syzbot

 sign-in | mailing list | source | docs
🐞 Open [961] 🐞 Fixed [3812] 🐞 Invalid [8186] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in __skb_checksum_complete (5)
Status: upstream: reported C repro on 2020/08/14 15:09
Reported-by: syzbot+b024befb3ca7990fea37@syzkaller.appspotmail.com
First crash: 652d, last: 45d
similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __skb_checksum_complete (3) 7 1132d 1299d 0/22 auto-closed as invalid on 2019/10/19 05:22
upstream KMSAN: uninit-value in __skb_checksum_complete (2) 2 1424d 1425d 0/22 closed as invalid on 2018/09/05 16:20
upstream KMSAN: uninit-value in __skb_checksum_complete (4) C 420 675d 917d 0/22 closed as invalid on 2020/07/22 16:42
upstream KMSAN: uninit-value in __skb_checksum_complete C 5 1497d 1498d 0/22 closed as invalid on 2018/04/22 15:44
upstream KMSAN: uninit-value in br_dev_xmit C 536 18d 824d 0/22 upstream: reported C repro on 2020/02/24 08:38
upstream KMSAN: uninit-value in batadv_get_vid C 1919 3d05h 824d 0/22 upstream: reported C repro on 2020/02/24 08:38
upstream KMSAN: uninit-value in eth_type_trans (2) C 1689 3d12h 857d 0/22 upstream: reported C repro on 2020/01/22 16:47

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in __skb_checksum_complete+0x421/0x630 net/core/skbuff.c:2846
CPU: 0 PID: 497 Comm: kworker/u4:11 Not tainted 5.10.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x21c/0x280 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x5f/0xa0 mm/kmsan/kmsan_instr.c:197
 __skb_checksum_complete+0x421/0x630 net/core/skbuff.c:2846
 __skb_checksum_validate_complete include/linux/skbuff.h:4014 [inline]
 icmp_rcv+0x94b/0x1d70 net/ipv4/icmp.c:1081
 ip_protocol_deliver_rcu+0x572/0xc50 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_local_deliver+0x583/0x8d0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:449 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:428 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_rcv+0x5c3/0x840 net/ipv4/ip_input.c:539
 __netif_receive_skb_one_core net/core/dev.c:5315 [inline]
 __netif_receive_skb+0x1ec/0x640 net/core/dev.c:5429
 process_backlog+0x523/0xc10 net/core/dev.c:6319
 napi_poll+0x420/0x1010 net/core/dev.c:6763
 net_rx_action+0x35c/0xd40 net/core/dev.c:6833
 __do_softirq+0x1a9/0x6fa kernel/softirq.c:298
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x6e/0x90 arch/x86/kernel/irq_64.c:77
 do_softirq kernel/softirq.c:343 [inline]
 __local_bh_enable_ip+0x184/0x1d0 kernel/softirq.c:195
 local_bh_enable+0x36/0x40 include/linux/bottom_half.h:32
 rcu_read_unlock_bh include/linux/rcupdate.h:730 [inline]
 __dev_queue_xmit+0x3a9b/0x4520 net/core/dev.c:4167
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4173
 batadv_send_skb_packet+0x622/0x970 net/batman-adv/send.c:108
 batadv_send_broadcast_skb+0x76/0x90 net/batman-adv/send.c:127
 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:394 [inline]
 batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline]
 batadv_iv_send_outstanding_bat_ogm_packet+0xb3a/0xf00 net/batman-adv/bat_iv_ogm.c:1712
 process_one_work+0x121c/0x1fc0 kernel/workqueue.c:2272
 worker_thread+0x10cc/0x2740 kernel/workqueue.c:2418
 kthread+0x51c/0x560 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:121 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:289
 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:226
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:246
 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110
 csum_partial_copy_nocheck include/net/checksum.h:51 [inline]
 skb_copy_and_csum_bits+0x23e/0x13e0 net/core/skbuff.c:2733
 icmp_glue_bits+0x155/0x400 net/ipv4/icmp.c:356
 __ip_append_data+0x4f8e/0x6210 net/ipv4/ip_output.c:1139
 ip_append_data+0x326/0x490 net/ipv4/ip_output.c:1323
 icmp_push_reply+0x1f8/0x810 net/ipv4/icmp.c:374
 __icmp_send+0x2a98/0x3a90 net/ipv4/icmp.c:762
 icmp_send include/net/icmp.h:43 [inline]
 __udp4_lib_rcv+0x421f/0x5880 net/ipv4/udp.c:2405
 udp_rcv+0x5c/0x70 net/ipv4/udp.c:2564
 ip_protocol_deliver_rcu+0x572/0xc50 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_local_deliver+0x583/0x8d0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:449 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:428 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_rcv+0x5c3/0x840 net/ipv4/ip_input.c:539
 __netif_receive_skb_one_core net/core/dev.c:5315 [inline]
 __netif_receive_skb+0x1ec/0x640 net/core/dev.c:5429
 process_backlog+0x523/0xc10 net/core/dev.c:6319
 napi_poll+0x420/0x1010 net/core/dev.c:6763
 net_rx_action+0x35c/0xd40 net/core/dev.c:6833
 __do_softirq+0x1a9/0x6fa kernel/softirq.c:298

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:121 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:289
 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:226
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:246
 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110
 pskb_expand_head+0x3eb/0x1df0 net/core/skbuff.c:1631
 __skb_cow include/linux/skbuff.h:3165 [inline]
 skb_cow_head include/linux/skbuff.h:3199 [inline]
 batadv_skb_head_push+0x2ce/0x410 net/batman-adv/soft-interface.c:75
 batadv_send_skb_packet+0x1ed/0x970 net/batman-adv/send.c:86
 batadv_send_broadcast_skb+0x76/0x90 net/batman-adv/send.c:127
 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:394 [inline]
 batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline]
 batadv_iv_send_outstanding_bat_ogm_packet+0xb3a/0xf00 net/batman-adv/bat_iv_ogm.c:1712
 process_one_work+0x121c/0x1fc0 kernel/workqueue.c:2272
 worker_thread+0x10cc/0x2740 kernel/workqueue.c:2418
 kthread+0x51c/0x560 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Uninit was created at:
 kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:121
 kmsan_alloc_page+0xd3/0x1f0 mm/kmsan/kmsan_shadow.c:274
 __alloc_pages_nodemask+0x84e/0xfb0 mm/page_alloc.c:4989
 __alloc_pages include/linux/gfp.h:511 [inline]
 __alloc_pages_node include/linux/gfp.h:524 [inline]
 alloc_pages_node include/linux/gfp.h:538 [inline]
 __page_frag_cache_refill mm/page_alloc.c:5065 [inline]
 page_frag_alloc+0x35b/0x890 mm/page_alloc.c:5095
 __napi_alloc_skb+0x1c0/0xab0 net/core/skbuff.c:519
 napi_alloc_skb include/linux/skbuff.h:2870 [inline]
 page_to_skb+0x142/0x1640 drivers/net/virtio_net.c:389
 receive_mergeable+0xee6/0x5be0 drivers/net/virtio_net.c:949
 receive_buf+0x2db/0x2ba0 drivers/net/virtio_net.c:1059
 virtnet_receive drivers/net/virtio_net.c:1351 [inline]
 virtnet_poll+0xa51/0x1d10 drivers/net/virtio_net.c:1456
 napi_poll+0x420/0x1010 net/core/dev.c:6763
 net_rx_action+0x35c/0xd40 net/core/dev.c:6833
 __do_softirq+0x1a9/0x6fa kernel/softirq.c:298
=====================================================

Crashes (43):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2020/12/02 12:10 https://github.com/google/kmsan.git master 73d62e81b476 c42a35e9 .config log report syz C
ci-upstream-kmsan-gce 2021/02/01 10:33 https://github.com/google/kmsan.git master 73d62e81b476 fc9fd31e .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2022/04/13 00:45 https://github.com/google/kmsan.git master 33d9269ef6e0 dacb3f1c .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2022/04/12 20:30 https://github.com/google/kmsan.git master 33d9269ef6e0 dacb3f1c .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2022/04/06 21:19 https://github.com/google/kmsan.git master 33d9269ef6e0 97582466 .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2022/02/12 01:02 https://github.com/google/kmsan.git master 85cfd6e539bd 8b9ca619 .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2021/12/09 05:27 https://github.com/google/kmsan.git master 8b936c96768e a4a2a501 .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2021/05/23 01:49 https://github.com/google/kmsan.git master 6099c9da2f7d 3c7fef33 .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2021/05/20 07:35 https://github.com/google/kmsan.git master 6099c9da2f7d a343ba6b .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2021/05/20 00:22 https://github.com/google/kmsan.git master 6099c9da2f7d a343ba6b .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2021/05/17 20:53 https://github.com/google/kmsan.git master bdefec9ab855 a2eb125d .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2021/04/26 07:58 https://github.com/google/kmsan.git master 4ebaab5fb428 2a82f1b3 .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2021/04/20 09:42 https://github.com/google/kmsan.git master 4ebaab5fb428 4285c989 .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2021/04/18 09:09 https://github.com/google/kmsan.git master 4ebaab5fb428 7e2b734b .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2021/03/17 14:02 https://github.com/google/kmsan.git master 29ad81a1074a fdb2bb2c .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2021/02/05 03:03 https://github.com/google/kmsan.git master 73d62e81b476 23a562df .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce-386 2021/01/24 17:45 https://github.com/google/kmsan.git master 73d62e81b476 52e37319 .config log report info KMSAN: uninit-value in __skb_checksum_complete
ci-upstream-kmsan-gce 2021/01/13 14:17 https://github.com/google/kmsan.git master 73d62e81b476 a945f0a3 .config log report info
ci-upstream-kmsan-gce 2020/12/31 23:27 https://github.com/google/kmsan.git master 73d62e81b476 79264ae3 .config log report info
ci-upstream-kmsan-gce 2020/12/21 11:29 https://github.com/google/kmsan.git master 73d62e81b476 04201c06 .config log report info
ci-upstream-kmsan-gce 2020/12/18 20:29 https://github.com/google/kmsan.git master 73d62e81b476 04201c06 .config log report info
ci-upstream-kmsan-gce 2020/12/11 11:30 https://github.com/google/kmsan.git master 73d62e81b476 f900b48c .config log report info
ci-upstream-kmsan-gce 2020/12/05 10:16 https://github.com/google/kmsan.git master 73d62e81b476 20366b87 .config log report info
ci-upstream-kmsan-gce 2020/12/02 05:28 https://github.com/google/kmsan.git master 73d62e81b476 c42a35e9 .config log report info
ci-upstream-kmsan-gce 2020/11/19 15:42 https://github.com/google/kmsan.git master 73d62e81b476 0767f13f .config log report info
ci-upstream-kmsan-gce 2020/11/17 15:40 https://github.com/google/kmsan.git master 73d62e81b476 bd2a760b .config log report info
ci-upstream-kmsan-gce 2020/10/14 02:29 https://github.com/google/kmsan.git master e67f4ba870c2 fc7735a2 .config log report info
ci-upstream-kmsan-gce 2020/09/22 02:18 https://github.com/google/kmsan.git master c5a13b33ec11 9e1fa68e .config log report info
ci-upstream-kmsan-gce 2020/09/11 18:52 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config log report
ci-upstream-kmsan-gce 2020/09/07 06:36 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce 2020/08/19 21:39 https://github.com/google/kmsan.git master ce8056d1f79e 94b45706 .config log report
ci-upstream-kmsan-gce 2020/08/17 02:05 https://github.com/google/kmsan.git master ce8056d1f79e 424dd8e7 .config log report
ci-upstream-kmsan-gce 2020/08/14 06:17 https://github.com/google/kmsan.git master ce8056d1f79e 54ce1ed6 .config log report
ci-upstream-kmsan-gce-386 2021/01/12 18:45 https://github.com/google/kmsan.git master 73d62e81b476 0cdd6185 .config log report info
ci-upstream-kmsan-gce-386 2021/01/06 03:09 https://github.com/google/kmsan.git master 73d62e81b476 b1c228e1 .config log report info
ci-upstream-kmsan-gce-386 2020/12/23 08:37 https://github.com/google/kmsan.git master 73d62e81b476 04201c06 .config log report info
ci-upstream-kmsan-gce-386 2020/12/15 02:02 https://github.com/google/kmsan.git master 73d62e81b476 97183ed7 .config log report info
ci-upstream-kmsan-gce-386 2020/12/13 09:33 https://github.com/google/kmsan.git master 73d62e81b476 bca53db9 .config log report info
ci-upstream-kmsan-gce-386 2020/12/02 15:27 https://github.com/google/kmsan.git master 73d62e81b476 8c9190ef .config log report info
ci-upstream-kmsan-gce-386 2020/11/26 07:11 https://github.com/google/kmsan.git master 73d62e81b476 2f1cec62 .config log report info
ci-upstream-kmsan-gce-386 2020/10/26 05:24 https://github.com/google/kmsan.git master e16174226146 a1839e81 .config log report info
ci-upstream-kmsan-gce-386 2020/09/23 04:33 https://github.com/google/kmsan.git master c5a13b33ec11 3e8f6c27 .config log report info
ci-upstream-kmsan-gce-386 2020/08/21 09:28 https://github.com/google/kmsan.git master ce8056d1f79e 1d75fe45 .config log report