syzbot


KMSAN: uninit-value in erspan_build_header

Status: upstream: reported on 2022/10/12 16:59
Reported-by: syzbot+d551178aab6a783dc249@syzkaller.appspotmail.com
First crash: 354d, last: 2d21h
similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __skb_checksum_complete (5) C 539 3h47m 834d 0/24 upstream: reported C repro on 2020/08/14 15:09
upstream KMSAN: uninit-value in bpf_prog_run_generic_xdp 102 11d 8d15h 0/24 upstream: reported on 2022/11/18 11:39
upstream KMSAN: uninit-value in ip_tunnel_xmit (3) C 1516 51d 738d 0/24 closed as invalid on 2022/10/12 18:48
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) C 57132 now 262d 23/24 internal: reported C repro on 2022/03/09 07:32
upstream KMSAN: uninit-value in br_dev_xmit C 536 85d 1006d 0/24 upstream: reported C repro on 2020/02/24 08:38
upstream KMSAN: uninit-value in batadv_get_vid C 1941 70d 1006d 0/24 upstream: reported C repro on 2020/02/24 08:38
upstream KMSAN: uninit-value in eth_type_trans (2) C 2987 9h53m 1039d 0/24 upstream: reported C repro on 2020/01/22 16:47

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in erspan_build_header+0x170/0x2f0 include/net/erspan.h:197
 erspan_build_header+0x170/0x2f0 include/net/erspan.h:197
 erspan_xmit+0x11a2/0x1f00 net/ipv4/ip_gre.c:701
 __netdev_start_xmit include/linux/netdevice.h:4843 [inline]
 netdev_start_xmit include/linux/netdevice.h:4857 [inline]
 xmit_one+0x15a/0x5f0 net/core/dev.c:3590
 dev_hard_start_xmit+0xe5/0x370 net/core/dev.c:3606
 sch_direct_xmit+0x3f1/0xdb0 net/sched/sch_generic.c:342
 __dev_xmit_skb+0xc22/0x1a30 net/core/dev.c:3817
 __dev_queue_xmit+0x12cb/0x31f0 net/core/dev.c:4222
 dev_queue_xmit include/linux/netdevice.h:3009 [inline]
 __bpf_tx_skb net/core/filter.c:2116 [inline]
 __bpf_redirect_common net/core/filter.c:2155 [inline]
 __bpf_redirect+0x1293/0x13b0 net/core/filter.c:2162
 ____bpf_clone_redirect net/core/filter.c:2431 [inline]
 bpf_clone_redirect+0x324/0x470 net/core/filter.c:2403
 ___bpf_prog_run+0x7ed/0xaee0 kernel/bpf/core.c:1818
 __bpf_prog_run512+0xc2/0x110 kernel/bpf/core.c:2043
 bpf_dispatcher_nop_func include/linux/bpf.h:968 [inline]
 __bpf_prog_run include/linux/filter.h:600 [inline]
 bpf_prog_run include/linux/filter.h:607 [inline]
 bpf_test_run+0x592/0xd20 net/bpf/test_run.c:402
 bpf_prog_test_run_skb+0x1625/0x2090 net/bpf/test_run.c:1183
 bpf_prog_test_run+0x6a0/0x730 kernel/bpf/syscall.c:3630
 __sys_bpf+0x8a3/0xe90 kernel/bpf/syscall.c:4983
 __do_sys_bpf kernel/bpf/syscall.c:5069 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5067 [inline]
 __ia32_sys_bpf+0x9c/0xe0 kernel/bpf/syscall.c:5067
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:742 [inline]
 slab_alloc_node mm/slub.c:3398 [inline]
 __kmem_cache_alloc_node+0x6ee/0xc90 mm/slub.c:3437
 __do_kmalloc_node mm/slab_common.c:954 [inline]
 __kmalloc_node_track_caller+0x114/0x3c0 mm/slab_common.c:975
 kmalloc_reserve net/core/skbuff.c:437 [inline]
 pskb_expand_head+0x23d/0x1970 net/core/skbuff.c:1832
 __skb_cow include/linux/skbuff.h:3534 [inline]
 skb_cow_head include/linux/skbuff.h:3568 [inline]
 erspan_xmit+0xad2/0x1f00 net/ipv4/ip_gre.c:688
 __netdev_start_xmit include/linux/netdevice.h:4843 [inline]
 netdev_start_xmit include/linux/netdevice.h:4857 [inline]
 xmit_one+0x15a/0x5f0 net/core/dev.c:3590
 dev_hard_start_xmit+0xe5/0x370 net/core/dev.c:3606
 sch_direct_xmit+0x3f1/0xdb0 net/sched/sch_generic.c:342
 __dev_xmit_skb+0xc22/0x1a30 net/core/dev.c:3817
 __dev_queue_xmit+0x12cb/0x31f0 net/core/dev.c:4222
 dev_queue_xmit include/linux/netdevice.h:3009 [inline]
 __bpf_tx_skb net/core/filter.c:2116 [inline]
 __bpf_redirect_common net/core/filter.c:2155 [inline]
 __bpf_redirect+0x1293/0x13b0 net/core/filter.c:2162
 ____bpf_clone_redirect net/core/filter.c:2431 [inline]
 bpf_clone_redirect+0x324/0x470 net/core/filter.c:2403
 ___bpf_prog_run+0x7ed/0xaee0 kernel/bpf/core.c:1818
 __bpf_prog_run512+0xc2/0x110 kernel/bpf/core.c:2043
 bpf_dispatcher_nop_func include/linux/bpf.h:968 [inline]
 __bpf_prog_run include/linux/filter.h:600 [inline]
 bpf_prog_run include/linux/filter.h:607 [inline]
 bpf_test_run+0x592/0xd20 net/bpf/test_run.c:402
 bpf_prog_test_run_skb+0x1625/0x2090 net/bpf/test_run.c:1183
 bpf_prog_test_run+0x6a0/0x730 kernel/bpf/syscall.c:3630
 __sys_bpf+0x8a3/0xe90 kernel/bpf/syscall.c:4983
 __do_sys_bpf kernel/bpf/syscall.c:5069 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5067 [inline]
 __ia32_sys_bpf+0x9c/0xe0 kernel/bpf/syscall.c:5067
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

CPU: 0 PID: 5007 Comm: syz-executor.3 Not tainted 6.1.0-rc6-syzkaller-63553-gddce02aa9c40 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
=====================================================

Crashes (38):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce-386 2022/11/24 05:27 https://github.com/google/kmsan.git master ddce02aa9c40 12c66417 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/10/09 08:16 https://github.com/google/kmsan.git master 968c2729e576 aea5da89 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/09/06 03:25 https://github.com/google/kmsan.git master 4367d178d9eb 9dcd38fc .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/08/23 19:34 https://github.com/google/kmsan.git master 1b070a5d1a2c cea8b0f7 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/08/11 17:40 https://github.com/google/kmsan.git master 1b070a5d1a2c 787ed7e0 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/08/06 08:17 https://github.com/google/kmsan.git master bba47a4b6421 e853abd9 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/08/03 16:11 https://github.com/google/kmsan.git master 82224c6104a8 1c9013ac .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/07/25 22:58 https://github.com/google/kmsan.git master 97117d69c353 664c519c .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/07/21 05:47 https://github.com/google/kmsan.git master 97117d69c353 88cb1383 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/07/21 05:37 https://github.com/google/kmsan.git master 97117d69c353 88cb1383 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/07/20 12:32 https://github.com/google/kmsan.git master 97117d69c353 775344bc .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/07/17 07:18 https://github.com/google/kmsan.git master 97117d69c353 95cb00d1 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/07/14 15:59 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/07/09 03:12 https://github.com/google/kmsan.git master 97117d69c353 b5765a15 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/07/03 03:27 https://github.com/google/kmsan.git master ec1cbf8b060e 1434eec0 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/07/03 03:27 https://github.com/google/kmsan.git master ec1cbf8b060e 1434eec0 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/06/22 00:55 https://github.com/google/kmsan.git master 4b28366af7d9 0fc5c330 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/06/21 12:20 https://github.com/google/kmsan.git master 7516e1b6d801 0fc5c330 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/06/19 05:57 https://github.com/google/kmsan.git master fb61e40b30d1 8f633d84 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/05/19 17:38 https://github.com/google/kmsan.git master c5c93da9af13 50c53f39 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/05/19 17:38 https://github.com/google/kmsan.git master c5c93da9af13 50c53f39 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/05/09 19:15 https://github.com/google/kmsan.git master d6e2c8c7eb40 8b277b8e .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/04/26 18:49 https://github.com/google/kmsan.git master e8cbf4e6e3e8 1fa34c1b .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/04/23 01:57 https://github.com/google/kmsan.git master b834db009dc5 131df97d .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/04/23 00:56 https://github.com/google/kmsan.git master b834db009dc5 131df97d .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/04/20 20:32 https://github.com/google/kmsan.git master 33d9269ef6e0 160a3f31 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/04/15 09:06 https://github.com/google/kmsan.git master 33d9269ef6e0 b17b2923 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/04/06 23:35 https://github.com/google/kmsan.git master 33d9269ef6e0 97582466 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/04/05 04:46 https://github.com/google/kmsan.git master 33d9269ef6e0 5915c2cb .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/03/29 19:38 https://github.com/google/kmsan.git master 1978a14f70af 6bdac766 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/03/19 11:54 https://github.com/google/kmsan.git master 97c7732c2bb6 e2d91b1d .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/02/25 23:52 https://github.com/google/kmsan.git master 724946410067 45a13a73 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/02/25 18:00 https://github.com/google/kmsan.git master 724946410067 7c337266 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/02/01 07:46 https://github.com/google/kmsan.git master 85cfd6e539bd 6b7c57fe .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/01/27 00:14 https://github.com/google/kmsan.git master 85cfd6e539bd 2cbffd88 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/01/27 00:11 https://github.com/google/kmsan.git master 85cfd6e539bd 2cbffd88 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2022/01/25 04:19 https://github.com/google/kmsan.git master 85cfd6e539bd 2cbffd88 .config log report info KMSAN: uninit-value in erspan_build_header
ci-upstream-kmsan-gce-386 2021/12/07 20:33 https://github.com/google/kmsan.git master 8b936c96768e 0230ba3e .config log report info KMSAN: uninit-value in erspan_build_header
* Struck through repros no longer work on HEAD.