syzbot


KMSAN: uninit-value in geneve_xmit (3)

Status: fixed on 2024/05/23 00:06
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+9ee20ec1de7b3168db09@syzkaller.appspotmail.com
Fix commit: d8a6213d70ac geneve: fix header validation in geneve[6]_xmit_skb
First crash: 262d, last: 247d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH v4 net] geneve: fix header validation in geneve[6]_xmit_skb 4 (4) 2024/04/08 11:00
[PATCH net] geneve: fix header validation in geneve[6]_xmit_skb 5 (5) 2024/04/04 18:13
[PATCH v2 net] geneve: fix header validation in geneve[6]_xmit_skb 2 (2) 2024/04/03 16:21
Re: [PATCH net] geneve: fix header validation in geneve[6]_xmit_skb 4 (4) 2024/04/03 16:04
[PATCH net] geneve: fix header validation in geneve[6]_xmit_skb 2 (2) 2024/04/03 14:21
[syzbot] [net?] KMSAN: uninit-value in geneve_xmit (3) 0 (1) 2024/04/03 11:35
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 555d 1723d 22/28 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in geneve_xmit net C 163 1553d 1606d 15/28 fixed on 2020/09/16 22:51
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 659d 1011d 22/28 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in geneve_xmit (2) net C 12 267d 345d 25/28 fixed on 2024/03/26 00:54
upstream KASAN: slab-out-of-bounds Read in geneve_xmit net 1 1132d 1132d 0/28 auto-closed as invalid on 2022/02/05 16:18
linux-4.19 KASAN: use-after-free Read in geneve_xmit 1 817d 817d 0/1 auto-obsoleted due to no activity on 2023/01/16 22:54
linux-5.15 KASAN: slab-out-of-bounds Read in geneve_xmit 3 37d 44d 0/3 upstream: reported on 2024/10/31 02:05
Last patch testing requests (3)
Created Duration User Patch Repo Result
2024/04/02 12:38 8h01m edumazet@google.com patch upstream OK log
2024/03/27 12:55 34m edumazet@google.com patch upstream OK log
2024/03/26 19:21 2h08m edumazet@google.com patch upstream OK log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in geneve_xmit_skb drivers/net/geneve.c:910 [inline]
BUG: KMSAN: uninit-value in geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030
 geneve_xmit_skb drivers/net/geneve.c:910 [inline]
 geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030
 __netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 netdev_start_xmit include/linux/netdevice.h:4917 [inline]
 xmit_one net/core/dev.c:3531 [inline]
 dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547
 __dev_queue_xmit+0x348d/0x52c0 net/core/dev.c:4335
 dev_queue_xmit include/linux/netdevice.h:3091 [inline]
 packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276
 packet_snd net/packet/af_packet.c:3081 [inline]
 packet_sendmsg+0x8bb0/0x9ef0 net/packet/af_packet.c:3113
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x30f/0x380 net/socket.c:745
 __sys_sendto+0x685/0x830 net/socket.c:2191
 __do_sys_sendto net/socket.c:2203 [inline]
 __se_sys_sendto net/socket.c:2199 [inline]
 __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:3804 [inline]
 slab_alloc_node mm/slub.c:3845 [inline]
 kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888
 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577
 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1318 [inline]
 alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504
 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795
 packet_alloc_skb net/packet/af_packet.c:2930 [inline]
 packet_snd net/packet/af_packet.c:3024 [inline]
 packet_sendmsg+0x722d/0x9ef0 net/packet/af_packet.c:3113
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x30f/0x380 net/socket.c:745
 __sys_sendto+0x685/0x830 net/socket.c:2191
 __do_sys_sendto net/socket.c:2203 [inline]
 __se_sys_sendto net/socket.c:2199 [inline]
 __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

CPU: 0 PID: 5033 Comm: syz-executor346 Not tainted 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
=====================================================

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/26 17:13 upstream 928a87efa423 bcd9b39f .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in geneve_xmit
2024/04/11 04:12 upstream 2c71fdf02a95 56086b24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in geneve_xmit
2024/04/11 04:08 upstream 2c71fdf02a95 56086b24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in geneve_xmit
2024/04/07 17:50 upstream f2f80ac80987 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in geneve_xmit
2024/04/07 17:41 upstream f2f80ac80987 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in geneve_xmit
2024/03/29 14:41 upstream 317c7bc0ef03 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in geneve_xmit
2024/03/29 13:22 upstream 317c7bc0ef03 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in geneve_xmit
2024/03/26 15:17 upstream 928a87efa423 bcd9b39f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in geneve_xmit
2024/04/11 04:13 upstream 2c71fdf02a95 56086b24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in geneve_xmit
2024/04/07 18:15 upstream f2f80ac80987 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in geneve_xmit
2024/04/07 17:52 upstream f2f80ac80987 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in geneve_xmit
2024/03/29 19:30 upstream 317c7bc0ef03 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in geneve_xmit
2024/03/29 18:02 upstream 317c7bc0ef03 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in geneve_xmit
2024/03/26 15:22 upstream 928a87efa423 bcd9b39f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in geneve_xmit
* Struck through repros no longer work on HEAD.