syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kmsan boot error: KMSAN: uninit-value in tcp_conn_request

Status: fixed on 2022/03/08 16:11
Subsystems: net
[Documentation on labels]
Fix commit: a37a0ee4d25c net: avoid uninit-value from tcp_conn_request
First crash: 882d, last: 878d

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in sk_rx_queue_set include/net/sock.h:1922 [inline]
BUG: KMSAN: uninit-value in tcp_conn_request+0x3bcc/0x4dc0 net/ipv4/tcp_input.c:6922
 sk_rx_queue_set include/net/sock.h:1922 [inline]
 tcp_conn_request+0x3bcc/0x4dc0 net/ipv4/tcp_input.c:6922
 tcp_v4_conn_request+0x218/0x2a0 net/ipv4/tcp_ipv4.c:1528
 tcp_rcv_state_process+0x2c5/0x3290 net/ipv4/tcp_input.c:6406
 tcp_v4_do_rcv+0xb4e/0x1330 net/ipv4/tcp_ipv4.c:1738
 tcp_v4_rcv+0x468d/0x4ed0 net/ipv4/tcp_ipv4.c:2100
 ip_protocol_deliver_rcu+0x760/0x10b0 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_local_deliver+0x584/0x8c0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:460 [inline]
 ip_sublist_rcv_finish net/ipv4/ip_input.c:551 [inline]
 ip_list_rcv_finish net/ipv4/ip_input.c:601 [inline]
 ip_sublist_rcv+0x11fd/0x1520 net/ipv4/ip_input.c:609
 ip_list_rcv+0x95f/0x9a0 net/ipv4/ip_input.c:644
 __netif_receive_skb_list_ptype net/core/dev.c:5505 [inline]
 __netif_receive_skb_list_core+0xe34/0x1240 net/core/dev.c:5553
 __netif_receive_skb_list+0x7fc/0x960 net/core/dev.c:5605
 netif_receive_skb_list_internal+0x868/0xde0 net/core/dev.c:5696
 gro_normal_list net/core/dev.c:5850 [inline]
 napi_complete_done+0x579/0xdd0 net/core/dev.c:6587
 virtqueue_napi_complete drivers/net/virtio_net.c:339 [inline]
 virtnet_poll+0x17b6/0x2350 drivers/net/virtio_net.c:1557
 __napi_poll+0x14e/0xbc0 net/core/dev.c:7020
 napi_poll net/core/dev.c:7087 [inline]
 net_rx_action+0x824/0x1880 net/core/dev.c:7174
 __do_softirq+0x1fe/0x7eb kernel/softirq.c:558
 invoke_softirq+0xa4/0x130 kernel/softirq.c:432
 __irq_exit_rcu kernel/softirq.c:636 [inline]
 irq_exit_rcu+0x76/0x130 kernel/softirq.c:648
 common_interrupt+0xb6/0xd0 arch/x86/kernel/irq.c:240
 asm_common_interrupt+0x1e/0x40
 smap_restore arch/x86/include/asm/smap.h:67 [inline]
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:31 [inline]
 __msan_metadata_ptr_for_load_1+0x28/0x30 mm/kmsan/instrumentation.c:63
 tomoyo_check_acl+0x1b0/0x630 security/tomoyo/domain.c:173
 tomoyo_path_permission security/tomoyo/file.c:586 [inline]
 tomoyo_check_open_permission+0x61f/0xe10 security/tomoyo/file.c:777
 tomoyo_file_open+0x24f/0x2d0 security/tomoyo/tomoyo.c:311
 security_file_open+0xb1/0x1f0 security/security.c:1635
 do_dentry_open+0x4e4/0x1bf0 fs/open.c:809
 vfs_open+0xaf/0xe0 fs/open.c:957
 do_open fs/namei.c:3426 [inline]
 path_openat+0x52f1/0x5dd0 fs/namei.c:3559
 do_filp_open+0x306/0x760 fs/namei.c:3586
 do_sys_openat2+0x263/0x8f0 fs/open.c:1212
 do_sys_open fs/open.c:1228 [inline]
 __do_sys_open fs/open.c:1236 [inline]
 __se_sys_open fs/open.c:1232 [inline]
 __x64_sys_open+0x314/0x380 fs/open.c:1232
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 __alloc_pages+0xbc7/0x10a0 mm/page_alloc.c:5409
 alloc_pages+0x8a5/0xb80
 alloc_slab_page mm/slub.c:1810 [inline]
 allocate_slab+0x287/0x1c20 mm/slub.c:1947
 new_slab mm/slub.c:2010 [inline]
 ___slab_alloc+0xbdf/0x1e90 mm/slub.c:3039
 __slab_alloc mm/slub.c:3126 [inline]
 slab_alloc_node mm/slub.c:3217 [inline]
 slab_alloc mm/slub.c:3259 [inline]
 kmem_cache_alloc+0xbb3/0x11c0 mm/slub.c:3264
 reqsk_alloc include/net/request_sock.h:91 [inline]
 inet_reqsk_alloc+0xaf/0x8b0 net/ipv4/tcp_input.c:6712
 tcp_conn_request+0x910/0x4dc0 net/ipv4/tcp_input.c:6852
 tcp_v4_conn_request+0x218/0x2a0 net/ipv4/tcp_ipv4.c:1528
 tcp_rcv_state_process+0x2c5/0x3290 net/ipv4/tcp_input.c:6406
 tcp_v4_do_rcv+0xb4e/0x1330 net/ipv4/tcp_ipv4.c:1738
 tcp_v4_rcv+0x468d/0x4ed0 net/ipv4/tcp_ipv4.c:2100
 ip_protocol_deliver_rcu+0x760/0x10b0 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_local_deliver+0x584/0x8c0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:460 [inline]
 ip_sublist_rcv_finish net/ipv4/ip_input.c:551 [inline]
 ip_list_rcv_finish net/ipv4/ip_input.c:601 [inline]
 ip_sublist_rcv+0x11fd/0x1520 net/ipv4/ip_input.c:609
 ip_list_rcv+0x95f/0x9a0 net/ipv4/ip_input.c:644
 __netif_receive_skb_list_ptype net/core/dev.c:5505 [inline]
 __netif_receive_skb_list_core+0xe34/0x1240 net/core/dev.c:5553
 __netif_receive_skb_list+0x7fc/0x960 net/core/dev.c:5605
 netif_receive_skb_list_internal+0x868/0xde0 net/core/dev.c:5696
 gro_normal_list net/core/dev.c:5850 [inline]
 napi_complete_done+0x579/0xdd0 net/core/dev.c:6587
 virtqueue_napi_complete drivers/net/virtio_net.c:339 [inline]
 virtnet_poll+0x17b6/0x2350 drivers/net/virtio_net.c:1557
 __napi_poll+0x14e/0xbc0 net/core/dev.c:7020
 napi_poll net/core/dev.c:7087 [inline]
 net_rx_action+0x824/0x1880 net/core/dev.c:7174
 __do_softirq+0x1fe/0x7eb kernel/softirq.c:558
=====================================================

Crashes (27):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/11/30 11:31 https://github.com/google/kmsan.git master c49ed0f0c20a 80270552 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/30 11:31 https://github.com/google/kmsan.git master c49ed0f0c20a 80270552 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/30 11:31 https://github.com/google/kmsan.git master c49ed0f0c20a 80270552 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 15:35 https://github.com/google/kmsan.git master c49ed0f0c20a d0830353 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 15:35 https://github.com/google/kmsan.git master c49ed0f0c20a d0830353 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 15:35 https://github.com/google/kmsan.git master c49ed0f0c20a d0830353 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 14:50 https://github.com/google/kmsan.git master fd15afa4c7d6 d0830353 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 14:50 https://github.com/google/kmsan.git master fd15afa4c7d6 d0830353 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 10:30 https://github.com/google/kmsan.git master fd15afa4c7d6 63eeac02 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 10:30 https://github.com/google/kmsan.git master fd15afa4c7d6 63eeac02 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 10:30 https://github.com/google/kmsan.git master fd15afa4c7d6 63eeac02 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/26 17:23 https://github.com/google/kmsan.git master 2f7561f04230 63eeac02 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/26 17:23 https://github.com/google/kmsan.git master 2f7561f04230 63eeac02 .config console log report ci-upstream-kmsan-gce kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/30 11:03 https://github.com/google/kmsan.git master c49ed0f0c20a 80270552 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/30 11:03 https://github.com/google/kmsan.git master c49ed0f0c20a 80270552 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/30 11:03 https://github.com/google/kmsan.git master c49ed0f0c20a 80270552 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 15:54 https://github.com/google/kmsan.git master c49ed0f0c20a d0830353 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 15:54 https://github.com/google/kmsan.git master c49ed0f0c20a d0830353 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 15:54 https://github.com/google/kmsan.git master c49ed0f0c20a d0830353 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 15:08 https://github.com/google/kmsan.git master fd15afa4c7d6 d0830353 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 15:08 https://github.com/google/kmsan.git master fd15afa4c7d6 d0830353 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 10:12 https://github.com/google/kmsan.git master fd15afa4c7d6 63eeac02 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 10:12 https://github.com/google/kmsan.git master fd15afa4c7d6 63eeac02 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/29 10:12 https://github.com/google/kmsan.git master fd15afa4c7d6 63eeac02 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/26 17:41 https://github.com/google/kmsan.git master 2f7561f04230 63eeac02 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/26 17:41 https://github.com/google/kmsan.git master 2f7561f04230 63eeac02 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
2021/11/26 17:41 https://github.com/google/kmsan.git master 2f7561f04230 63eeac02 .config console log report ci-upstream-kmsan-gce-386 kmsan boot error: KMSAN: uninit-value in tcp_conn_request
* Struck through repros no longer work on HEAD.