syzbot


KMSAN: uninit-value in br_dev_xmit
Status: upstream: reported C repro on 2020/02/24 08:38
Reported-by: syzbot+18c8b623c66fc198c493@syzkaller.appspotmail.com
First crash: 824d, last: 15d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 KASAN: use-after-free Read in br_dev_xmit C error 10 41d 158d 0/1 upstream: reported C repro on 2021/12/19 03:10
upstream KMSAN: uninit-value in __skb_checksum_complete (5) C 43 43d 649d 0/22 upstream: reported C repro on 2020/08/14 15:09
upstream KMSAN: uninit-value in batadv_get_vid C 1919 20h46m 822d 0/22 upstream: reported C repro on 2020/02/24 08:38
upstream KMSAN: uninit-value in eth_type_trans (2) C 1689 1d03h 854d 0/22 upstream: reported C repro on 2020/01/22 16:47

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in br_dev_xmit+0x99a/0x1730 net/bridge/br_device.c:64
CPU: 0 PID: 11855 Comm: syz-executor414 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 br_dev_xmit+0x99a/0x1730 net/bridge/br_device.c:64
 __netdev_start_xmit include/linux/netdevice.h:4524 [inline]
 netdev_start_xmit include/linux/netdevice.h:4538 [inline]
 xmit_one net/core/dev.c:3470 [inline]
 dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3486
 __dev_queue_xmit+0x37de/0x4220 net/core/dev.c:4063
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4096
 __bpf_tx_skb net/core/filter.c:2061 [inline]
 __bpf_redirect_common net/core/filter.c:2100 [inline]
 __bpf_redirect+0x11d5/0x1440 net/core/filter.c:2107
 ____bpf_clone_redirect net/core/filter.c:2140 [inline]
 bpf_clone_redirect+0x466/0x620 net/core/filter.c:2112
 bpf_prog_a481c1313990ee2c+0x554/0x1000
 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline]
 bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48
 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388
 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline]
 __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414
 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline]
 __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f39d99
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000ff88460c EFLAGS: 00000246 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000040
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000005b
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127
 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:82
 slab_alloc_node mm/slub.c:2793 [inline]
 __kmalloc_node_track_caller+0xb40/0x1200 mm/slub.c:4401
 __kmalloc_reserve net/core/skbuff.c:142 [inline]
 pskb_expand_head+0x20b/0x1b00 net/core/skbuff.c:1629
 skb_ensure_writable+0x3ea/0x490 net/core/skbuff.c:5453
 __bpf_try_make_writable net/core/filter.c:1635 [inline]
 bpf_try_make_writable net/core/filter.c:1641 [inline]
 bpf_try_make_head_writable net/core/filter.c:1649 [inline]
 ____bpf_clone_redirect net/core/filter.c:2134 [inline]
 bpf_clone_redirect+0x251/0x620 net/core/filter.c:2112
 bpf_prog_a481c1313990ee2c+0x554/0x1000
 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline]
 bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48
 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388
 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline]
 __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414
 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline]
 __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
=====================================================

Crashes (536):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce-386 2020/02/24 09:46 https://github.com/google/kmsan.git master 8bbbc5cf3dca d801cb02 .config log report syz C
ci-upstream-kmsan-gce-386 2022/05/10 21:28 https://github.com/google/kmsan.git master d6e2c8c7eb40 8b277b8e .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/04/26 18:40 https://github.com/google/kmsan.git master e8cbf4e6e3e8 1fa34c1b .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/04/13 23:54 https://github.com/google/kmsan.git master 33d9269ef6e0 b17b2923 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/04/12 23:51 https://github.com/google/kmsan.git master 33d9269ef6e0 dacb3f1c .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/03/11 22:51 https://github.com/google/kmsan.git master 724946410067 9e8eaa75 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/02/18 15:48 https://github.com/google/kmsan.git master 85cfd6e539bd 3cd800e4 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/02/02 13:33 https://github.com/google/kmsan.git master 85cfd6e539bd 4ebb2798 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/02/02 05:00 https://github.com/google/kmsan.git master 85cfd6e539bd 4ebb2798 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/02/01 00:55 https://github.com/google/kmsan.git master 85cfd6e539bd 6b7c57fe .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/23 18:03 https://github.com/google/kmsan.git master 85cfd6e539bd 214351e1 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/21 12:28 https://github.com/google/kmsan.git master 85cfd6e539bd ab3d9f17 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/20 06:14 https://github.com/google/kmsan.git master fa3879a274df 5da9499f .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/20 06:14 https://github.com/google/kmsan.git master fa3879a274df 5da9499f .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/20 04:37 https://github.com/google/kmsan.git master fa3879a274df 5da9499f .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/12 01:53 https://github.com/google/kmsan.git master fa3879a274df 44d1319a .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/11 22:54 https://github.com/google/kmsan.git master fa3879a274df 44d1319a .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/11 17:03 https://github.com/google/kmsan.git master fa3879a274df 1884f55a .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/11 14:12 https://github.com/google/kmsan.git master fa3879a274df 1884f55a .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/11 10:22 https://github.com/google/kmsan.git master 81c325bbf94e 1884f55a .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/11 00:24 https://github.com/google/kmsan.git master 81c325bbf94e ddb0ab8c .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2022/01/10 21:43 https://github.com/google/kmsan.git master 81c325bbf94e ddb0ab8c .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/31 08:17 https://github.com/google/kmsan.git master 81c325bbf94e 36bd2e48 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/29 21:32 https://github.com/google/kmsan.git master 81c325bbf94e 6cc879d4 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/27 20:54 https://github.com/google/kmsan.git master 81c325bbf94e 5140bd58 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/26 17:59 https://github.com/google/kmsan.git master 81c325bbf94e e4f103c4 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/26 16:00 https://github.com/google/kmsan.git master 81c325bbf94e e4f103c4 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/22 06:44 https://github.com/google/kmsan.git master 81c325bbf94e 6caa12e4 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/17 08:54 https://github.com/google/kmsan.git master b0a8b5053e8b 44068e19 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/15 11:20 https://github.com/google/kmsan.git master d1daf229a313 f752fb53 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/15 01:07 https://github.com/google/kmsan.git master b1e1bb6f7a2e d018dd31 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/14 11:50 https://github.com/google/kmsan.git master d82a8a8ca942 5d14b1ea .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/10 12:59 https://github.com/google/kmsan.git master 8b936c96768e 4d4ce9bc .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/09 05:56 https://github.com/google/kmsan.git master 8b936c96768e a4a2a501 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/12/08 00:30 https://github.com/google/kmsan.git master 8b936c96768e 0230ba3e .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/14 22:32 https://github.com/google/kmsan.git master 57b5797c8013 94e0b707 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/14 10:41 https://github.com/google/kmsan.git master 57b5797c8013 484502bd .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/13 23:57 https://github.com/google/kmsan.git master 57b5797c8013 fa0594c3 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/13 07:58 https://github.com/google/kmsan.git master 57b5797c8013 f415556d .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/13 06:51 https://github.com/google/kmsan.git master 57b5797c8013 f415556d .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/08 10:39 https://github.com/google/kmsan.git master 57b5797c8013 95793bce .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/08 08:59 https://github.com/google/kmsan.git master 57b5797c8013 95793bce .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/07 11:38 https://github.com/google/kmsan.git master 57b5797c8013 4846d5c1 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/07 11:19 https://github.com/google/kmsan.git master 57b5797c8013 4846d5c1 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/07 06:03 https://github.com/google/kmsan.git master 57b5797c8013 cca78469 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/07 03:08 https://github.com/google/kmsan.git master 57b5797c8013 cca78469 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/04 09:43 https://github.com/google/kmsan.git master 57b5797c8013 55aa55c2 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/07/02 16:33 https://github.com/google/kmsan.git master 57b5797c8013 658ebc66 .config log report info KMSAN: uninit-value in br_dev_xmit
ci-upstream-kmsan-gce-386 2021/01/15 08:12 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config log report info
ci-upstream-kmsan-gce-386 2020/02/24 07:06 https://github.com/google/kmsan.git master 8bbbc5cf3dca d801cb02 .config log report
ci-upstream-kmsan-gce-386 2020/02/22 14:05 https://github.com/google/kmsan.git master 8bbbc5cf3dca 2c36e7a7 .config log report