syzbot


KMSAN: uninit-value in ip_tunnel_xmit (2)

Status: fixed on 2020/11/16 12:12
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+4a2c52677a8a1aa283cb@syzkaller.appspotmail.com
Fix commit: fdafed459998 ip_gre: set dev->hard_header_len and dev->needed_headroom properly
First crash: 2134d, last: 1285d
Discussions (14)
Title Replies (including bot) Last reply
KMSAN: uninit-value in ip_tunnel_xmit 3 (3) 2023/12/07 14:27
[PATCH 5.9 000/757] 5.9.2-rc1 review 766 (766) 2020/10/30 08:32
[PATCH 4.19 000/264] 4.19.153-rc1 review 275 (275) 2020/10/29 08:56
[PATCH 5.8 000/633] 5.8.17-rc1 review 638 (638) 2020/10/28 22:08
[PATCH 5.4 000/408] 5.4.73-rc1 review 410 (410) 2020/10/28 06:53
[PATCH AUTOSEL 5.9 001/111] md/bitmap: fix memory leak of temporary bitmap 126 (126) 2020/10/25 23:48
[PATCH AUTOSEL 4.19 01/56] block: ratelimit handle_bad_sector() message 56 (56) 2020/10/18 19:24
[PATCH AUTOSEL 5.4 01/80] md/bitmap: fix memory leak of temporary bitmap 80 (80) 2020/10/18 19:22
[PATCH AUTOSEL 5.8 001/101] md/bitmap: fix memory leak of temporary bitmap 101 (101) 2020/10/18 19:20
[Patch net v2] ip_gre: set dev->hard_header_len and dev->needed_headroom properly 18 (18) 2020/10/15 19:56
[Patch net v3] ip_gre: set dev->hard_header_len and dev->needed_headroom properly 4 (4) 2020/10/14 01:38
[Patch net] ip_gre: set dev->hard_header_len properly 25 (25) 2020/10/11 14:35
Reminder: 3 open syzbot bugs in "net/kcm" subsystem 1 (1) 2019/07/24 02:39
KMSAN: uninit-value in ip_tunnel_xmit (2) 1 (2) 2018/08/10 16:20
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in ip_tunnel_xmit (3) net C 1516 591d 1279d 0/26 closed as invalid on 2022/10/12 18:48
upstream KMSAN: uninit-value in ip_tunnel_xmit (4) net C 21 182d 259d 0/26 auto-obsoleted due to no activity on 2024/01/12 09:25
upstream KMSAN: uninit-value in ip_tunnel_xmit net C 2594 2134d 2221d 8/26 fixed on 2018/07/17 16:09
Last patch testing requests (2)
Created Duration User Patch Repo Result
2020/10/10 23:09 21m xiyou.wangcong@gmail.com patch https://github.com/google/kmsan.git master OK
2020/10/07 21:22 21m xiyou.wangcong@gmail.com patch https://github.com/google/kmsan.git master OK

Sample crash report:
batman_adv: batadv0: Interface activated: batadv_slave_1
=====================================================
BUG: KMSAN: uninit-value in ip_tunnel_xmit+0x6d0/0x3aa0 net/ipv4/ip_tunnel.c:663
CPU: 0 PID: 8473 Comm: syz-executor859 Not tainted 5.8.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x21c/0x280 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 ip_tunnel_xmit+0x6d0/0x3aa0 net/ipv4/ip_tunnel.c:663
 __gre_xmit net/ipv4/ip_gre.c:466 [inline]
 ipgre_xmit+0x12a2/0x13c0 net/ipv4/ip_gre.c:650
 __netdev_start_xmit include/linux/netdevice.h:4611 [inline]
 netdev_start_xmit include/linux/netdevice.h:4625 [inline]
 xmit_one+0x3cf/0x750 net/core/dev.c:3556
 dev_hard_start_xmit net/core/dev.c:3572 [inline]
 __dev_queue_xmit+0x3aad/0x4470 net/core/dev.c:4131
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4164
 packet_snd net/packet/af_packet.c:2979 [inline]
 packet_sendmsg+0x8542/0x9a80 net/packet/af_packet.c:3004
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0xc82/0x1240 net/socket.c:2352
 ___sys_sendmsg net/socket.c:2406 [inline]
 __sys_sendmsg+0x6d1/0x840 net/socket.c:2439
 __do_sys_sendmsg net/socket.c:2448 [inline]
 __se_sys_sendmsg+0x97/0xb0 net/socket.c:2446
 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2446
 do_syscall_64+0xad/0x160 arch/x86/entry/common.c:386
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x443489
Code: Bad RIP value.
RSP: 002b:00007fff6ca06b48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443489
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004
RBP: 00007fff6ca06b50 R08: 0000000001bbbbbb R09: 0000000001bbbbbb
R10: 0000000001bbbbbb R11: 0000000000000246 R12: 00007fff6ca06b60
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127
 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:80
 slab_alloc_node mm/slub.c:2839 [inline]
 __kmalloc_node_track_caller+0xeab/0x12e0 mm/slub.c:4478
 __kmalloc_reserve net/core/skbuff.c:142 [inline]
 __alloc_skb+0x35f/0xb30 net/core/skbuff.c:210
 alloc_skb include/linux/skbuff.h:1083 [inline]
 alloc_skb_with_frags+0x1f2/0xc10 net/core/skbuff.c:5770
 sock_alloc_send_pskb+0xc83/0xe50 net/core/sock.c:2356
 packet_alloc_skb net/packet/af_packet.c:2827 [inline]
 packet_snd net/packet/af_packet.c:2922 [inline]
 packet_sendmsg+0x6abb/0x9a80 net/packet/af_packet.c:3004
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0xc82/0x1240 net/socket.c:2352
 ___sys_sendmsg net/socket.c:2406 [inline]
 __sys_sendmsg+0x6d1/0x840 net/socket.c:2439
 __do_sys_sendmsg net/socket.c:2448 [inline]
 __se_sys_sendmsg+0x97/0xb0 net/socket.c:2446
 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2446
 do_syscall_64+0xad/0x160 arch/x86/entry/common.c:386
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
=====================================================

Crashes (11778):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/09/06 19:28 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report syz C ci-upstream-kmsan-gce
2020/03/11 11:17 https://github.com/google/kmsan.git master 8bbbc5cf3dca 35f53e45 .config console log report syz C ci-upstream-kmsan-gce
2020/03/09 18:14 https://github.com/google/kmsan.git master 8bbbc5cf3dca 2e9971bb .config console log report syz C ci-upstream-kmsan-gce
2020/02/28 05:41 https://github.com/google/kmsan.git master 8bbbc5cf3dca 59b57593 .config console log report syz C ci-upstream-kmsan-gce
2020/02/15 17:06 https://github.com/google/kmsan.git master 686a4f77cb0c 5d7b90f1 .config console log report syz C ci-upstream-kmsan-gce
2020/02/14 05:04 https://github.com/google/kmsan.git master 686a4f77cb0c c5ed587f .config console log report syz C ci-upstream-kmsan-gce
2020/02/12 20:14 https://github.com/google/kmsan.git master 686a4f77cb0c 84f4fc8a .config console log report syz C ci-upstream-kmsan-gce
2020/01/26 23:54 https://github.com/google/kmsan.git master 686a4f77cb0c dd56146d .config console log report syz C ci-upstream-kmsan-gce
2020/01/26 22:40 https://github.com/google/kmsan.git master 686a4f77cb0c dd56146d .config console log report syz C ci-upstream-kmsan-gce
2020/01/26 03:07 https://github.com/google/kmsan.git master 686a4f77cb0c f4e7270e .config console log report syz C ci-upstream-kmsan-gce
2020/01/17 17:34 https://github.com/google/kmsan.git master 686a4f77cb0c 3de7aabb .config console log report syz C ci-upstream-kmsan-gce
2019/12/06 13:42 https://github.com/google/kmsan.git master f8f75f037ea5 98b4ef2d .config console log report syz C ci-upstream-kmsan-gce
2019/12/04 20:53 https://github.com/google/kmsan.git master 141b13f7780f b2088328 .config console log report syz C ci-upstream-kmsan-gce
2019/12/04 18:37 https://github.com/google/kmsan.git master 141b13f7780f b2088328 .config console log report syz C ci-upstream-kmsan-gce
2019/12/03 06:31 https://github.com/google/kmsan.git master 940694c19feb ab342da3 .config console log report syz C ci-upstream-kmsan-gce
2019/12/03 06:25 https://github.com/google/kmsan.git master 940694c19feb ab342da3 .config console log report syz C ci-upstream-kmsan-gce
2019/12/02 09:19 https://github.com/google/kmsan.git master e2027b2c33b7 f879db37 .config console log report syz C ci-upstream-kmsan-gce
2019/12/02 04:16 https://github.com/google/kmsan.git master e2027b2c33b7 f879db37 .config console log report syz C ci-upstream-kmsan-gce
2019/11/30 07:44 https://github.com/google/kmsan.git master e2027b2c33b7 3a75be00 .config console log report syz C ci-upstream-kmsan-gce
2019/11/29 04:52 https://github.com/google/kmsan.git master e2027b2c33b7 76357d6f .config console log report syz C ci-upstream-kmsan-gce
2019/11/28 14:27 https://github.com/google/kmsan.git master aef8527c93a9 46869e3e .config console log report syz C ci-upstream-kmsan-gce
2019/11/28 04:31 https://github.com/google/kmsan.git master c543ab669ab8 0d63f89c .config console log report syz C ci-upstream-kmsan-gce
2019/11/26 21:17 https://github.com/google/kmsan.git master df335139222b 1048481f .config console log report syz C ci-upstream-kmsan-gce
2019/11/26 03:46 https://github.com/google/kmsan.git master 4a1d41e39c62 f746151a .config console log report syz C ci-upstream-kmsan-gce
2019/11/23 22:45 https://github.com/google/kmsan.git master 4a1d41e39c62 598ca6c8 .config console log report syz C ci-upstream-kmsan-gce
2019/11/23 18:21 https://github.com/google/kmsan.git master 4a1d41e39c62 598ca6c8 .config console log report syz C ci-upstream-kmsan-gce
2019/11/23 10:38 https://github.com/google/kmsan.git master 4a1d41e39c62 598ca6c8 .config console log report syz C ci-upstream-kmsan-gce
2019/11/22 18:24 https://github.com/google/kmsan.git master b7a871998d3e 598ca6c8 .config console log report syz C ci-upstream-kmsan-gce
2019/11/13 21:55 https://github.com/google/kmsan.git master 9c6a71628ab9 048f2d49 .config console log report syz C ci-upstream-kmsan-gce
2019/11/12 16:56 https://github.com/google/kmsan.git master e741088f2efa 048f2d49 .config console log report syz C ci-upstream-kmsan-gce
2019/11/08 00:21 https://github.com/google/kmsan.git master e741088f2efa f39aff9e .config console log report syz C ci-upstream-kmsan-gce
2019/11/06 11:32 https://github.com/google/kmsan.git master c235b34ba03a bc2c6e45 .config console log report syz C ci-upstream-kmsan-gce
2019/11/03 20:29 https://github.com/google/kmsan.git master 6f88939b3fa3 c9610487 .config console log report syz C ci-upstream-kmsan-gce
2019/11/03 19:10 https://github.com/google/kmsan.git master 6f88939b3fa3 c9610487 .config console log report syz C ci-upstream-kmsan-gce
2019/10/31 04:00 https://github.com/google/kmsan.git master 6f88939b3fa3 a41ca8fa .config console log report syz C ci-upstream-kmsan-gce
2019/10/28 22:22 https://github.com/google/kmsan.git master 96c6c3194b1b 439d7b14 .config console log report syz C ci-upstream-kmsan-gce
2019/10/25 18:52 https://github.com/google/kmsan.git master d86c15562d02 c2e837da .config console log report syz C ci-upstream-kmsan-gce
2019/10/25 05:49 https://github.com/google/kmsan.git master d86c15562d02 d01bb02a .config console log report syz C ci-upstream-kmsan-gce
2018/07/17 18:19 https://github.com/google/kmsan.git master 80ecacc456c1 6d5bd5b5 .config console log report syz C ci-upstream-kmsan-gce
2020/03/29 22:04 https://github.com/google/kmsan.git master 75303409203b 05736b29 .config console log report syz C ci-upstream-kmsan-gce-386
2020/03/28 06:23 https://github.com/google/kmsan.git master 75303409203b 831e9a81 .config console log report syz C ci-upstream-kmsan-gce-386
2020/10/21 08:13 https://github.com/google/kmsan.git master e16174226146 ff4a3345 .config console log report info ci-upstream-kmsan-gce
2018/07/17 17:51 https://github.com/google/kmsan.git master 80ecacc456c1 6d5bd5b5 .config console log report ci-upstream-kmsan-gce
2020/11/12 10:30 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/12 07:31 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/12 04:55 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/12 02:44 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/12 01:31 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 23:46 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 22:04 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 20:26 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 16:26 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 16:25 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 14:15 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 12:09 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 11:06 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 08:57 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 07:32 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 05:44 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/11 03:13 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/10 19:56 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/10 17:37 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/10 17:36 https://github.com/google/kmsan.git master e16174226146 cca87986 .config console log report info ci-upstream-kmsan-gce-386
2020/11/10 06:44 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/10 05:03 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/09 23:42 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/09 22:15 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/09 18:27 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/09 12:52 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/09 11:08 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/09 06:43 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/09 05:55 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/09 03:47 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/09 02:11 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/09 00:00 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/08 22:39 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/08 16:32 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/08 10:52 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/08 08:05 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/08 05:25 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/08 05:07 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/08 00:49 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/07 22:59 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/07 21:53 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/07 18:50 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/07 17:47 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/07 16:02 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/07 13:01 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/07 10:51 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/07 09:30 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/07 06:37 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
2020/11/06 23:02 https://github.com/google/kmsan.git master e16174226146 64069d48 .config console log report info ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.