syzbot

 sign-in | mailing list | source | docs
🐞 Open [983] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12500] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in ebt_stp_mt_check (2)

Status: fixed on 2018/07/09 18:05
Subsystems: bridge netfilter
[Documentation on labels]
Reported-by: syzbot+da4494182233c23a5fcf@syzkaller.appspotmail.com
Fix commit: c568503ef020 netfilter: x_tables: initialise match/target check parameter struct
First crash: 2148d, last: 2116d
Discussions (7)
Title Replies (including bot) Last reply
[PATCH 4.4 00/43] 4.4.141-stable review 53 (53) 2018/08/22 21:43
[PATCH 3.18 00/29] 3.18.116-stable review 32 (32) 2018/07/22 11:42
[PATCH 4.17 00/67] 4.17.7-stable review 74 (74) 2018/07/17 09:41
[PATCH 4.9 00/32] 4.9.113-stable review 53 (53) 2018/07/17 08:14
[PATCH 4.14 00/54] 4.14.56-stable review 57 (57) 2018/07/17 08:04
[PATCH 00/15] Netfilter/IPVS fixes for net 17 (17) 2018/06/11 23:31
KMSAN: uninit-value in ebt_stp_mt_check (2) 1 (3) 2018/06/07 21:40
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in ebt_stp_mt_check bridge netfilter C 211 2149d 2193d 5/26 fixed on 2018/06/07 13:52

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
==================================================================
BUG: KMSAN: uninit-value in ebt_stp_mt_check+0x24b/0x450 net/bridge/netfilter/ebt_stp.c:162
CPU: 1 PID: 4523 Comm: syz-executor710 Not tainted 4.17.0+ #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x149/0x260 mm/kmsan/kmsan.c:1084
 __msan_warning_32+0x6e/0xc0 mm/kmsan/kmsan_instr.c:620
 ebt_stp_mt_check+0x24b/0x450 net/bridge/netfilter/ebt_stp.c:162
 xt_check_match+0x1438/0x1650 net/netfilter/x_tables.c:506
 ebt_check_match net/bridge/netfilter/ebtables.c:372 [inline]
 ebt_check_entry net/bridge/netfilter/ebtables.c:702 [inline]
 translate_table+0x4e88/0x6120 net/bridge/netfilter/ebtables.c:943
 do_replace_finish+0x1258/0x2ea0 net/bridge/netfilter/ebtables.c:999
 do_replace+0x719/0x780 net/bridge/netfilter/ebtables.c:1138
 do_ebt_set_ctl+0x2ab/0x3c0 net/bridge/netfilter/ebtables.c:1517
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x47c/0x4e0 net/netfilter/nf_sockopt.c:115
 ip_setsockopt+0x24b/0x2b0 net/ipv4/ip_sockglue.c:1251
 udp_setsockopt+0x108/0x1b0 net/ipv4/udp.c:2416
 sock_common_setsockopt+0x13b/0x170 net/core/sock.c:3039
 __sys_setsockopt+0x496/0x540 net/socket.c:1903
 __do_sys_setsockopt net/socket.c:1914 [inline]
 __se_sys_setsockopt net/socket.c:1911 [inline]
 __x64_sys_setsockopt+0x15c/0x1c0 net/socket.c:1911
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x43fd89
RSP: 002b:00007ffc9d7edb28 EFLAGS: 00000213 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd89
RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000300 R09: 00000000004002c8
R10: 0000000020000480 R11: 0000000000000213 R12: 00000000004016b0
R13: 0000000000401740 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----mtpar.i@translate_table
Variable was created at:
 translate_table+0xbb/0x6120 net/bridge/netfilter/ebtables.c:831
 do_replace_finish+0x1258/0x2ea0 net/bridge/netfilter/ebtables.c:999
==================================================================

Crashes (222):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/06/07 21:39 https://github.com/google/kmsan.git master c6a6aed994b6 645e75f8 .config console log report syz C ci-upstream-kmsan-gce
2018/07/09 18:03 https://github.com/google/kmsan.git master a00de5aa4da3 f25e5770 .config console log report ci-upstream-kmsan-gce
2018/07/09 14:59 https://github.com/google/kmsan.git master a00de5aa4da3 f25e5770 .config console log report ci-upstream-kmsan-gce
2018/07/09 14:51 https://github.com/google/kmsan.git master a00de5aa4da3 f25e5770 .config console log report ci-upstream-kmsan-gce
2018/07/09 13:00 https://github.com/google/kmsan.git master a00de5aa4da3 f25e5770 .config console log report ci-upstream-kmsan-gce
2018/07/09 08:43 https://github.com/google/kmsan.git master a00de5aa4da3 f25e5770 .config console log report ci-upstream-kmsan-gce
2018/07/09 06:03 https://github.com/google/kmsan.git master a00de5aa4da3 f25e5770 .config console log report ci-upstream-kmsan-gce
2018/07/09 01:44 https://github.com/google/kmsan.git master a00de5aa4da3 f25e5770 .config console log report ci-upstream-kmsan-gce
2018/07/08 22:09 https://github.com/google/kmsan.git master a00de5aa4da3 f25e5770 .config console log report ci-upstream-kmsan-gce
2018/07/08 06:26 https://github.com/google/kmsan.git master a00de5aa4da3 c9a7a4dc .config console log report ci-upstream-kmsan-gce
2018/07/08 05:12 https://github.com/google/kmsan.git master a00de5aa4da3 c9a7a4dc .config console log report ci-upstream-kmsan-gce
2018/07/08 01:04 https://github.com/google/kmsan.git master a00de5aa4da3 ab89aea9 .config console log report ci-upstream-kmsan-gce
2018/07/07 20:38 https://github.com/google/kmsan.git master a00de5aa4da3 ab89aea9 .config console log report ci-upstream-kmsan-gce
2018/07/07 19:30 https://github.com/google/kmsan.git master a00de5aa4da3 ab89aea9 .config console log report ci-upstream-kmsan-gce
2018/07/07 15:44 https://github.com/google/kmsan.git master a00de5aa4da3 ab89aea9 .config console log report ci-upstream-kmsan-gce
2018/07/07 13:53 https://github.com/google/kmsan.git master a00de5aa4da3 6c0c0099 .config console log report ci-upstream-kmsan-gce
2018/07/07 12:26 https://github.com/google/kmsan.git master a00de5aa4da3 6c0c0099 .config console log report ci-upstream-kmsan-gce
2018/07/07 10:47 https://github.com/google/kmsan.git master a00de5aa4da3 6c0c0099 .config console log report ci-upstream-kmsan-gce
2018/07/07 05:28 https://github.com/google/kmsan.git master a00de5aa4da3 6c0c0099 .config console log report ci-upstream-kmsan-gce
2018/07/07 03:32 https://github.com/google/kmsan.git master a00de5aa4da3 6c0c0099 .config console log report ci-upstream-kmsan-gce
2018/07/07 01:16 https://github.com/google/kmsan.git master a00de5aa4da3 9636bc93 .config console log report ci-upstream-kmsan-gce
2018/07/06 15:41 https://github.com/google/kmsan.git master a00de5aa4da3 9636bc93 .config console log report ci-upstream-kmsan-gce
2018/07/05 09:56 https://github.com/google/kmsan.git master c1adbc427188 f525fd72 .config console log report ci-upstream-kmsan-gce
2018/07/05 03:43 https://github.com/google/kmsan.git master accdc89e1dc3 e1b966c6 .config console log report ci-upstream-kmsan-gce
2018/07/04 09:19 https://github.com/google/kmsan.git master 4ca559bbdeaf 317fc8ea .config console log report ci-upstream-kmsan-gce
2018/07/04 05:01 https://github.com/google/kmsan.git master 4ca559bbdeaf 317fc8ea .config console log report ci-upstream-kmsan-gce
2018/07/03 18:55 https://github.com/google/kmsan.git master 4ca559bbdeaf 317fc8ea .config console log report ci-upstream-kmsan-gce
2018/07/03 17:14 https://github.com/google/kmsan.git master 4ca559bbdeaf 317fc8ea .config console log report ci-upstream-kmsan-gce
2018/07/03 05:52 https://github.com/google/kmsan.git master 4ca559bbdeaf 317fc8ea .config console log report ci-upstream-kmsan-gce
2018/07/03 01:13 https://github.com/google/kmsan.git master 6c3632ffef26 574780b0 .config console log report ci-upstream-kmsan-gce
2018/07/02 18:39 https://github.com/google/kmsan.git master 6c3632ffef26 574780b0 .config console log report ci-upstream-kmsan-gce
2018/07/02 12:43 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/07/02 09:03 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/07/02 03:35 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/07/02 00:00 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/07/01 22:17 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/07/01 20:22 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/07/01 17:35 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/07/01 15:30 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/06/30 22:38 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/06/30 18:59 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/06/30 11:29 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/06/07 16:32 https://github.com/google/kmsan.git master c6a6aed994b6 645e75f8 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.