KMSAN: uninit-value in xfrm_state

KMSAN: uninit-value in xfrm_state_find
Status: upstream: reported C repro on 2018/06/15 07:30
Reported-by: syzbot+131cd4c6d21724b99a26@syzkaller.appspotmail.com
First crash: 862d, last: 23h43m

Sample crash report:

random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
==================================================================
BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
BUG: KMSAN: uninit-value in __fswab32 include/uapi/linux/swab.h:59 [inline]
BUG: KMSAN: uninit-value in __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
BUG: KMSAN: uninit-value in __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
BUG: KMSAN: uninit-value in xfrm_dst_hash net/xfrm/xfrm_state.c:61 [inline]
BUG: KMSAN: uninit-value in xfrm_state_find+0x2723/0x4ae0 net/xfrm/xfrm_state.c:952
CPU: 0 PID: 4855 Comm: syz-executor277 Not tainted 4.19.0-rc4+ #61
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x2f6/0x430 lib/dump_stack.c:113
 kmsan_report+0x183/0x2b0 mm/kmsan/kmsan.c:917
 __msan_warning+0x70/0xc0 mm/kmsan/kmsan_instr.c:500
 __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
 __fswab32 include/uapi/linux/swab.h:59 [inline]
 __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
 __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
 xfrm_dst_hash net/xfrm/xfrm_state.c:61 [inline]
 xfrm_state_find+0x2723/0x4ae0 net/xfrm/xfrm_state.c:952
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:1413 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:1458 [inline]
 xfrm_resolve_and_create_bundle+0xa06/0x49a0 net/xfrm/xfrm_policy.c:1753
 xfrm_lookup_with_ifid+0x9c7/0x3e60 net/xfrm/xfrm_policy.c:2076
 xfrm_lookup net/xfrm/xfrm_policy.c:2200 [inline]
 xfrm_lookup_route+0x104/0x370 net/xfrm/xfrm_policy.c:2211
 ip_route_output_flow+0x33f/0x3a0 net/ipv4/route.c:2592
 udp_sendmsg+0x2c6a/0x3cd0 net/ipv4/udp.c:1082
 udpv6_sendmsg+0x12e2/0x4cf0 net/ipv6/udp.c:1196
 inet_sendmsg+0x4c5/0x7d0 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:621 [inline]
 sock_sendmsg net/socket.c:631 [inline]
 ___sys_sendmsg+0xe70/0x1290 net/socket.c:2114
 __sys_sendmmsg+0x4ac/0x930 net/socket.c:2209
 __do_sys_sendmmsg net/socket.c:2238 [inline]
 __se_sys_sendmmsg+0xbd/0xe0 net/socket.c:2235
 __x64_sys_sendmmsg+0x56/0x70 net/socket.c:2235
 do_syscall_64+0xb8/0x100 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x4403f9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffca93ab3b8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403f9
RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401c80
R13: 0000000000401d10 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----fl4_stack@udp_sendmsg
Variable was created at:
 udp_sendmsg+0x105/0x3cd0 net/ipv4/udp.c:904
 udpv6_sendmsg+0x12e2/0x4cf0 net/ipv6/udp.c:1196
==================================================================

Crashes (112):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Maintainers
ci-upstream-kmsan-gce	2018/09/30 15:27	https://github.com/google/kmsan.git master	2b752aff	41e4b329	.config	log	report	syz	C		davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/08/30 18:31	https://github.com/google/kmsan.git master	25114c64	938220fd	.config	log	report	syz	C		davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/06/16 20:45	https://github.com/google/kmsan.git master	88e0e95b	27c5f59f	.config	log	report	syz	C		davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/05/16 02:19	https://github.com/google/kmsan.git master	06b2df05	68ce85f1	.config	log	report	syz	C		davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/05/15 17:12	https://github.com/google/kmsan.git master	1df165c8	661fd7b9	.config	log	report	syz	C		davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/05/15 16:05	https://github.com/google/kmsan.git master	1df165c8	661fd7b9	.config	log	report	syz	C		davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/09/22 19:57	https://github.com/google/kmsan.git master	c5a13b33	3e8f6c27	.config	log	report			info	davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/07/23 00:10	https://github.com/google/kmsan.git master	93f54a72	340ea530	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/07/21 21:53	https://github.com/google/kmsan.git master	91e18444	21f1765e	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/07/16 20:15	https://github.com/google/kmsan.git master	f0d5ec90	f3bec699	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/07/09 19:10	https://github.com/google/kmsan.git master	f0d5ec90	bc238812	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/07/07 23:38	https://github.com/google/kmsan.git master	f0d5ec90	51095195	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/07/03 19:50	https://github.com/google/kmsan.git master	f0d5ec90	bed10395	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/06/30 03:24	https://github.com/google/kmsan.git master	f0d5ec90	a2cdad9d	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/06/20 22:09	https://github.com/google/kmsan.git master	f0d5ec90	c655ec77	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/06/14 03:36	https://github.com/google/kmsan.git master	f0d5ec90	dbce178a	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/05/25 13:39	https://github.com/google/kmsan.git master	8b97c627	11284182	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/05/19 18:33	https://github.com/google/kmsan.git master	8b97c627	6d882fd2	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/05/08 23:39	https://github.com/google/kmsan.git master	21c44613	e97b06d3	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/05/05 12:43	https://github.com/google/kmsan.git master	21c44613	4b76dd25	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/05/02 07:44	https://github.com/google/kmsan.git master	bfa90a4a	bc734e7a	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/04/14 16:44	https://github.com/google/kmsan.git master	75303409	3f3c5574	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/04/01 03:32	https://github.com/google/kmsan.git master	75303409	a34e2c33	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/03/31 03:57	https://github.com/google/kmsan.git master	75303409	c8d1cc20	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/03/13 14:48	https://github.com/google/kmsan.git master	8bbbc5cf	d850e9d0	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/03/07 15:00	https://github.com/google/kmsan.git master	8bbbc5cf	2e9971bb	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/03/05 20:13	https://github.com/google/kmsan.git master	8bbbc5cf	c88c7b75	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/02/22 12:49	https://github.com/google/kmsan.git master	8bbbc5cf	2c36e7a7	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/02/09 16:26	https://github.com/google/kmsan.git master	686a4f77	6ece2ea5	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/02/01 21:05	https://github.com/google/kmsan.git master	686a4f77	2274ad39	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/31 18:42	https://github.com/google/kmsan.git master	686a4f77	c30117b2	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/27 16:02	https://github.com/google/kmsan.git master	686a4f77	dd56146d	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/23 18:35	https://github.com/google/kmsan.git master	686a4f77	3334d684	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/23 09:44	https://github.com/google/kmsan.git master	686a4f77	3334d684	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/22 22:18	https://github.com/google/kmsan.git master	686a4f77	3334d684	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/18 19:46	https://github.com/google/kmsan.git master	686a4f77	3de7aabb	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/15 03:36	https://github.com/google/kmsan.git master	686a4f77	fa12bd3c	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/14 04:06	https://github.com/google/kmsan.git master	686a4f77	32881205	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/13 23:28	https://github.com/google/kmsan.git master	686a4f77	99565c1a	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/11 05:02	https://github.com/google/kmsan.git master	178db004	4de4e9f0	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/10 08:06	https://github.com/google/kmsan.git master	178db004	4de4e9f0	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/06 21:30	https://github.com/google/kmsan.git master	997a8b55	53430d97	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2020/01/05 12:54	https://github.com/google/kmsan.git master	997a8b55	d646e21f	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2019/12/30 13:16	https://github.com/google/kmsan.git master	997a8b55	af6b8ef8	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2019/12/30 07:39	https://github.com/google/kmsan.git master	997a8b55	af6b8ef8	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2019/12/28 16:53	https://github.com/google/kmsan.git master	997a8b55	af6b8ef8	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2019/12/26 16:36	https://github.com/google/kmsan.git master	997a8b55	be5c2c81	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2019/12/26 15:18	https://github.com/google/kmsan.git master	997a8b55	be5c2c81	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com