KMSAN: uninit-value in xfrm_state

KMSAN: uninit-value in xfrm_state_find
Status: upstream: reported C repro on 2018/06/15 07:30
Reported-by: syzbot+131cd4c6d21724b99a26@syzkaller.appspotmail.com
First crash: 493d, last: 257d

Sample crash report:

IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
==================================================================
BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
BUG: KMSAN: uninit-value in __fswab32 include/uapi/linux/swab.h:59 [inline]
BUG: KMSAN: uninit-value in __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
BUG: KMSAN: uninit-value in __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
BUG: KMSAN: uninit-value in xfrm_dst_hash net/xfrm/xfrm_state.c:60 [inline]
BUG: KMSAN: uninit-value in xfrm_state_find+0x2b15/0x4f40 net/xfrm/xfrm_state.c:952
CPU: 0 PID: 4464 Comm: syz-executor988 Not tainted 4.17.0-rc3+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1084
 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683
 __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
 __fswab32 include/uapi/linux/swab.h:59 [inline]
 __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
 __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline]
 xfrm_dst_hash net/xfrm/xfrm_state.c:60 [inline]
 xfrm_state_find+0x2b15/0x4f40 net/xfrm/xfrm_state.c:952
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:1393 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:1437 [inline]
 xfrm_resolve_and_create_bundle+0xc31/0x5270 net/xfrm/xfrm_policy.c:1833
 xfrm_lookup+0x606/0x39d0 net/xfrm/xfrm_policy.c:2163
 xfrm_lookup_route+0xfa/0x360 net/xfrm/xfrm_policy.c:2283
 ip_route_output_flow+0x35b/0x3b0 net/ipv4/route.c:2574
 udp_sendmsg+0x2289/0x33f0 net/ipv4/udp.c:1006
 udpv6_sendmsg+0x1291/0x3f40 net/ipv6/udp.c:1175
 inet_sendmsg+0x48d/0x740 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg net/socket.c:639 [inline]
 ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117
 __sys_sendmmsg+0x490/0x850 net/socket.c:2212
 __do_sys_sendmmsg net/socket.c:2241 [inline]
 __se_sys_sendmmsg net/socket.c:2238 [inline]
 __x64_sys_sendmmsg+0x11c/0x170 net/socket.c:2238
 do_syscall_64+0x154/0x220 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4419c9
RSP: 002b:00007ffdb3fa4608 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004419c9
RDX: 0000000000000001 RSI: 0000000020002000 RDI: 0000000000000003
RBP: 00000000006cd018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004026c0
R13: 0000000000402750 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----fl4_stack@udp_sendmsg
Variable was created at:
 udp_sendmsg+0xe5/0x33f0 net/ipv4/udp.c:841
 udpv6_sendmsg+0x1291/0x3f40 net/ipv6/udp.c:1175
==================================================================

All crashes (42):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kmsan-gce	2018/05/15 17:12	https://github.com/google/kmsan.git master	1df165c8	661fd7b9	.config	log	report	syz	C	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/05/15 16:05	https://github.com/google/kmsan.git master	1df165c8	661fd7b9	.config	log	report	syz	C	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/09/30 15:27	https://github.com/google/kmsan.git master	2b752aff	41e4b329	.config	log	report	syz	C	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/08/30 18:31	https://github.com/google/kmsan.git master	25114c64	938220fd	.config	log	report	syz	C	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/06/16 20:45	https://github.com/google/kmsan.git master	88e0e95b	27c5f59f	.config	log	report	syz	C	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/05/16 02:19	https://github.com/google/kmsan.git master	06b2df05	68ce85f1	.config	log	report	syz	C	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2019/01/06 15:47	https://github.com/google/kmsan.git master	11587f6e	94f8adb5	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/12/26 19:12	https://github.com/google/kmsan.git master	79fc24ff	8a41a0ad	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/12/20 02:53	https://github.com/google/kmsan.git master	49d30e29	02e69052	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/11/29 13:13	https://github.com/google/kmsan.git master	a3110764	4b6d14f2	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/11/29 02:54	https://github.com/google/kmsan.git master	fffec98a	4b6d14f2	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/10/18 13:22	https://github.com/google/kmsan.git master	22ec98c3	d257b2d2	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/10/15 07:37	https://github.com/google/kmsan.git master	22ec98c3	caf12900	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/09/28 17:58	https://github.com/google/kmsan.git master	23005322	137d7c66	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/09/22 03:08	https://github.com/google/kmsan.git master	7ace4303	37079712	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/09/01 04:50	https://github.com/google/kmsan.git master	28f0ca98	a4718693	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/08/30 08:00	https://github.com/google/kmsan.git master	2dca2cbd	6c7e9d3d	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/08/29 22:30	https://github.com/google/kmsan.git master	2dca2cbd	4937cb2b	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/08/29 09:31	https://github.com/google/kmsan.git master	2dca2cbd	53ff8784	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/08/26 02:05	https://github.com/google/kmsan.git master	0cc51dc9	76e7c3df	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/08/19 10:41	https://github.com/google/kmsan.git master	0cc51dc9	2dc4378f	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/08/11 23:09	https://github.com/google/kmsan.git master	0cc51dc9	7a88b141	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/07/24 05:03	https://github.com/google/kmsan.git master	d1c2a46a	912c93d7	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/07/19 23:39	https://github.com/google/kmsan.git master	cf8cd3cd	49f35839	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/07/19 09:13	https://github.com/google/kmsan.git master	80ecacc4	49f35839	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/07/16 17:11	https://github.com/google/kmsan.git master	80ecacc4	40cb0c9a	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/07/16 12:53	https://github.com/google/kmsan.git master	80ecacc4	92a49505	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/07/15 15:26	https://github.com/google/kmsan.git master	80ecacc4	92a49505	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/07/13 18:13	https://github.com/google/kmsan.git master	e74f81fe	92a49505	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/07/11 09:04	https://github.com/google/kmsan.git master	b64f7ec0	2e0e3130	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/07/08 11:51	https://github.com/google/kmsan.git master	a00de5aa	c9a7a4dc	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/07/04 17:03	https://github.com/google/kmsan.git master	accdc89e	317fc8ea	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/06/28 14:20	https://github.com/google/kmsan.git master	12390609	dba0b50e	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/06/25 16:53	https://github.com/google/kmsan.git master	12390609	2064fc5c	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/06/24 07:56	https://github.com/google/kmsan.git master	12390609	2064fc5c	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/06/23 18:01	https://github.com/google/kmsan.git master	12390609	2064fc5c	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/06/12 12:06	https://github.com/google/kmsan.git master	5cdf0501	112eec79	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/06/11 06:11	https://github.com/google/kmsan.git master	d6c351f8	866118af	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/06/06 23:39	https://github.com/google/kmsan.git master	b9a5d319	e0e534c6	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/05/27 16:04	https://github.com/google/kmsan.git master	1b9cd4ec	f48c20b8	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/05/21 02:36	https://github.com/google/kmsan.git master	9f127b7c	f48c20b8	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci-upstream-kmsan-gce	2018/05/15 15:45	https://github.com/google/kmsan.git master	1df165c8	661fd7b9	.config	log	report			davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com