syzbot


KMSAN: uninit-value in geneve_xmit (2)

Status: fixed on 2024/03/26 00:54
Subsystems: net
[Documentation on labels]
Fix commit: 5ae1e9922bbd net: ip_tunnel: prevent perpetual headroom growth
First crash: 439d, last: 257d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 544d 1713d 22/28 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in geneve_xmit net C 163 1542d 1595d 15/28 fixed on 2020/09/16 22:51
upstream KMSAN: uninit-value in geneve_xmit (3) net C 14 236d 244d 25/28 fixed on 2024/05/23 00:06
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 648d 1000d 22/28 fixed on 2023/02/24 13:50
upstream KASAN: slab-out-of-bounds Read in geneve_xmit net 1 1122d 1122d 0/28 auto-closed as invalid on 2022/02/05 16:18
linux-4.19 KASAN: use-after-free Read in geneve_xmit 1 807d 807d 0/1 auto-obsoleted due to no activity on 2023/01/16 22:54
linux-5.15 KASAN: slab-out-of-bounds Read in geneve_xmit 3 26d 33d 0/3 upstream: reported on 2024/10/31 02:05
Last patch testing requests (4)
Created Duration User Patch Repo Result
2024/02/26 13:51 22m edumazet@google.com upstream error
2024/02/23 03:45 26m retest repro upstream OK log
2023/12/15 02:51 17m retest repro upstream report log
2023/10/06 02:20 24m retest repro upstream report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in geneve_xmit_skb drivers/net/geneve.c:991 [inline]
BUG: KMSAN: uninit-value in geneve_xmit+0x4091/0x5aa0 drivers/net/geneve.c:1103
 geneve_xmit_skb drivers/net/geneve.c:991 [inline]
 geneve_xmit+0x4091/0x5aa0 drivers/net/geneve.c:1103
 __netdev_start_xmit include/linux/netdevice.h:4889 [inline]
 netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 xmit_one net/core/dev.c:3544 [inline]
 dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3560
 __dev_queue_xmit+0x34bb/0x52b0 net/core/dev.c:4340
 dev_queue_xmit include/linux/netdevice.h:3082 [inline]
 packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
 packet_snd net/packet/af_packet.c:3087 [inline]
 packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119
 sock_sendmsg_nosec net/socket.c:730 [inline]
 sock_sendmsg net/socket.c:753 [inline]
 __sys_sendto+0x781/0xa30 net/socket.c:2177
 __do_sys_sendto net/socket.c:2189 [inline]
 __se_sys_sendto net/socket.c:2185 [inline]
 __x64_sys_sendto+0x125/0x1c0 net/socket.c:2185
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767
 slab_alloc_node mm/slub.c:3478 [inline]
 kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523
 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559
 __alloc_skb+0x318/0x740 net/core/skbuff.c:650
 alloc_skb include/linux/skbuff.h:1286 [inline]
 alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313
 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795
 packet_alloc_skb net/packet/af_packet.c:2936 [inline]
 packet_snd net/packet/af_packet.c:3030 [inline]
 packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119
 sock_sendmsg_nosec net/socket.c:730 [inline]
 sock_sendmsg net/socket.c:753 [inline]
 __sys_sendto+0x781/0xa30 net/socket.c:2177
 __do_sys_sendto net/socket.c:2189 [inline]
 __se_sys_sendto net/socket.c:2185 [inline]
 __x64_sys_sendto+0x125/0x1c0 net/socket.c:2185
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 0 PID: 5025 Comm: syz-executor229 Not tainted 6.6.0-rc2-syzkaller-00244-g27bbf45eae9c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
=====================================================

Crashes (12):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/09/22 02:17 upstream 27bbf45eae9c 0b6a67ac .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in geneve_xmit
2024/03/17 19:49 upstream 741e9d668aa5 d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in geneve_xmit
2024/03/17 19:49 upstream 741e9d668aa5 d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in geneve_xmit
2024/01/11 03:39 upstream 9f8413c4a66f 04815ef1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in geneve_xmit
2023/11/21 16:22 upstream 98b1cc82c4af cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in geneve_xmit
2023/11/20 17:00 upstream 98b1cc82c4af cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in geneve_xmit
2023/09/22 00:26 upstream 27bbf45eae9c 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in geneve_xmit
2024/03/21 16:09 upstream 23956900041d 6753db5c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in geneve_xmit
2024/03/17 19:50 upstream 741e9d668aa5 d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in geneve_xmit
2024/03/17 18:40 upstream 741e9d668aa5 d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in geneve_xmit
2024/01/17 11:45 upstream 9f8413c4a66f 2a7bcc7f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in geneve_xmit
2024/01/11 03:40 upstream 9f8413c4a66f 04815ef1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in geneve_xmit
* Struck through repros no longer work on HEAD.