KMSAN: uninit-value in xfrm_state

KMSAN: uninit-value in xfrm_state_find
Status: upstream: reported C repro on 2018/06/15 07:30
Reported-by: syzbot+131cd4c6d21724b99a26@syzkaller.appspotmail.com
First crash: 1343d, last: 17d

similar bugs (10):
Kernel	Title	Repro	Fix bisect	Count	Last	Reported	Patched	Status
android-5-10	KASAN: stack-out-of-bounds Read in xfrm_state_find			1	71d	71d	0/1	internal: reported on 2021/11/07 13:04
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (3)	C		10353	1452d	1519d	4/22	fixed on 2018/01/31 00:24
android-44	KASAN: stack-out-of-bounds Read in xfrm_state_find	C		842	779d	1012d	0/2	public: reported C repro on 2019/04/12 00:00
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (5)	C	done	654	1084d	1387d	14/22	fixed on 2019/11/11 16:48
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find	C		365	1548d	1620d	0/22	closed as invalid on 2017/10/23 16:19
android-49	KASAN: stack-out-of-bounds Read in xfrm_state_find	C		4151	1112d	1624d	0/3	closed as invalid on 2019/01/01 20:10
android-414	KASAN: stack-out-of-bounds Read in xfrm_state_find	C		137	1086d	1013d	0/1	public: reported C repro on 2019/04/11 00:00
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (2)	C		93	1530d	1538d	3/22	fixed on 2017/11/18 01:42
android-49	KASAN: stack-out-of-bounds Read in xfrm_state_find (2)	C		392	776d	1012d	0/3	public: reported C repro on 2019/04/11 08:44
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (4)	C		102	1396d	1447d	4/22	fixed on 2018/03/23 18:14

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/10/31 23:48	1h00m	anant.thazhemadam@gmail.com		https://github.com/google/kmsan.git master	error

Sample crash report:

random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
==================================================================
BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
BUG: KMSAN: uninit-value in __fswab32 include/uapi/linux/swab.h:59 [inline]
BUG: KMSAN: uninit-value in __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
BUG: KMSAN: uninit-value in __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
BUG: KMSAN: uninit-value in xfrm_dst_hash net/xfrm/xfrm_state.c:61 [inline]
BUG: KMSAN: uninit-value in xfrm_state_find+0x2723/0x4ae0 net/xfrm/xfrm_state.c:952
CPU: 0 PID: 4855 Comm: syz-executor277 Not tainted 4.19.0-rc4+ #61
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x2f6/0x430 lib/dump_stack.c:113
 kmsan_report+0x183/0x2b0 mm/kmsan/kmsan.c:917
 __msan_warning+0x70/0xc0 mm/kmsan/kmsan_instr.c:500
 __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
 __fswab32 include/uapi/linux/swab.h:59 [inline]
 __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
 __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
 xfrm_dst_hash net/xfrm/xfrm_state.c:61 [inline]
 xfrm_state_find+0x2723/0x4ae0 net/xfrm/xfrm_state.c:952
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:1413 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:1458 [inline]
 xfrm_resolve_and_create_bundle+0xa06/0x49a0 net/xfrm/xfrm_policy.c:1753
 xfrm_lookup_with_ifid+0x9c7/0x3e60 net/xfrm/xfrm_policy.c:2076
 xfrm_lookup net/xfrm/xfrm_policy.c:2200 [inline]
 xfrm_lookup_route+0x104/0x370 net/xfrm/xfrm_policy.c:2211
 ip_route_output_flow+0x33f/0x3a0 net/ipv4/route.c:2592
 udp_sendmsg+0x2c6a/0x3cd0 net/ipv4/udp.c:1082
 udpv6_sendmsg+0x12e2/0x4cf0 net/ipv6/udp.c:1196
 inet_sendmsg+0x4c5/0x7d0 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:621 [inline]
 sock_sendmsg net/socket.c:631 [inline]
 ___sys_sendmsg+0xe70/0x1290 net/socket.c:2114
 __sys_sendmmsg+0x4ac/0x930 net/socket.c:2209
 __do_sys_sendmmsg net/socket.c:2238 [inline]
 __se_sys_sendmmsg+0xbd/0xe0 net/socket.c:2235
 __x64_sys_sendmmsg+0x56/0x70 net/socket.c:2235
 do_syscall_64+0xb8/0x100 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x4403f9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffca93ab3b8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403f9
RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401c80
R13: 0000000000401d10 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----fl4_stack@udp_sendmsg
Variable was created at:
 udp_sendmsg+0x105/0x3cd0 net/ipv4/udp.c:904
 udpv6_sendmsg+0x12e2/0x4cf0 net/ipv6/udp.c:1196
==================================================================

Crashes (153):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kmsan-gce	2018/09/30 15:27	https://github.com/google/kmsan.git master	2b752aff835d	41e4b329	.config	log	report	syz	C
ci-upstream-kmsan-gce	2018/08/30 18:31	https://github.com/google/kmsan.git master	25114c64b719	938220fd	.config	log	report	syz	C
ci-upstream-kmsan-gce	2018/06/16 20:45	https://github.com/google/kmsan.git master	88e0e95b30f1	27c5f59f	.config	log	report	syz	C
ci-upstream-kmsan-gce	2018/05/16 02:19	https://github.com/google/kmsan.git master	06b2df0593a8	68ce85f1	.config	log	report	syz	C
ci-upstream-kmsan-gce	2018/05/15 17:12	https://github.com/google/kmsan.git master	1df165c8d2d6	661fd7b9	.config	log	report	syz	C
ci-upstream-kmsan-gce	2018/05/15 16:05	https://github.com/google/kmsan.git master	1df165c8d2d6	661fd7b9	.config	log	report	syz	C
ci-upstream-kmsan-gce	2021/12/14 16:38	https://github.com/google/kmsan.git master	b1e1bb6f7a2e	d018dd31	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/10/17 16:32	https://github.com/google/kmsan.git master	d6493d2046c4	0c5d9412	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/08/22 14:21	https://github.com/google/kmsan.git master	40b1d724c752	b599f2fc	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/08/21 22:31	https://github.com/google/kmsan.git master	40b1d724c752	b599f2fc	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/07/16 00:19	https://github.com/google/kmsan.git master	57b5797c8013	f115ae98	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/07/15 19:07	https://github.com/google/kmsan.git master	57b5797c8013	b9a2f64e	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/06/15 19:18	https://github.com/google/kmsan.git master	7bcc9a7be76b	58636922	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/05/28 02:39	https://github.com/google/kmsan.git master	6099c9da2f7d	858ea628	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/05/16 12:45	https://github.com/google/kmsan.git master	bdefec9ab855	f54a5c09	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/05/09 22:43	https://github.com/google/kmsan.git master	4ebaab5fb428	bc5434be	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/03/24 14:36	https://github.com/google/kmsan.git master	29ad81a1074a	607e3baf	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/03/21 20:42	https://github.com/google/kmsan.git master	29ad81a1074a	bea32f74	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/03/10 17:55	https://github.com/google/kmsan.git master	29ad81a1074a	764067f3	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/02/21 10:27	https://github.com/google/kmsan.git master	29ad81a1074a	3e5ed8b4	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce	2021/01/22 20:56	https://github.com/google/kmsan.git master	73d62e81b476	4080af96	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386	2021/12/31 11:17	https://github.com/google/kmsan.git master	81c325bbf94e	36bd2e48	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386	2021/12/15 00:00	https://github.com/google/kmsan.git master	b1e1bb6f7a2e	d018dd31	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386	2021/07/03 12:24	https://github.com/google/kmsan.git master	57b5797c8013	55aa55c2	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386	2021/07/01 14:15	https://github.com/google/kmsan.git master	57b5797c8013	658ebc66	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386	2021/05/25 21:15	https://github.com/google/kmsan.git master	6099c9da2f7d	93d3a9f6	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-kmsan-gce-386	2021/04/15 20:41	https://github.com/google/kmsan.git master	4ebaab5fb428	c59079a6	.config	log	report			info	KMSAN: uninit-value in xfrm_state_find
ci-upstream-net-kasan-gce	2021/04/17 00:40	net-next	e7ad33fa7bc5	7e2b734b	.config	log	report			info	KASAN: stack-out-of-bounds Read in xfrm_state_find
ci-upstream-kmsan-gce	2021/01/17 13:49	https://github.com/google/kmsan.git master	73d62e81b476	813be542	.config	log	report			info
ci-upstream-kmsan-gce	2020/12/22 03:59	https://github.com/google/kmsan.git master	73d62e81b476	04201c06	.config	log	report			info
ci-upstream-kmsan-gce	2020/12/06 09:34	https://github.com/google/kmsan.git master	73d62e81b476	f12ba0c5	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/12 21:24	https://github.com/google/kmsan.git master	e67f4ba870c2	d32b0bbf	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/06 23:59	https://github.com/google/kmsan.git master	5edb1df295b9	1880b4a9	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/06 21:19	https://github.com/google/kmsan.git master	5edb1df295b9	1880b4a9	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/06 17:58	https://github.com/google/kmsan.git master	5edb1df295b9	1880b4a9	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/02 14:41	https://github.com/google/kmsan.git master	5edb1df295b9	9602ddf4	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/02 10:48	https://github.com/google/kmsan.git master	5edb1df295b9	9602ddf4	.config	log	report			info
ci-upstream-kmsan-gce	2020/10/01 11:34	https://github.com/google/kmsan.git master	5edb1df295b9	a9767fb2	.config	log	report			info
ci-upstream-kmsan-gce	2020/09/30 22:12	https://github.com/google/kmsan.git master	5edb1df295b9	8516f6d3	.config	log	report			info
ci-upstream-kmsan-gce	2020/09/30 07:02	https://github.com/google/kmsan.git master	5edb1df295b9	5abc3f1a	.config	log	report			info
ci-upstream-kmsan-gce	2020/09/29 14:18	https://github.com/google/kmsan.git master	5edb1df295b9	1b88c6d5	.config	log	report			info
ci-upstream-kmsan-gce	2020/09/27 00:40	https://github.com/google/kmsan.git master	c5a13b33ec11	2d5ea0cb	.config	log	report			info
ci-upstream-kmsan-gce	2020/09/22 19:57	https://github.com/google/kmsan.git master	c5a13b33ec11	3e8f6c27	.config	log	report			info
ci-upstream-kmsan-gce	2020/07/23 00:10	https://github.com/google/kmsan.git master	93f54a72361a	340ea530	.config	log	report
ci-upstream-kmsan-gce	2020/07/21 21:53	https://github.com/google/kmsan.git master	91e18444d6b0	21f1765e	.config	log	report
ci-upstream-kmsan-gce	2020/07/16 20:15	https://github.com/google/kmsan.git master	f0d5ec902b23	f3bec699	.config	log	report
ci-upstream-kmsan-gce	2020/07/09 19:10	https://github.com/google/kmsan.git master	f0d5ec902b23	bc238812	.config	log	report
ci-upstream-kmsan-gce	2020/07/07 23:38	https://github.com/google/kmsan.git master	f0d5ec902b23	51095195	.config	log	report
ci-upstream-kmsan-gce	2020/07/03 19:50	https://github.com/google/kmsan.git master	f0d5ec902b23	bed10395	.config	log	report
ci-upstream-kmsan-gce	2020/06/30 03:24	https://github.com/google/kmsan.git master	f0d5ec902b23	a2cdad9d	.config	log	report
ci-upstream-kmsan-gce	2020/06/20 22:09	https://github.com/google/kmsan.git master	f0d5ec902b23	c655ec77	.config	log	report
ci-upstream-kmsan-gce	2020/06/14 03:36	https://github.com/google/kmsan.git master	f0d5ec902b23	dbce178a	.config	log	report
ci-upstream-kmsan-gce-386	2020/12/31 03:03	https://github.com/google/kmsan.git master	73d62e81b476	5cc121d6	.config	log	report			info