KMSAN: uninit-value in fib_get

KMSAN: uninit-value in fib_get_nhs
Status: upstream: reported C repro on 2021/12/09 18:57
Reported-by: syzbot+d4b9a2851cc3ce998741@syzkaller.appspotmail.com
Fix commit: 7a3429bace0e ipv4: Check attribute length for RTA_GATEWAY in multipath route
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64 ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386]
First crash: 48d, last: 36d

Sample crash report:

=====================================================
BUG: KMSAN: uninit-value in fib_get_nhs+0xac4/0x1f80 net/ipv4/fib_semantics.c:708
 fib_get_nhs+0xac4/0x1f80 net/ipv4/fib_semantics.c:708
 fib_create_info+0x2411/0x4870 net/ipv4/fib_semantics.c:1453
 fib_table_insert+0x45c/0x3a10 net/ipv4/fib_trie.c:1224
 inet_rtm_newroute+0x289/0x420 net/ipv4/fib_frontend.c:886
 rtnetlink_rcv_msg+0x145d/0x18c0 net/core/rtnetlink.c:5571
 netlink_rcv_skb+0x447/0x800 net/netlink/af_netlink.c:2491
 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:5589
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x1095/0x1360 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x16f3/0x1870 net/netlink/af_netlink.c:1916
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmsg+0x4a5/0x640 net/socket.c:2492
 __do_sys_sendmsg net/socket.c:2501 [inline]
 __se_sys_sendmsg net/socket.c:2499 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2499
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:524 [inline]
 slab_alloc_node mm/slub.c:3251 [inline]
 __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
 alloc_skb include/linux/skbuff.h:1126 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1191 [inline]
 netlink_sendmsg+0xe93/0x1870 net/netlink/af_netlink.c:1891
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmsg+0x4a5/0x640 net/socket.c:2492
 __do_sys_sendmsg net/socket.c:2501 [inline]
 __se_sys_sendmsg net/socket.c:2499 [inline]
 __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2499
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 0 PID: 6371 Comm: syz-executor193 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (11):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kmsan-gce	2021/12/08 16:46	https://github.com/google/kmsan.git master	8b936c96768e	a4a2a501	.config	log	report	syz	C		KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce	2021/12/19 12:57	https://github.com/google/kmsan.git master	b0a8b5053e8b	44068e19	.config	log	report			info	KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce	2021/12/19 12:39	https://github.com/google/kmsan.git master	b0a8b5053e8b	44068e19	.config	log	report			info	KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce	2021/12/10 04:11	https://github.com/google/kmsan.git master	8b936c96768e	4d4ce9bc	.config	log	report			info	KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce	2021/12/08 20:25	https://github.com/google/kmsan.git master	8b936c96768e	a4a2a501	.config	log	report			info	KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce	2021/12/08 14:56	https://github.com/google/kmsan.git master	8b936c96768e	a4a2a501	.config	log	report			info	KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce-386	2021/12/19 12:31	https://github.com/google/kmsan.git master	b0a8b5053e8b	44068e19	.config	log	report			info	KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce-386	2021/12/19 12:24	https://github.com/google/kmsan.git master	b0a8b5053e8b	44068e19	.config	log	report			info	KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce-386	2021/12/09 06:21	https://github.com/google/kmsan.git master	8b936c96768e	a4a2a501	.config	log	report			info	KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce-386	2021/12/08 20:32	https://github.com/google/kmsan.git master	8b936c96768e	a4a2a501	.config	log	report			info	KMSAN: uninit-value in fib_get_nhs
ci-upstream-kmsan-gce-386	2021/12/07 21:19	https://github.com/google/kmsan.git master	8b936c96768e	0230ba3e	.config	log	report			info	KMSAN: uninit-value in fib_get_nhs