KMSAN: uninit-value in xfrm_state

[upstream] KMSAN: uninit-value in xfrm_state_find
Status: upstream: reported C repro on 2018/06/15 07:30
Reported-by: syzbot+131cd4c6d21724b99a26@syzkaller.appspotmail.com
First: 127d, last: 19d

Sample crash report:

IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
==================================================================
BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
BUG: KMSAN: uninit-value in __fswab32 include/uapi/linux/swab.h:59 [inline]
BUG: KMSAN: uninit-value in __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
BUG: KMSAN: uninit-value in __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
BUG: KMSAN: uninit-value in xfrm_dst_hash net/xfrm/xfrm_state.c:60 [inline]
BUG: KMSAN: uninit-value in xfrm_state_find+0x2b15/0x4f40 net/xfrm/xfrm_state.c:952
CPU: 0 PID: 4464 Comm: syz-executor988 Not tainted 4.17.0-rc3+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1084
 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683
 __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
 __fswab32 include/uapi/linux/swab.h:59 [inline]
 __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
 __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
 xfrm_dst_hash net/xfrm/xfrm_state.c:60 [inline]
 xfrm_state_find+0x2b15/0x4f40 net/xfrm/xfrm_state.c:952
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:1393 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:1437 [inline]
 xfrm_resolve_and_create_bundle+0xc31/0x5270 net/xfrm/xfrm_policy.c:1833
 xfrm_lookup+0x606/0x39d0 net/xfrm/xfrm_policy.c:2163
 xfrm_lookup_route+0xfa/0x360 net/xfrm/xfrm_policy.c:2283
 ip_route_output_flow+0x35b/0x3b0 net/ipv4/route.c:2574
 udp_sendmsg+0x2289/0x33f0 net/ipv4/udp.c:1006
 udpv6_sendmsg+0x1291/0x3f40 net/ipv6/udp.c:1175
 inet_sendmsg+0x48d/0x740 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg net/socket.c:639 [inline]
 ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117
 __sys_sendmmsg+0x490/0x850 net/socket.c:2212
 __do_sys_sendmmsg net/socket.c:2241 [inline]
 __se_sys_sendmmsg net/socket.c:2238 [inline]
 __x64_sys_sendmmsg+0x11c/0x170 net/socket.c:2238
 do_syscall_64+0x154/0x220 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4419c9
RSP: 002b:00007ffdb3fa4608 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004419c9
RDX: 0000000000000001 RSI: 0000000020002000 RDI: 0000000000000003
RBP: 00000000006cd018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004026c0
R13: 0000000000402750 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----fl4_stack@udp_sendmsg
Variable was created at:
 udp_sendmsg+0xe5/0x33f0 net/ipv4/udp.c:841
 udpv6_sendmsg+0x1291/0x3f40 net/ipv6/udp.c:1175
==================================================================

All crashes (32):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kmsan-gce	2018/05/15 17:12	https://github.com/google/kmsan.git/master	1df165c8d2d6bafabcf2d90e2c61f1bb609fb9b7	661fd7b9882caba55e3fbc1c95fd4602ebfe580d	.config	log	report	syz	C	["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/05/15 16:05	https://github.com/google/kmsan.git/master	1df165c8d2d6bafabcf2d90e2c61f1bb609fb9b7	661fd7b9882caba55e3fbc1c95fd4602ebfe580d	.config	log	report	syz	C	["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/08/30 18:31	https://github.com/google/kmsan.git/master	25114c64b719bd1d93bcd288d5287602113daa1b	938220fdbbf294b00b3c62efa06e82aa63fca33c	.config	log	report	syz	C	["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/16 20:45	https://github.com/google/kmsan.git/master	88e0e95b30f1597fed54bea1ef7208c66fb8a951	27c5f59f504f562333e3cd5e715fea5cb69c396e	.config	log	report	syz	C	["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/05/16 02:19	https://github.com/google/kmsan.git/master	06b2df0593a875093e9d50130625f33bf6386502	68ce85f1a91e45f87bf444a63bed8c1faebfad16	.config	log	report	syz	C	["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/09/01 04:50	https://github.com/google/kmsan.git/master	28f0ca98eadf7c1f47a929731b2f2512785ec156	a4718693a3d9fcabb02299b2ec07c19d8208c539	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/08/30 08:00	https://github.com/google/kmsan.git/master	2dca2cbde67aac01fd9679de1eb726c7d90b9291	6c7e9d3daa2b73704b0fbc3043ce86d5ea00f222	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/08/29 22:30	https://github.com/google/kmsan.git/master	2dca2cbde67aac01fd9679de1eb726c7d90b9291	4937cb2bf08907e1d48044e6e53a22f62e3e8ac5	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/08/29 09:31	https://github.com/google/kmsan.git/master	2dca2cbde67aac01fd9679de1eb726c7d90b9291	53ff87847a172828ddb92cbc95aa2a3e8a0937e0	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/08/26 02:05	https://github.com/google/kmsan.git/master	0cc51dc9a291cb4b634b3fb02e864e6f08cc9b68	76e7c3dfb40a870aae0c0750206dd24d26411b0c	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/08/19 10:41	https://github.com/google/kmsan.git/master	0cc51dc9a291cb4b634b3fb02e864e6f08cc9b68	2dc4378f0225c80d2755f7531ad0de4c2044727a	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/08/11 23:09	https://github.com/google/kmsan.git/master	0cc51dc9a291cb4b634b3fb02e864e6f08cc9b68	7a88b14122b5b70ed04bcd75932f411256e1662b	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/24 05:03	https://github.com/google/kmsan.git/master	d1c2a46a46f668ab937263b14a6d848461c5d7db	912c93d745d441150d0b8fa605c38d5ec18f75ab	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/19 23:39	https://github.com/google/kmsan.git/master	cf8cd3cd03e2554cdc01b9590e52ca16f7fc8748	49f3583951e3febc6a93b6e3b4cd213649a6b3c9	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/19 09:13	https://github.com/google/kmsan.git/master	80ecacc456c14814416b07f83b77a75609c3b14c	49f3583951e3febc6a93b6e3b4cd213649a6b3c9	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/16 17:11	https://github.com/google/kmsan.git/master	80ecacc456c14814416b07f83b77a75609c3b14c	40cb0c9aa6126f2fc180ce627d868742f645434c	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/16 12:53	https://github.com/google/kmsan.git/master	80ecacc456c14814416b07f83b77a75609c3b14c	92a4950507d9d15be9541491300b2201433f6814	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/15 15:26	https://github.com/google/kmsan.git/master	80ecacc456c14814416b07f83b77a75609c3b14c	92a4950507d9d15be9541491300b2201433f6814	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/13 18:13	https://github.com/google/kmsan.git/master	e74f81fe9c5dd2705e8ff77c2e828b9082542067	92a4950507d9d15be9541491300b2201433f6814	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/11 09:04	https://github.com/google/kmsan.git/master	b64f7ec04e120bce3712d88104e35a82ecf3d48b	2e0e3130f967984ba51ac1387b67040f0d953942	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/08 11:51	https://github.com/google/kmsan.git/master	a00de5aa4da39482277c4519d941056728a0939f	c9a7a4dccd8bf8153d409a7a78bc1804b41f5fff	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/07/04 17:03	https://github.com/google/kmsan.git/master	accdc89e1dc3753b3da13237856800f08468eac3	317fc8ea3ebfd8c8ad97394d0a648098eda26ef1	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/28 14:20	https://github.com/google/kmsan.git/master	123906095e30711591e8258b56f21e481049255d	dba0b50e7863cf82c29969caed47da4b8c99ee05	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/25 16:53	https://github.com/google/kmsan.git/master	123906095e30711591e8258b56f21e481049255d	2064fc5c9114c170841328aaa4b124a4062becf6	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/24 07:56	https://github.com/google/kmsan.git/master	123906095e30711591e8258b56f21e481049255d	2064fc5c9114c170841328aaa4b124a4062becf6	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/23 18:01	https://github.com/google/kmsan.git/master	123906095e30711591e8258b56f21e481049255d	2064fc5c9114c170841328aaa4b124a4062becf6	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/12 12:06	https://github.com/google/kmsan.git/master	5cdf0501ac1bdc9ba2844d17b2665c7881cb2ac7	112eec798fb57dea73b6a503e6c83c2438a6d45f	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/11 06:11	https://github.com/google/kmsan.git/master	d6c351f832e331cde949c5e222ffc43ee1ca3147	866118af36a38963903be2bdee4aff0c36ae365f	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/06/06 23:39	https://github.com/google/kmsan.git/master	b9a5d319699c90f86c8e2cc9b96ca4483c9f0621	e0e534c6c2485161cf80d4ab7f7658c85fabc83f	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/05/27 16:04	https://github.com/google/kmsan.git/master	1b9cd4eccac979f968880bad11217bc44169a400	f48c20b8f9b2a6c26629f11cc15e1c9c316572c8	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/05/21 02:36	https://github.com/google/kmsan.git/master	9f127b7ceaf7a1a515557eaae2b1cfed681853f3	f48c20b8f9b2a6c26629f11cc15e1c9c316572c8	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]
ci-upstream-kmsan-gce	2018/05/15 15:45	https://github.com/google/kmsan.git/master	1df165c8d2d6bafabcf2d90e2c61f1bb609fb9b7	661fd7b9882caba55e3fbc1c95fd4602ebfe580d	.config	log	report			["davem@davemloft.net" "herbert@gondor.apana.org.au" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]