KMSAN: uninit-value in batadv_get

KMSAN: uninit-value in batadv_get_vid
Status: upstream: reported C repro on 2020/02/24 08:38
Reported-by: syzbot+0adb190024de0a0e265b@syzkaller.appspotmail.com
First crash: 604d, last: 93d

Sample crash report:

=====================================================
BUG: KMSAN: uninit-value in batadv_get_vid+0x1fd/0x340 net/batman-adv/main.c:650
CPU: 0 PID: 12317 Comm: syz-executor026 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 batadv_get_vid+0x1fd/0x340 net/batman-adv/main.c:650
 batadv_interface_tx+0x30a/0x2450 net/batman-adv/soft-interface.c:212
 __netdev_start_xmit include/linux/netdevice.h:4524 [inline]
 netdev_start_xmit include/linux/netdevice.h:4538 [inline]
 xmit_one net/core/dev.c:3470 [inline]
 dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3486
 __dev_queue_xmit+0x37de/0x4220 net/core/dev.c:4063
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4096
 __bpf_tx_skb net/core/filter.c:2061 [inline]
 __bpf_redirect_common net/core/filter.c:2100 [inline]
 __bpf_redirect+0x11d5/0x1440 net/core/filter.c:2107
 ____bpf_clone_redirect net/core/filter.c:2140 [inline]
 bpf_clone_redirect+0x466/0x620 net/core/filter.c:2112
 bpf_prog_bb15b996d00816f9+0x7a4/0x1000
 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline]
 bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48
 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388
 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline]
 __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414
 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline]
 __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7fc8d99
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000ff9adc0c EFLAGS: 00000246 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000280
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000005b
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127
 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:82
 slab_alloc_node mm/slub.c:2793 [inline]
 __kmalloc_node_track_caller+0xb40/0x1200 mm/slub.c:4401
 __kmalloc_reserve net/core/skbuff.c:142 [inline]
 pskb_expand_head+0x20b/0x1b00 net/core/skbuff.c:1629
 skb_ensure_writable+0x3ea/0x490 net/core/skbuff.c:5453
 __bpf_try_make_writable net/core/filter.c:1635 [inline]
 bpf_try_make_writable net/core/filter.c:1641 [inline]
 bpf_try_make_head_writable net/core/filter.c:1649 [inline]
 ____bpf_clone_redirect net/core/filter.c:2134 [inline]
 bpf_clone_redirect+0x251/0x620 net/core/filter.c:2112
 bpf_prog_bb15b996d00816f9+0x7a4/0x1000
 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline]
 bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48
 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388
 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline]
 __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414
 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline]
 __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
=====================================================

Crashes (1644):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kmsan-gce-386	2020/02/22 06:30	https://github.com/google/kmsan.git master	8bbbc5cf3dca	2ffa6679	.config	log	report	syz	C
ci-upstream-kmsan-gce-386	2021/07/15 13:34	https://github.com/google/kmsan.git master	57b5797c8013	b9a2f64e	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/15 00:01	https://github.com/google/kmsan.git master	57b5797c8013	94e0b707	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/14 23:23	https://github.com/google/kmsan.git master	57b5797c8013	94e0b707	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/14 14:16	https://github.com/google/kmsan.git master	57b5797c8013	484502bd	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/14 12:41	https://github.com/google/kmsan.git master	57b5797c8013	484502bd	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/13 23:38	https://github.com/google/kmsan.git master	57b5797c8013	fa0594c3	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/13 10:56	https://github.com/google/kmsan.git master	57b5797c8013	f415556d	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/13 08:23	https://github.com/google/kmsan.git master	57b5797c8013	f415556d	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/13 06:43	https://github.com/google/kmsan.git master	57b5797c8013	f415556d	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/13 01:32	https://github.com/google/kmsan.git master	57b5797c8013	f415556d	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/12 15:29	https://github.com/google/kmsan.git master	57b5797c8013	a4869c92	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/11 19:19	https://github.com/google/kmsan.git master	57b5797c8013	8f5a7b8c	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/11 08:00	https://github.com/google/kmsan.git master	57b5797c8013	8f5a7b8c	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/11 07:00	https://github.com/google/kmsan.git master	57b5797c8013	8f5a7b8c	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/11 06:57	https://github.com/google/kmsan.git master	57b5797c8013	8f5a7b8c	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/10 10:37	https://github.com/google/kmsan.git master	57b5797c8013	8f5a7b8c	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/10 05:59	https://github.com/google/kmsan.git master	57b5797c8013	8f5a7b8c	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/09 14:18	https://github.com/google/kmsan.git master	57b5797c8013	281e815f	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/08 22:41	https://github.com/google/kmsan.git master	57b5797c8013	1b20171a	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/08 20:45	https://github.com/google/kmsan.git master	57b5797c8013	1b20171a	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/08 14:00	https://github.com/google/kmsan.git master	57b5797c8013	95793bce	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/08 12:09	https://github.com/google/kmsan.git master	57b5797c8013	95793bce	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/08 10:48	https://github.com/google/kmsan.git master	57b5797c8013	95793bce	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/07 18:42	https://github.com/google/kmsan.git master	57b5797c8013	4846d5c1	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/07 12:23	https://github.com/google/kmsan.git master	57b5797c8013	4846d5c1	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/07 05:45	https://github.com/google/kmsan.git master	57b5797c8013	cca78469	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/04 11:17	https://github.com/google/kmsan.git master	57b5797c8013	55aa55c2	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/04 09:04	https://github.com/google/kmsan.git master	57b5797c8013	55aa55c2	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/03 23:47	https://github.com/google/kmsan.git master	57b5797c8013	55aa55c2	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/03 09:26	https://github.com/google/kmsan.git master	57b5797c8013	55aa55c2	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/03 06:28	https://github.com/google/kmsan.git master	57b5797c8013	55aa55c2	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/03 00:51	https://github.com/google/kmsan.git master	57b5797c8013	55aa55c2	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/02 15:46	https://github.com/google/kmsan.git master	57b5797c8013	658ebc66	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/02 09:38	https://github.com/google/kmsan.git master	57b5797c8013	658ebc66	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/07/01 14:56	https://github.com/google/kmsan.git master	57b5797c8013	658ebc66	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/06/30 18:36	https://github.com/google/kmsan.git master	57b5797c8013	84fd4c77	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/06/30 05:37	https://github.com/google/kmsan.git master	57b5797c8013	a4fccb01	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/06/29 13:13	https://github.com/google/kmsan.git master	57b5797c8013	9d2ab5df	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/06/28 16:49	https://github.com/google/kmsan.git master	57b5797c8013	9d2ab5df	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/06/27 18:33	https://github.com/google/kmsan.git master	57b5797c8013	9d2ab5df	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/06/27 17:06	https://github.com/google/kmsan.git master	57b5797c8013	9d2ab5df	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/06/27 12:56	https://github.com/google/kmsan.git master	57b5797c8013	9d2ab5df	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/06/26 05:12	https://github.com/google/kmsan.git master	57b5797c8013	ae6bf8dd	.config	log	report			info	KMSAN: uninit-value in batadv_get_vid
ci-upstream-kmsan-gce-386	2021/01/16 20:47	https://github.com/google/kmsan.git master	73d62e81b476	65a7a854	.config	log	report			info
ci-upstream-kmsan-gce-386	2020/02/21 03:30	https://github.com/google/kmsan.git master	8bbbc5cf3dca	bd2a74a3	.config	log	report