syzbot


KMSAN: uninit-value in __tipc_nl_compat_dumpit (3)

Status: fixed on 2020/09/16 22:51
Subsystems: tipc
[Documentation on labels]
Reported-by: syzbot+0e7181deafa7e0b79923@syzkaller.appspotmail.com
Fix commit: 47733f9daf4f tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
First crash: 1335d, last: 1264d
Discussions (9)
Title Replies (including bot) Last reply
[PATCH 4.19 000/125] 4.19.143-rc1 review 147 (147) 2020/10/26 00:54
[PATCH 4.4 00/62] 4.4.235-rc1 review 70 (70) 2020/09/30 09:01
[PATCH 4.14 00/91] 4.14.196-rc1 review 95 (95) 2020/09/02 16:46
[PATCH 4.9 00/78] 4.9.235-rc1 review 82 (82) 2020/09/02 16:46
[PATCH 5.4 000/214] 5.4.62-rc1 review 219 (219) 2020/09/02 07:24
[PATCH 5.7 00/15] 5.7.19-rc1 review 20 (20) 2020/08/27 08:09
[PATCH 5.8 00/16] 5.8.5-rc1 review 20 (20) 2020/08/27 07:59
[Patch net] tipc: fix uninit skb->data in tipc_nl_compat_dumpit() 3 (3) 2020/08/17 04:04
KMSAN: uninit-value in __tipc_nl_compat_dumpit (3) 0 (1) 2020/07/13 22:05
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __tipc_nl_compat_dumpit tipc C 4428 1474d 1543d 15/26 fixed on 2020/02/18 14:31
upstream KMSAN: uninit-value in __tipc_nl_compat_dumpit (2) tipc C 11214 1335d 1474d 0/26 closed as invalid on 2020/07/06 15:32
Last patch testing requests (5)
Created Duration User Patch Repo Result
2020/08/15 16:44 18m xiyou.wangcong@gmail.com patch https://github.com/google/kmsan.git master OK
2020/08/15 14:24 20m xiyou.wangcong@gmail.com patch https://github.com/google/kmsan.git master OK
2020/08/15 06:54 12m xiyou.wangcong@gmail.com patch https://github.com/google/kmsan.git master report log
2020/08/15 06:38 19m xiyou.wangcong@gmail.com patch https://github.com/google/kmsan.git master OK
2020/08/11 02:23 19m yepeilin.cs@gmail.com patch https://github.com/google/kmsan.git master OK

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in __nlmsg_parse include/net/netlink.h:713 [inline]
BUG: KMSAN: uninit-value in nlmsg_parse_deprecated include/net/netlink.h:758 [inline]
BUG: KMSAN: uninit-value in __tipc_nl_compat_dumpit+0x583/0x1290 net/tipc/netlink_compat.c:215
CPU: 0 PID: 8470 Comm: syz-executor805 Not tainted 5.8.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1df/0x240 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 __nlmsg_parse include/net/netlink.h:713 [inline]
 nlmsg_parse_deprecated include/net/netlink.h:758 [inline]
 __tipc_nl_compat_dumpit+0x583/0x1290 net/tipc/netlink_compat.c:215
 tipc_nl_compat_dumpit+0x761/0x910 net/tipc/netlink_compat.c:308
 tipc_nl_compat_handle net/tipc/netlink_compat.c:1272 [inline]
 tipc_nl_compat_recv+0x1382/0x2940 net/tipc/netlink_compat.c:1311
 genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:714 [inline]
 genl_rcv_msg+0x1592/0x1740 net/netlink/genetlink.c:731
 netlink_rcv_skb+0x451/0x650 net/netlink/af_netlink.c:2469
 genl_rcv+0x63/0x80 net/netlink/genetlink.c:742
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0xf9e/0x1100 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x1246/0x14d0 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x1370/0x1400 net/socket.c:2352
 ___sys_sendmsg net/socket.c:2406 [inline]
 __sys_sendmsg+0x623/0x750 net/socket.c:2439
 __do_sys_sendmsg net/socket.c:2448 [inline]
 __se_sys_sendmsg+0x97/0xb0 net/socket.c:2446
 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2446
 do_syscall_64+0xb0/0x150 arch/x86/entry/common.c:386
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x444249
Code: Bad RIP value.
RSP: 002b:00007ffdbf8a0e08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444249
RDX: 0000000000000804 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 00000000006ce018 R08: 0000000000000000 R09: 00000000004002e0
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401e70
R13: 0000000000401f00 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127
 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:80
 slab_alloc_node mm/slub.c:2839 [inline]
 __kmalloc_node_track_caller+0xb40/0x1200 mm/slub.c:4478
 __kmalloc_reserve net/core/skbuff.c:142 [inline]
 __alloc_skb+0x2fd/0xac0 net/core/skbuff.c:210
 alloc_skb include/linux/skbuff.h:1083 [inline]
 nlmsg_new include/net/netlink.h:940 [inline]
 tipc_nl_compat_dumpit+0x6e4/0x910 net/tipc/netlink_compat.c:301
 tipc_nl_compat_handle net/tipc/netlink_compat.c:1272 [inline]
 tipc_nl_compat_recv+0x1382/0x2940 net/tipc/netlink_compat.c:1311
 genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:714 [inline]
 genl_rcv_msg+0x1592/0x1740 net/netlink/genetlink.c:731
 netlink_rcv_skb+0x451/0x650 net/netlink/af_netlink.c:2469
 genl_rcv+0x63/0x80 net/netlink/genetlink.c:742
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0xf9e/0x1100 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x1246/0x14d0 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x1370/0x1400 net/socket.c:2352
 ___sys_sendmsg net/socket.c:2406 [inline]
 __sys_sendmsg+0x623/0x750 net/socket.c:2439
 __do_sys_sendmsg net/socket.c:2448 [inline]
 __se_sys_sendmsg+0x97/0xb0 net/socket.c:2446
 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2446
 do_syscall_64+0xb0/0x150 arch/x86/entry/common.c:386
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
=====================================================

Crashes (6181):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/30 07:44 https://github.com/google/kmsan.git master 93f54a72361a 233283a1 .config console log report syz C ci-upstream-kmsan-gce
2020/07/06 17:21 https://github.com/google/kmsan.git master f0d5ec902b23 51095195 .config console log report syz C ci-upstream-kmsan-gce
2020/07/06 16:04 https://github.com/google/kmsan.git master f0d5ec902b23 51095195 .config console log report syz C ci-upstream-kmsan-gce-386
2020/09/15 20:44 https://github.com/google/kmsan.git master 3b3ea6028136 6989d6f6 .config console log report info ci-upstream-kmsan-gce
2020/09/14 08:32 https://github.com/google/kmsan.git master 3b3ea6028136 2d3cdd63 .config console log report ci-upstream-kmsan-gce
2020/09/13 04:52 https://github.com/google/kmsan.git master 3b3ea6028136 ce441f06 .config console log report ci-upstream-kmsan-gce
2020/09/13 02:26 https://github.com/google/kmsan.git master 3b3ea6028136 ce441f06 .config console log report ci-upstream-kmsan-gce
2020/09/13 00:52 https://github.com/google/kmsan.git master 3b3ea6028136 ce441f06 .config console log report ci-upstream-kmsan-gce
2020/09/12 23:03 https://github.com/google/kmsan.git master 3b3ea6028136 ce441f06 .config console log report ci-upstream-kmsan-gce
2020/09/12 20:20 https://github.com/google/kmsan.git master 3b3ea6028136 ce441f06 .config console log report ci-upstream-kmsan-gce
2020/09/12 18:05 https://github.com/google/kmsan.git master 3b3ea6028136 ce441f06 .config console log report ci-upstream-kmsan-gce
2020/09/12 13:16 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/12 09:04 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/12 07:33 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/12 05:51 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/12 03:39 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/12 02:38 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/12 01:56 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/12 00:53 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/12 00:08 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/11 22:50 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/11 18:39 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce
2020/09/11 18:33 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce
2020/09/11 17:18 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce
2020/09/11 13:35 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce
2020/09/11 12:33 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce
2020/09/11 10:56 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce
2020/09/11 06:51 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/11 05:14 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/16 05:38 https://github.com/google/kmsan.git master 3b3ea6028136 18d7d030 .config console log report info ci-upstream-kmsan-gce-386
2020/09/15 22:10 https://github.com/google/kmsan.git master 3b3ea6028136 6989d6f6 .config console log report info ci-upstream-kmsan-gce-386
2020/09/15 14:42 https://github.com/google/kmsan.git master 3b3ea6028136 6989d6f6 .config console log report info ci-upstream-kmsan-gce-386
2020/09/15 11:36 https://github.com/google/kmsan.git master 3b3ea6028136 6989d6f6 .config console log report info ci-upstream-kmsan-gce-386
2020/09/13 21:08 https://github.com/google/kmsan.git master 3b3ea6028136 2d3cdd63 .config console log report ci-upstream-kmsan-gce-386
2020/09/13 03:59 https://github.com/google/kmsan.git master 3b3ea6028136 ce441f06 .config console log report ci-upstream-kmsan-gce-386
2020/09/12 22:00 https://github.com/google/kmsan.git master 3b3ea6028136 ce441f06 .config console log report ci-upstream-kmsan-gce-386
2020/09/12 21:30 https://github.com/google/kmsan.git master 3b3ea6028136 ce441f06 .config console log report ci-upstream-kmsan-gce-386
2020/09/12 12:21 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce-386
2020/09/12 10:11 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce-386
2020/09/12 09:04 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce-386
2020/09/12 04:40 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce-386
2020/09/11 16:06 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce-386
2020/09/11 15:02 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce-386
2020/09/11 14:05 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce-386
2020/09/11 06:36 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce-386
2020/07/06 15:35 https://github.com/google/kmsan.git master f0d5ec902b23 51095195 .config console log report ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.