syzbot

 sign-in | mailing list | source | docs
🐞 Open [978] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12498] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in nla_find

Status: auto-closed as invalid on 2020/06/09 12:27
Subsystems: bpf net
[Documentation on labels]
First crash: 1505d, last: 1505d

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in nla_ok include/net/netlink.h:1094 [inline]
BUG: KMSAN: uninit-value in nla_find+0x1cf/0x280 lib/nlattr.c:496
CPU: 1 PID: 27123 Comm: syz-executor.4 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 nla_ok include/net/netlink.h:1094 [inline]
 nla_find+0x1cf/0x280 lib/nlattr.c:496
 ____bpf_skb_get_nlattr net/core/filter.c:147 [inline]
 bpf_skb_get_nlattr+0x1e6/0x290 net/core/filter.c:134

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310
 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267
 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:116
 skb_put_data include/linux/skbuff.h:2254 [inline]
 netlink_to_full_skb net/netlink/af_netlink.c:168 [inline]
 __netlink_deliver_tap_skb net/netlink/af_netlink.c:285 [inline]
 __netlink_deliver_tap net/netlink/af_netlink.c:312 [inline]
 netlink_deliver_tap+0x6ed/0xea0 net/netlink/af_netlink.c:325
 netlink_deliver_tap_kernel net/netlink/af_netlink.c:334 [inline]
 netlink_unicast_kernel net/netlink/af_netlink.c:1301 [inline]
 netlink_unicast+0xe87/0x1100 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x1246/0x14d0 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x12b6/0x1350 net/socket.c:2343
 ___sys_sendmsg net/socket.c:2397 [inline]
 __sys_sendmsg+0x451/0x5f0 net/socket.c:2430
 __do_sys_sendmsg net/socket.c:2439 [inline]
 __se_sys_sendmsg+0x97/0xb0 net/socket.c:2437
 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2437
 do_syscall_64+0xb8/0x160 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Uninit was created at:
 kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:144
 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:307 [inline]
 kmsan_alloc_page+0x12a/0x310 mm/kmsan/kmsan_shadow.c:336
 __alloc_pages_nodemask+0x5712/0x5e80 mm/page_alloc.c:4775
 alloc_pages_current+0x67d/0x990 mm/mempolicy.c:2211
 alloc_pages include/linux/gfp.h:534 [inline]
 __vmalloc_area_node mm/vmalloc.c:2510 [inline]
 __vmalloc_node_range+0x839/0x11c0 mm/vmalloc.c:2574
 __vmalloc_node mm/vmalloc.c:2629 [inline]
 __vmalloc_node_flags mm/vmalloc.c:2643 [inline]
 vmalloc+0x106/0x120 mm/vmalloc.c:2668
 netlink_alloc_large_skb net/netlink/af_netlink.c:1179 [inline]
 netlink_sendmsg+0xd64/0x14d0 net/netlink/af_netlink.c:1892
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x12b6/0x1350 net/socket.c:2343
 ___sys_sendmsg net/socket.c:2397 [inline]
 __sys_sendmsg+0x451/0x5f0 net/socket.c:2430
 __do_sys_sendmsg net/socket.c:2439 [inline]
 __se_sys_sendmsg+0x97/0xb0 net/socket.c:2437
 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2437
 do_syscall_64+0xb8/0x160 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/11 12:22 https://github.com/google/kmsan.git master 8bbbc5cf3dca 35f53e45 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.