syzbot


KMSAN: uninit-value in br_dev_xmit

Status: auto-obsoleted due to no activity on 2023/05/15 13:28
Subsystems: bridge
[Documentation on labels]
Reported-by: syzbot+18c8b623c66fc198c493@syzkaller.appspotmail.com
First crash: 1486d, last: 428d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH net] net: bridge: fix stale eth hdr pointer in br_dev_xmit 6 (6) 2020/02/24 19:13
KMSAN: uninit-value in br_dev_xmit 1 (3) 2020/02/24 09:47
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 KASAN: use-after-free Read in br_dev_xmit C error 13 466d 821d 0/1 upstream: reported C repro on 2021/12/19 03:10
upstream KMSAN: uninit-value in erspan_build_header net 40 433d 523d 0/26 auto-obsoleted due to no activity on 2023/05/10 10:26
upstream KMSAN: uninit-value in bpf_prog_run_generic_xdp can bpf C 184 2d13h 486d 0/26 upstream: reported C repro on 2022/11/18 11:39
upstream KMSAN: uninit-value in ip_tunnel_xmit (3) net C 1516 529d 1216d 0/26 closed as invalid on 2022/10/12 18:48
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 388d 740d 22/26 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in IP6_ECN_decapsulate net C 981 90d 2006d 25/26 fixed on 2023/12/21 03:45
upstream KMSAN: uninit-value in batadv_get_vid batman C 1947 380d 1484d 0/26 auto-obsoleted due to no activity on 2023/07/23 05:56
upstream KMSAN: uninit-value in eth_type_trans (2) net C 4229 1d02h 1517d 0/26 upstream: reported C repro on 2020/01/22 16:47
Last patch testing requests (4)
Created Duration User Patch Repo Result
2023/04/25 13:30 32m retest repro https://github.com/google/kmsan.git master OK log
2023/04/25 13:28 22m retest repro https://github.com/google/kmsan.git master OK log
2022/12/11 21:31 20m retest repro https://github.com/google/kmsan.git master report log
2022/09/02 16:27 20m retest repro https://github.com/google/kmsan.git master report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in br_dev_xmit+0x99a/0x1730 net/bridge/br_device.c:64
CPU: 0 PID: 11855 Comm: syz-executor414 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 br_dev_xmit+0x99a/0x1730 net/bridge/br_device.c:64
 __netdev_start_xmit include/linux/netdevice.h:4524 [inline]
 netdev_start_xmit include/linux/netdevice.h:4538 [inline]
 xmit_one net/core/dev.c:3470 [inline]
 dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3486
 __dev_queue_xmit+0x37de/0x4220 net/core/dev.c:4063
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4096
 __bpf_tx_skb net/core/filter.c:2061 [inline]
 __bpf_redirect_common net/core/filter.c:2100 [inline]
 __bpf_redirect+0x11d5/0x1440 net/core/filter.c:2107
 ____bpf_clone_redirect net/core/filter.c:2140 [inline]
 bpf_clone_redirect+0x466/0x620 net/core/filter.c:2112
 bpf_prog_a481c1313990ee2c+0x554/0x1000
 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline]
 bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48
 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388
 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline]
 __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414
 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline]
 __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f39d99
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000ff88460c EFLAGS: 00000246 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000040
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000005b
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127
 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:82
 slab_alloc_node mm/slub.c:2793 [inline]
 __kmalloc_node_track_caller+0xb40/0x1200 mm/slub.c:4401
 __kmalloc_reserve net/core/skbuff.c:142 [inline]
 pskb_expand_head+0x20b/0x1b00 net/core/skbuff.c:1629
 skb_ensure_writable+0x3ea/0x490 net/core/skbuff.c:5453
 __bpf_try_make_writable net/core/filter.c:1635 [inline]
 bpf_try_make_writable net/core/filter.c:1641 [inline]
 bpf_try_make_head_writable net/core/filter.c:1649 [inline]
 ____bpf_clone_redirect net/core/filter.c:2134 [inline]
 bpf_clone_redirect+0x251/0x620 net/core/filter.c:2112
 bpf_prog_a481c1313990ee2c+0x554/0x1000
 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline]
 bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48
 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388
 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline]
 __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414
 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline]
 __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
=====================================================

Crashes (537):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/02/24 09:46 https://github.com/google/kmsan.git master 8bbbc5cf3dca d801cb02 .config console log report syz C ci-upstream-kmsan-gce-386
2023/01/15 13:28 https://github.com/google/kmsan.git master e919e2b1bc1c a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/05/10 21:28 https://github.com/google/kmsan.git master d6e2c8c7eb40 8b277b8e .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/04/26 18:40 https://github.com/google/kmsan.git master e8cbf4e6e3e8 1fa34c1b .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/04/13 23:54 https://github.com/google/kmsan.git master 33d9269ef6e0 b17b2923 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/04/12 23:51 https://github.com/google/kmsan.git master 33d9269ef6e0 dacb3f1c .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/03/11 22:51 https://github.com/google/kmsan.git master 724946410067 9e8eaa75 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/02/18 15:48 https://github.com/google/kmsan.git master 85cfd6e539bd 3cd800e4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/02/02 13:33 https://github.com/google/kmsan.git master 85cfd6e539bd 4ebb2798 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/02/02 05:00 https://github.com/google/kmsan.git master 85cfd6e539bd 4ebb2798 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/02/01 00:55 https://github.com/google/kmsan.git master 85cfd6e539bd 6b7c57fe .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/23 18:03 https://github.com/google/kmsan.git master 85cfd6e539bd 214351e1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/21 12:28 https://github.com/google/kmsan.git master 85cfd6e539bd ab3d9f17 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/20 06:14 https://github.com/google/kmsan.git master fa3879a274df 5da9499f .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/20 06:14 https://github.com/google/kmsan.git master fa3879a274df 5da9499f .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/20 04:37 https://github.com/google/kmsan.git master fa3879a274df 5da9499f .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/12 01:53 https://github.com/google/kmsan.git master fa3879a274df 44d1319a .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/11 22:54 https://github.com/google/kmsan.git master fa3879a274df 44d1319a .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/11 17:03 https://github.com/google/kmsan.git master fa3879a274df 1884f55a .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/11 14:12 https://github.com/google/kmsan.git master fa3879a274df 1884f55a .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/11 10:22 https://github.com/google/kmsan.git master 81c325bbf94e 1884f55a .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/11 00:24 https://github.com/google/kmsan.git master 81c325bbf94e ddb0ab8c .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2022/01/10 21:43 https://github.com/google/kmsan.git master 81c325bbf94e ddb0ab8c .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/31 08:17 https://github.com/google/kmsan.git master 81c325bbf94e 36bd2e48 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/29 21:32 https://github.com/google/kmsan.git master 81c325bbf94e 6cc879d4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/27 20:54 https://github.com/google/kmsan.git master 81c325bbf94e 5140bd58 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/26 17:59 https://github.com/google/kmsan.git master 81c325bbf94e e4f103c4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/26 16:00 https://github.com/google/kmsan.git master 81c325bbf94e e4f103c4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/22 06:44 https://github.com/google/kmsan.git master 81c325bbf94e 6caa12e4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/17 08:54 https://github.com/google/kmsan.git master b0a8b5053e8b 44068e19 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/15 11:20 https://github.com/google/kmsan.git master d1daf229a313 f752fb53 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/15 01:07 https://github.com/google/kmsan.git master b1e1bb6f7a2e d018dd31 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/14 11:50 https://github.com/google/kmsan.git master d82a8a8ca942 5d14b1ea .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/10 12:59 https://github.com/google/kmsan.git master 8b936c96768e 4d4ce9bc .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/09 05:56 https://github.com/google/kmsan.git master 8b936c96768e a4a2a501 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/12/08 00:30 https://github.com/google/kmsan.git master 8b936c96768e 0230ba3e .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/14 22:32 https://github.com/google/kmsan.git master 57b5797c8013 94e0b707 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/14 10:41 https://github.com/google/kmsan.git master 57b5797c8013 484502bd .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/13 23:57 https://github.com/google/kmsan.git master 57b5797c8013 fa0594c3 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/13 07:58 https://github.com/google/kmsan.git master 57b5797c8013 f415556d .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/13 06:51 https://github.com/google/kmsan.git master 57b5797c8013 f415556d .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/08 10:39 https://github.com/google/kmsan.git master 57b5797c8013 95793bce .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/08 08:59 https://github.com/google/kmsan.git master 57b5797c8013 95793bce .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/07 11:38 https://github.com/google/kmsan.git master 57b5797c8013 4846d5c1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/07 11:19 https://github.com/google/kmsan.git master 57b5797c8013 4846d5c1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/07 06:03 https://github.com/google/kmsan.git master 57b5797c8013 cca78469 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/07 03:08 https://github.com/google/kmsan.git master 57b5797c8013 cca78469 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/04 09:43 https://github.com/google/kmsan.git master 57b5797c8013 55aa55c2 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/07/02 16:33 https://github.com/google/kmsan.git master 57b5797c8013 658ebc66 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in br_dev_xmit
2021/01/15 08:12 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config console log report info ci-upstream-kmsan-gce-386
2020/02/24 07:06 https://github.com/google/kmsan.git master 8bbbc5cf3dca d801cb02 .config console log report ci-upstream-kmsan-gce-386
2020/02/22 14:05 https://github.com/google/kmsan.git master 8bbbc5cf3dca 2c36e7a7 .config console log report ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.