syzbot

 sign-in | mailing list | source | docs
🐞 Open [997] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12511] Missing Backports [84] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in nf_tables_newchain

Status: auto-closed as invalid on 2022/04/01 22:17
Subsystems: netfilter
[Documentation on labels]
First crash: 845d, last: 845d

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:369 [inline]
BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:599 [inline]
BUG: KMSAN: uninit-value in rhltable_lookup include/linux/rhashtable.h:688 [inline]
BUG: KMSAN: uninit-value in nft_chain_lookup net/netfilter/nf_tables_api.c:1389 [inline]
BUG: KMSAN: uninit-value in nf_tables_newchain+0x14c0/0x5f20 net/netfilter/nf_tables_api.c:2418
 rht_ptr_rcu include/linux/rhashtable.h:369 [inline]
 __rhashtable_lookup include/linux/rhashtable.h:599 [inline]
 rhltable_lookup include/linux/rhashtable.h:688 [inline]
 nft_chain_lookup net/netfilter/nf_tables_api.c:1389 [inline]
 nf_tables_newchain+0x14c0/0x5f20 net/netfilter/nf_tables_api.c:2418
 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline]
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline]
 nfnetlink_rcv+0x232d/0x4710 net/netfilter/nfnetlink.c:652
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x1075/0x1340 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x14cf/0x1710 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmsg+0x704/0x840 net/socket.c:2492
 __compat_sys_sendmsg net/compat.c:347 [inline]
 __do_compat_sys_sendmsg net/compat.c:354 [inline]
 __se_compat_sys_sendmsg net/compat.c:351 [inline]
 __ia32_compat_sys_sendmsg+0xed/0x130 net/compat.c:351
 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline]
 __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180
 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c

Uninit was stored to memory at:
 chacha_permute+0x12d8/0x1400
 chacha_block_generic+0xea/0xb20 lib/crypto/chacha.c:83
 chacha20_block include/crypto/chacha.h:36 [inline]
 _extract_crng+0x344/0x4d0 drivers/char/random.c:1000
 extract_crng drivers/char/random.c:1016 [inline]
 _get_random_bytes+0x348/0x5a0 drivers/char/random.c:1538
 get_random_bytes+0x11e/0x300 drivers/char/random.c:1551
 eth_random_addr include/linux/etherdevice.h:232 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:752 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:802 [inline]
 nsim_dev_trap_report_work+0x4d3/0x1100 drivers/net/netdevsim/dev.c:843
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 chacha_block_generic+0xc6/0xb20 lib/crypto/chacha.c:81
 chacha20_block include/crypto/chacha.h:36 [inline]
 _extract_crng+0x344/0x4d0 drivers/char/random.c:1000
 extract_crng drivers/char/random.c:1016 [inline]
 _get_random_bytes+0x348/0x5a0 drivers/char/random.c:1538
 get_random_bytes+0x11e/0x300 drivers/char/random.c:1551
 eth_random_addr include/linux/etherdevice.h:232 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:752 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:802 [inline]
 nsim_dev_trap_report_work+0x4d3/0x1100 drivers/net/netdevsim/dev.c:843
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 crng_reseed+0x602/0xf70 drivers/char/random.c:962
 _extract_crng+0x1fc/0x4d0 drivers/char/random.c:996
 extract_crng drivers/char/random.c:1016 [inline]
 _get_random_bytes+0x348/0x5a0 drivers/char/random.c:1538
 get_random_bytes+0x11e/0x300 drivers/char/random.c:1551
 eth_random_addr include/linux/etherdevice.h:232 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:752 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:802 [inline]
 nsim_dev_trap_report_work+0x4d3/0x1100 drivers/net/netdevsim/dev.c:843
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 put_unaligned_le32 include/asm-generic/unaligned.h:47 [inline]
 chacha_block_generic+0x87a/0xb20 lib/crypto/chacha.c:86
 chacha20_block include/crypto/chacha.h:36 [inline]
 _extract_crng+0x344/0x4d0 drivers/char/random.c:1000
 crng_reseed+0x136/0xf70 drivers/char/random.c:952
 _extract_crng+0x1fc/0x4d0 drivers/char/random.c:996
 extract_crng drivers/char/random.c:1016 [inline]
 _get_random_bytes+0x348/0x5a0 drivers/char/random.c:1538
 get_random_bytes+0x11e/0x300 drivers/char/random.c:1551
 eth_random_addr include/linux/etherdevice.h:232 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:752 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:802 [inline]
 nsim_dev_trap_report_work+0x4d3/0x1100 drivers/net/netdevsim/dev.c:843
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 chacha_permute+0x12d8/0x1400
 chacha_block_generic+0xea/0xb20 lib/crypto/chacha.c:83
 chacha20_block include/crypto/chacha.h:36 [inline]
 _extract_crng+0x344/0x4d0 drivers/char/random.c:1000
 crng_reseed+0x136/0xf70 drivers/char/random.c:952
 _extract_crng+0x1fc/0x4d0 drivers/char/random.c:996
 extract_crng drivers/char/random.c:1016 [inline]
 _get_random_bytes+0x348/0x5a0 drivers/char/random.c:1538
 get_random_bytes+0x11e/0x300 drivers/char/random.c:1551
 eth_random_addr include/linux/etherdevice.h:232 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:752 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:802 [inline]
 nsim_dev_trap_report_work+0x4d3/0x1100 drivers/net/netdevsim/dev.c:843
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 chacha_block_generic+0xc6/0xb20 lib/crypto/chacha.c:81
 chacha20_block include/crypto/chacha.h:36 [inline]
 _extract_crng+0x344/0x4d0 drivers/char/random.c:1000
 crng_reseed+0x136/0xf70 drivers/char/random.c:952
 _extract_crng+0x1fc/0x4d0 drivers/char/random.c:996
 extract_crng drivers/char/random.c:1016 [inline]
 _get_random_bytes+0x348/0x5a0 drivers/char/random.c:1538
 get_random_bytes+0x11e/0x300 drivers/char/random.c:1551
 eth_random_addr include/linux/etherdevice.h:232 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:752 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:802 [inline]
 nsim_dev_trap_report_work+0x4d3/0x1100 drivers/net/netdevsim/dev.c:843
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 crng_reseed+0x602/0xf70 drivers/char/random.c:962
 _extract_crng+0x1fc/0x4d0 drivers/char/random.c:996
 crng_reseed+0x136/0xf70 drivers/char/random.c:952
 _extract_crng+0x1fc/0x4d0 drivers/char/random.c:996
 extract_crng drivers/char/random.c:1016 [inline]
 _get_random_bytes+0x348/0x5a0 drivers/char/random.c:1538
 get_random_bytes+0x11e/0x300 drivers/char/random.c:1551
 eth_random_addr include/linux/etherdevice.h:232 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:752 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:802 [inline]
 nsim_dev_trap_report_work+0x4d3/0x1100 drivers/net/netdevsim/dev.c:843
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Local variable buf created at:
 crng_reseed+0x6c/0xf70 drivers/char/random.c:945
 _extract_crng+0x1fc/0x4d0 drivers/char/random.c:996

CPU: 1 PID: 17890 Comm: syz-executor.5 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/01/01 22:12 https://github.com/google/kmsan.git master 81c325bbf94e e1768e9c .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in nf_tables_newchain
* Struck through repros no longer work on HEAD.