syzbot


KMSAN: uninit-value in vlan_dev_hard_start_xmit (2)

Status: fixed on 2023/07/01 16:05
Subsystems: net
[Documentation on labels]
Fix commit: dacab578c7c6 vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
First crash: 598d, last: 598d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in vlan_dev_hard_start_xmit net 4 1525d 1633d 0/28 auto-closed as invalid on 2020/12/30 13:58

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in vlan_dev_hard_start_xmit+0x171/0x7f0 net/8021q/vlan_dev.c:111
 vlan_dev_hard_start_xmit+0x171/0x7f0 net/8021q/vlan_dev.c:111
 __netdev_start_xmit include/linux/netdevice.h:4883 [inline]
 netdev_start_xmit include/linux/netdevice.h:4897 [inline]
 xmit_one net/core/dev.c:3580 [inline]
 dev_hard_start_xmit+0x253/0xa20 net/core/dev.c:3596
 __dev_queue_xmit+0x3c7f/0x5ac0 net/core/dev.c:4246
 dev_queue_xmit include/linux/netdevice.h:3053 [inline]
 pppoe_sendmsg+0xa93/0xb80 drivers/net/ppp/pppoe.c:900
 sock_sendmsg_nosec net/socket.c:724 [inline]
 sock_sendmsg net/socket.c:747 [inline]
 ____sys_sendmsg+0xa24/0xe40 net/socket.c:2501
 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2555
 __sys_sendmmsg+0x411/0xa50 net/socket.c:2641
 __do_sys_sendmmsg net/socket.c:2670 [inline]
 __se_sys_sendmmsg net/socket.c:2667 [inline]
 __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2667
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:774
 slab_alloc_node mm/slub.c:3452 [inline]
 kmem_cache_alloc_node+0x543/0xab0 mm/slub.c:3497
 kmalloc_reserve+0x148/0x470 net/core/skbuff.c:520
 __alloc_skb+0x3a7/0x850 net/core/skbuff.c:606
 alloc_skb include/linux/skbuff.h:1277 [inline]
 sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2583
 pppoe_sendmsg+0x3af/0xb80 drivers/net/ppp/pppoe.c:867
 sock_sendmsg_nosec net/socket.c:724 [inline]
 sock_sendmsg net/socket.c:747 [inline]
 ____sys_sendmsg+0xa24/0xe40 net/socket.c:2501
 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2555
 __sys_sendmmsg+0x411/0xa50 net/socket.c:2641
 __do_sys_sendmmsg net/socket.c:2670 [inline]
 __se_sys_sendmmsg net/socket.c:2667 [inline]
 __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2667
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 0 PID: 29770 Comm: syz-executor.0 Not tainted 6.3.0-rc6-syzkaller-gc478e5b17829 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/04/16 17:45 https://github.com/google/kmsan.git master c478e5b17829 ec410564 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in vlan_dev_hard_start_xmit
* Struck through repros no longer work on HEAD.