syzbot

 sign-in | mailing list | source | docs
🐞 Open [969] 🐞 Fixed [4037] 🐞 Invalid [9001] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in __skb_checksum_complete (5)

Status: upstream: reported C repro on 2020/08/14 15:09
Reported-by: syzbot+b024befb3ca7990fea37@syzkaller.appspotmail.com
First crash: 783d, last: 2h47m
similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __skb_checksum_complete (3) 7 1264d 1430d 0/24 auto-closed as invalid on 2019/10/19 05:22
upstream KMSAN: uninit-value in __skb_checksum_complete (2) 2 1555d 1556d 0/24 closed as invalid on 2018/09/05 16:20
upstream KMSAN: uninit-value in __skb_checksum_complete (4) C 420 806d 1048d 0/24 closed as invalid on 2020/07/22 16:42
upstream KMSAN: uninit-value in __skb_checksum_complete C 5 1628d 1629d 0/24 closed as invalid on 2018/04/22 15:44
upstream KMSAN: uninit-value in br_dev_xmit C 536 34d 955d 0/24 upstream: reported C repro on 2020/02/24 08:38
upstream KMSAN: uninit-value in batadv_get_vid C 1941 19d 955d 0/24 upstream: reported C repro on 2020/02/24 08:38
upstream KMSAN: uninit-value in eth_type_trans (2) C 2631 8h01m 988d 0/24 upstream: reported C repro on 2020/01/22 16:47

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in __skb_checksum_complete+0x421/0x630 net/core/skbuff.c:2846
CPU: 0 PID: 497 Comm: kworker/u4:11 Not tainted 5.10.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x21c/0x280 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x5f/0xa0 mm/kmsan/kmsan_instr.c:197
 __skb_checksum_complete+0x421/0x630 net/core/skbuff.c:2846
 __skb_checksum_validate_complete include/linux/skbuff.h:4014 [inline]
 icmp_rcv+0x94b/0x1d70 net/ipv4/icmp.c:1081
 ip_protocol_deliver_rcu+0x572/0xc50 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_local_deliver+0x583/0x8d0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:449 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:428 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_rcv+0x5c3/0x840 net/ipv4/ip_input.c:539
 __netif_receive_skb_one_core net/core/dev.c:5315 [inline]
 __netif_receive_skb+0x1ec/0x640 net/core/dev.c:5429
 process_backlog+0x523/0xc10 net/core/dev.c:6319
 napi_poll+0x420/0x1010 net/core/dev.c:6763
 net_rx_action+0x35c/0xd40 net/core/dev.c:6833
 __do_softirq+0x1a9/0x6fa kernel/softirq.c:298
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x6e/0x90 arch/x86/kernel/irq_64.c:77
 do_softirq kernel/softirq.c:343 [inline]
 __local_bh_enable_ip+0x184/0x1d0 kernel/softirq.c:195
 local_bh_enable+0x36/0x40 include/linux/bottom_half.h:32
 rcu_read_unlock_bh include/linux/rcupdate.h:730 [inline]
 __dev_queue_xmit+0x3a9b/0x4520 net/core/dev.c:4167
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4173
 batadv_send_skb_packet+0x622/0x970 net/batman-adv/send.c:108
 batadv_send_broadcast_skb+0x76/0x90 net/batman-adv/send.c:127
 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:394 [inline]
 batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline]
 batadv_iv_send_outstanding_bat_ogm_packet+0xb3a/0xf00 net/batman-adv/bat_iv_ogm.c:1712
 process_one_work+0x121c/0x1fc0 kernel/workqueue.c:2272
 worker_thread+0x10cc/0x2740 kernel/workqueue.c:2418
 kthread+0x51c/0x560 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:121 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:289
 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:226
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:246
 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110
 csum_partial_copy_nocheck include/net/checksum.h:51 [inline]
 skb_copy_and_csum_bits+0x23e/0x13e0 net/core/skbuff.c:2733
 icmp_glue_bits+0x155/0x400 net/ipv4/icmp.c:356
 __ip_append_data+0x4f8e/0x6210 net/ipv4/ip_output.c:1139
 ip_append_data+0x326/0x490 net/ipv4/ip_output.c:1323
 icmp_push_reply+0x1f8/0x810 net/ipv4/icmp.c:374
 __icmp_send+0x2a98/0x3a90 net/ipv4/icmp.c:762
 icmp_send include/net/icmp.h:43 [inline]
 __udp4_lib_rcv+0x421f/0x5880 net/ipv4/udp.c:2405
 udp_rcv+0x5c/0x70 net/ipv4/udp.c:2564
 ip_protocol_deliver_rcu+0x572/0xc50 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_local_deliver+0x583/0x8d0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:449 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:428 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_rcv+0x5c3/0x840 net/ipv4/ip_input.c:539
 __netif_receive_skb_one_core net/core/dev.c:5315 [inline]
 __netif_receive_skb+0x1ec/0x640 net/core/dev.c:5429
 process_backlog+0x523/0xc10 net/core/dev.c:6319
 napi_poll+0x420/0x1010 net/core/dev.c:6763
 net_rx_action+0x35c/0xd40 net/core/dev.c:6833
 __do_softirq+0x1a9/0x6fa kernel/softirq.c:298

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:121 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:289
 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:226
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:246
 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110
 pskb_expand_head+0x3eb/0x1df0 net/core/skbuff.c:1631
 __skb_cow include/linux/skbuff.h:3165 [inline]
 skb_cow_head include/linux/skbuff.h:3199 [inline]
 batadv_skb_head_push+0x2ce/0x410 net/batman-adv/soft-interface.c:75
 batadv_send_skb_packet+0x1ed/0x970 net/batman-adv/send.c:86
 batadv_send_broadcast_skb+0x76/0x90 net/batman-adv/send.c:127
 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:394 [inline]
 batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline]
 batadv_iv_send_outstanding_bat_ogm_packet+0xb3a/0xf00 net/batman-adv/bat_iv_ogm.c:1712
 process_one_work+0x121c/0x1fc0 kernel/workqueue.c:2272
 worker_thread+0x10cc/0x2740 kernel/workqueue.c:2418
 kthread+0x51c/0x560 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Uninit was created at:
 kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:121
 kmsan_alloc_page+0xd3/0x1f0 mm/kmsan/kmsan_shadow.c:274
 __alloc_pages_nodemask+0x84e/0xfb0 mm/page_alloc.c:4989
 __alloc_pages include/linux/gfp.h:511 [inline]
 __alloc_pages_node include/linux/gfp.h:524 [inline]
 alloc_pages_node include/linux/gfp.h:538 [inline]
 __page_frag_cache_refill mm/page_alloc.c:5065 [inline]
 page_frag_alloc+0x35b/0x890 mm/page_alloc.c:5095
 __napi_alloc_skb+0x1c0/0xab0 net/core/skbuff.c:519
 napi_alloc_skb include/linux/skbuff.h:2870 [inline]
 page_to_skb+0x142/0x1640 drivers/net/virtio_net.c:389
 receive_mergeable+0xee6/0x5be0 drivers/net/virtio_net.c:949
 receive_buf+0x2db/0x2ba0 drivers/net/virtio_net.c:1059
 virtnet_receive drivers/net/virtio_net.c:1351 [inline]
 virtnet_poll+0xa51/0x1d10 drivers/net/virtio_net.c:1456
 napi_poll+0x420/0x1010 net/core/dev.c:6763
 net_rx_action+0x35c/0xd40 net/core/dev.c:6833
 __do_softirq+0x1a9/0x6fa kernel/softirq.c:298
=====================================================

Crashes (293):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2020/12/02 12:10 https://github.com/google/kmsan.git master 73d62e81b476 c42a35e9 .config log report syz C
ci-upstream-kmsan-gce 2021/02/01 10:33 https://github.com/google/kmsan.git master 73d62e81b476 fc9fd31e .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2022/04/13 00:45 https://github.com/google/kmsan.git master 33d9269ef6e0 dacb3f1c .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce 2021/01/13 14:17 https://github.com/google/kmsan.git master 73d62e81b476 a945f0a3 .config log report info
ci-upstream-kmsan-gce 2020/08/14 06:17 https://github.com/google/kmsan.git master ce8056d1f79e 54ce1ed6 .config log report
ci-upstream-kmsan-gce-386 2022/10/06 21:00 https://github.com/google/kmsan.git master 968c2729e576 131b38ac .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/10/05 03:17 https://github.com/google/kmsan.git master 968c2729e576 eab8f949 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/10/05 00:41 https://github.com/google/kmsan.git master 968c2729e576 eab8f949 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/10/04 21:06 https://github.com/google/kmsan.git master 968c2729e576 eab8f949 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/10/01 23:16 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/10/01 19:35 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/30 04:09 https://github.com/google/kmsan.git master 968c2729e576 1d385642 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/30 02:12 https://github.com/google/kmsan.git master 968c2729e576 1d385642 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/29 14:19 https://github.com/google/kmsan.git master 968c2729e576 1d385642 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/29 08:00 https://github.com/google/kmsan.git master 968c2729e576 e2556bc3 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/29 01:47 https://github.com/google/kmsan.git master 879600fbb6d3 e2556bc3 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/28 23:31 https://github.com/google/kmsan.git master 879600fbb6d3 e2556bc3 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/28 05:23 https://github.com/google/kmsan.git master 466a27efa4f0 75c78242 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/27 05:59 https://github.com/google/kmsan.git master 523d2ce66d07 10323ddf .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/26 14:29 https://github.com/google/kmsan.git master 523d2ce66d07 d59ba983 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/23 23:50 https://github.com/google/kmsan.git master 523d2ce66d07 0042f2b4 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/23 20:03 https://github.com/google/kmsan.git master 523d2ce66d07 0042f2b4 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/23 01:32 https://github.com/google/kmsan.git master 523d2ce66d07 0042f2b4 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/22 11:48 https://github.com/google/kmsan.git master 523d2ce66d07 60af5050 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/22 10:43 https://github.com/google/kmsan.git master 523d2ce66d07 60af5050 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/22 09:22 https://github.com/google/kmsan.git master 523d2ce66d07 60af5050 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/19 10:30 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/18 18:50 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/18 16:28 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/16 19:06 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/16 09:24 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/15 22:35 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/15 12:44 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/14 18:33 https://github.com/google/kmsan.git master faf04f9bcf05 b884348d .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/11 19:31 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/11 10:38 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/11 09:27 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/11 05:01 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/10 19:37 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/10 05:33 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/10 03:13 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/09 19:51 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/09 03:42 https://github.com/google/kmsan.git master 4367d178d9eb f3027468 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/09 01:01 https://github.com/google/kmsan.git master 4367d178d9eb f3027468 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/08 05:15 https://github.com/google/kmsan.git master 4367d178d9eb 435aeef7 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/07 05:57 https://github.com/google/kmsan.git master 4367d178d9eb 5fc30c37 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/07 04:36 https://github.com/google/kmsan.git master 4367d178d9eb 5fc30c37 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/04 07:49 https://github.com/google/kmsan.git master ad8e4e812ba8 28811d0a .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/09/01 19:51 https://github.com/google/kmsan.git master e23a6cc335d5 86c46e46 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/08/30 23:10 https://github.com/google/kmsan.git master 669e25866d6c 4a380809 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/08/30 06:22 https://github.com/google/kmsan.git master ac3859c02d7f 5b44472d .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/08/29 23:47 https://github.com/google/kmsan.git master ac3859c02d7f 5b44472d .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/08/29 04:47 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/08/27 18:59 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/08/26 22:10 https://github.com/google/kmsan.git master ac3859c02d7f e5a303f1 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/08/23 20:46 https://github.com/google/kmsan.git master 1b070a5d1a2c cea8b0f7 .config log report info KMSAN: uninit-value in ipgre_xmit
ci-upstream-kmsan-gce-386 2022/08/22 20:52 https://github.com/google/kmsan.git master 1b070a5d1a2c 26a13b38 .config log report info KMSAN: uninit-value in ipgre_xmit
* Struck through repros no longer work on HEAD.