syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [984] ≡ Subsystems 🐞 Fixed [5216] 🐞 Invalid [12476] ⬇ Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
===================================================== BUG: KMSAN: uninit-value in nf_ip_checksum+0x758/0x770 net/netfilter/utils.c:21 CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.5.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf8/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 nf_ip_checksum+0x758/0x770 net/netfilter/utils.c:21 nf_nat_icmp_reply_translation+0x2ba/0x970 net/netfilter/nf_nat_proto.c:567 nf_nat_ipv4_fn net/netfilter/nf_nat_proto.c:626 [inline] nf_nat_ipv4_in+0x2a7/0x580 net/netfilter/nf_nat_proto.c:644 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline] nf_hook_slow+0x18b/0x3f0 net/netfilter/core.c:512 nf_hook include/linux/netfilter.h:262 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ip_rcv+0x259/0x750 net/ipv4/ip_input.c:538 __netif_receive_skb_one_core net/core/dev.c:5150 [inline] __netif_receive_skb net/core/dev.c:5264 [inline] process_backlog+0xece/0x13c0 net/core/dev.c:6095 napi_poll net/core/dev.c:6532 [inline] net_rx_action+0x7a6/0x1aa0 net/core/dev.c:6600 __do_softirq+0x4a1/0x83a kernel/softirq.c:293 run_ksoftirqd+0x25/0x40 kernel/softirq.c:607 smpboot_thread_fn+0x4a3/0x990 kernel/smpboot.c:165 kthread+0x4b5/0x4f0 kernel/kthread.c:256 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xc5/0x140 mm/kmsan/kmsan.c:310 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165 __skb_checksum_complete+0x419/0x530 net/core/skbuff.c:2859 nf_ip_checksum+0x567/0x770 net/netfilter/utils.c:36 nf_nat_icmp_reply_translation+0x2ba/0x970 net/netfilter/nf_nat_proto.c:567 nf_nat_ipv4_fn net/netfilter/nf_nat_proto.c:626 [inline] nf_nat_ipv4_local_fn+0x215/0x840 net/netfilter/nf_nat_proto.c:697 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline] nf_hook_slow+0x18b/0x3f0 net/netfilter/core.c:512 nf_hook include/linux/netfilter.h:262 [inline] __ip_local_out+0x69b/0x800 net/ipv4/ip_output.c:114 ip_local_out net/ipv4/ip_output.c:123 [inline] ip_send_skb net/ipv4/ip_output.c:1562 [inline] ip_push_pending_frames+0x16f/0x460 net/ipv4/ip_output.c:1582 icmp_push_reply+0x692/0x750 net/ipv4/icmp.c:390 __icmp_send+0x2358/0x30d0 net/ipv4/icmp.c:740 ipv4_send_dest_unreach net/ipv4/route.c:1220 [inline] ipv4_link_failure+0x73c/0xaf0 net/ipv4/route.c:1227 dst_link_failure include/net/dst.h:419 [inline] arp_error_report+0x106/0x1a0 net/ipv4/arp.c:293 neigh_invalidate+0x362/0x8f0 net/core/neighbour.c:996 neigh_timer_handler+0xdc0/0x14c0 net/core/neighbour.c:1082 call_timer_fn+0x232/0x530 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers+0xd60/0x1270 kernel/time/timer.c:1773 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786 __do_softirq+0x4a1/0x83a kernel/softirq.c:293 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xc5/0x140 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x25c/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x44/0x50 mm/kmsan/kmsan_instr.c:116 csum_partial_copy+0xae/0x100 lib/checksum.c:174 skb_copy_and_csum_bits+0x205/0x10b0 net/core/skbuff.c:2738 icmp_glue_bits+0x16b/0x380 net/ipv4/icmp.c:353 __ip_append_data+0x46a6/0x5500 net/ipv4/ip_output.c:1133 ip_append_data+0x328/0x480 net/ipv4/ip_output.c:1317 icmp_push_reply+0x210/0x750 net/ipv4/icmp.c:371 __icmp_send+0x2358/0x30d0 net/ipv4/icmp.c:740 ipv4_send_dest_unreach net/ipv4/route.c:1220 [inline] ipv4_link_failure+0x73c/0xaf0 net/ipv4/route.c:1227 dst_link_failure include/net/dst.h:419 [inline] arp_error_report+0x106/0x1a0 net/ipv4/arp.c:293 neigh_invalidate+0x362/0x8f0 net/core/neighbour.c:996 neigh_timer_handler+0xdc0/0x14c0 net/core/neighbour.c:1082 call_timer_fn+0x232/0x530 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers+0xd60/0x1270 kernel/time/timer.c:1773 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786 __do_softirq+0x4a1/0x83a kernel/softirq.c:293 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xc5/0x140 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x25c/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x44/0x50 mm/kmsan/kmsan_instr.c:116 skb_put_data include/linux/skbuff.h:2235 [inline] sctp_packet_pack net/sctp/output.c:470 [inline] sctp_packet_transmit+0x1dd1/0x4380 net/sctp/output.c:597 sctp_outq_flush_transports net/sctp/outqueue.c:1146 [inline] sctp_outq_flush+0x1823/0x5d80 net/sctp/outqueue.c:1194 sctp_outq_uncork+0xd0/0xf0 net/sctp/outqueue.c:757 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1786 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1189 [inline] sctp_do_sm+0x9105/0x9760 net/sctp/sm_sideeffect.c:1160 sctp_generate_heartbeat_event+0x3c6/0x5a0 net/sctp/sm_sideeffect.c:391 call_timer_fn+0x232/0x530 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers+0xd60/0x1270 kernel/time/timer.c:1773 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786 __do_softirq+0x4a1/0x83a kernel/softirq.c:293 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xc5/0x140 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x25c/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x44/0x50 mm/kmsan/kmsan_instr.c:116 skb_put_data include/linux/skbuff.h:2235 [inline] sctp_addto_chunk+0x21c/0x430 net/sctp/sm_make_chunk.c:1494 sctp_make_heartbeat+0x4eb/0x700 net/sctp/sm_make_chunk.c:1164 sctp_sf_heartbeat net/sctp/sm_statefuns.c:990 [inline] sctp_sf_sendbeat_8_3+0x18d/0xb10 net/sctp/sm_statefuns.c:1034 sctp_do_sm+0x2b4/0x9760 net/sctp/sm_sideeffect.c:1157 sctp_generate_heartbeat_event+0x3c6/0x5a0 net/sctp/sm_sideeffect.c:391 call_timer_fn+0x232/0x530 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers+0xd60/0x1270 kernel/time/timer.c:1773 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786 __do_softirq+0x4a1/0x83a kernel/softirq.c:293 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xc5/0x140 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x25c/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x44/0x50 mm/kmsan/kmsan_instr.c:116 sctp_make_heartbeat+0x3f7/0x700 net/sctp/sm_make_chunk.c:1156 sctp_sf_heartbeat net/sctp/sm_statefuns.c:990 [inline] sctp_sf_sendbeat_8_3+0x18d/0xb10 net/sctp/sm_statefuns.c:1034 sctp_do_sm+0x2b4/0x9760 net/sctp/sm_sideeffect.c:1157 sctp_generate_heartbeat_event+0x3c6/0x5a0 net/sctp/sm_sideeffect.c:391 call_timer_fn+0x232/0x530 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers+0xd60/0x1270 kernel/time/timer.c:1773 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786 __do_softirq+0x4a1/0x83a kernel/softirq.c:293 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xc5/0x140 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x25c/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x44/0x50 mm/kmsan/kmsan_instr.c:116 sctp_transport_init net/sctp/transport.c:47 [inline] sctp_transport_new+0x248/0xa20 net/sctp/transport.c:100 sctp_assoc_add_peer+0x5ba/0x2120 net/sctp/associola.c:617 sctp_process_param net/sctp/sm_make_chunk.c:2524 [inline] sctp_process_init+0x162b/0x3e30 net/sctp/sm_make_chunk.c:2345 sctp_sf_do_5_1D_ce+0xe0f/0x30d0 net/sctp/sm_statefuns.c:767 sctp_do_sm+0x2b4/0x9760 net/sctp/sm_sideeffect.c:1157 sctp_endpoint_bh_rcv+0xd99/0x1040 net/sctp/endpointola.c:395 sctp_inq_push+0x300/0x420 net/sctp/inqueue.c:80 sctp_rcv+0x4ba4/0x54b0 net/sctp/input.c:256 ip_protocol_deliver_rcu+0x70f/0xbd0 net/ipv4/ip_input.c:204 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] ip_local_deliver+0x62a/0x7c0 net/ipv4/ip_input.c:252 dst_input include/net/dst.h:442 [inline] ip_rcv_finish net/ipv4/ip_input.c:428 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] ip_rcv+0x6cf/0x750 net/ipv4/ip_input.c:538 __netif_receive_skb_one_core net/core/dev.c:5150 [inline] __netif_receive_skb net/core/dev.c:5264 [inline] process_backlog+0xece/0x13c0 net/core/dev.c:6095 napi_poll net/core/dev.c:6532 [inline] net_rx_action+0x7a6/0x1aa0 net/core/dev.c:6600 __do_softirq+0x4a1/0x83a kernel/softirq.c:293 Local variable ----addr.i@sctp_process_init created at: sctp_process_param net/sctp/sm_make_chunk.c:2495 [inline] sctp_process_init+0x603/0x3e30 net/sctp/sm_make_chunk.c:2345 sctp_process_param net/sctp/sm_make_chunk.c:2495 [inline] sctp_process_init+0x603/0x3e30 net/sctp/sm_make_chunk.c:2345 =====================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2019/12/30 13:15 | https://github.com/google/kmsan.git master | 997a8b55bc92 | af6b8ef8 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/12/26 02:29 | https://github.com/google/kmsan.git master | 997a8b55bc92 | be5c2c81 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/12/23 14:59 | https://github.com/google/kmsan.git master | 997a8b55bc92 | be5c2c81 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/12/14 02:39 | https://github.com/google/kmsan.git master | 9a058e738795 | 5b2ca5da | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/11/26 18:56 | https://github.com/google/kmsan.git master | df335139222b | 1048481f | .config | console log | report | ci-upstream-kmsan-gce |