syzbot

 sign-in | mailing list | source | docs
🐞 Open [1080] Subsystems 🐞 Fixed [5302] 🐞 Invalid [12651] Missing Backports [93] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in __skb_try_recv_from_queue

Status: fixed on 2018/05/08 18:30
Subsystems: net
[Documentation on labels]
Fix commit: b13dda9f9aa7 net: initialize skb->peeked when cloning
First crash: 2235d, last: 2204d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __skb_try_recv_from_queue (2) net 1 1697d 1697d 0/26 closed as invalid on 2019/10/08 12:18

Sample crash report:
==================================================================
BUG: KMSAN: uninit-value in __skb_try_recv_from_queue+0x4c6/0xe80 net/core/datagram.c:183
CPU: 0 PID: 3583 Comm: syzkaller376161 Not tainted 4.16.0+ #81
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:53
 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676
 __skb_try_recv_from_queue+0x4c6/0xe80 net/core/datagram.c:183
 __skb_try_recv_datagram+0x316/0x6f0 net/core/datagram.c:270
 __skb_recv_datagram net/core/datagram.c:303 [inline]
 skb_recv_datagram+0x253/0x450 net/core/datagram.c:322
 rawv6_recvmsg+0x45c/0x1420 net/ipv6/raw.c:483
 sock_common_recvmsg+0x16c/0x270 net/core/sock.c:2959
 sock_recvmsg_nosec net/socket.c:803 [inline]
 sock_recvmsg+0x1d0/0x230 net/socket.c:810
 ___sys_recvmsg+0x3fb/0x810 net/socket.c:2205
 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313
 SYSC_recvmmsg+0x29b/0x3e0 net/socket.c:2394
 SyS_recvmmsg+0x76/0xa0 net/socket.c:2378
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
RIP: 0033:0x445889
RSP: 002b:00007fe544210db8 EFLAGS: 00000297 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445889
RDX: 0000000000000001 RSI: 0000000020001000 RDI: 0000000000000003
RBP: 00000000006dac20 R08: 0000000020000a40 R09: 0000000000000000
R10: 0000000000010022 R11: 0000000000000297 R12: 0000000000000000
R13: 00007ffce66707df R14: 00007fe5442119c0 R15: 0000000000000001

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
 kmsan_save_stack mm/kmsan/kmsan.c:293 [inline]
 kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:684
 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:521
 __skb_clone+0x894/0x980 net/core/skbuff.c:865
 skb_clone+0x3e8/0x590 net/core/skbuff.c:1287
 ipv6_raw_deliver net/ipv6/raw.c:219 [inline]
 raw6_local_deliver+0xdaa/0x1ac0 net/ipv6/raw.c:240
 ip6_input_finish+0x55c/0x2110 net/ipv6/ip6_input.c:246
 NF_HOOK include/linux/netfilter.h:288 [inline]
 ip6_input+0x294/0x320 net/ipv6/ip6_input.c:327
 dst_input include/net/dst.h:449 [inline]
 ip6_rcv_finish net/ipv6/ip6_input.c:71 [inline]
 NF_HOOK include/linux/netfilter.h:288 [inline]
 ipv6_rcv+0x20ec/0x26d0 net/ipv6/ip6_input.c:208
 __netif_receive_skb_core+0x47cf/0x4a80 net/core/dev.c:4562
 __netif_receive_skb net/core/dev.c:4627 [inline]
 process_backlog+0x62d/0xe20 net/core/dev.c:5307
 napi_poll net/core/dev.c:5705 [inline]
 net_rx_action+0x7c1/0x1a70 net/core/dev.c:5771
 __do_softirq+0x56d/0x93d kernel/softirq.c:285
Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
 kmsan_save_stack mm/kmsan/kmsan.c:293 [inline]
 kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:684
 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:521
 skb_clone+0x46a/0x590 net/core/skbuff.c:1284
 ipv6_raw_deliver net/ipv6/raw.c:219 [inline]
 raw6_local_deliver+0xdaa/0x1ac0 net/ipv6/raw.c:240
 ip6_input_finish+0x55c/0x2110 net/ipv6/ip6_input.c:246
 NF_HOOK include/linux/netfilter.h:288 [inline]
 ip6_input+0x294/0x320 net/ipv6/ip6_input.c:327
 dst_input include/net/dst.h:449 [inline]
 ip6_rcv_finish net/ipv6/ip6_input.c:71 [inline]
 NF_HOOK include/linux/netfilter.h:288 [inline]
 ipv6_rcv+0x20ec/0x26d0 net/ipv6/ip6_input.c:208
 __netif_receive_skb_core+0x47cf/0x4a80 net/core/dev.c:4562
 __netif_receive_skb net/core/dev.c:4627 [inline]
 process_backlog+0x62d/0xe20 net/core/dev.c:5307
 napi_poll net/core/dev.c:5705 [inline]
 net_rx_action+0x7c1/0x1a70 net/core/dev.c:5771
 __do_softirq+0x56d/0x93d kernel/softirq.c:285
Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
 kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:188
 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:314
 kmem_cache_alloc+0xaab/0xb90 mm/slub.c:2756
 skb_clone+0x31e/0x590 net/core/skbuff.c:1280
 ipv6_raw_deliver net/ipv6/raw.c:219 [inline]
 raw6_local_deliver+0xdaa/0x1ac0 net/ipv6/raw.c:240
 ip6_input_finish+0x55c/0x2110 net/ipv6/ip6_input.c:246
 NF_HOOK include/linux/netfilter.h:288 [inline]
 ip6_input+0x294/0x320 net/ipv6/ip6_input.c:327
 dst_input include/net/dst.h:449 [inline]
 ip6_rcv_finish net/ipv6/ip6_input.c:71 [inline]
 NF_HOOK include/linux/netfilter.h:288 [inline]
 ipv6_rcv+0x20ec/0x26d0 net/ipv6/ip6_input.c:208
 __netif_receive_skb_core+0x47cf/0x4a80 net/core/dev.c:4562
 __netif_receive_skb net/core/dev.c:4627 [inline]
 process_backlog+0x62d/0xe20 net/core/dev.c:5307
 napi_poll net/core/dev.c:5705 [inline]
 net_rx_action+0x7c1/0x1a70 net/core/dev.c:5771
 __do_softirq+0x56d/0x93d kernel/softirq.c:285
==================================================================

Crashes (108):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/07 10:26 https://github.com/google/kmsan.git master e2ab7e8abba4 d613535f .config console log report syz C ci-upstream-kmsan-gce
2018/05/08 09:35 https://github.com/google/kmsan.git master d2d741e5d189 045bbd4a .config console log report ci-upstream-kmsan-gce
2018/05/07 19:15 https://github.com/google/kmsan.git master d2d741e5d189 9e0846e8 .config console log report ci-upstream-kmsan-gce
2018/05/07 14:22 https://github.com/google/kmsan.git master d2d741e5d189 a211da1a .config console log report ci-upstream-kmsan-gce
2018/05/07 07:02 https://github.com/google/kmsan.git master d2d741e5d189 a211da1a .config console log report ci-upstream-kmsan-gce
2018/05/07 05:53 https://github.com/google/kmsan.git master d2d741e5d189 a211da1a .config console log report ci-upstream-kmsan-gce
2018/05/07 02:02 https://github.com/google/kmsan.git master d2d741e5d189 a211da1a .config console log report ci-upstream-kmsan-gce
2018/05/06 21:37 https://github.com/google/kmsan.git master d2d741e5d189 6c18ddb0 .config console log report ci-upstream-kmsan-gce
2018/05/06 16:25 https://github.com/google/kmsan.git master d2d741e5d189 6c18ddb0 .config console log report ci-upstream-kmsan-gce
2018/05/05 23:31 https://github.com/google/kmsan.git master d2d741e5d189 78b251cb .config console log report ci-upstream-kmsan-gce
2018/05/05 13:34 https://github.com/google/kmsan.git master d2d741e5d189 6a0382b5 .config console log report ci-upstream-kmsan-gce
2018/05/05 07:22 https://github.com/google/kmsan.git master d2d741e5d189 9ce14f4b .config console log report ci-upstream-kmsan-gce
2018/05/05 00:00 https://github.com/google/kmsan.git master d2d741e5d189 9ce14f4b .config console log report ci-upstream-kmsan-gce
2018/05/04 14:23 https://github.com/google/kmsan.git master d2d741e5d189 9ce14f4b .config console log report ci-upstream-kmsan-gce
2018/05/04 11:16 https://github.com/google/kmsan.git master d2d741e5d189 9ce14f4b .config console log report ci-upstream-kmsan-gce
2018/05/03 22:12 https://github.com/google/kmsan.git master d2d741e5d189 9ce14f4b .config console log report ci-upstream-kmsan-gce
2018/05/03 07:29 https://github.com/google/kmsan.git master d2d741e5d189 9ce14f4b .config console log report ci-upstream-kmsan-gce
2018/05/03 04:46 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report ci-upstream-kmsan-gce
2018/05/03 00:39 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report ci-upstream-kmsan-gce
2018/05/02 20:05 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report ci-upstream-kmsan-gce
2018/05/02 11:03 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report ci-upstream-kmsan-gce
2018/05/02 07:34 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report ci-upstream-kmsan-gce
2018/05/02 03:19 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report ci-upstream-kmsan-gce
2018/05/01 20:35 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report ci-upstream-kmsan-gce
2018/05/01 18:52 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report ci-upstream-kmsan-gce
2018/05/01 07:28 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report ci-upstream-kmsan-gce
2018/04/30 22:48 https://github.com/google/kmsan.git master d2d741e5d189 d5b114b4 .config console log report ci-upstream-kmsan-gce
2018/04/30 13:19 https://github.com/google/kmsan.git master d2d741e5d189 06db3cec .config console log report ci-upstream-kmsan-gce
2018/04/30 09:19 https://github.com/google/kmsan.git master d2d741e5d189 06db3cec .config console log report ci-upstream-kmsan-gce
2018/04/29 21:22 https://github.com/google/kmsan.git master d2d741e5d189 bb79c6ab .config console log report ci-upstream-kmsan-gce
2018/04/29 18:58 https://github.com/google/kmsan.git master d2d741e5d189 bb79c6ab .config console log report ci-upstream-kmsan-gce
2018/04/29 17:06 https://github.com/google/kmsan.git master d2d741e5d189 d5a5d045 .config console log report ci-upstream-kmsan-gce
2018/04/29 05:52 https://github.com/google/kmsan.git master d2d741e5d189 d5a5d045 .config console log report ci-upstream-kmsan-gce
2018/04/28 14:09 https://github.com/google/kmsan.git master d2d741e5d189 d5a5d045 .config console log report ci-upstream-kmsan-gce
2018/04/28 06:12 https://github.com/google/kmsan.git master d2d741e5d189 d5a5d045 .config console log report ci-upstream-kmsan-gce
2018/04/27 23:17 https://github.com/google/kmsan.git master d2d741e5d189 7785e404 .config console log report ci-upstream-kmsan-gce
2018/04/27 18:49 https://github.com/google/kmsan.git master d2d741e5d189 7785e404 .config console log report ci-upstream-kmsan-gce
2018/04/27 15:45 https://github.com/google/kmsan.git master d2d741e5d189 7785e404 .config console log report ci-upstream-kmsan-gce
2018/04/27 07:52 https://github.com/google/kmsan.git master d2d741e5d189 73417389 .config console log report ci-upstream-kmsan-gce
2018/04/26 23:38 https://github.com/google/kmsan.git master d2d741e5d189 73417389 .config console log report ci-upstream-kmsan-gce
2018/04/26 15:07 https://github.com/google/kmsan.git master d2d741e5d189 73417389 .config console log report ci-upstream-kmsan-gce
2018/04/26 04:20 https://github.com/google/kmsan.git master d2d741e5d189 73417389 .config console log report ci-upstream-kmsan-gce
2018/04/26 02:55 https://github.com/google/kmsan.git master d2d741e5d189 73417389 .config console log report ci-upstream-kmsan-gce
2018/04/25 19:37 https://github.com/google/kmsan.git master d2d741e5d189 73417389 .config console log report ci-upstream-kmsan-gce
2018/04/25 09:47 https://github.com/google/kmsan.git master d2d741e5d189 73417389 .config console log report ci-upstream-kmsan-gce
2018/04/24 20:12 https://github.com/google/kmsan.git master d2d741e5d189 37e76fe2 .config console log report ci-upstream-kmsan-gce
2018/04/24 19:00 https://github.com/google/kmsan.git master d2d741e5d189 37e76fe2 .config console log report ci-upstream-kmsan-gce
2018/04/24 10:35 https://github.com/google/kmsan.git master d2d741e5d189 e7e85d36 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.