syzbot


KMSAN: uninit-value in __crypto_memneq

Status: closed as invalid on 2018/06/27 15:08
Subsystems: crypto
[Documentation on labels]
First crash: 2183d, last: 2169d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __crypto_memneq (2) crypto 1 1183d 1174d 0/26 auto-closed as invalid on 2021/05/01 00:24

Sample crash report:
==================================================================
BUG: KMSAN: uninit-value in __crypto_memneq_16 crypto/memneq.c:99 [inline]
BUG: KMSAN: uninit-value in __crypto_memneq+0x2f9/0x490 crypto/memneq.c:161
CPU: 1 PID: 3576 Comm: syzkaller149889 Not tainted 4.16.0+ #82
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:53
 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676
 __crypto_memneq_16 crypto/memneq.c:99 [inline]
 __crypto_memneq+0x2f9/0x490 crypto/memneq.c:161
 crypto_memneq include/crypto/algapi.h:410 [inline]
 gcmaes_decrypt+0x8d5/0xea0 arch/x86/crypto/aesni-intel_glue.c:858
 generic_gcmaes_decrypt+0x181/0x1e0 arch/x86/crypto/aesni-intel_glue.c:1127
 crypto_aead_decrypt include/crypto/aead.h:370 [inline]
 gcmaes_wrapper_decrypt+0x2f5/0x340 arch/x86/crypto/aesni-intel_glue.c:961
 _aead_recvmsg include/crypto/aead.h:370 [inline]
 aead_recvmsg+0x25b5/0x2960 crypto/algif_aead.c:334
 sock_recvmsg_nosec net/socket.c:803 [inline]
 sock_recvmsg+0x1d0/0x230 net/socket.c:810
 ___sys_recvmsg+0x3fb/0x810 net/socket.c:2205
 __sys_recvmsg net/socket.c:2250 [inline]
 SYSC_recvmsg+0x298/0x3c0 net/socket.c:2262
 SyS_recvmsg+0x54/0x80 net/socket.c:2257
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
RIP: 0033:0x43ff89
RSP: 002b:00007ffe9d6920d8 EFLAGS: 00000207 ORIG_RAX: 000000000000002f
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff89
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000207 R12: 00000000004018b0
R13: 0000000000401940 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----authTag@gcmaes_decrypt
Variable was created at:
 gcmaes_decrypt+0xd6/0xea0 arch/x86/crypto/aesni-intel_glue.c:811
 generic_gcmaes_decrypt+0x181/0x1e0 arch/x86/crypto/aesni-intel_glue.c:1127
==================================================================
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 3576 Comm: syzkaller149889 Tainted: G    B            4.16.0+ #82
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:53
 panic+0x39d/0x940 kernel/panic.c:183
 kmsan_report+0x238/0x240 mm/kmsan/kmsan.c:1083
 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676
 __crypto_memneq_16 crypto/memneq.c:99 [inline]
 __crypto_memneq+0x2f9/0x490 crypto/memneq.c:161
 crypto_memneq include/crypto/algapi.h:410 [inline]
 gcmaes_decrypt+0x8d5/0xea0 arch/x86/crypto/aesni-intel_glue.c:858
 generic_gcmaes_decrypt+0x181/0x1e0 arch/x86/crypto/aesni-intel_glue.c:1127
 crypto_aead_decrypt include/crypto/aead.h:370 [inline]
 gcmaes_wrapper_decrypt+0x2f5/0x340 arch/x86/crypto/aesni-intel_glue.c:961
 _aead_recvmsg include/crypto/aead.h:370 [inline]
 aead_recvmsg+0x25b5/0x2960 crypto/algif_aead.c:334
 sock_recvmsg_nosec net/socket.c:803 [inline]
 sock_recvmsg+0x1d0/0x230 net/socket.c:810
 ___sys_recvmsg+0x3fb/0x810 net/socket.c:2205
 __sys_recvmsg net/socket.c:2250 [inline]
 SYSC_recvmsg+0x298/0x3c0 net/socket.c:2262
 SyS_recvmsg+0x54/0x80 net/socket.c:2257
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
RIP: 0033:0x43ff89
RSP: 002b:00007ffe9d6920d8 EFLAGS: 00000207 ORIG_RAX: 000000000000002f
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff89
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000207 R12: 00000000004018b0
R13: 0000000000401940 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (76):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/08 00:05 https://github.com/google/kmsan.git master e2ab7e8abba4 66f22a7f .config console log report syz C ci-upstream-kmsan-gce
2018/04/21 09:26 https://github.com/google/kmsan.git master 48c6a2b0ab1b ca03d688 .config console log report ci-upstream-kmsan-gce
2018/04/21 05:02 https://github.com/google/kmsan.git master 48c6a2b0ab1b ca03d688 .config console log report ci-upstream-kmsan-gce
2018/04/20 19:04 https://github.com/google/kmsan.git master 48c6a2b0ab1b cc402841 .config console log report ci-upstream-kmsan-gce
2018/04/20 01:59 https://github.com/google/kmsan.git master 48c6a2b0ab1b eae05cb0 .config console log report ci-upstream-kmsan-gce
2018/04/19 08:21 https://github.com/google/kmsan.git master 48c6a2b0ab1b d1b2ef69 .config console log report ci-upstream-kmsan-gce
2018/04/19 06:38 https://github.com/google/kmsan.git master 48c6a2b0ab1b 829f0234 .config console log report ci-upstream-kmsan-gce
2018/04/19 00:08 https://github.com/google/kmsan.git master 48c6a2b0ab1b 829f0234 .config console log report ci-upstream-kmsan-gce
2018/04/18 21:20 https://github.com/google/kmsan.git master 48c6a2b0ab1b 829f0234 .config console log report ci-upstream-kmsan-gce
2018/04/18 19:06 https://github.com/google/kmsan.git master 48c6a2b0ab1b 52643b44 .config console log report ci-upstream-kmsan-gce
2018/04/18 17:08 https://github.com/google/kmsan.git master 48c6a2b0ab1b 52643b44 .config console log report ci-upstream-kmsan-gce
2018/04/18 02:55 https://github.com/google/kmsan.git master 48c6a2b0ab1b b80fd3b5 .config console log report ci-upstream-kmsan-gce
2018/04/17 23:04 https://github.com/google/kmsan.git master 48c6a2b0ab1b b80fd3b5 .config console log report ci-upstream-kmsan-gce
2018/04/17 20:10 https://github.com/google/kmsan.git master 48c6a2b0ab1b b80fd3b5 .config console log report ci-upstream-kmsan-gce
2018/04/17 17:18 https://github.com/google/kmsan.git master 48c6a2b0ab1b b80fd3b5 .config console log report ci-upstream-kmsan-gce
2018/04/17 06:30 https://github.com/google/kmsan.git master 48c6a2b0ab1b b80fd3b5 .config console log report ci-upstream-kmsan-gce
2018/04/17 03:21 https://github.com/google/kmsan.git master 48c6a2b0ab1b b80fd3b5 .config console log report ci-upstream-kmsan-gce
2018/04/16 14:09 https://github.com/google/kmsan.git master 48c6a2b0ab1b 802ac912 .config console log report ci-upstream-kmsan-gce
2018/04/16 09:48 https://github.com/google/kmsan.git master 48c6a2b0ab1b 7a67784c .config console log report ci-upstream-kmsan-gce
2018/04/15 23:04 https://github.com/google/kmsan.git master 35ff515e4bda 7a67784c .config console log report ci-upstream-kmsan-gce
2018/04/15 18:41 https://github.com/google/kmsan.git master 35ff515e4bda 7a67784c .config console log report ci-upstream-kmsan-gce
2018/04/15 04:05 https://github.com/google/kmsan.git master 35ff515e4bda 7a67784c .config console log report ci-upstream-kmsan-gce
2018/04/14 18:45 https://github.com/google/kmsan.git master 35ff515e4bda 7a67784c .config console log report ci-upstream-kmsan-gce
2018/04/14 09:22 https://github.com/google/kmsan.git master 35ff515e4bda 7a67784c .config console log report ci-upstream-kmsan-gce
2018/04/13 22:03 https://github.com/google/kmsan.git master 35ff515e4bda 7a67784c .config console log report ci-upstream-kmsan-gce
2018/04/13 19:43 https://github.com/google/kmsan.git master 35ff515e4bda 0a0c5db6 .config console log report ci-upstream-kmsan-gce
2018/04/13 14:42 https://github.com/google/kmsan.git master 35ff515e4bda 0a0c5db6 .config console log report ci-upstream-kmsan-gce
2018/04/13 10:13 https://github.com/google/kmsan.git master 35ff515e4bda 0a0c5db6 .config console log report ci-upstream-kmsan-gce
2018/04/13 09:29 https://github.com/google/kmsan.git master 35ff515e4bda 0a0c5db6 .config console log report ci-upstream-kmsan-gce
2018/04/13 05:27 https://github.com/google/kmsan.git master 35ff515e4bda eb2295de .config console log report ci-upstream-kmsan-gce
2018/04/12 22:09 https://github.com/google/kmsan.git master 35ff515e4bda eb2295de .config console log report ci-upstream-kmsan-gce
2018/04/12 19:03 https://github.com/google/kmsan.git master 35ff515e4bda eb2295de .config console log report ci-upstream-kmsan-gce
2018/04/12 13:39 https://github.com/google/kmsan.git master 35ff515e4bda 9cd56d71 .config console log report ci-upstream-kmsan-gce
2018/04/12 13:18 https://github.com/google/kmsan.git master 35ff515e4bda 9cd56d71 .config console log report ci-upstream-kmsan-gce
2018/04/12 09:05 https://github.com/google/kmsan.git master 35ff515e4bda 9cd56d71 .config console log report ci-upstream-kmsan-gce
2018/04/12 03:46 https://github.com/google/kmsan.git master 35ff515e4bda 9cd56d71 .config console log report ci-upstream-kmsan-gce
2018/04/12 03:17 https://github.com/google/kmsan.git master 35ff515e4bda 9cd56d71 .config console log report ci-upstream-kmsan-gce
2018/04/11 10:07 https://github.com/google/kmsan.git master 35ff515e4bda 8b8de427 .config console log report ci-upstream-kmsan-gce
2018/04/11 06:04 https://github.com/google/kmsan.git master 35ff515e4bda 8b8de427 .config console log report ci-upstream-kmsan-gce
2018/04/10 23:28 https://github.com/google/kmsan.git master 35ff515e4bda 8b8de427 .config console log report ci-upstream-kmsan-gce
2018/04/10 21:41 https://github.com/google/kmsan.git master 35ff515e4bda 8b8de427 .config console log report ci-upstream-kmsan-gce
2018/04/10 21:19 https://github.com/google/kmsan.git master 35ff515e4bda 8b8de427 .config console log report ci-upstream-kmsan-gce
2018/04/10 17:02 https://github.com/google/kmsan.git master 35ff515e4bda 8e873e9d .config console log report ci-upstream-kmsan-gce
2018/04/10 16:47 https://github.com/google/kmsan.git master 35ff515e4bda 8e873e9d .config console log report ci-upstream-kmsan-gce
2018/04/07 00:09 https://github.com/google/kmsan.git master e2ab7e8abba4 d613535f .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.