KMSAN: uninit-value in xfrm_state

KMSAN: uninit-value in xfrm_state_find
Status: upstream: reported C repro on 2018/06/15 07:30
Reported-by: syzbot+131cd4c6d21724b99a26@syzkaller.appspotmail.com
First crash: 1131d, last: 4d11h

similar bugs (9):
Kernel	Title	Repro	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (3)	C		10353	1240d	1307d	4/22	fixed on 2018/01/31 00:24
android-44	KASAN: stack-out-of-bounds Read in xfrm_state_find	C		842	567d	800d	0/2	public: reported C repro on 2019/04/12 00:00
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (5)	C	done	654	872d	1175d	14/22	fixed on 2019/11/11 16:48
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find	C		365	1335d	1408d	0/22	closed as invalid on 2017/10/23 16:19
android-49	KASAN: stack-out-of-bounds Read in xfrm_state_find	C		4151	900d	1412d	0/3	closed as invalid on 2019/01/01 20:10
android-414	KASAN: stack-out-of-bounds Read in xfrm_state_find	C		137	874d	801d	0/1	public: reported C repro on 2019/04/11 00:00
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (2)	C		93	1318d	1326d	3/22	fixed on 2017/11/18 01:42
android-49	KASAN: stack-out-of-bounds Read in xfrm_state_find (2)	C		392	564d	800d	0/3	public: reported C repro on 2019/04/11 08:44
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (4)	C		102	1184d	1235d	4/22	fixed on 2018/03/23 18:14

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/10/31 23:48	1h00m	anant.thazhemadam@gmail.com		https://github.com/google/kmsan.git master	error

Sample crash report:

random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
==================================================================
BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
BUG: KMSAN: uninit-value in __fswab32 include/uapi/linux/swab.h:59 [inline]
BUG: KMSAN: uninit-value in __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
BUG: KMSAN: uninit-value in __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
BUG: KMSAN: uninit-value in xfrm_dst_hash net/xfrm/xfrm_state.c:61 [inline]
BUG: KMSAN: uninit-value in xfrm_state_find+0x2723/0x4ae0 net/xfrm/xfrm_state.c:952
CPU: 0 PID: 4855 Comm: syz-executor277 Not tainted 4.19.0-rc4+ #61
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x2f6/0x430 lib/dump_stack.c:113
 kmsan_report+0x183/0x2b0 mm/kmsan/kmsan.c:917
 __msan_warning+0x70/0xc0 mm/kmsan/kmsan_instr.c:500
 __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
 __fswab32 include/uapi/linux/swab.h:59 [inline]
 __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
 __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
 xfrm_dst_hash net/xfrm/xfrm_state.c:61 [inline]
 xfrm_state_find+0x2723/0x4ae0 net/xfrm/xfrm_state.c:952
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:1413 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:1458 [inline]
 xfrm_resolve_and_create_bundle+0xa06/0x49a0 net/xfrm/xfrm_policy.c:1753
 xfrm_lookup_with_ifid+0x9c7/0x3e60 net/xfrm/xfrm_policy.c:2076
 xfrm_lookup net/xfrm/xfrm_policy.c:2200 [inline]
 xfrm_lookup_route+0x104/0x370 net/xfrm/xfrm_policy.c:2211
 ip_route_output_flow+0x33f/0x3a0 net/ipv4/route.c:2592
 udp_sendmsg+0x2c6a/0x3cd0 net/ipv4/udp.c:1082
 udpv6_sendmsg+0x12e2/0x4cf0 net/ipv6/udp.c:1196
 inet_sendmsg+0x4c5/0x7d0 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:621 [inline]
 sock_sendmsg net/socket.c:631 [inline]
 ___sys_sendmsg+0xe70/0x1290 net/socket.c:2114
 __sys_sendmmsg+0x4ac/0x930 net/socket.c:2209
 __do_sys_sendmmsg net/socket.c:2238 [inline]
 __se_sys_sendmmsg+0xbd/0xe0 net/socket.c:2235
 __x64_sys_sendmmsg+0x56/0x70 net/socket.c:2235
 do_syscall_64+0xb8/0x100 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x4403f9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffca93ab3b8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403f9
RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401c80
R13: 0000000000401d10 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----fl4_stack@udp_sendmsg
Variable was created at:
 udp_sendmsg+0x105/0x3cd0 net/ipv4/udp.c:904
 udpv6_sendmsg+0x12e2/0x4cf0 net/ipv6/udp.c:1196
==================================================================

Crashes (143):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kmsan-gce	2018/09/30 15:27	https://github.com/google/kmsan.git master	2b752aff	41e4b329	.config	log	report	syz	C
ci-upstream-kmsan-gce	2018/08/30 18:31	https://github.com/google/kmsan.git master	25114c64	938220fd	.config	log	report	syz	C
ci-upstream-kmsan-gce	2018/06/16 20:45	https://github.com/google/kmsan.git master	88e0e95b	27c5f59f	.config	log	report	syz	C
ci-upstream-kmsan-gce	2018/05/16 02:19	https://github.com/google/kmsan.git master	06b2df05	68ce85f1	.config	log	report	syz	C
ci-upstream-kmsan-gce	2018/05/15 17:12	https://github.com/google/kmsan.git master	1df165c8	661fd7b9	.config	log	report	syz	C
ci-upstream-kmsan-gce	2018/05/15 16:05	https://github.com/google/kmsan.git master	1df165c8	661fd7b9	.config	log	report	syz	C
ci-upstream-kmsan-gce	2021/06/15 19:18	https://github.com/google/kmsan.git master	7bcc9a7b	58636922	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/05/28 02:39	https://github.com/google/kmsan.git master	6099c9da	858ea628	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/05/16 12:45	https://github.com/google/kmsan.git master	bdefec9a	f54a5c09	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/05/09 22:43	https://github.com/google/kmsan.git master	4ebaab5f	bc5434be	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/03/24 14:36	https://github.com/google/kmsan.git master	29ad81a1	607e3baf	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/03/21 20:42	https://github.com/google/kmsan.git master	29ad81a1	bea32f74	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/03/10 17:55	https://github.com/google/kmsan.git master	29ad81a1	764067f3	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/02/21 10:27	https://github.com/google/kmsan.git master	29ad81a1	3e5ed8b4	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/01/22 20:56	https://github.com/google/kmsan.git master	73d62e81	4080af96	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386	2021/05/25 21:15	https://github.com/google/kmsan.git master	6099c9da	93d3a9f6	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386	2021/04/15 20:41	https://github.com/google/kmsan.git master	4ebaab5f	c59079a6	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-net-kasan-gce	2021/04/17 00:40	net-next	e7ad33fa	7e2b734b	.config	log	report			info	KASAN: stack-out-of-bounds Read in xfrm_state_find
ci-upstream-kmsan-gce	2021/01/17 13:49	https://github.com/google/kmsan.git master	73d62e81	813be542	.config	log	report			info
ci-upstream-kmsan-gce	2020/12/22 03:59	https://github.com/google/kmsan.git master	73d62e81	04201c06	.config	log	report			info
ci-upstream-kmsan-gce	2020/12/06 09:34	https://github.com/google/kmsan.git master	73d62e81	f12ba0c5	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/12 21:24	https://github.com/google/kmsan.git master	e67f4ba8	d32b0bbf	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/06 23:59	https://github.com/google/kmsan.git master	5edb1df2	1880b4a9	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/06 21:19	https://github.com/google/kmsan.git master	5edb1df2	1880b4a9	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/06 17:58	https://github.com/google/kmsan.git master	5edb1df2	1880b4a9	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/02 14:41	https://github.com/google/kmsan.git master	5edb1df2	9602ddf4	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/02 10:48	https://github.com/google/kmsan.git master	5edb1df2	9602ddf4	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/01 11:34	https://github.com/google/kmsan.git master	5edb1df2	a9767fb2	.config	log	report			info
ci-upstream-kmsan-gce	2020/09/30 22:12	https://github.com/google/kmsan.git master	5edb1df2	8516f6d3	.config	log	report			info
ci-upstream-kmsan-gce	2020/09/30 07:02	https://github.com/google/kmsan.git master	5edb1df2	5abc3f1a	.config	log	report			info
ci-upstream-kmsan-gce	2020/09/29 14:18	https://github.com/google/kmsan.git master	5edb1df2	1b88c6d5	.config	log	report			info
ci-upstream-kmsan-gce	2020/09/27 00:40	https://github.com/google/kmsan.git master	c5a13b33	2d5ea0cb	.config	log	report			info
ci-upstream-kmsan-gce	2020/09/22 19:57	https://github.com/google/kmsan.git master	c5a13b33	3e8f6c27	.config	log	report			info
ci-upstream-kmsan-gce	2020/07/23 00:10	https://github.com/google/kmsan.git master	93f54a72	340ea530	.config	log	report
ci-upstream-kmsan-gce	2020/07/21 21:53	https://github.com/google/kmsan.git master	91e18444	21f1765e	.config	log	report
ci-upstream-kmsan-gce	2020/07/16 20:15	https://github.com/google/kmsan.git master	f0d5ec90	f3bec699	.config	log	report
ci-upstream-kmsan-gce	2020/07/09 19:10	https://github.com/google/kmsan.git master	f0d5ec90	bc238812	.config	log	report
ci-upstream-kmsan-gce	2020/07/07 23:38	https://github.com/google/kmsan.git master	f0d5ec90	51095195	.config	log	report
ci-upstream-kmsan-gce	2020/07/03 19:50	https://github.com/google/kmsan.git master	f0d5ec90	bed10395	.config	log	report
ci-upstream-kmsan-gce	2020/06/30 03:24	https://github.com/google/kmsan.git master	f0d5ec90	a2cdad9d	.config	log	report
ci-upstream-kmsan-gce	2020/06/20 22:09	https://github.com/google/kmsan.git master	f0d5ec90	c655ec77	.config	log	report
ci-upstream-kmsan-gce	2020/06/14 03:36	https://github.com/google/kmsan.git master	f0d5ec90	dbce178a	.config	log	report
ci-upstream-kmsan-gce	2020/05/25 13:39	https://github.com/google/kmsan.git master	8b97c627	11284182	.config	log	report
ci-upstream-kmsan-gce	2020/05/19 18:33	https://github.com/google/kmsan.git master	8b97c627	6d882fd2	.config	log	report
ci-upstream-kmsan-gce	2020/05/08 23:39	https://github.com/google/kmsan.git master	21c44613	e97b06d3	.config	log	report
ci-upstream-kmsan-gce	2020/05/05 12:43	https://github.com/google/kmsan.git master	21c44613	4b76dd25	.config	log	report
ci-upstream-kmsan-gce	2020/05/02 07:44	https://github.com/google/kmsan.git master	bfa90a4a	bc734e7a	.config	log	report
ci-upstream-kmsan-gce	2020/04/14 16:44	https://github.com/google/kmsan.git master	75303409	3f3c5574	.config	log	report
ci-upstream-kmsan-gce	2020/04/01 03:32	https://github.com/google/kmsan.git master	75303409	a34e2c33	.config	log	report
ci-upstream-kmsan-gce	2020/03/31 03:57	https://github.com/google/kmsan.git master	75303409	c8d1cc20	.config	log	report
ci-upstream-kmsan-gce	2020/03/13 14:48	https://github.com/google/kmsan.git master	8bbbc5cf	d850e9d0	.config	log	report
ci-upstream-kmsan-gce	2020/03/07 15:00	https://github.com/google/kmsan.git master	8bbbc5cf	2e9971bb	.config	log	report
ci-upstream-kmsan-gce-386	2020/12/31 03:03	https://github.com/google/kmsan.git master	73d62e81	5cc121d6	.config	log	report			info