syzbot

 sign-in | mailing list | source | docs
🐞 Open [987] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12505] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in batadv_iv_send_outstanding_bat_ogm_packet

Status: fixed on 2019/09/16 04:41
Subsystems: batman
[Documentation on labels]
Reported-by: syzbot+355cab184197dbbfa384@syzkaller.appspotmail.com
Fix commit: a15d56a60760 batman-adv: Only read OGM tvlv_len after buffer len check
First crash: 1722d, last: 1708d
Discussions (12)
Title Replies (including bot) Last reply
[PATCH 4.4 00/93] 4.4.217-rc1 review 100 (100) 2020/03/21 07:12
[PATCH 3.16 00/83] 3.16.78-rc1 review 88 (88) 2019/11/21 21:42
[PATCH 4.14 00/21] 4.14.144-stable review 27 (27) 2019/09/16 10:55
[PATCH 4.9 00/14] 4.9.193-stable review 29 (29) 2019/09/16 10:45
[PATCH 5.2 00/37] 5.2.15-stable review 51 (51) 2019/09/16 10:41
[PATCH 4.19 000/190] 4.19.73-stable review 207 (207) 2019/09/16 09:25
[PATCH AUTOSEL 5.2 01/94] ieee802154: hwsim: Fix error handle path in hwsim_init_module 95 (95) 2019/09/05 17:00
[PATCH AUTOSEL 4.9 01/27] ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss 27 (27) 2019/09/04 16:02
[PATCH AUTOSEL 4.14 01/36] ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss 36 (36) 2019/09/04 16:01
[PATCH AUTOSEL 4.19 01/52] ieee802154: hwsim: Fix error handle path in hwsim_init_module 52 (52) 2019/09/04 16:00
[PATCH 0/2] pull request for net: batman-adv 2019-08-30 4 (4) 2019/08/31 20:18
KMSAN: uninit-value in batadv_iv_send_outstanding_bat_ogm_packet 0 (1) 2019/08/21 22:38

Sample crash report:
==================================================================
BUG: KMSAN: uninit-value in batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:317 [inline]
BUG: KMSAN: uninit-value in batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:383 [inline]
BUG: KMSAN: uninit-value in batadv_iv_send_outstanding_bat_ogm_packet+0x6cd/0xcc0 net/batman-adv/bat_iv_ogm.c:1657
CPU: 1 PID: 290 Comm: kworker/u4:7 Not tainted 5.3.0-rc3+ #17
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x191/0x1f0 lib/dump_stack.c:113
 kmsan_report+0x162/0x2d0 mm/kmsan/kmsan_report.c:109
 __msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:294
 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:317 [inline]
 batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:383 [inline]
 batadv_iv_send_outstanding_bat_ogm_packet+0x6cd/0xcc0 net/batman-adv/bat_iv_ogm.c:1657
 process_one_work+0x1572/0x1ef0 kernel/workqueue.c:2269
 worker_thread+0x111b/0x2460 kernel/workqueue.c:2415
 kthread+0x4b5/0x4f0 kernel/kthread.c:256
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355

Uninit was created at:
 kmsan_save_stack_with_flags+0x37/0x70 mm/kmsan/kmsan.c:187
 kmsan_internal_alloc_meta_for_pages+0x123/0x510 mm/kmsan/kmsan_hooks.c:114
 kmsan_alloc_page+0x7a/0xf0 mm/kmsan/kmsan_hooks.c:244
 __alloc_pages_nodemask+0x142d/0x5fa0 mm/page_alloc.c:4768
 __alloc_pages include/linux/gfp.h:475 [inline]
 __alloc_pages_node include/linux/gfp.h:488 [inline]
 alloc_pages_node include/linux/gfp.h:502 [inline]
 __page_frag_cache_refill mm/page_alloc.c:4843 [inline]
 page_frag_alloc+0x35b/0x890 mm/page_alloc.c:4873
 __napi_alloc_skb+0x195/0x980 net/core/skbuff.c:519
 napi_alloc_skb include/linux/skbuff.h:2808 [inline]
 page_to_skb+0x134/0x1150 drivers/net/virtio_net.c:384
 receive_mergeable drivers/net/virtio_net.c:924 [inline]
 receive_buf+0xe7b/0x8810 drivers/net/virtio_net.c:1033
 virtnet_receive drivers/net/virtio_net.c:1323 [inline]
 virtnet_poll+0x666/0x19d0 drivers/net/virtio_net.c:1428
 napi_poll net/core/dev.c:6347 [inline]
 net_rx_action+0x74b/0x1950 net/core/dev.c:6413
 __do_softirq+0x4a1/0x83a kernel/softirq.c:293
 invoke_softirq kernel/softirq.c:375 [inline]
 irq_exit+0x230/0x280 kernel/softirq.c:416
 exiting_irq arch/x86/include/asm/apic.h:537 [inline]
 do_IRQ+0x20d/0x3a0 arch/x86/kernel/irq.c:259
 ret_from_intr+0x0/0x33
 kmsan_get_shadow_origin_ptr+0x6/0x3a0 mm/kmsan/kmsan.c:656
 __msan_metadata_ptr_for_load_8+0x10/0x20 mm/kmsan/kmsan_instr.c:55
 compound_head include/linux/compiler.h:206 [inline]
 PageReferenced include/linux/page-flags.h:315 [inline]
 mark_page_accessed+0x30c/0xa00 mm/swap.c:391
 touch_buffer fs/buffer.c:60 [inline]
 __find_get_block+0x1681/0x19e0 fs/buffer.c:1303
 __getblk_gfp+0xc5/0x1080 fs/buffer.c:1321
 sb_getblk include/linux/buffer_head.h:325 [inline]
 __ext4_get_inode_loc+0x647/0x1c80 fs/ext4/inode.c:4611
 ext4_get_inode_loc fs/ext4/inode.c:4726 [inline]
 ext4_reserve_inode_write+0x15d/0x430 fs/ext4/inode.c:5919
 ext4_mark_inode_dirty+0x2dd/0xca0 fs/ext4/inode.c:6071
 ext4_dirty_inode+0x187/0x1d0 fs/ext4/inode.c:6110
 __mark_inode_dirty+0x486/0x1380 fs/fs-writeback.c:2170
 mark_inode_dirty include/linux/fs.h:2138 [inline]
 generic_write_end+0x3f7/0x460 fs/buffer.c:2164
 ext4_da_write_end+0x1050/0x1240 fs/ext4/inode.c:3217
 generic_perform_write+0x618/0x990 mm/filemap.c:3341
 __generic_file_write_iter+0x421/0xa30 mm/filemap.c:3459
 ext4_file_write_iter+0xc97/0x2010 fs/ext4/file.c:270
 call_write_iter include/linux/fs.h:1870 [inline]
 new_sync_write fs/read_write.c:483 [inline]
 __vfs_write+0xa2c/0xcb0 fs/read_write.c:496
 vfs_write+0x481/0x920 fs/read_write.c:558
 ksys_write+0x265/0x430 fs/read_write.c:611
 __do_sys_write fs/read_write.c:623 [inline]
 __se_sys_write+0x92/0xb0 fs/read_write.c:620
 __x64_sys_write+0x4a/0x70 fs/read_write.c:620
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
==================================================================

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/08/16 22:35 https://github.com/google/kmsan.git master 61ccdad1fcdf 8fd428a1 .config console log report syz C ci-upstream-kmsan-gce
2019/08/21 14:04 https://github.com/google/kmsan.git master 61ccdad1fcdf 4ea67ff8 .config console log report ci-upstream-kmsan-gce
2019/08/21 14:04 https://github.com/google/kmsan.git master 61ccdad1fcdf 4ea67ff8 .config console log report ci-upstream-kmsan-gce
2019/08/21 14:00 https://github.com/google/kmsan.git master 61ccdad1fcdf 4ea67ff8 .config console log report ci-upstream-kmsan-gce
2019/08/21 13:54 https://github.com/google/kmsan.git master 61ccdad1fcdf 4ea67ff8 .config console log report ci-upstream-kmsan-gce
2019/08/21 13:53 https://github.com/google/kmsan.git master 61ccdad1fcdf 4ea67ff8 .config console log report ci-upstream-kmsan-gce
2019/08/21 13:52 https://github.com/google/kmsan.git master 61ccdad1fcdf 4ea67ff8 .config console log report ci-upstream-kmsan-gce
2019/08/16 06:30 https://github.com/google/kmsan.git master 61ccdad1fcdf 8fd428a1 .config console log report ci-upstream-kmsan-gce
2019/08/08 06:36 https://github.com/google/kmsan.git master 61ccdad1fcdf e6ebef88 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.