syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [984] ≡ Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] ⬇ Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
===================================================== BUG: KMSAN: uninit-value in napi_gro_receive+0x5fd/0xb90 net/core/dev.c:5704 CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x191/0x1f0 lib/dump_stack.c:113 kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108 __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250 dev_gro_receive+0x1ee7/0x32e0 net/core/dev.c:5615 napi_gro_receive+0x5fd/0xb90 net/core/dev.c:5704 gro_cell_poll+0x25c/0x3f0 net/core/gro_cells.c:60 napi_poll net/core/dev.c:6352 [inline] net_rx_action+0x74b/0x1950 net/core/dev.c:6418 __do_softirq+0x4a1/0x83a kernel/softirq.c:293 run_ksoftirqd+0x25/0x40 kernel/softirq.c:607 smpboot_thread_fn+0x4a3/0x990 kernel/smpboot.c:165 kthread+0x4b5/0x4f0 kernel/kthread.c:256 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:150 [inline] kmsan_internal_chain_origin+0xd2/0x170 mm/kmsan/kmsan.c:314 __msan_chain_origin+0x6b/0xe0 mm/kmsan/kmsan_instr.c:184 __skb_pull include/linux/skbuff.h:2247 [inline] skb_pull_inline include/linux/skbuff.h:2254 [inline] eth_type_trans+0x683/0xa90 net/ethernet/eth.c:165 ip_tunnel_rcv+0xf47/0x1be0 net/ipv4/ip_tunnel.c:416 erspan_rcv net/ipv4/ip_gre.c:321 [inline] gre_rcv+0x1526/0x1900 net/ipv4/ip_gre.c:415 gre_rcv+0x2dd/0x3c0 net/ipv4/gre_demux.c:155 ip_protocol_deliver_rcu+0x722/0xbc0 net/ipv4/ip_input.c:204 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ip_local_deliver+0x62a/0x7c0 net/ipv4/ip_input.c:252 dst_input include/net/dst.h:442 [inline] ip_rcv_finish net/ipv4/ip_input.c:413 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ip_rcv+0x6c5/0x740 net/ipv4/ip_input.c:523 __netif_receive_skb_one_core net/core/dev.c:5004 [inline] __netif_receive_skb net/core/dev.c:5118 [inline] process_backlog+0xef5/0x1410 net/core/dev.c:5929 napi_poll net/core/dev.c:6352 [inline] net_rx_action+0x74b/0x1950 net/core/dev.c:6418 __do_softirq+0x4a1/0x83a kernel/softirq.c:293 invoke_softirq kernel/softirq.c:375 [inline] irq_exit+0x230/0x280 kernel/softirq.c:416 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:537 smp_apic_timer_interrupt+0x48/0x70 arch/x86/kernel/apic/apic.c:1135 apic_timer_interrupt+0x2e/0x40 arch/x86/entry/entry_64.S:837 native_restore_fl arch/x86/include/asm/irqflags.h:41 [inline] arch_local_irq_restore arch/x86/include/asm/irqflags.h:84 [inline] __msan_poison_alloca+0x147/0x1b0 mm/kmsan/kmsan_instr.c:224 native_save_fl kernel/softirq.c:169 [inline] arch_local_save_flags arch/x86/include/asm/irqflags.h:79 [inline] arch_local_irq_save arch/x86/include/asm/irqflags.h:120 [inline] do_softirq kernel/softirq.c:333 [inline] __local_bh_enable_ip+0xea/0x1d0 kernel/softirq.c:190 local_bh_enable+0x36/0x40 include/linux/bottom_half.h:32 rcu_read_unlock_bh include/linux/rcupdate.h:681 [inline] ip_finish_output2+0x20dc/0x25d0 net/ipv4/ip_output.c:229 __ip_finish_output+0xaf8/0xda0 net/ipv4/ip_output.c:308 ip_finish_output+0x2db/0x420 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip_output+0x541/0x610 net/ipv4/ip_output.c:432 dst_output include/net/dst.h:436 [inline] ip_local_out net/ipv4/ip_output.c:125 [inline] ip_send_skb+0x179/0x360 net/ipv4/ip_output.c:1554 udp_send_skb+0xeda/0x1870 net/ipv4/udp.c:887 udp_sendmsg+0x397c/0x4170 net/ipv4/udp.c:1174 inet_sendmsg+0x276/0x2e0 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg net/socket.c:657 [inline] ___sys_sendmsg+0x12c4/0x1590 net/socket.c:2311 __sys_sendmmsg+0x53a/0xae0 net/socket.c:2413 __do_sys_sendmmsg net/socket.c:2442 [inline] __se_sys_sendmmsg+0xbd/0xe0 net/socket.c:2439 __x64_sys_sendmmsg+0x56/0x70 net/socket.c:2439 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x63/0xe7 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:150 [inline] kmsan_internal_chain_origin+0xd2/0x170 mm/kmsan/kmsan.c:314 __msan_chain_origin+0x6b/0xe0 mm/kmsan/kmsan_instr.c:184 __skb_pull include/linux/skbuff.h:2247 [inline] skb_pull_rcsum+0x2d4/0x500 net/core/skbuff.c:3616 __iptunnel_pull_header+0x14d/0xbc0 net/ipv4/ip_tunnel_core.c:94 erspan_rcv net/ipv4/ip_gre.c:279 [inline] gre_rcv+0x6d9/0x1900 net/ipv4/ip_gre.c:415 gre_rcv+0x2dd/0x3c0 net/ipv4/gre_demux.c:155 ip_protocol_deliver_rcu+0x722/0xbc0 net/ipv4/ip_input.c:204 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ip_local_deliver+0x62a/0x7c0 net/ipv4/ip_input.c:252 dst_input include/net/dst.h:442 [inline] ip_rcv_finish net/ipv4/ip_input.c:413 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ip_rcv+0x6c5/0x740 net/ipv4/ip_input.c:523 __netif_receive_skb_one_core net/core/dev.c:5004 [inline] __netif_receive_skb net/core/dev.c:5118 [inline] process_backlog+0xef5/0x1410 net/core/dev.c:5929 napi_poll net/core/dev.c:6352 [inline] net_rx_action+0x74b/0x1950 net/core/dev.c:6418 __do_softirq+0x4a1/0x83a kernel/softirq.c:293 invoke_softirq kernel/softirq.c:375 [inline] irq_exit+0x230/0x280 kernel/softirq.c:416 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:537 smp_apic_timer_interrupt+0x48/0x70 arch/x86/kernel/apic/apic.c:1135 apic_timer_interrupt+0x2e/0x40 arch/x86/entry/entry_64.S:837 native_restore_fl arch/x86/include/asm/irqflags.h:41 [inline] arch_local_irq_restore arch/x86/include/asm/irqflags.h:84 [inline] __msan_poison_alloca+0x147/0x1b0 mm/kmsan/kmsan_instr.c:224 native_save_fl kernel/softirq.c:169 [inline] arch_local_save_flags arch/x86/include/asm/irqflags.h:79 [inline] arch_local_irq_save arch/x86/include/asm/irqflags.h:120 [inline] do_softirq kernel/softirq.c:333 [inline] __local_bh_enable_ip+0xea/0x1d0 kernel/softirq.c:190 local_bh_enable+0x36/0x40 include/linux/bottom_half.h:32 rcu_read_unlock_bh include/linux/rcupdate.h:681 [inline] ip_finish_output2+0x20dc/0x25d0 net/ipv4/ip_output.c:229 __ip_finish_output+0xaf8/0xda0 net/ipv4/ip_output.c:308 ip_finish_output+0x2db/0x420 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip_output+0x541/0x610 net/ipv4/ip_output.c:432 dst_output include/net/dst.h:436 [inline] ip_local_out net/ipv4/ip_output.c:125 [inline] ip_send_skb+0x179/0x360 net/ipv4/ip_output.c:1554 udp_send_skb+0xeda/0x1870 net/ipv4/udp.c:887 udp_sendmsg+0x397c/0x4170 net/ipv4/udp.c:1174 inet_sendmsg+0x276/0x2e0 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg net/socket.c:657 [inline] ___sys_sendmsg+0x12c4/0x1590 net/socket.c:2311 __sys_sendmmsg+0x53a/0xae0 net/socket.c:2413 __do_sys_sendmmsg net/socket.c:2442 [inline] __se_sys_sendmmsg+0xbd/0xe0 net/socket.c:2439 __x64_sys_sendmmsg+0x56/0x70 net/socket.c:2439 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x63/0xe7 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:150 [inline] kmsan_internal_chain_origin+0xd2/0x170 mm/kmsan/kmsan.c:314 kmsan_memcpy_memmove_metadata+0x25b/0x2d0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x56/0x70 mm/kmsan/kmsan_instr.c:129 pskb_expand_head+0x38a/0x19f0 net/core/skbuff.c:1637 __skb_cow include/linux/skbuff.h:3060 [inline] skb_cow_head include/linux/skbuff.h:3094 [inline] ip_tunnel_xmit+0x2971/0x3320 net/ipv4/ip_tunnel.c:811 __gre_xmit net/ipv4/ip_gre.c:444 [inline] erspan_xmit+0x1ef8/0x35c0 net/ipv4/ip_gre.c:679 __netdev_start_xmit include/linux/netdevice.h:4406 [inline] netdev_start_xmit include/linux/netdevice.h:4420 [inline] xmit_one net/core/dev.c:3280 [inline] dev_hard_start_xmit+0x51a/0xab0 net/core/dev.c:3296 sch_direct_xmit+0x56c/0x18c0 net/sched/sch_generic.c:309 __dev_xmit_skb net/core/dev.c:3477 [inline] __dev_queue_xmit+0x1e53/0x4270 net/core/dev.c:3838 dev_queue_xmit+0x4b/0x60 net/core/dev.c:3902 neigh_resolve_output+0xab7/0xb50 net/core/neighbour.c:1490 neigh_output include/net/neighbour.h:511 [inline] ip_finish_output2+0x1a8e/0x25d0 net/ipv4/ip_output.c:228 __ip_finish_output+0xaf8/0xda0 net/ipv4/ip_output.c:308 ip_finish_output+0x2db/0x420 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip_output+0x541/0x610 net/ipv4/ip_output.c:432 dst_output include/net/dst.h:436 [inline] ip_local_out net/ipv4/ip_output.c:125 [inline] ip_send_skb+0x179/0x360 net/ipv4/ip_output.c:1554 udp_send_skb+0xeda/0x1870 net/ipv4/udp.c:887 udp_sendmsg+0x397c/0x4170 net/ipv4/udp.c:1174 inet_sendmsg+0x276/0x2e0 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg net/socket.c:657 [inline] ___sys_sendmsg+0x12c4/0x1590 net/socket.c:2311 __sys_sendmmsg+0x53a/0xae0 net/socket.c:2413 __do_sys_sendmmsg net/socket.c:2442 [inline] __se_sys_sendmmsg+0xbd/0xe0 net/socket.c:2439 __x64_sys_sendmmsg+0x56/0x70 net/socket.c:2439 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x63/0xe7 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:150 [inline] kmsan_internal_poison_shadow+0x53/0x100 mm/kmsan/kmsan.c:134 kmsan_slab_alloc+0xaa/0x120 mm/kmsan/kmsan_hooks.c:103 slab_alloc_node mm/slub.c:2790 [inline] __kmalloc_node_track_caller+0xb55/0x1320 mm/slub.c:4388 __kmalloc_reserve net/core/skbuff.c:141 [inline] __alloc_skb+0x306/0xa10 net/core/skbuff.c:209 alloc_skb include/linux/skbuff.h:1056 [inline] alloc_skb_with_frags+0x18c/0xa80 net/core/skbuff.c:5628 sock_alloc_send_pskb+0xafd/0x10a0 net/core/sock.c:2232 sock_alloc_send_skb+0xca/0xe0 net/core/sock.c:2249 __ip_append_data+0x375d/0x52f0 net/ipv4/ip_output.c:1087 ip_make_skb+0x392/0x890 net/ipv4/ip_output.c:1620 udp_sendmsg+0x367e/0x4170 net/ipv4/udp.c:1169 inet_sendmsg+0x276/0x2e0 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg net/socket.c:657 [inline] ___sys_sendmsg+0x12c4/0x1590 net/socket.c:2311 __sys_sendmmsg+0x53a/0xae0 net/socket.c:2413 __do_sys_sendmmsg net/socket.c:2442 [inline] __se_sys_sendmmsg+0xbd/0xe0 net/socket.c:2439 __x64_sys_sendmmsg+0x56/0x70 net/socket.c:2439 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x63/0xe7 =====================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2019/10/06 08:33 | https://github.com/google/kmsan.git master | 1e76a3e537c3 | f3f7d9c8 | .config | console log | report | ci-upstream-kmsan-gce |