KMSAN: uninit-value in xfrm_state

[upstream] KMSAN: uninit-value in xfrm_state_find
Status: upstream: reported C repro on 2018/06/15 07:30
Reported-by: syzbot+131cd4c6d21724b99a26@syzkaller.appspotmail.com
First: 66d, last: 22h25m

Sample crash report:

random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
==================================================================
BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
BUG: KMSAN: uninit-value in __fswab32 include/uapi/linux/swab.h:59 [inline]
BUG: KMSAN: uninit-value in __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
BUG: KMSAN: uninit-value in __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
BUG: KMSAN: uninit-value in xfrm_dst_hash net/xfrm/xfrm_state.c:60 [inline]
BUG: KMSAN: uninit-value in xfrm_state_find+0x2541/0x4fa0 net/xfrm/xfrm_state.c:952
CPU: 1 PID: 4464 Comm: syz-executor272 Not tainted 4.17.0+ #8
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x188/0x2a0 mm/kmsan/kmsan.c:1122
 __msan_warning_32+0x70/0xc0 mm/kmsan/kmsan_instr.c:620
 __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
 __fswab32 include/uapi/linux/swab.h:59 [inline]
 __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
 __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
 xfrm_dst_hash net/xfrm/xfrm_state.c:60 [inline]
 xfrm_state_find+0x2541/0x4fa0 net/xfrm/xfrm_state.c:952
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:1393 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:1437 [inline]
 xfrm_resolve_and_create_bundle+0xc47/0x52d0 net/xfrm/xfrm_policy.c:1832
 xfrm_lookup+0x606/0x39f0 net/xfrm/xfrm_policy.c:2162
 xfrm_lookup_route+0xfa/0x360 net/xfrm/xfrm_policy.c:2282
 ip_route_output_flow+0x35b/0x3b0 net/ipv4/route.c:2568
 udp_sendmsg+0x2453/0x33c0 net/ipv4/udp.c:1008
 udpv6_sendmsg+0x1291/0x3f40 net/ipv6/udp.c:1175
 inet_sendmsg+0x3fc/0x760 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg net/socket.c:639 [inline]
 ___sys_sendmsg+0xec8/0x1320 net/socket.c:2117
 __sys_sendmmsg+0x490/0x850 net/socket.c:2212
 __do_sys_sendmmsg net/socket.c:2241 [inline]
 __se_sys_sendmmsg net/socket.c:2238 [inline]
 __x64_sys_sendmmsg+0x11c/0x170 net/socket.c:2238
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440049
RSP: 002b:00007ffffcfdcdf8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440049
RDX: 0000000000000001 RSI: 0000000020002000 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401970
R13: 0000000000401a00 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----fl4_stack@udp_sendmsg
Variable was created at:
 udp_sendmsg+0xe5/0x33c0 net/ipv4/udp.c:841
 udpv6_sendmsg+0x1291/0x3f40 net/ipv6/udp.c:1175
==================================================================

All crashes (23):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kmsan-gce	2018/06/16 20:45	https://github.com/google/kmsan.git/master	88e0e95b30f1597fed54bea1ef7208c66fb8a951	27c5f59f504f562333e3cd5e715fea5cb69c396e	.config	log	report	syz	C	["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/05/15 17:12	https://github.com/google/kmsan.git/master	1df165c8d2d6bafabcf2d90e2c61f1bb609fb9b7	661fd7b9882caba55e3fbc1c95fd4602ebfe580d	.config	log	report	syz	C	["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/05/16 02:19	https://github.com/google/kmsan.git/master	06b2df0593a875093e9d50130625f33bf6386502	68ce85f1a91e45f87bf444a63bed8c1faebfad16	.config	log	report	syz	C	["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/05/15 16:05	https://github.com/google/kmsan.git/master	1df165c8d2d6bafabcf2d90e2c61f1bb609fb9b7	661fd7b9882caba55e3fbc1c95fd4602ebfe580d	.config	log	report	syz	C	["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/19 23:39	https://github.com/google/kmsan.git/master	cf8cd3cd03e2554cdc01b9590e52ca16f7fc8748	49f3583951e3febc6a93b6e3b4cd213649a6b3c9	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/19 09:13	https://github.com/google/kmsan.git/master	80ecacc456c14814416b07f83b77a75609c3b14c	49f3583951e3febc6a93b6e3b4cd213649a6b3c9	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/16 17:11	https://github.com/google/kmsan.git/master	80ecacc456c14814416b07f83b77a75609c3b14c	40cb0c9aa6126f2fc180ce627d868742f645434c	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/16 12:53	https://github.com/google/kmsan.git/master	80ecacc456c14814416b07f83b77a75609c3b14c	92a4950507d9d15be9541491300b2201433f6814	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/15 15:26	https://github.com/google/kmsan.git/master	80ecacc456c14814416b07f83b77a75609c3b14c	92a4950507d9d15be9541491300b2201433f6814	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/13 18:13	https://github.com/google/kmsan.git/master	e74f81fe9c5dd2705e8ff77c2e828b9082542067	92a4950507d9d15be9541491300b2201433f6814	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/11 09:04	https://github.com/google/kmsan.git/master	b64f7ec04e120bce3712d88104e35a82ecf3d48b	2e0e3130f967984ba51ac1387b67040f0d953942	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/08 11:51	https://github.com/google/kmsan.git/master	a00de5aa4da39482277c4519d941056728a0939f	c9a7a4dccd8bf8153d409a7a78bc1804b41f5fff	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/04 17:03	https://github.com/google/kmsan.git/master	accdc89e1dc3753b3da13237856800f08468eac3	317fc8ea3ebfd8c8ad97394d0a648098eda26ef1	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/28 14:20	https://github.com/google/kmsan.git/master	123906095e30711591e8258b56f21e481049255d	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/25 16:53	https://github.com/google/kmsan.git/master	123906095e30711591e8258b56f21e481049255d	2064fc5c9114c170841328aaa4b124a4062becf6	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/24 07:56	https://github.com/google/kmsan.git/master	123906095e30711591e8258b56f21e481049255d	2064fc5c9114c170841328aaa4b124a4062becf6	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/23 18:01	https://github.com/google/kmsan.git/master	123906095e30711591e8258b56f21e481049255d	2064fc5c9114c170841328aaa4b124a4062becf6	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/12 12:06	https://github.com/google/kmsan.git/master	5cdf0501ac1bdc9ba2844d17b2665c7881cb2ac7	112eec798fb57dea73b6a503e6c83c2438a6d45f	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/11 06:11	https://github.com/google/kmsan.git/master	d6c351f832e331cde949c5e222ffc43ee1ca3147	866118af36a38963903be2bdee4aff0c36ae365f	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/06 23:39	https://github.com/google/kmsan.git/master	b9a5d319699c90f86c8e2cc9b96ca4483c9f0621	e0e534c6c2485161cf80d4ab7f7658c85fabc83f	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/05/27 16:04	https://github.com/google/kmsan.git/master	1b9cd4eccac979f968880bad11217bc44169a400	f48c20b8f9b2a6c26629f11cc15e1c9c316572c8	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/05/21 02:36	https://github.com/google/kmsan.git/master	9f127b7ceaf7a1a515557eaae2b1cfed681853f3	f48c20b8f9b2a6c26629f11cc15e1c9c316572c8	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/05/15 15:45	https://github.com/google/kmsan.git/master	1df165c8d2d6bafabcf2d90e2c61f1bb609fb9b7	661fd7b9882caba55e3fbc1c95fd4602ebfe580d	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]