syzbot


KMSAN: uninit-value in skb_release_data (2)

Status: auto-closed as invalid on 2019/08/03 03:17
Subsystems: net
[Documentation on labels]
First crash: 2079d, last: 2079d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in skb_release_data (3) net C 10 816d 1495d 0/28 auto-obsoleted due to no activity on 2022/11/17 07:20
upstream general protection fault in skb_release_data (2) net bluetooth C done error 683 83d 1495d 0/28 upstream: reported C repro on 2020/09/09 09:58
upstream KMSAN: uninit-value in skb_release_data net 1 2301d 2301d 0/28 closed as invalid on 2018/09/05 11:10

Sample crash report:
==================================================================
BUG: KMSAN: uninit-value in __read_once_size include/linux/compiler.h:198 [inline]
BUG: KMSAN: uninit-value in compound_head include/linux/page-flags.h:143 [inline]
BUG: KMSAN: uninit-value in put_page include/linux/mm.h:981 [inline]
BUG: KMSAN: uninit-value in __skb_frag_unref include/linux/skbuff.h:2838 [inline]
BUG: KMSAN: uninit-value in skb_release_data+0x386/0x8c0 net/core/skbuff.c:567
CPU: 0 PID: 15026 Comm: syz-executor1 Not tainted 5.0.0-rc1+ #9
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x173/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:600
 __msan_warning+0x82/0xf0 mm/kmsan/kmsan_instr.c:313
 __read_once_size include/linux/compiler.h:198 [inline]
 compound_head include/linux/page-flags.h:143 [inline]
 put_page include/linux/mm.h:981 [inline]
 __skb_frag_unref include/linux/skbuff.h:2838 [inline]
 skb_release_data+0x386/0x8c0 net/core/skbuff.c:567
 skb_release_all net/core/skbuff.c:627 [inline]
 __kfree_skb+0x8a/0x210 net/core/skbuff.c:641
 consume_skb+0x320/0x370 net/core/skbuff.c:701
 icmp_rcv+0x11d2/0x1950 net/ipv4/icmp.c:1068
 ip_protocol_deliver_rcu+0x584/0xba0 net/ipv4/ip_input.c:208
 ip_local_deliver_finish net/ipv4/ip_input.c:234 [inline]
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ip_local_deliver+0x624/0x7b0 net/ipv4/ip_input.c:255
 dst_input include/net/dst.h:450 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:414 [inline]
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ip_rcv+0x6b6/0x740 net/ipv4/ip_input.c:523
 __netif_receive_skb_one_core net/core/dev.c:4973 [inline]
 __netif_receive_skb net/core/dev.c:5083 [inline]
 netif_receive_skb_internal+0x5cd/0x9a0 net/core/dev.c:5186
 netif_receive_skb+0x256/0x480 net/core/dev.c:5261
 tun_rx_batched include/linux/skbuff.h:4099 [inline]
 tun_get_user+0x6d2d/0x7190 drivers/net/tun.c:1989
 tun_chr_write_iter+0x1f2/0x360 drivers/net/tun.c:2017
 do_iter_readv_writev+0x985/0xba0 include/linux/fs.h:1856
 do_iter_write+0x304/0xdc0 fs/read_write.c:956
 vfs_writev fs/read_write.c:1001 [inline]
 do_writev+0x397/0x840 fs/read_write.c:1036
 __do_sys_writev fs/read_write.c:1109 [inline]
 __se_sys_writev+0x9b/0xb0 fs/read_write.c:1106
 __x64_sys_writev+0x4a/0x70 fs/read_write.c:1106
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x457cf1
Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 b9 fb ff c3 48 83 ec 08 e8 1a 2d 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 63 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007f6fdd9aeba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 000000000000006a RCX: 0000000000457cf1
RDX: 0000000000000001 RSI: 00007f6fdd9aebf0 RDI: 00000000000000f0
RBP: 00000000200000c0 R08: 00000000000000f0 R09: 0000000000000000
R10: 00007f6fdd9af9d0 R11: 0000000000000293 R12: 00007f6fdd9af6d4
R13: 00000000004c6404 R14: 00000000004db768 R15: 00000000ffffffff

Uninit was created at:
 kmsan_save_stack_with_flags+0x7a/0x130 mm/kmsan/kmsan.c:205
 kmsan_internal_alloc_meta_for_pages+0x113/0x580 mm/kmsan/kmsan_hooks.c:98
 kmsan_alloc_page+0x7e/0x100 mm/kmsan/kmsan_hooks.c:396
 __alloc_pages_nodemask+0x137b/0x5e30 mm/page_alloc.c:4572
 alloc_pages_current+0x69d/0x9b0 mm/mempolicy.c:2106
 alloc_pages include/linux/gfp.h:511 [inline]
 skb_page_frag_refill+0x3b5/0x5b0 net/core/sock.c:2221
 tun_build_skb drivers/net/tun.c:1682 [inline]
 tun_get_user+0x1d42/0x7190 drivers/net/tun.c:1825
 tun_chr_write_iter+0x1f2/0x360 drivers/net/tun.c:2017
 do_iter_readv_writev+0x985/0xba0 include/linux/fs.h:1856
 do_iter_write+0x304/0xdc0 fs/read_write.c:956
 vfs_writev fs/read_write.c:1001 [inline]
 do_writev+0x397/0x840 fs/read_write.c:1036
 __do_sys_writev fs/read_write.c:1109 [inline]
 __se_sys_writev+0x9b/0xb0 fs/read_write.c:1106
 __x64_sys_writev+0x4a/0x70 fs/read_write.c:1106
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/02/04 02:59 https://github.com/google/kmsan.git master fa1981bee40f c198d5dd .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.