syzbot


KMSAN: uninit-value in tipc_conn_rcv_sub

Status: fixed on 2019/03/06 07:43
Subsystems: tipc
[Documentation on labels]
Reported-by: syzbot+8951a3065ee7fd6d6e23@syzkaller.appspotmail.com
Fix commit: a88289f4ddee tipc: fix uninit-value in in tipc_conn_rcv_sub
First crash: 2399d, last: 2103d
Discussions (5)
Title Replies (including bot) Last reply
[PATCH 4.19 00/99] 4.19.17-stable review 109 (109) 2019/04/22 19:40
[PATCH 4.20 000/111] 4.20.4-stable review 120 (120) 2019/01/23 06:43
[net 0/6] tipc: fix uninit-value issues reported by syzbot 8 (8) 2019/01/16 04:29
[PATCH net-next] tipc: eliminate complaint of KMSAN uninit-value in tipc_conn_rcv_sub 5 (5) 2018/05/23 13:38
KMSAN: uninit-value in tipc_conn_rcv_sub 0 (1) 2018/05/13 16:38

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
==================================================================
BUG: KMSAN: uninit-value in tipc_conn_rcv_sub+0x184/0x950 net/tipc/topsrv.c:373
CPU: 0 PID: 66 Comm: kworker/u4:4 Not tainted 4.17.0-rc3+ #88
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: tipc_rcv tipc_conn_recv_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683
 tipc_conn_rcv_sub+0x184/0x950 net/tipc/topsrv.c:373
 tipc_conn_rcv_from_sock net/tipc/topsrv.c:409 [inline]
 tipc_conn_recv_work+0x3cd/0x560 net/tipc/topsrv.c:424
 process_one_work+0x12c6/0x1f60 kernel/workqueue.c:2145
 worker_thread+0x113c/0x24f0 kernel/workqueue.c:2279
 kthread+0x539/0x720 kernel/kthread.c:239
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:412

Local variable description: ----s.i@tipc_conn_recv_work
Variable was created at:
 tipc_conn_recv_work+0x65/0x560 net/tipc/topsrv.c:419
 process_one_work+0x12c6/0x1f60 kernel/workqueue.c:2145
==================================================================
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 66 Comm: kworker/u4:4 Tainted: G    B             4.17.0-rc3+ #88
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: tipc_rcv tipc_conn_recv_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:113
 panic+0x39d/0x940 kernel/panic.c:184
 kmsan_report+0x238/0x240 mm/kmsan/kmsan.c:1083
 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683
 tipc_conn_rcv_sub+0x184/0x950 net/tipc/topsrv.c:373
 tipc_conn_rcv_from_sock net/tipc/topsrv.c:409 [inline]
 tipc_conn_recv_work+0x3cd/0x560 net/tipc/topsrv.c:424
 process_one_work+0x12c6/0x1f60 kernel/workqueue.c:2145
 worker_thread+0x113c/0x24f0 kernel/workqueue.c:2279
 kthread+0x539/0x720 kernel/kthread.c:239
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:412
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (557):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/05/12 13:20 https://github.com/google/kmsan.git master 74ee2200b89f e726f42b .config console log report syz C ci-upstream-kmsan-gce
2019/03/04 10:45 https://github.com/google/kmsan.git master fa1981bee40f 7c693b52 .config console log report ci-upstream-kmsan-gce
2019/03/03 19:57 https://github.com/google/kmsan.git master fa1981bee40f 1c0e457a .config console log report ci-upstream-kmsan-gce
2019/02/21 13:44 https://github.com/google/kmsan.git master fa1981bee40f 3133098b .config console log report ci-upstream-kmsan-gce
2019/02/18 12:52 https://github.com/google/kmsan.git master fa1981bee40f 59f36113 .config console log report ci-upstream-kmsan-gce
2019/02/17 23:34 https://github.com/google/kmsan.git master fa1981bee40f 3e98cc30 .config console log report ci-upstream-kmsan-gce
2019/02/16 18:34 https://github.com/google/kmsan.git master fa1981bee40f f42dee6d .config console log report ci-upstream-kmsan-gce
2019/02/14 22:41 https://github.com/google/kmsan.git master fa1981bee40f 76dd003f .config console log report ci-upstream-kmsan-gce
2019/02/12 18:57 https://github.com/google/kmsan.git master fa1981bee40f 6ecc6d0f .config console log report ci-upstream-kmsan-gce
2019/02/12 17:29 https://github.com/google/kmsan.git master fa1981bee40f 6ecc6d0f .config console log report ci-upstream-kmsan-gce
2019/02/12 00:39 https://github.com/google/kmsan.git master fa1981bee40f 65a0d619 .config console log report ci-upstream-kmsan-gce
2019/02/11 23:04 https://github.com/google/kmsan.git master fa1981bee40f 65a0d619 .config console log report ci-upstream-kmsan-gce
2019/02/03 00:42 https://github.com/google/kmsan.git master fa1981bee40f c198d5dd .config console log report ci-upstream-kmsan-gce
2019/02/02 08:48 https://github.com/google/kmsan.git master fa1981bee40f c198d5dd .config console log report ci-upstream-kmsan-gce
2019/01/30 00:23 https://github.com/google/kmsan.git master fa1981bee40f aa432daf .config console log report ci-upstream-kmsan-gce
2019/01/28 01:51 https://github.com/google/kmsan.git master 02f2d5aea531 c73f090a .config console log report ci-upstream-kmsan-gce
2019/01/25 10:16 https://github.com/google/kmsan.git master 02f2d5aea531 b5d78bce .config console log report ci-upstream-kmsan-gce
2019/01/25 02:31 https://github.com/google/kmsan.git master 02f2d5aea531 bfab9cd8 .config console log report ci-upstream-kmsan-gce
2019/01/21 06:36 https://github.com/google/kmsan.git master 02f2d5aea531 fd37a550 .config console log report ci-upstream-kmsan-gce
2019/01/20 04:43 https://github.com/google/kmsan.git master 02f2d5aea531 353f32ea .config console log report ci-upstream-kmsan-gce
2019/01/19 13:18 https://github.com/google/kmsan.git master 02f2d5aea531 8aa587b0 .config console log report ci-upstream-kmsan-gce
2019/01/19 04:14 https://github.com/google/kmsan.git master 02f2d5aea531 2103a236 .config console log report ci-upstream-kmsan-gce
2019/01/18 22:31 https://github.com/google/kmsan.git master 02f2d5aea531 2103a236 .config console log report ci-upstream-kmsan-gce
2019/01/18 00:35 https://github.com/google/kmsan.git master 02f2d5aea531 769e75ed .config console log report ci-upstream-kmsan-gce
2019/01/16 20:41 https://github.com/google/kmsan.git master 02f2d5aea531 d538790b .config console log report ci-upstream-kmsan-gce
2019/01/16 19:28 https://github.com/google/kmsan.git master 02f2d5aea531 d538790b .config console log report ci-upstream-kmsan-gce
2019/01/13 20:24 https://github.com/google/kmsan.git master 02f2d5aea531 c3f3344c .config console log report ci-upstream-kmsan-gce
2019/01/13 16:00 https://github.com/google/kmsan.git master 02f2d5aea531 c3f3344c .config console log report ci-upstream-kmsan-gce
2019/01/11 01:49 https://github.com/google/kmsan.git master 02f2d5aea531 80dde172 .config console log report ci-upstream-kmsan-gce
2019/01/09 19:23 https://github.com/google/kmsan.git master a6846a32c96d 45c0c1b1 .config console log report ci-upstream-kmsan-gce
2019/01/08 10:58 https://github.com/google/kmsan.git master 48128c3ca084 37dd2683 .config console log report ci-upstream-kmsan-gce
2019/01/08 01:44 https://github.com/google/kmsan.git master 48128c3ca084 69d69aa9 .config console log report ci-upstream-kmsan-gce
2019/01/06 15:08 https://github.com/google/kmsan.git master 11587f6ee534 94f8adb5 .config console log report ci-upstream-kmsan-gce
2019/01/06 08:55 https://github.com/google/kmsan.git master 11587f6ee534 53be0a37 .config console log report ci-upstream-kmsan-gce
2019/01/04 06:24 https://github.com/google/kmsan.git master 68006459ade0 7da23925 .config console log report ci-upstream-kmsan-gce
2019/01/04 01:46 https://github.com/google/kmsan.git master 68006459ade0 7da23925 .config console log report ci-upstream-kmsan-gce
2019/01/01 19:58 https://github.com/google/kmsan.git master 8ba10281f9e5 3d85f48c .config console log report ci-upstream-kmsan-gce
2019/01/01 04:17 https://github.com/google/kmsan.git master 8ba10281f9e5 3d85f48c .config console log report ci-upstream-kmsan-gce
2018/12/31 03:02 https://github.com/google/kmsan.git master 8ba10281f9e5 2b42fdc8 .config console log report ci-upstream-kmsan-gce
2018/12/30 15:03 https://github.com/google/kmsan.git master 8ba10281f9e5 9942de5f .config console log report ci-upstream-kmsan-gce
2018/12/29 06:00 https://github.com/google/kmsan.git master 79fc24ff6184 e33ad0f1 .config console log report ci-upstream-kmsan-gce
2018/12/28 04:42 https://github.com/google/kmsan.git master 79fc24ff6184 af317504 .config console log report ci-upstream-kmsan-gce
2018/12/27 09:36 https://github.com/google/kmsan.git master 79fc24ff6184 e747ec98 .config console log report ci-upstream-kmsan-gce
2018/12/26 11:43 https://github.com/google/kmsan.git master 79fc24ff6184 8a41a0ad .config console log report ci-upstream-kmsan-gce
2018/12/25 01:01 https://github.com/google/kmsan.git master 79fc24ff6184 8a41a0ad .config console log report ci-upstream-kmsan-gce
2018/12/23 02:25 https://github.com/google/kmsan.git master 75b3ad224f19 e3bd7ab8 .config console log report ci-upstream-kmsan-gce
2018/12/19 12:47 https://github.com/google/kmsan.git master 49d30e29c6d8 fe2dc057 .config console log report ci-upstream-kmsan-gce
2018/12/16 12:34 https://github.com/google/kmsan.git master 0a602458c72c def91db3 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.