/route.c:2843 dst_link_failure include/net/dst.h:429 [inline] ipip6_tunnel_xmit net/ipv6/sit.c:1042 [inline] sit_tunnel_xmit+0x16dc/0x3be0 net/ipv6/sit.c:1079 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x22c/0xa30 net/core/dev.c:3855 __dev_queue_xmit+0x3c51/0x5e60 net/core/dev.c:4725 dev_queue_xmit include/linux/netdevice.h:3361 [inline] neigh_connected_output+0x5d3/0x6c0 net/core/neighbour.c:1624 neigh_output include/net/neighbour.h:547 [inline] ip6_finish_output2+0x24ee/0x2d50 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline] ip6_finish_output+0x903/0x10d0 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x32e/0x600 net/ipv6/ip6_output.c:248 dst_output include/net/dst.h:461 [inline] ip6_local_out+0x113/0x250 net/ipv6/output_core.c:155 ip6tunnel_xmit+0x11d/0x460 include/net/ip6_tunnel.h:162 ip6_tnl_xmit+0x3422/0x3980 net/ipv6/ip6_tunnel.c:1281 __gre6_xmit+0x97c/0x1430 net/ipv6/ip6_gre.c:784 ip6gre_xmit_other net/ipv6/ip6_gre.c:870 [inline] ip6gre_tunnel_xmit+0x139f/0x1cf0 net/ipv6/ip6_gre.c:897 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x22c/0xa30 net/core/dev.c:3855 sch_direct_xmit+0x3b2/0xcf0 net/sched/sch_generic.c:344 __dev_xmit_skb net/core/dev.c:4114 [inline] __dev_queue_xmit+0x3588/0x5e60 net/core/dev.c:4691 dev_queue_xmit include/linux/netdevice.h:3361 [inline] packet_xmit+0x8f/0x710 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3130 [inline] packet_sendmsg+0x9172/0xa2a0 net/packet/af_packet.c:3162 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:729 __sys_sendto+0x593/0x720 net/socket.c:2228 __do_sys_sendto net/socket.c:2235 [inline] __se_sys_sendto net/socket.c:2231 [inline] __x64_sys_sendto+0x130/0x200 net/socket.c:2231 x64_sys_call+0x3910/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: icmpv6_push_pending_frames+0x65a/0x6d0 net/ipv6/icmp.c:294 icmp6_send+0x29de/0x2c60 net/ipv6/icmp.c:634 __icmpv6_send include/linux/icmpv6.h:28 [inline] icmpv6_send include/linux/icmpv6.h:49 [inline] ip6_link_failure+0x40/0x310 net/ipv6/route.c:2843 dst_link_failure include/net/dst.h:429 [inline] ipip6_tunnel_xmit net/ipv6/sit.c:1042 [inline] sit_tunnel_xmit+0x16dc/0x3be0 net/ipv6/sit.c:1079 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x22c/0xa30 net/core/dev.c:3855 __dev_queue_xmit+0x3c51/0x5e60 net/core/dev.c:4725 dev_queue_xmit include/linux/netdevice.h:3361 [inline] neigh_connected_output+0x5d3/0x6c0 net/core/neighbour.c:1624 neigh_output include/net/neighbour.h:547 [inline] ip6_finish_output2+0x24ee/0x2d50 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline] ip6_finish_output+0x903/0x10d0 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x32e/0x600 net/ipv6/ip6_output.c:248 dst_output include/net/dst.h:461 [inline] ip6_local_out+0x113/0x250 net/ipv6/output_core.c:155 ip6tunnel_xmit+0x11d/0x460 include/net/ip6_tunnel.h:162 ip6_tnl_xmit+0x3422/0x3980 net/ipv6/ip6_tunnel.c:1281 __gre6_xmit+0x97c/0x1430 net/ipv6/ip6_gre.c:784 ip6gre_xmit_other net/ipv6/ip6_gre.c:870 [inline] ip6gre_tunnel_xmit+0x139f/0x1cf0 net/ipv6/ip6_gre.c:897 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x22c/0xa30 net/core/dev.c:3855 sch_direct_xmit+0x3b2/0xcf0 net/sched/sch_generic.c:344 __dev_xmit_skb net/core/dev.c:4114 [inline] __dev_queue_xmit+0x3588/0x5e60 net/core/dev.c:4691 dev_queue_xmit include/linux/netdevice.h:3361 [inline] packet_xmit+0x8f/0x710 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3130 [inline] packet_sendmsg+0x9172/0xa2a0 net/packet/af_packet.c:3162 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:729 __sys_sendto+0x593/0x720 net/socket.c:2228 __do_sys_sendto net/socket.c:2235 [inline] __se_sys_sendto net/socket.c:2231 [inline] __x64_sys_sendto+0x130/0x200 net/socket.c:2231 x64_sys_call+0x3910/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: icmpv6_getfrag+0x260/0x2b0 net/ipv6/icmp.c:330 __ip6_append_data+0x61bd/0x6f40 net/ipv6/ip6_output.c:1706 ip6_append_data+0x352/0x4e0 net/ipv6/ip6_output.c:1860 icmp6_send+0x2883/0x2c60 net/ipv6/icmp.c:626 __icmpv6_send include/linux/icmpv6.h:28 [inline] icmpv6_send include/linux/icmpv6.h:49 [inline] ip6_link_failure+0x40/0x310 net/ipv6/route.c:2843 dst_link_failure include/net/dst.h:429 [inline] ipip6_tunnel_xmit net/ipv6/sit.c:1042 [inline] sit_tunnel_xmit+0x16dc/0x3be0 net/ipv6/sit.c:1079 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x22c/0xa30 net/core/dev.c:3855 __dev_queue_xmit+0x3c51/0x5e60 net/core/dev.c:4725 dev_queue_xmit include/linux/netdevice.h:3361 [inline] neigh_connected_output+0x5d3/0x6c0 net/core/neighbour.c:1624 neigh_output include/net/neighbour.h:547 [inline] ip6_finish_output2+0x24ee/0x2d50 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline] ip6_finish_output+0x903/0x10d0 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x32e/0x600 net/ipv6/ip6_output.c:248 dst_output include/net/dst.h:461 [inline] ip6_local_out+0x113/0x250 net/ipv6/output_core.c:155 ip6tunnel_xmit+0x11d/0x460 include/net/ip6_tunnel.h:162 ip6_tnl_xmit+0x3422/0x3980 net/ipv6/ip6_tunnel.c:1281 __gre6_xmit+0x97c/0x1430 net/ipv6/ip6_gre.c:784 ip6gre_xmit_other net/ipv6/ip6_gre.c:870 [inline] ip6gre_tunnel_xmit+0x139f/0x1cf0 net/ipv6/ip6_gre.c:897 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x22c/0xa30 net/core/dev.c:3855 sch_direct_xmit+0x3b2/0xcf0 net/sched/sch_generic.c:344 __dev_xmit_skb net/core/dev.c:4114 [inline] __dev_queue_xmit+0x3588/0x5e60 net/core/dev.c:4691 dev_queue_xmit include/linux/netdevice.h:3361 [inline] packet_xmit+0x8f/0x710 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3130 [inline] packet_sendmsg+0x9172/0xa2a0 net/packet/af_packet.c:3162 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:729 __sys_sendto+0x593/0x720 net/socket.c:2228 __do_sys_sendto net/socket.c:2235 [inline] __se_sys_sendto net/socket.c:2231 [inline] __x64_sys_sendto+0x130/0x200 net/socket.c:2231 x64_sys_call+0x3910/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: csum_partial_copy_nocheck include/net/checksum.h:53 [inline] skb_copy_and_csum_bits+0x150/0x1580 net/core/skbuff.c:3543 icmpv6_getfrag+0x9d/0x2b0 net/ipv6/icmp.c:328 __ip6_append_data+0x61bd/0x6f40 net/ipv6/ip6_output.c:1706 ip6_append_data+0x352/0x4e0 net/ipv6/ip6_output.c:1860 icmp6_send+0x2883/0x2c60 net/ipv6/icmp.c:626 __icmpv6_send include/linux/icmpv6.h:28 [inline] icmpv6_send include/linux/icmpv6.h:49 [inline] ip6_link_failure+0x40/0x310 net/ipv6/route.c:2843 dst_link_failure include/net/dst.h:429 [inline] ipip6_tunnel_xmit net/ipv6/sit.c:1042 [inline] sit_tunnel_xmit+0x16dc/0x3be0 net/ipv6/sit.c:1079 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x22c/0xa30 net/core/dev.c:3855 __dev_queue_xmit+0x3c51/0x5e60 net/core/dev.c:4725 dev_queue_xmit include/linux/netdevice.h:3361 [inline] neigh_connected_output+0x5d3/0x6c0 net/core/neighbour.c:1624 neigh_output include/net/neighbour.h:547 [inline] ip6_finish_output2+0x24ee/0x2d50 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline] ip6_finish_output+0x903/0x10d0 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x32e/0x600 net/ipv6/ip6_output.c:248 dst_output include/net/dst.h:461 [inline] ip6_local_out+0x113/0x250 net/ipv6/output_core.c:155 ip6tunnel_xmit+0x11d/0x460 include/net/ip6_tunnel.h:162 ip6_tnl_xmit+0x3422/0x3980 net/ipv6/ip6_tunnel.c:1281 __gre6_xmit+0x97c/0x1430 net/ipv6/ip6_gre.c:784 ip6gre_xmit_other net/ipv6/ip6_gre.c:870 [inline] ip6gre_tunnel_xmit+0x139f/0x1cf0 net/ipv6/ip6_gre.c:897 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x22c/0xa30 net/core/dev.c:3855 sch_direct_xmit+0x3b2/0xcf0 net/sched/sch_generic.c:344 __dev_xmit_skb net/core/dev.c:4114 [inline] __dev_queue_xmit+0x3588/0x5e60 net/core/dev.c:4691 dev_queue_xmit include/linux/netdevice.h:3361 [inline] packet_xmit+0x8f/0x710 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3130 [inline] packet_sendmsg+0x9172/0xa2a0 net/packet/af_packet.c:3162 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:729 __sys_sendto+0x593/0x720 net/socket.c:2228 __do_sys_sendto net/socket.c:2235 [inline] __se_sys_sendto net/socket.c:2231 [inline] __x64_sys_sendto+0x130/0x200 net/socket.c:2231 x64_sys_call+0x3910/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: ip6_tnl_xmit+0x3555/0x3980 net/ipv6/ip6_tunnel.c:1277 __gre6_xmit+0x97c/0x1430 net/ipv6/ip6_gre.c:784 ip6gre_xmit_other net/ipv6/ip6_gre.c:870 [inline] ip6gre_tunnel_xmit+0x139f/0x1cf0 net/ipv6/ip6_gre.c:897 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x22c/0xa30 net/core/dev.c:3855 sch_direct_xmit+0x3b2/0xcf0 net/sched/sch_generic.c:344 __dev_xmit_skb net/core/dev.c:4114 [inline] __dev_queue_xmit+0x3588/0x5e60 net/core/dev.c:4691 dev_queue_xmit include/linux/netdevice.h:3361 [inline] packet_xmit+0x8f/0x710 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3130 [inline] packet_sendmsg+0x9172/0xa2a0 net/packet/af_packet.c:3162 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:729 __sys_sendto+0x593/0x720 net/socket.c:2228 __do_sys_sendto net/socket.c:2235 [inline] __se_sys_sendto net/socket.c:2231 [inline] __x64_sys_sendto+0x130/0x200 net/socket.c:2231 x64_sys_call+0x3910/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4197 [inline] slab_alloc_node mm/slub.c:4240 [inline] __do_kmalloc_node mm/slub.c:4375 [inline] __kmalloc_node_track_caller_noprof+0x96d/0x12f0 mm/slub.c:4395 kmalloc_reserve+0x22f/0x4b0 net/core/skbuff.c:600 pskb_expand_head+0x1fc/0x1610 net/core/skbuff.c:2240 skb_realloc_headroom+0x152/0x2d0 net/core/skbuff.c:2320 ip6_tnl_xmit+0x2183/0x3980 net/ipv6/ip6_tunnel.c:1227 __gre6_xmit+0x97c/0x1430 net/ipv6/ip6_gre.c:784 ip6gre_xmit_other net/ipv6/ip6_gre.c:870 [inline] ip6gre_tunnel_xmit+0x139f/0x1cf0 net/ipv6/ip6_gre.c:897 __netdev_start_xmit include/linux/netdevice.h:5222 [inline] netdev_start_xmit include/linux/netdevice.h:5231 [inline] xmit_one net/core/dev.c:3839 [inline] dev_hard_start_xmit+0x22c/0xa30 net/core/dev.c:3855 sch_direct_xmit+0x3b2/0xcf0 net/sched/sch_generic.c:344 __dev_xmit_skb net/core/dev.c:4114 [inline] __dev_queue_xmit+0x3588/0x5e60 net/core/dev.c:4691 dev_queue_xmit include/linux/netdevice.h:3361 [inline] packet_xmit+0x8f/0x710 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3130 [inline] packet_sendmsg+0x9172/0xa2a0 net/packet/af_packet.c:3162 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:729 __sys_sendto+0x593/0x720 net/socket.c:2228 __do_sys_sendto net/socket.c:2235 [inline] __se_sys_sendto net/socket.c:2231 [inline] __x64_sys_sendto+0x130/0x200 net/socket.c:2231 x64_sys_call+0x3910/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 0 UID: 0 PID: 6090 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(none) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 =====================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/09/11 15:09 | upstream | 7aac71907bde | fdeaa69b | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci-upstream-kmsan-gce-root | KMSAN: uninit-value in icmpv6_push_pending_frames | |
| 2026/01/19 00:48 | upstream | e84d960149e7 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kmsan-gce-root | KMSAN: uninit-value in icmpv6_push_pending_frames | ||
| 2025/09/11 11:06 | upstream | 7aac71907bde | fdeaa69b | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kmsan-gce-root | KMSAN: uninit-value in icmpv6_push_pending_frames |