KMSAN: uninit-value in pfifo_fast

KMSAN: uninit-value in pfifo_fast_dequeue
Status: upstream: reported C repro on 2020/05/18 18:23
Reported-by: syzbot+ae62f326a5154c4b908f@syzkaller.appspotmail.com
First crash: 107d, last: 5h28m

Sample crash report:

=====================================================
BUG: KMSAN: uninit-value in kmsan_check_skb+0x3c/0x210 mm/kmsan/kmsan_hooks.c:299
CPU: 1 PID: 804 Comm: kworker/u4:27 Not tainted 5.6.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 kmsan_internal_check_memory+0x238/0x3d0 mm/kmsan/kmsan.c:423
 kmsan_check_skb+0x3c/0x210 mm/kmsan/kmsan_hooks.c:299
 pfifo_fast_dequeue+0xdb4/0xfd0 net/sched/sch_generic.c:658
 dequeue_skb net/sched/sch_generic.c:264 [inline]
 qdisc_restart net/sched/sch_generic.c:367 [inline]
 __qdisc_run+0x3f1/0x3350 net/sched/sch_generic.c:385
 qdisc_run include/net/pkt_sched.h:126 [inline]
 __dev_xmit_skb net/core/dev.c:3668 [inline]
 __dev_queue_xmit+0x23b7/0x3b20 net/core/dev.c:4021
 dev_queue_xmit_accel+0x67/0x80 net/core/dev.c:4091
 macvlan_queue_xmit drivers/net/macvlan.c:537 [inline]
 macvlan_start_xmit+0x587/0xb50 drivers/net/macvlan.c:562
 __netdev_start_xmit include/linux/netdevice.h:4523 [inline]
 netdev_start_xmit include/linux/netdevice.h:4537 [inline]
 xmit_one net/core/dev.c:3477 [inline]
 dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3493
 __dev_queue_xmit+0x2f8d/0x3b20 net/core/dev.c:4052
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4085
 batadv_send_skb_packet+0x59b/0x8c0 net/batman-adv/send.c:108
 batadv_send_broadcast_skb+0x76/0x90 net/batman-adv/send.c:127
 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline]
 batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:419 [inline]
 batadv_iv_send_outstanding_bat_ogm_packet+0x97e/0xd50 net/batman-adv/bat_iv_ogm.c:1710
 process_one_work+0x1555/0x1f40 kernel/workqueue.c:2266
 worker_thread+0xef6/0x2450 kernel/workqueue.c:2412
 kthread+0x4b5/0x4f0 kernel/kthread.c:256
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310
 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267
 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:116
 pskb_expand_head+0x38b/0x1b00 net/core/skbuff.c:1636
 __skb_cow include/linux/skbuff.h:3169 [inline]
 skb_cow_head include/linux/skbuff.h:3203 [inline]
 batadv_skb_head_push+0x234/0x350 net/batman-adv/soft-interface.c:74
 batadv_send_skb_packet+0x1a7/0x8c0 net/batman-adv/send.c:86
 batadv_send_broadcast_skb+0x76/0x90 net/batman-adv/send.c:127
 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline]
 batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:419 [inline]
 batadv_iv_send_outstanding_bat_ogm_packet+0x97e/0xd50 net/batman-adv/bat_iv_ogm.c:1710
 process_one_work+0x1555/0x1f40 kernel/workqueue.c:2266
 worker_thread+0xef6/0x2450 kernel/workqueue.c:2412
 kthread+0x4b5/0x4f0 kernel/kthread.c:256
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353

Uninit was created at:
 kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:144
 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:307 [inline]
 kmsan_alloc_page+0x12a/0x310 mm/kmsan/kmsan_shadow.c:336
 __alloc_pages_nodemask+0x5712/0x5e80 mm/page_alloc.c:4775
 __alloc_pages include/linux/gfp.h:498 [inline]
 __alloc_pages_node include/linux/gfp.h:511 [inline]
 alloc_pages_node include/linux/gfp.h:525 [inline]
 __page_frag_cache_refill mm/page_alloc.c:4850 [inline]
 page_frag_alloc+0x3ae/0x910 mm/page_alloc.c:4880
 __napi_alloc_skb+0x193/0xa60 net/core/skbuff.c:519
 napi_alloc_skb include/linux/skbuff.h:2874 [inline]
 page_to_skb+0x19f/0x1100 drivers/net/virtio_net.c:384
 receive_mergeable drivers/net/virtio_net.c:924 [inline]
 receive_buf+0xe79/0x8b30 drivers/net/virtio_net.c:1033
 virtnet_receive drivers/net/virtio_net.c:1323 [inline]
 virtnet_poll+0x64b/0x19f0 drivers/net/virtio_net.c:1428
 napi_poll net/core/dev.c:6571 [inline]
 net_rx_action+0x786/0x1aa0 net/core/dev.c:6639
 __do_softirq+0x311/0x83d kernel/softirq.c:293

Bytes 52-53 of 146 are uninitialized
Memory access of size 146 starts at ffff8ed3c0806c40
=====================================================

Crashes (471):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kmsan-gce	2020/03/21 20:08	https://github.com/google/kmsan.git master	a58741ac	4288d95e	.config	log	report	syz	C	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/03/17 16:26	https://github.com/google/kmsan.git master	a58741ac	749688d2	.config	log	report	syz	C	davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/06/02 22:24	https://github.com/google/kmsan.git master	f0d5ec90	52fd7b7d	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/06/02 14:24	https://github.com/google/kmsan.git master	f0d5ec90	52fd7b7d	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/06/02 10:05	https://github.com/google/kmsan.git master	f0d5ec90	a0331e89	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/06/01 23:47	https://github.com/google/kmsan.git master	f0d5ec90	a0331e89	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/06/01 15:54	https://github.com/google/kmsan.git master	f0d5ec90	a0331e89	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/06/01 02:35	https://github.com/google/kmsan.git master	f0d5ec90	a0331e89	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/06/01 01:00	https://github.com/google/kmsan.git master	f0d5ec90	a0331e89	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/31 23:00	https://github.com/google/kmsan.git master	f0d5ec90	a0331e89	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/31 16:49	https://github.com/google/kmsan.git master	f0d5ec90	a0331e89	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/30 10:28	https://github.com/google/kmsan.git master	f0d5ec90	954bd312	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/29 17:39	https://github.com/google/kmsan.git master	f0d5ec90	3905eaae	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/29 05:32	https://github.com/google/kmsan.git master	69b987d5	d19ed305	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/28 22:11	https://github.com/google/kmsan.git master	69b987d5	0d951763	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/28 17:33	https://github.com/google/kmsan.git master	69b987d5	0d951763	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/27 22:10	https://github.com/google/kmsan.git master	8b611d82	ec153193	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/26 14:41	https://github.com/google/kmsan.git master	8b97c627	8ca3b7d2	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/25 17:10	https://github.com/google/kmsan.git master	8b97c627	30927cd7	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/25 15:37	https://github.com/google/kmsan.git master	8b97c627	30927cd7	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/25 11:58	https://github.com/google/kmsan.git master	8b97c627	11284182	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/25 03:59	https://github.com/google/kmsan.git master	8b97c627	11284182	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/24 21:30	https://github.com/google/kmsan.git master	8b97c627	bd28eb9d	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/24 09:57	https://github.com/google/kmsan.git master	8b97c627	96c92ad3	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/24 02:54	https://github.com/google/kmsan.git master	8b97c627	96c92ad3	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/24 00:48	https://github.com/google/kmsan.git master	8b97c627	9682898d	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/23 19:10	https://github.com/google/kmsan.git master	8b97c627	9682898d	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/23 07:24	https://github.com/google/kmsan.git master	8b97c627	9682898d	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/05/23 05:45	https://github.com/google/kmsan.git master	8b97c627	9682898d	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce	2020/02/16 22:02	https://github.com/google/kmsan.git master	686a4f77	1f448cd6	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/06/02 08:17	https://github.com/google/kmsan.git master	f0d5ec90	a0331e89	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/06/01 14:37	https://github.com/google/kmsan.git master	f0d5ec90	a0331e89	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/31 02:39	https://github.com/google/kmsan.git master	f0d5ec90	6f3e1c7c	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/29 19:05	https://github.com/google/kmsan.git master	f0d5ec90	3905eaae	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/29 08:22	https://github.com/google/kmsan.git master	69b987d5	d19ed305	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/28 20:59	https://github.com/google/kmsan.git master	69b987d5	0d951763	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/28 12:38	https://github.com/google/kmsan.git master	69b987d5	142a0957	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/27 08:24	https://github.com/google/kmsan.git master	94bc4cd0	9072c126	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/27 05:08	https://github.com/google/kmsan.git master	94bc4cd0	9072c126	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/25 23:55	https://github.com/google/kmsan.git master	8b97c627	30927cd7	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/25 08:07	https://github.com/google/kmsan.git master	8b97c627	11284182	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/25 01:59	https://github.com/google/kmsan.git master	8b97c627	bd28eb9d	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/25 00:25	https://github.com/google/kmsan.git master	8b97c627	bd28eb9d	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/24 09:19	https://github.com/google/kmsan.git master	8b97c627	96c92ad3	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com
ci-upstream-kmsan-gce-386	2020/05/23 09:31	https://github.com/google/kmsan.git master	8b97c627	9682898d	.config	log	report			davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, xiyou.wangcong@gmail.com