| Title | Replies (including bot) | Last reply |
|---|---|---|
| KMSAN: uninit-value in nf_ip6_checksum | 0 (1) | 2020/05/15 13:36 |
syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| KMSAN: uninit-value in nf_ip6_checksum | 0 (1) | 2020/05/15 13:36 |
===================================================== BUG: KMSAN: uninit-value in nf_ip6_checksum+0x63a/0x670 net/netfilter/utils.c:74 CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.9.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:122 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:201 nf_ip6_checksum+0x63a/0x670 net/netfilter/utils.c:74 nf_nat_icmpv6_reply_translation+0x312/0x1360 net/netfilter/nf_nat_proto.c:800 nf_nat_ipv6_fn+0x3c4/0x570 net/netfilter/nf_nat_proto.c:873 nf_nat_ipv6_in+0x129/0x440 net/netfilter/nf_nat_proto.c:892 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow+0x17b/0x460 net/netfilter/core.c:512 nf_hook include/linux/netfilter.h:256 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] ipv6_rcv+0x29f/0x460 net/ipv6/ip6_input.c:307 __netif_receive_skb_one_core net/core/dev.c:5286 [inline] __netif_receive_skb+0x265/0x670 net/core/dev.c:5400 process_backlog+0x50d/0xba0 net/core/dev.c:6242 napi_poll+0x443/0x1100 net/core/dev.c:6688 net_rx_action+0x35c/0xd40 net/core/dev.c:6758 __do_softirq+0x2ea/0x7f5 kernel/softirq.c:299 run_ksoftirqd+0x25/0x40 kernel/softirq.c:656 smpboot_thread_fn+0x5f5/0xa90 kernel/smpboot.c:165 kthread+0x551/0x590 kernel/kthread.c:293 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:143 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:311 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:151 __skb_checksum_complete+0x58e/0x630 net/core/skbuff.c:2860 nf_ip6_checksum+0x565/0x670 net/netfilter/utils.c:91 nf_nat_icmpv6_reply_translation+0x312/0x1360 net/netfilter/nf_nat_proto.c:800 nf_nat_ipv6_fn+0x3c4/0x570 net/netfilter/nf_nat_proto.c:873 nf_nat_ipv6_local_fn+0xaa/0x800 net/netfilter/nf_nat_proto.c:946 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow+0x17b/0x460 net/netfilter/core.c:512 nf_hook include/linux/netfilter.h:256 [inline] __ip6_local_out+0x696/0x7c0 net/ipv6/output_core.c:167 ip6_local_out+0xa1/0x1e0 net/ipv6/output_core.c:177 ip6_send_skb net/ipv6/ip6_output.c:1867 [inline] ip6_push_pending_frames+0x252/0x5b0 net/ipv6/ip6_output.c:1887 icmpv6_push_pending_frames+0x6d1/0x710 net/ipv6/icmp.c:304 icmp6_send+0x3958/0x40d0 net/ipv6/icmp.c:617 icmpv6_send include/linux/icmpv6.h:24 [inline] ip6_link_failure+0x79/0x620 net/ipv6/route.c:2669 dst_link_failure include/net/dst.h:426 [inline] ndisc_error_report+0x120/0x1c0 net/ipv6/ndisc.c:710 neigh_invalidate+0x353/0x8e0 net/core/neighbour.c:993 neigh_timer_handler+0x1135/0x17b0 net/core/neighbour.c:1080 call_timer_fn+0x226/0x550 kernel/time/timer.c:1413 expire_timers+0x4fc/0x780 kernel/time/timer.c:1458 __run_timers+0x624/0x9e0 kernel/time/timer.c:1755 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1768 __do_softirq+0x2ea/0x7f5 kernel/softirq.c:299 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:143 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:311 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:248 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:268 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:114 csum_partial_copy_nocheck+0xae/0x100 lib/checksum.c:154 skb_copy_and_csum_bits+0x261/0x1360 net/core/skbuff.c:2739 icmpv6_getfrag+0x148/0x3b0 net/ipv6/icmp.c:319 __ip6_append_data+0x5a33/0x71b0 net/ipv6/ip6_output.c:1625 ip6_append_data+0x44b/0x6e0 net/ipv6/ip6_output.c:1759 icmp6_send+0x36fc/0x40d0 net/ipv6/icmp.c:609 icmpv6_send include/linux/icmpv6.h:24 [inline] ip6_link_failure+0x79/0x620 net/ipv6/route.c:2669 dst_link_failure include/net/dst.h:426 [inline] ndisc_error_report+0x120/0x1c0 net/ipv6/ndisc.c:710 neigh_invalidate+0x353/0x8e0 net/core/neighbour.c:993 neigh_timer_handler+0x1135/0x17b0 net/core/neighbour.c:1080 call_timer_fn+0x226/0x550 kernel/time/timer.c:1413 expire_timers+0x4fc/0x780 kernel/time/timer.c:1458 __run_timers+0x624/0x9e0 kernel/time/timer.c:1755 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1768 __do_softirq+0x2ea/0x7f5 kernel/softirq.c:299 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:143 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:311 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:248 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:268 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:114 pskb_expand_head+0x3fd/0x1e30 net/core/skbuff.c:1638 __skb_cow include/linux/skbuff.h:3160 [inline] skb_cow_head include/linux/skbuff.h:3194 [inline] geneve_build_skb+0x575/0xf90 drivers/net/geneve.c:758 geneve6_xmit_skb drivers/net/geneve.c:1019 [inline] geneve_xmit+0x2147/0x3c00 drivers/net/geneve.c:1052 __netdev_start_xmit include/linux/netdevice.h:4634 [inline] netdev_start_xmit include/linux/netdevice.h:4648 [inline] xmit_one+0x3cf/0x750 net/core/dev.c:3561 dev_hard_start_xmit net/core/dev.c:3577 [inline] __dev_queue_xmit+0x3aad/0x4470 net/core/dev.c:4136 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4169 batadv_send_skb_packet+0x622/0x970 net/batman-adv/send.c:108 batadv_send_broadcast_skb+0x76/0x90 net/batman-adv/send.c:127 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:419 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0xb2e/0xef0 net/batman-adv/bat_iv_ogm.c:1711 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:293 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:143 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:311 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:248 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:268 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:114 pskb_expand_head+0x3fd/0x1e30 net/core/skbuff.c:1638 __skb_cow include/linux/skbuff.h:3160 [inline] skb_cow_head include/linux/skbuff.h:3194 [inline] batadv_skb_head_push+0x2cc/0x410 net/batman-adv/soft-interface.c:75 batadv_send_skb_packet+0x1ed/0x970 net/batman-adv/send.c:86 batadv_send_broadcast_skb+0x76/0x90 net/batman-adv/send.c:127 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:419 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0xb2e/0xef0 net/batman-adv/bat_iv_ogm.c:1711 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:293 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Uninit was created at: kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:143 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:268 [inline] kmsan_alloc_page+0xc5/0x1a0 mm/kmsan/kmsan_shadow.c:292 __alloc_pages_nodemask+0xf34/0x1120 mm/page_alloc.c:4927 __alloc_pages include/linux/gfp.h:509 [inline] __alloc_pages_node include/linux/gfp.h:522 [inline] alloc_pages_node include/linux/gfp.h:536 [inline] __page_frag_cache_refill mm/page_alloc.c:5002 [inline] page_frag_alloc+0x35b/0x880 mm/page_alloc.c:5032 __netdev_alloc_skb+0xc3d/0xc90 net/core/skbuff.c:456 netdev_alloc_skb include/linux/skbuff.h:2821 [inline] dev_alloc_skb include/linux/skbuff.h:2834 [inline] __ieee80211_beacon_get+0x37e3/0x4df0 net/mac80211/tx.c:4819 ieee80211_beacon_get_tim+0x109/0x800 net/mac80211/tx.c:4933 ieee80211_beacon_get include/net/mac80211.h:4845 [inline] mac80211_hwsim_beacon_tx+0x1c3/0xb80 drivers/net/wireless/mac80211_hwsim.c:1676 __iterate_interfaces net/mac80211/util.c:737 [inline] ieee80211_iterate_active_interfaces_atomic+0x40a/0x610 net/mac80211/util.c:773 mac80211_hwsim_beacon+0x11d/0x2e0 drivers/net/wireless/mac80211_hwsim.c:1717 __run_hrtimer+0x7cd/0xf00 kernel/time/hrtimer.c:1524 __hrtimer_run_queues kernel/time/hrtimer.c:1588 [inline] hrtimer_run_softirq+0x3bf/0x690 kernel/time/hrtimer.c:1605 __do_softirq+0x2ea/0x7f5 kernel/softirq.c:299 =====================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020/10/06 14:56 | https://github.com/google/kmsan.git master | 5edb1df295b9 | 1880b4a9 | .config | console log | report | info | ci-upstream-kmsan-gce | ||||
| 2020/06/14 22:46 | https://github.com/google/kmsan.git master | f0d5ec902b23 | 2a22c77a | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2020/05/15 01:24 | https://github.com/google/kmsan.git master | 8b97c6271626 | 2d572622 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2020/07/21 19:21 | https://github.com/google/kmsan.git master | 91e18444d6b0 | 21f1765e | .config | console log | report | ci-upstream-kmsan-gce-386 | |||||
| 2020/07/21 02:59 | https://github.com/google/kmsan.git master | 91e18444d6b0 | 4285ffa3 | .config | console log | report | ci-upstream-kmsan-gce-386 |