syzbot


KMSAN: uninit-value in gre_parse_header

Status: fixed on 2021/03/10 01:48
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+f583ce3d4ddf9836b27a@syzkaller.appspotmail.com
Fix commit: 085c7c4e1c0e erspan: fix version 1 check in gre_parse_header()
First crash: 2100d, last: 1398d
Discussions (7)
Title Replies (including bot) Last reply
[PATCH 4.19 00/77] 4.19.167-rc1 review 87 (87) 2021/01/14 01:43
[PATCH 5.4 00/92] 5.4.89-rc1 review 96 (96) 2021/01/12 06:54
[PATCH 5.10 000/145] 5.10.7-rc1 review 152 (152) 2021/01/11 19:59
[Patch net] erspan: fix version 1 check in gre_parse_header() 2 (2) 2020/12/28 23:01
Reminder: 99 open syzbot bugs in net subsystem 14 (14) 2019/07/31 15:13
Reminder: 94 open syzbot bugs in net subsystem 1 (1) 2019/06/25 05:48
KMSAN: uninit-value in gre_parse_header 0 (1) 2019/06/23 10:37
Last patch testing requests (5)
Created Duration User Patch Repo Result
2020/12/26 23:16 14m xiyou.wangcong@gmail.com patch https://github.com/google/kmsan.git master report log
2020/12/26 22:40 15m xiyou.wangcong@gmail.com patch https://github.com/google/kmsan.git master report log
2020/09/15 13:56 12m anant.thazhemadam@gmail.com https://github.com/google/kmsan.git master report log
2019/12/04 18:28 11m xiyou.wangcong@gmail.com patch https://github.com/google/kmsan.git master report log
2019/11/05 22:07 11m tranmanphong@gmail.com patch https://github.com/google/kmsan.git master report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
BUG: KMSAN: uninit-value in __fswab32 include/uapi/linux/swab.h:59 [inline]
BUG: KMSAN: uninit-value in gre_parse_header+0x143f/0x1750 net/ipv4/gre_demux.c:131
CPU: 0 PID: 11562 Comm: syz-executor144 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf8/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
 __fswab32 include/uapi/linux/swab.h:59 [inline]
 gre_parse_header+0x143f/0x1750 net/ipv4/gre_demux.c:131
 gre_rcv+0x1cb/0x1930 net/ipv4/ip_gre.c:413
 gre_rcv+0x2dd/0x3c0 net/ipv4/gre_demux.c:155
 ip_protocol_deliver_rcu+0x70f/0xbd0 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_local_deliver+0x62a/0x7c0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:442 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:428 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_rcv+0x6cf/0x750 net/ipv4/ip_input.c:538
 __netif_receive_skb_one_core net/core/dev.c:5150 [inline]
 __netif_receive_skb net/core/dev.c:5264 [inline]
 process_backlog+0xece/0x13c0 net/core/dev.c:6095
 napi_poll net/core/dev.c:6532 [inline]
 net_rx_action+0x7a6/0x1aa0 net/core/dev.c:6600
 __do_softirq+0x4a1/0x83a kernel/softirq.c:293
 do_softirq_own_stack+0x49/0x80 arch/x86/entry/entry_64.S:1091
 </IRQ>
 do_softirq kernel/softirq.c:338 [inline]
 __local_bh_enable_ip+0x184/0x1d0 kernel/softirq.c:190
 local_bh_enable+0x36/0x40 include/linux/bottom_half.h:32
 rcu_read_unlock_bh include/linux/rcupdate.h:706 [inline]
 ip_finish_output2+0x20ec/0x25d0 net/ipv4/ip_output.c:229
 __ip_finish_output+0xaf8/0xda0 net/ipv4/ip_output.c:308
 ip_finish_output+0x2db/0x420 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_output+0x593/0x680 net/ipv4/ip_output.c:432
 dst_output include/net/dst.h:436 [inline]
 ip_local_out net/ipv4/ip_output.c:125 [inline]
 __ip_queue_xmit+0x1caf/0x21f0 net/ipv4/ip_output.c:532
 ip_queue_xmit+0xcc/0xf0 include/net/ip.h:237
 __tcp_transmit_skb+0x4387/0x5ec0 net/ipv4/tcp_output.c:1170
 tcp_transmit_skb net/ipv4/tcp_output.c:1186 [inline]
 tcp_connect+0x3da5/0x67a0 net/ipv4/tcp_output.c:3583
 tcp_v6_connect+0x25cc/0x27c0 net/ipv6/tcp_ipv6.c:329
 __inet_stream_connect+0x2f5/0x1350 net/ipv4/af_inet.c:655
 inet_stream_connect+0x101/0x180 net/ipv4/af_inet.c:719
 __sys_connect_file net/socket.c:1844 [inline]
 __sys_connect+0x6f3/0x770 net/socket.c:1861
 __do_sys_connect net/socket.c:1872 [inline]
 __se_sys_connect+0x8d/0xb0 net/socket.c:1869
 __x64_sys_connect+0x4a/0x70 net/socket.c:1869
 do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x442ad9
Code: e8 0c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc3234a718 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442ad9
RDX: 000000000000001c RSI: 0000000020000140 RDI: 0000000000000004
RBP: 000000000001bf0f R08: 0000000100000000 R09: 0000000100000000
R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000403960 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_poison_shadow+0x5c/0xf0 mm/kmsan/kmsan.c:127
 kmsan_slab_alloc+0x8b/0xe0 mm/kmsan/kmsan_hooks.c:82
 slab_alloc_node mm/slub.c:2774 [inline]
 __kmalloc_node_track_caller+0xe47/0x11f0 mm/slub.c:4382
 __kmalloc_reserve net/core/skbuff.c:141 [inline]
 __alloc_skb+0x309/0xa50 net/core/skbuff.c:209
 alloc_skb_fclone include/linux/skbuff.h:1099 [inline]
 sk_stream_alloc_skb+0x359/0x11c0 net/ipv4/tcp.c:877
 tcp_connect+0x2358/0x67a0 net/ipv4/tcp_output.c:3570
 tcp_v6_connect+0x25cc/0x27c0 net/ipv6/tcp_ipv6.c:329
 __inet_stream_connect+0x2f5/0x1350 net/ipv4/af_inet.c:655
 inet_stream_connect+0x101/0x180 net/ipv4/af_inet.c:719
 __sys_connect_file net/socket.c:1844 [inline]
 __sys_connect+0x6f3/0x770 net/socket.c:1861
 __do_sys_connect net/socket.c:1872 [inline]
 __se_sys_connect+0x8d/0xb0 net/socket.c:1869
 __x64_sys_connect+0x4a/0x70 net/socket.c:1869
 do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
=====================================================

Crashes (9283):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/12/29 10:06 https://github.com/google/kmsan.git master 997a8b55bc92 af6b8ef8 .config console log report syz C ci-upstream-kmsan-gce
2019/10/06 10:05 https://github.com/google/kmsan.git master 1e76a3e537c3 f3f7d9c8 .config console log report syz C ci-upstream-kmsan-gce
2019/10/01 05:15 https://github.com/google/kmsan.git master f5f9d3ce4686 c7a4fb99 .config console log report syz C ci-upstream-kmsan-gce
2019/09/23 00:27 https://github.com/google/kmsan.git master cebbfdbcf2b7 d96e88f3 .config console log report syz C ci-upstream-kmsan-gce
2019/08/27 10:28 https://github.com/google/kmsan.git master 61ccdad1fcdf d21c5d9d .config console log report syz C ci-upstream-kmsan-gce
2019/07/25 09:02 https://github.com/google/kmsan.git master beaab8a31e0d 32329ceb .config console log report syz C ci-upstream-kmsan-gce
2019/07/12 10:45 https://github.com/google/kmsan.git master 7280182c67ba baa5258a .config console log report syz C ci-upstream-kmsan-gce
2019/05/08 07:41 https://github.com/google/kmsan.git master d062d017e907 a7383bfa .config console log report syz C ci-upstream-kmsan-gce
2019/04/03 06:19 https://github.com/google/kmsan.git master 088c01ea0855 dfd3394d .config console log report syz C ci-upstream-kmsan-gce
2019/10/05 19:09 https://github.com/google/kmsan.git master 1e76a3e537c3 f3f7d9c8 .config console log report syz ci-upstream-kmsan-gce
2019/10/02 04:21 https://github.com/google/kmsan.git master f5f9d3ce4686 b7a87a83 .config console log report syz ci-upstream-kmsan-gce
2019/08/22 07:44 https://github.com/google/kmsan.git master 61ccdad1fcdf 984250d5 .config console log report syz ci-upstream-kmsan-gce
2019/06/09 00:59 https://github.com/google/kmsan.git master 62c1edc4b8ee 0159583c .config console log report syz ci-upstream-kmsan-gce
2019/06/07 22:49 https://github.com/google/kmsan.git master 62c1edc4b8ee ce9107d0 .config console log report syz ci-upstream-kmsan-gce
2019/06/05 06:34 https://github.com/google/kmsan.git master f75e4cfea97f bfb4a51e .config console log report syz ci-upstream-kmsan-gce
2019/05/07 11:55 https://github.com/google/kmsan.git master d062d017e907 d28f4ce5 .config console log report syz ci-upstream-kmsan-gce
2019/04/22 06:49 https://github.com/google/kmsan.git master 199a02db1f61 b0e8efcb .config console log report syz ci-upstream-kmsan-gce
2019/04/19 07:37 https://github.com/google/kmsan.git master 199a02db1f61 b0e8efcb .config console log report syz ci-upstream-kmsan-gce
2019/04/15 21:35 https://github.com/google/kmsan.git master 199a02db1f61 505ab413 .config console log report syz ci-upstream-kmsan-gce
2019/03/27 05:10 https://github.com/google/kmsan.git master 3c26d882e695 55684ce1 .config console log report syz ci-upstream-kmsan-gce
2019/03/27 00:33 https://github.com/google/kmsan.git master 3c26d882e695 55684ce1 .config console log report syz ci-upstream-kmsan-gce
2019/03/26 13:53 https://github.com/google/kmsan.git master 3c26d882e695 55684ce1 .config console log report syz ci-upstream-kmsan-gce
2019/03/26 08:54 https://github.com/google/kmsan.git master 3c26d882e695 55684ce1 .config console log report syz ci-upstream-kmsan-gce
2019/03/23 07:08 https://github.com/google/kmsan.git master c10a026b8dee 3361bde5 .config console log report syz ci-upstream-kmsan-gce
2019/03/22 18:56 https://github.com/google/kmsan.git master c10a026b8dee dce6e62f .config console log report syz ci-upstream-kmsan-gce
2019/03/21 15:36 https://github.com/google/kmsan.git master c10a026b8dee 427ea487 .config console log report syz ci-upstream-kmsan-gce
2021/02/09 23:42 https://github.com/google/kmsan.git master 73d62e81b476 2bd9619f .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/02/05 10:48 https://github.com/google/kmsan.git master 73d62e81b476 23a562df .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/02/05 08:40 https://github.com/google/kmsan.git master 73d62e81b476 23a562df .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/02/05 06:36 https://github.com/google/kmsan.git master 73d62e81b476 23a562df .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/02/04 08:14 https://github.com/google/kmsan.git master 73d62e81b476 624dad51 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/02/04 05:48 https://github.com/google/kmsan.git master 73d62e81b476 624dad51 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/02/03 22:34 https://github.com/google/kmsan.git master 73d62e81b476 624dad51 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/31 23:50 https://github.com/google/kmsan.git master 73d62e81b476 fc9fd31e .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/30 17:46 https://github.com/google/kmsan.git master 73d62e81b476 fc9fd31e .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/29 19:47 https://github.com/google/kmsan.git master 73d62e81b476 6593fd32 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/28 11:45 https://github.com/google/kmsan.git master 73d62e81b476 eefc07f2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/28 11:45 https://github.com/google/kmsan.git master 73d62e81b476 eefc07f2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/28 09:38 https://github.com/google/kmsan.git master 73d62e81b476 eefc07f2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/28 04:39 https://github.com/google/kmsan.git master 73d62e81b476 eefc07f2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/27 07:13 https://github.com/google/kmsan.git master 73d62e81b476 55a7d4df .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/25 17:37 https://github.com/google/kmsan.git master 73d62e81b476 52e37319 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/24 18:25 https://github.com/google/kmsan.git master 73d62e81b476 52e37319 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/23 12:26 https://github.com/google/kmsan.git master 73d62e81b476 52e37319 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/23 10:24 https://github.com/google/kmsan.git master 73d62e81b476 52e37319 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/23 00:31 https://github.com/google/kmsan.git master 73d62e81b476 4080af96 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/22 21:16 https://github.com/google/kmsan.git master 73d62e81b476 4080af96 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/22 13:02 https://github.com/google/kmsan.git master 73d62e81b476 d4f4eca5 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/21 16:59 https://github.com/google/kmsan.git master 73d62e81b476 d4f4eca5 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/21 14:58 https://github.com/google/kmsan.git master 73d62e81b476 d4f4eca5 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/20 20:43 https://github.com/google/kmsan.git master 73d62e81b476 d4f4eca5 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/20 13:45 https://github.com/google/kmsan.git master 73d62e81b476 d4f4eca5 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/20 12:26 https://github.com/google/kmsan.git master 73d62e81b476 d4f4eca5 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/20 02:16 https://github.com/google/kmsan.git master 73d62e81b476 63631df1 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/01/17 22:26 https://github.com/google/kmsan.git master 73d62e81b476 813be542 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in gre_parse_header
2021/02/10 04:44 https://github.com/google/kmsan.git master 73d62e81b476 2bd9619f .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in gre_parse_header
2021/02/09 23:54 https://github.com/google/kmsan.git master 73d62e81b476 2bd9619f .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in gre_parse_header
2021/02/08 10:23 https://github.com/google/kmsan.git master 73d62e81b476 2ce644fc .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in gre_parse_header
2021/02/08 05:07 https://github.com/google/kmsan.git master 73d62e81b476 2ce644fc .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in gre_parse_header
2021/02/04 04:10 https://github.com/google/kmsan.git master 73d62e81b476 624dad51 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in gre_parse_header
2021/02/03 19:14 https://github.com/google/kmsan.git master 73d62e81b476 624dad51 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in gre_parse_header
2021/01/31 12:30 https://github.com/google/kmsan.git master 73d62e81b476 fc9fd31e .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in gre_parse_header
2021/01/30 19:41 https://github.com/google/kmsan.git master 73d62e81b476 fc9fd31e .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in gre_parse_header
2021/01/28 19:47 https://github.com/google/kmsan.git master 73d62e81b476 7df34f59 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in gre_parse_header
2021/01/23 14:43 https://github.com/google/kmsan.git master 73d62e81b476 52e37319 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in gre_parse_header
2021/01/19 22:23 https://github.com/google/kmsan.git master 73d62e81b476 63631df1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in gre_parse_header
2021/01/17 08:46 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config console log report info ci-upstream-kmsan-gce
2021/01/16 20:47 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config console log report info ci-upstream-kmsan-gce
2021/01/16 09:31 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config console log report info ci-upstream-kmsan-gce
2021/01/16 00:03 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config console log report info ci-upstream-kmsan-gce
2021/01/14 18:07 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config console log report info ci-upstream-kmsan-gce
2019/03/11 10:06 https://github.com/google/kmsan.git master a695dc5e929e 12365b99 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.