syzbot


KMSAN: uninit-value in tipc_nl_compat_dumpit

Status: fixed on 2019/03/06 07:43
Subsystems: tipc
[Documentation on labels]
Reported-by: syzbot+6bdb590321a7ae40c1a6@syzkaller.appspotmail.com
Fix commit: 2753ca5d9009 tipc: fix uninit-value in tipc_nl_compat_doit
First crash: 2209d, last: 1925d
Discussions (7)
Title Replies (including bot) Last reply
[PATCH 4.19 00/99] 4.19.17-stable review 109 (109) 2019/04/22 19:40
[PATCH 4.4 000/104] 4.4.172-stable review 111 (111) 2019/01/30 07:30
[PATCH 4.14 00/59] 4.14.95-stable review 65 (65) 2019/01/23 12:55
[PATCH 4.9 00/51] 4.9.152-stable review 56 (56) 2019/01/23 09:06
[PATCH 4.20 000/111] 4.20.4-stable review 120 (120) 2019/01/23 06:43
[net 0/6] tipc: fix uninit-value issues reported by syzbot 8 (8) 2019/01/16 04:29
KMSAN: uninit-value in tipc_nl_compat_dumpit 0 (1) 2018/09/21 17:24

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
==================================================================
BUG: KMSAN: uninit-value in tipc_nl_compat_dumpit+0x490/0x870 net/tipc/netlink_compat.c:245
CPU: 0 PID: 4507 Comm: syz-executor018 Not tainted 4.17.0-rc3+ #88
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683
 tipc_nl_compat_dumpit+0x490/0x870 net/tipc/netlink_compat.c:245
 tipc_nl_compat_handle net/tipc/netlink_compat.c:1108 [inline]
 tipc_nl_compat_recv+0x1394/0x2700 net/tipc/netlink_compat.c:1204
 genl_family_rcv_msg net/netlink/genetlink.c:599 [inline]
 genl_rcv_msg+0x1686/0x1810 net/netlink/genetlink.c:624
 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448
 genl_rcv+0x63/0x80 net/netlink/genetlink.c:635
 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline]
 netlink_unicast+0x166b/0x1740 net/netlink/af_netlink.c:1336
 netlink_sendmsg+0x1072/0x1370 net/netlink/af_netlink.c:1901
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg net/socket.c:639 [inline]
 ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117
 __sys_sendmsg net/socket.c:2155 [inline]
 __do_sys_sendmsg net/socket.c:2164 [inline]
 __se_sys_sendmsg net/socket.c:2162 [inline]
 __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162
 do_syscall_64+0x154/0x220 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x445599
RSP: 002b:00007f4c1ecc6db8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445599
RDX: 0000000000000000 RSI: 0000000020023000 RDI: 0000000000000003
RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe5ef31bcf R14: 00007f4c1ecc79c0 R15: 0000000000000001

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
 kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:188
 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:314
 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan.c:321
 slab_post_alloc_hook mm/slab.h:446 [inline]
 slab_alloc_node mm/slub.c:2753 [inline]
 __kmalloc_node_track_caller+0xb32/0x11b0 mm/slub.c:4395
 __kmalloc_reserve net/core/skbuff.c:138 [inline]
 __alloc_skb+0x2cf/0x9f0 net/core/skbuff.c:206
 alloc_skb include/linux/skbuff.h:988 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline]
 netlink_sendmsg+0x76e/0x1370 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg net/socket.c:639 [inline]
 ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117
 __sys_sendmsg net/socket.c:2155 [inline]
 __do_sys_sendmsg net/socket.c:2164 [inline]
 __se_sys_sendmsg net/socket.c:2162 [inline]
 __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162
 do_syscall_64+0x154/0x220 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
==================================================================

Crashes (209):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/05/11 09:19 https://github.com/google/kmsan.git master 74ee2200b89f 12c7428a .config console log report syz C ci-upstream-kmsan-gce
2019/02/19 00:52 https://github.com/google/kmsan.git master fa1981bee40f 59f36113 .config console log report ci-upstream-kmsan-gce
2019/01/14 17:26 https://github.com/google/kmsan.git master 02f2d5aea531 95485883 .config console log report ci-upstream-kmsan-gce
2019/01/12 03:46 https://github.com/google/kmsan.git master 02f2d5aea531 c3f3344c .config console log report ci-upstream-kmsan-gce
2019/01/10 03:45 https://github.com/google/kmsan.git master a6846a32c96d 45c0c1b1 .config console log report ci-upstream-kmsan-gce
2018/12/30 16:18 https://github.com/google/kmsan.git master 8ba10281f9e5 9942de5f .config console log report ci-upstream-kmsan-gce
2018/12/29 10:15 https://github.com/google/kmsan.git master 79fc24ff6184 e33ad0f1 .config console log report ci-upstream-kmsan-gce
2018/12/26 04:23 https://github.com/google/kmsan.git master 79fc24ff6184 8a41a0ad .config console log report ci-upstream-kmsan-gce
2018/12/25 10:57 https://github.com/google/kmsan.git master 79fc24ff6184 8a41a0ad .config console log report ci-upstream-kmsan-gce
2018/12/25 07:19 https://github.com/google/kmsan.git master 79fc24ff6184 8a41a0ad .config console log report ci-upstream-kmsan-gce
2018/12/24 21:44 https://github.com/google/kmsan.git master 79fc24ff6184 8a41a0ad .config console log report ci-upstream-kmsan-gce
2018/12/24 12:46 https://github.com/google/kmsan.git master e9021948e109 be79df56 .config console log report ci-upstream-kmsan-gce
2018/12/24 08:02 https://github.com/google/kmsan.git master 75b3ad224f19 be79df56 .config console log report ci-upstream-kmsan-gce
2018/12/14 11:14 https://github.com/google/kmsan.git master 0a602458c72c fe7127be .config console log report ci-upstream-kmsan-gce
2018/12/13 00:04 https://github.com/google/kmsan.git master 42db043be545 02613a41 .config console log report ci-upstream-kmsan-gce
2018/12/12 19:16 https://github.com/google/kmsan.git master 42db043be545 c3b10a5d .config console log report ci-upstream-kmsan-gce
2018/12/09 03:52 https://github.com/google/kmsan.git master 3f06bda61398 c7918378 .config console log report ci-upstream-kmsan-gce
2018/12/06 01:34 https://github.com/google/kmsan.git master 6f0597832d81 764b42c4 .config console log report ci-upstream-kmsan-gce
2018/12/05 13:52 https://github.com/google/kmsan.git master 61312858e7d8 ac6c0578 .config console log report ci-upstream-kmsan-gce
2018/12/04 01:46 https://github.com/google/kmsan.git master 8f22beb7da7d 03f94a45 .config console log report ci-upstream-kmsan-gce
2018/12/01 20:30 https://github.com/google/kmsan.git master 9fbf73b8d4af 5a581673 .config console log report ci-upstream-kmsan-gce
2018/12/01 17:18 https://github.com/google/kmsan.git master 9fbf73b8d4af 5a581673 .config console log report ci-upstream-kmsan-gce
2018/12/01 13:10 https://github.com/google/kmsan.git master 9fbf73b8d4af d8988561 .config console log report ci-upstream-kmsan-gce
2018/11/27 00:57 https://github.com/google/kmsan.git master fffec98ae2a6 ac912200 .config console log report ci-upstream-kmsan-gce
2018/11/24 12:38 https://github.com/google/kmsan.git master fffec98ae2a6 ecc7c870 .config console log report ci-upstream-kmsan-gce
2018/11/23 22:13 https://github.com/google/kmsan.git master fffec98ae2a6 eb9ed731 .config console log report ci-upstream-kmsan-gce
2018/11/22 16:18 https://github.com/google/kmsan.git master 3ededcaa1606 2ee77802 .config console log report ci-upstream-kmsan-gce
2018/11/22 15:15 https://github.com/google/kmsan.git master 3ededcaa1606 2ee77802 .config console log report ci-upstream-kmsan-gce
2018/11/21 23:40 https://github.com/google/kmsan.git master 3ededcaa1606 9db828b5 .config console log report ci-upstream-kmsan-gce
2018/11/21 11:00 https://github.com/google/kmsan.git master 598a88bc28d3 5d9a3924 .config console log report ci-upstream-kmsan-gce
2018/11/19 02:36 https://github.com/google/kmsan.git master cddc52641fd2 adf636a8 .config console log report ci-upstream-kmsan-gce
2018/11/16 04:56 https://github.com/google/kmsan.git master 7fd538851cec 3a41052e .config console log report ci-upstream-kmsan-gce
2018/11/15 20:15 https://github.com/google/kmsan.git master 7fd538851cec 3a41052e .config console log report ci-upstream-kmsan-gce
2018/11/15 04:40 https://github.com/google/kmsan.git master 006aa39cddee 5f5f6d14 .config console log report ci-upstream-kmsan-gce
2018/11/06 05:40 https://github.com/google/kmsan.git master 88b95ef4c780 8bd6bd63 .config console log report ci-upstream-kmsan-gce
2018/11/02 21:17 https://github.com/google/kmsan.git master 88b95ef4c780 8bd6bd63 .config console log report ci-upstream-kmsan-gce
2018/11/01 21:21 https://github.com/google/kmsan.git master 88b95ef4c780 1f38e9ae .config console log report ci-upstream-kmsan-gce
2018/10/31 12:11 https://github.com/google/kmsan.git master 0f538cda0a8b 4ccf7bb4 .config console log report ci-upstream-kmsan-gce
2018/10/30 16:41 https://github.com/google/kmsan.git master cb4c1d77c7e1 8dbb755a .config console log report ci-upstream-kmsan-gce
2018/10/22 19:02 https://github.com/google/kmsan.git master 4bb25354f0b0 ecb386fe .config console log report ci-upstream-kmsan-gce
2018/10/21 22:50 https://github.com/google/kmsan.git master 4bb25354f0b0 ecb386fe .config console log report ci-upstream-kmsan-gce
2018/10/21 21:14 https://github.com/google/kmsan.git master 4bb25354f0b0 ecb386fe .config console log report ci-upstream-kmsan-gce
2018/10/20 12:57 https://github.com/google/kmsan.git master 4bb25354f0b0 ecb386fe .config console log report ci-upstream-kmsan-gce
2018/10/19 16:10 https://github.com/google/kmsan.git master 4bb25354f0b0 9aba67b5 .config console log report ci-upstream-kmsan-gce
2018/10/19 02:39 https://github.com/google/kmsan.git master 4bb25354f0b0 9aba67b5 .config console log report ci-upstream-kmsan-gce
2018/10/18 23:18 https://github.com/google/kmsan.git master 4bb25354f0b0 9aba67b5 .config console log report ci-upstream-kmsan-gce
2018/10/18 12:32 https://github.com/google/kmsan.git master 22ec98c3e38f d257b2d2 .config console log report ci-upstream-kmsan-gce
2018/10/18 10:25 https://github.com/google/kmsan.git master 22ec98c3e38f d257b2d2 .config console log report ci-upstream-kmsan-gce
2018/10/15 19:59 https://github.com/google/kmsan.git master 22ec98c3e38f 8cd30605 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.