syzbot


KMSAN: uninit-value in netif_skb_features (2)

Status: fixed on 2024/01/30 15:47
Subsystems: net
[Documentation on labels]
Fix commit: 9181d6f8a2bb net: add more sanity check in virtio_net_hdr_to_skb()
First crash: 241d, last: 153d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 346d 1514d 22/26 fixed on 2023/06/08 14:41
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 449d 802d 22/26 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in netif_skb_features net C 119 2202d 2229d 5/26 fixed on 2018/05/08 18:30
Last patch testing requests (3)
Created Duration User Patch Repo Result
2024/01/01 00:16 22m retest repro upstream OK log
2024/01/01 00:16 22m retest repro upstream OK log
2023/10/04 22:29 24m retest repro upstream report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in netif_skb_features+0xb44/0x1310 net/core/dev.c:3525
 netif_skb_features+0xb44/0x1310 net/core/dev.c:3525
 validate_xmit_skb+0x45/0x1930 net/core/dev.c:3614
 __dev_queue_xmit+0x1eac/0x5130 net/core/dev.c:4338
 dev_queue_xmit include/linux/netdevice.h:3134 [inline]
 packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
 packet_snd net/packet/af_packet.c:3087 [inline]
 packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
 __sys_sendmsg net/socket.c:2667 [inline]
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was created at:
 slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
 slab_alloc_node mm/slub.c:3478 [inline]
 kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523
 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
 __alloc_skb+0x318/0x740 net/core/skbuff.c:651
 alloc_skb include/linux/skbuff.h:1286 [inline]
 alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6331
 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2780
 packet_alloc_skb net/packet/af_packet.c:2936 [inline]
 packet_snd net/packet/af_packet.c:3030 [inline]
 packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
 __sys_sendmsg net/socket.c:2667 [inline]
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

CPU: 1 PID: 5032 Comm: syz-executor159 Not tainted 6.7.0-rc3-syzkaller-00033-g3b47bc037bd4 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
=====================================================

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/30 22:31 upstream 3b47bc037bd4 f819d6f7 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in netif_skb_features
2023/09/20 15:30 upstream 2cf0f7156238 0b6a67ac .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in netif_skb_features
2023/12/17 23:21 upstream 0e389834672c 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in netif_skb_features
2023/12/08 10:37 upstream 9ace34a8e446 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in netif_skb_features
2023/11/27 05:02 upstream d2da77f431ac 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in netif_skb_features
2023/11/27 05:01 upstream d2da77f431ac 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in netif_skb_features
2023/11/03 19:05 upstream 8f6f76a6a29f c4ac074c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in netif_skb_features
2023/09/20 13:06 upstream 2cf0f7156238 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in netif_skb_features
2023/12/08 10:42 upstream 9ace34a8e446 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in netif_skb_features
* Struck through repros no longer work on HEAD.