* [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2)
@ 2024-01-14 9:24 syzbot
2024-01-15 12:57 ` Edward Adam Davis
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: syzbot @ 2024-01-14 9:24 UTC (permalink / raw)
To: davem, edumazet, kuba, linux-kernel, netdev, pabeni, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: 9f8413c4a66f Merge tag 'cgroup-for-6.8' of git://git.kerne..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16924083e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=656820e61b758b15
dashboard link: https://syzkaller.appspot.com/bug?extid=2ef3a8ce8e91b5a50098
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15793b23e80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=115215f3e80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/79d9f2f4b065/disk-9f8413c4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cbc68430d9c6/vmlinux-9f8413c4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9740ad9fc172/bzImage-9f8413c4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2ef3a8ce8e91b5a50098@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246
hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246
fill_frame_info net/hsr/hsr_forward.c:577 [inline]
hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615
hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564
__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3087 [inline]
packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline]
kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
__alloc_skb+0x318/0x740 net/core/skbuff.c:651
alloc_skb include/linux/skbuff.h:1286 [inline]
alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334
sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787
packet_alloc_skb net/packet/af_packet.c:2936 [inline]
packet_snd net/packet/af_packet.c:3030 [inline]
packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
CPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2)
2024-01-14 9:24 [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2) syzbot
@ 2024-01-15 12:57 ` Edward Adam Davis
2024-01-15 14:44 ` syzbot
2024-03-12 13:52 ` [syzbot] Test for 2ef3a8ce8e91b5a50098 syzbot
2024-03-12 14:33 ` syzbot
2 siblings, 1 reply; 7+ messages in thread
From: Edward Adam Davis @ 2024-01-15 12:57 UTC (permalink / raw)
To: syzbot+2ef3a8ce8e91b5a50098; +Cc: linux-kernel, syzkaller-bugs
please test uninit-value in hsr_get_node
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 9f8413c4a66f
diff --git a/net/hsr/hsr_framereg.c b/net/hsr/hsr_framereg.c
index 6d14d935ee82..280dca33ec4f 100644
--- a/net/hsr/hsr_framereg.c
+++ b/net/hsr/hsr_framereg.c
@@ -209,6 +209,8 @@ struct hsr_node *hsr_get_node(struct hsr_port *port, struct list_head *node_db,
return NULL;
ethhdr = (struct ethhdr *)skb_mac_header(skb);
+ if (!is_valid_ether_addr(ethhdr->h_source))
+ eth_zero_addr(ethhdr->h_source);
list_for_each_entry_rcu(node, node_db, mac_list) {
if (ether_addr_equal(node->macaddress_A, ethhdr->h_source)) {
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2)
2024-01-15 12:57 ` Edward Adam Davis
@ 2024-01-15 14:44 ` syzbot
0 siblings, 0 replies; 7+ messages in thread
From: syzbot @ 2024-01-15 14:44 UTC (permalink / raw)
To: eadavis, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in hsr_get_node
=====================================================
BUG: KMSAN: uninit-value in hsr_get_node+0xca2/0xd10 net/hsr/hsr_framereg.c:248
hsr_get_node+0xca2/0xd10 net/hsr/hsr_framereg.c:248
fill_frame_info net/hsr/hsr_forward.c:577 [inline]
hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615
hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564
__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3087 [inline]
packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline]
kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
__alloc_skb+0x318/0x740 net/core/skbuff.c:651
alloc_skb include/linux/skbuff.h:1286 [inline]
alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334
sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787
packet_alloc_skb net/packet/af_packet.c:2936 [inline]
packet_snd net/packet/af_packet.c:3030 [inline]
packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
CPU: 0 PID: 5476 Comm: syz-executor.0 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
=====================================================
Tested on:
commit: 9f8413c4 Merge tag 'cgroup-for-6.8' of git://git.kerne..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=14df3ca5e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=656820e61b758b15
dashboard link: https://syzkaller.appspot.com/bug?extid=2ef3a8ce8e91b5a50098
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1233e735e80000
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [syzbot] Test for 2ef3a8ce8e91b5a50098
2024-01-14 9:24 [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2) syzbot
2024-01-15 12:57 ` Edward Adam Davis
@ 2024-03-12 13:52 ` syzbot
2024-03-12 14:33 ` syzbot
2 siblings, 0 replies; 7+ messages in thread
From: syzbot @ 2024-03-12 13:52 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: Test for 2ef3a8ce8e91b5a50098
Author: syoshida@redhat.com
#syz test
diff --git a/net/hsr/hsr_framereg.c b/net/hsr/hsr_framereg.c
index 6d14d935ee82..b983232e25cb 100644
--- a/net/hsr/hsr_framereg.c
+++ b/net/hsr/hsr_framereg.c
@@ -228,6 +228,9 @@ struct hsr_node *hsr_get_node(struct hsr_port *port, struct list_head *node_db,
*/
if (ethhdr->h_proto == htons(ETH_P_PRP) ||
ethhdr->h_proto == htons(ETH_P_HSR)) {
+ if (skb->mac_len < sizeof(struct hsr_ethhdr))
+ return NULL;
+
/* Use the existing sequence_nr from the tag as starting point
* for filtering duplicate frames.
*/
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [syzbot] Test for 2ef3a8ce8e91b5a50098
2024-01-14 9:24 [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2) syzbot
2024-01-15 12:57 ` Edward Adam Davis
2024-03-12 13:52 ` [syzbot] Test for 2ef3a8ce8e91b5a50098 syzbot
@ 2024-03-12 14:33 ` syzbot
2 siblings, 0 replies; 7+ messages in thread
From: syzbot @ 2024-03-12 14:33 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: Test for 2ef3a8ce8e91b5a50098
Author: syoshida@redhat.com
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 9f8413c4a66f2fb776d3dc3c9ed20bf435eb305e
diff --git a/net/hsr/hsr_framereg.c b/net/hsr/hsr_framereg.c
index 6d14d935ee82..b983232e25cb 100644
--- a/net/hsr/hsr_framereg.c
+++ b/net/hsr/hsr_framereg.c
@@ -228,6 +228,9 @@ struct hsr_node *hsr_get_node(struct hsr_port *port, struct list_head *node_db,
*/
if (ethhdr->h_proto == htons(ETH_P_PRP) ||
ethhdr->h_proto == htons(ETH_P_HSR)) {
+ if (skb->mac_len < sizeof(struct hsr_ethhdr))
+ return NULL;
+
/* Use the existing sequence_nr from the tag as starting point
* for filtering duplicate frames.
*/
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2)
[not found] <20240312.233252.1252431549899302393.syoshida@redhat.com>
@ 2024-03-12 15:18 ` syzbot
0 siblings, 0 replies; 7+ messages in thread
From: syzbot @ 2024-03-12 15:18 UTC (permalink / raw)
To: linux-kernel, syoshida, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+2ef3a8ce8e91b5a50098@syzkaller.appspotmail.com
Tested on:
commit: 9f8413c4 Merge tag 'cgroup-for-6.8' of git://git.kerne..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=10eda48a180000
kernel config: https://syzkaller.appspot.com/x/.config?x=656820e61b758b15
dashboard link: https://syzkaller.appspot.com/bug?extid=2ef3a8ce8e91b5a50098
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=130ce669180000
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2)
[not found] <20240312.225158.1066421875659457320.syoshida@redhat.com>
@ 2024-03-12 14:30 ` syzbot
0 siblings, 0 replies; 7+ messages in thread
From: syzbot @ 2024-03-12 14:30 UTC (permalink / raw)
To: linux-kernel, syoshida, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
T1] usbhid: USB HID core driver
[ 41.445057][ T1] usbcore: registered new interface driver es2_ap_driver
[ 41.452522][ T1] comedi: version 0.7.76 - http://www.comedi.org
[ 41.462013][ T1] usbcore: registered new interface driver dt9812
[ 41.470508][ T1] usbcore: registered new interface driver ni6501
[ 41.478004][ T1] usbcore: registered new interface driver usbdux
[ 41.485497][ T1] usbcore: registered new interface driver usbduxfast
[ 41.493272][ T1] usbcore: registered new interface driver usbduxsigma
[ 41.501230][ T1] usbcore: registered new interface driver vmk80xx
[ 41.509250][ T1] usbcore: registered new interface driver prism2_usb
[ 41.518077][ T1] usbcore: registered new interface driver r8712u
[ 41.525021][ T1] greybus: registered new driver hid
[ 41.531212][ T1] greybus: registered new driver gbphy
[ 41.537142][ T1] gb_gbphy: registered new driver usb
[ 41.542897][ T1] asus_wmi: ASUS WMI generic driver loaded
[ 41.738826][ T1] usbcore: registered new interface driver snd-usb-audio
[ 41.747671][ T1] usbcore: registered new interface driver snd-ua101
[ 41.756259][ T1] usbcore: registered new interface driver snd-usb-usx2y
[ 41.764396][ T1] usbcore: registered new interface driver snd-usb-us122l
[ 41.772587][ T1] usbcore: registered new interface driver snd-usb-caiaq
[ 41.781306][ T1] usbcore: registered new interface driver snd-usb-6fire
[ 41.790406][ T1] usbcore: registered new interface driver snd-usb-hiface
[ 41.799287][ T1] usbcore: registered new interface driver snd-bcd2000
[ 41.807204][ T1] usbcore: registered new interface driver snd_usb_pod
[ 41.815236][ T1] usbcore: registered new interface driver snd_usb_podhd
[ 41.823341][ T1] usbcore: registered new interface driver snd_usb_toneport
[ 41.831585][ T1] usbcore: registered new interface driver snd_usb_variax
[ 41.839634][ T1] drop_monitor: Initializing network drop monitor service
[ 41.848496][ T1] NET: Registered PF_LLC protocol family
[ 41.854636][ T1] GACT probability on
[ 41.858817][ T1] Mirror/redirect action on
[ 41.863972][ T1] Simple TC action Loaded
[ 41.876090][ T1] netem: version 1.3
[ 41.880422][ T1] u32 classifier
[ 41.884012][ T1] Performance counters on
[ 41.890459][ T1] input device check on
[ 41.895664][ T1] Actions configured
[ 41.921296][ T1] nf_conntrack_irc: failed to register helpers
[ 41.928588][ T1] nf_conntrack_sane: failed to register helpers
[ 42.073937][ T1] nf_conntrack_sip: failed to register helpers
[ 42.090482][ T1] xt_time: kernel timezone is -0000
[ 42.096261][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 42.103352][ T1] IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
[ 42.113694][ T1] IPVS: ipvs loaded.
[ 42.117739][ T1] IPVS: [rr] scheduler registered.
[ 42.122901][ T1] IPVS: [wrr] scheduler registered.
[ 42.128228][ T1] IPVS: [lc] scheduler registered.
[ 42.133405][ T1] IPVS: [wlc] scheduler registered.
[ 42.138759][ T1] IPVS: [fo] scheduler registered.
[ 42.143924][ T1] IPVS: [ovf] scheduler registered.
[ 42.149391][ T1] IPVS: [lblc] scheduler registered.
[ 42.154820][ T1] IPVS: [lblcr] scheduler registered.
[ 42.160239][ T1] IPVS: [dh] scheduler registered.
[ 42.165456][ T1] IPVS: [sh] scheduler registered.
[ 42.170640][ T1] IPVS: [mh] scheduler registered.
[ 42.175915][ T1] IPVS: [sed] scheduler registered.
[ 42.181264][ T1] IPVS: [nq] scheduler registered.
[ 42.186471][ T1] IPVS: [twos] scheduler registered.
[ 42.191914][ T1] IPVS: [sip] pe registered.
[ 42.198686][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 42.213107][ T1] gre: GRE over IPv4 demultiplexor driver
[ 42.219041][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 42.246435][ T1] IPv4 over IPsec tunneling driver
[ 42.260657][ T1] Initializing XFRM netlink socket
[ 42.268642][ T1] IPsec XFRM device driver
[ 42.275059][ T1] NET: Registered PF_INET6 protocol family
[ 42.326632][ T1] Segment Routing with IPv6
[ 42.331207][ T1] RPL Segment Routing with IPv6
[ 42.337084][ T1] In-situ OAM (IOAM) with IPv6
[ 42.342955][ T1] mip6: Mobile IPv6
[ 42.351543][ T1] =====================================================
[ 42.351775][ T1] BUG: KMSAN: use-after-free in __list_add_valid_or_report+0xeb/0x2c0
[ 42.351917][ T1] __list_add_valid_or_report+0xeb/0x2c0
[ 42.352049][ T1] stack_depot_save_flags+0x554/0x6a0
[ 42.352178][ T1] stack_depot_save+0x12/0x20
[ 42.352283][ T1] ref_tracker_alloc+0x215/0x700
[ 42.352396][ T1] net_rx_queue_update_kobjects+0x1eb/0xa80
[ 42.352510][ T1] netdev_register_kobject+0x30e/0x530
[ 42.352609][ T1] register_netdevice+0x1995/0x2180
[ 42.352703][ T1] register_netdev+0xa5/0xe0
[ 42.352791][ T1] vti6_init_net+0x3f9/0x6a0
[ 42.352910][ T1] ops_init+0x30c/0x880
[ 42.352973][ T1] register_pernet_operations+0x523/0xa00
[ 42.353034][ T1] register_pernet_device+0x4f/0x180
[ 42.353092][ T1] vti6_tunnel_init+0x34/0x450
[ 42.353185][ T1] do_one_initcall+0x219/0x970
[ 42.353263][ T1] do_initcall_level+0x140/0x350
[ 42.353346][ T1] do_initcalls+0xf0/0x1e0
[ 42.353418][ T1] do_basic_setup+0x22/0x30
[ 42.353491][ T1] kernel_init_freeable+0x30b/0x4c0
[ 42.353569][ T1] kernel_init+0x2f/0x7e0
[ 42.353651][ T1] ret_from_fork+0x6d/0x90
[ 42.353723][ T1] ret_from_fork_asm+0x1a/0x30
[ 42.353801][ T1]
[ 42.353811][ T1] Uninit was created at:
[ 42.353928][ T1] free_unref_page_prepare+0xc1/0xad0
[ 42.354016][ T1] free_unref_page+0x59/0x730
[ 42.354119][ T1] destroy_large_folio+0x12a/0x1d0
[ 42.354239][ T1] __folio_put_large+0x101/0x110
[ 42.354353][ T1] __folio_put+0x153/0x160
[ 42.354441][ T1] free_large_kmalloc+0x167/0x210
[ 42.354529][ T1] kfree+0x4e3/0xa40
[ 42.354605][ T1] kmsan_vmap_pages_range_noflush+0x347/0x3d0
[ 42.354702][ T1] __vmalloc_node_range+0x217c/0x28c0
[ 42.354772][ T1] vmalloc_huge+0x92/0xb0
[ 42.354834][ T1] alloc_large_system_hash+0x459/0xa30
[ 42.354904][ T1] dcache_init+0x125/0x220
[ 42.354980][ T1] vfs_caches_init+0x7c/0xd0
[ 42.355056][ T1] start_kernel+0x8d8/0xa60
[ 42.355125][ T1] x86_64_start_reservations+0x2e/0x30
[ 42.355190][ T1] x86_64_start_kernel+0x98/0xa0
[ 42.355280][ T1] secondary_startup_64_no_verify+0x15f/0x16b
[ 42.355364][ T1]
[ 42.355375][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.8.0-syzkaller-01185-g855684c7d938-dirty #0
[ 42.355437][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 42.355469][ T1] =====================================================
[ 42.355485][ T1] Disabling lock debugging due to kernel taint
[ 42.355505][ T1] Kernel panic - not syncing: kmsan.panic set ...
[ 42.355529][ T1] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G B 6.8.0-syzkaller-01185-g855684c7d938-dirty #0
[ 42.355590][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 42.355621][ T1] Call Trace:
[ 42.355640][ T1] <TASK>
[ 42.355659][ T1] dump_stack_lvl+0x1bf/0x240
[ 42.355746][ T1] dump_stack+0x1e/0x30
[ 42.355818][ T1] panic+0x4e2/0xcc0
[ 42.355896][ T1] ? kmsan_get_metadata+0x121/0x1c0
[ 42.355998][ T1] kmsan_report+0x2d5/0x2e0
[ 42.356087][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356181][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356276][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356363][ T1] ? __msan_warning+0x95/0x110
[ 42.356442][ T1] ? __list_add_valid_or_report+0xeb/0x2c0
[ 42.356539][ T1] ? stack_depot_save_flags+0x554/0x6a0
[ 42.356620][ T1] ? stack_depot_save+0x12/0x20
[ 42.356694][ T1] ? ref_tracker_alloc+0x215/0x700
[ 42.356772][ T1] ? net_rx_queue_update_kobjects+0x1eb/0xa80
[ 42.356846][ T1] ? netdev_register_kobject+0x30e/0x530
[ 42.356916][ T1] ? register_netdevice+0x1995/0x2180
[ 42.356973][ T1] ? register_netdev+0xa5/0xe0
[ 42.356973][ T1] ? vti6_init_net+0x3f9/0x6a0
[ 42.356973][ T1] ? ops_init+0x30c/0x880
[ 42.356973][ T1] ? register_pernet_operations+0x523/0xa00
[ 42.356973][ T1] ? register_pernet_device+0x4f/0x180
[ 42.356973][ T1] ? vti6_tunnel_init+0x34/0x450
[ 42.356973][ T1] ? do_one_initcall+0x219/0x970
[ 42.356973][ T1] ? do_initcall_level+0x140/0x350
[ 42.356973][ T1] ? do_initcalls+0xf0/0x1e0
[ 42.356973][ T1] ? do_basic_setup+0x22/0x30
[ 42.356973][ T1] ? kernel_init_freeable+0x30b/0x4c0
[ 42.356973][ T1] ? kernel_init+0x2f/0x7e0
[ 42.356973][ T1] ? ret_from_fork+0x6d/0x90
[ 42.356973][ T1] ? ret_from_fork_asm+0x1a/0x30
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] ? _raw_spin_lock_irqsave+0x35/0xc0
[ 42.356973][ T1] ? filter_irq_stacks+0x60/0x1a0
[ 42.356973][ T1] ? stack_depot_save_flags+0x2c/0x6a0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] __msan_warning+0x95/0x110
[ 42.356973][ T1] __list_add_valid_or_report+0xeb/0x2c0
[ 42.356973][ T1] stack_depot_save_flags+0x554/0x6a0
[ 42.356973][ T1] stack_depot_save+0x12/0x20
[ 42.356973][ T1] ref_tracker_alloc+0x215/0x700
[ 42.356973][ T1] ? dev_uevent_filter+0x53/0x110
[ 42.356973][ T1] ? net_rx_queue_update_kobjects+0x1eb/0xa80
[ 42.356973][ T1] ? netdev_register_kobject+0x30e/0x530
[ 42.356973][ T1] ? register_netdevice+0x1995/0x2180
[ 42.356973][ T1] ? register_netdev+0xa5/0xe0
[ 42.356973][ T1] ? vti6_init_net+0x3f9/0x6a0
[ 42.356973][ T1] ? ops_init+0x30c/0x880
[ 42.356973][ T1] ? register_pernet_operations+0x523/0xa00
[ 42.356973][ T1] ? register_pernet_device+0x4f/0x180
[ 42.356973][ T1] ? vti6_tunnel_init+0x34/0x450
[ 42.356973][ T1] ? do_one_initcall+0x219/0x970
[ 42.356973][ T1] ? do_initcall_level+0x140/0x350
[ 42.356973][ T1] ? do_initcalls+0xf0/0x1e0
[ 42.356973][ T1] ? do_basic_setup+0x22/0x30
[ 42.356973][ T1] ? kernel_init_freeable+0x30b/0x4c0
[ 42.356973][ T1] ? kernel_init+0x2f/0x7e0
[ 42.356973][ T1] ? ret_from_fork+0x6d/0x90
[ 42.356973][ T1] net_rx_queue_update_kobjects+0x1eb/0xa80
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] netdev_register_kobject+0x30e/0x530
[ 42.356973][ T1] register_netdevice+0x1995/0x2180
[ 42.356973][ T1] register_netdev+0xa5/0xe0
[ 42.356973][ T1] vti6_init_net+0x3f9/0x6a0
[ 42.356973][ T1] ? __pfx_vti6_init_net+0x10/0x10
[ 42.356973][ T1] ops_init+0x30c/0x880
[ 42.356973][ T1] register_pernet_operations+0x523/0xa00
[ 42.356973][ T1] register_pernet_device+0x4f/0x180
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] vti6_tunnel_init+0x34/0x450
[ 42.356973][ T1] ? __pfx_vti6_tunnel_init+0x10/0x10
[ 42.356973][ T1] do_one_initcall+0x219/0x970
[ 42.356973][ T1] ? __pfx_vti6_tunnel_init+0x10/0x10
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] ? filter_irq_stacks+0x164/0x1a0
[ 42.356973][ T1] ? stack_depot_save_flags+0x2c/0x6a0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] ? parse_args+0x152c/0x1600
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] ? __pfx_vti6_tunnel_init+0x10/0x10
[ 42.356973][ T1] do_initcall_level+0x140/0x350
[ 42.356973][ T1] do_initcalls+0xf0/0x1e0
[ 42.356973][ T1] ? __pfx_native_smp_prepare_cpus+0x10/0x10
[ 42.356973][ T1] do_basic_setup+0x22/0x30
[ 42.356973][ T1] kernel_init_freeable+0x30b/0x4c0
[ 42.356973][ T1] ? __pfx_kernel_init+0x10/0x10
[ 42.356973][ T1] kernel_init+0x2f/0x7e0
[ 42.356973][ T1] ? __pfx_kernel_init+0x10/0x10
[ 42.356973][ T1] ret_from_fork+0x6d/0x90
[ 42.356973][ T1] ? __pfx_kernel_init+0x10/0x10
[ 42.356973][ T1] ret_from_fork_asm+0x1a/0x30
[ 42.356973][ T1] </TASK>
[ 42.356973][ T1] Kernel Offset: disabled
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.4'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2225259581=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at b438bd66d
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b438bd66d6f95113d52f25c25bfef0e963c8ce8d -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240109-174804'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b438bd66d6f95113d52f25c25bfef0e963c8ce8d -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240109-174804'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b438bd66d6f95113d52f25c25bfef0e963c8ce8d -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240109-174804'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"b438bd66d6f95113d52f25c25bfef0e963c8ce8d\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=136675fa180000
Tested on:
commit: 855684c7 Merge tag 'x86_tdx_for_6.9' of git://git.kern..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=6b3a9c97e8057f25
dashboard link: https://syzkaller.appspot.com/bug?extid=2ef3a8ce8e91b5a50098
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=13951646180000
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-03-12 15:18 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-14 9:24 [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2) syzbot
2024-01-15 12:57 ` Edward Adam Davis
2024-01-15 14:44 ` syzbot
2024-03-12 13:52 ` [syzbot] Test for 2ef3a8ce8e91b5a50098 syzbot
2024-03-12 14:33 ` syzbot
[not found] <20240312.225158.1066421875659457320.syoshida@redhat.com>
2024-03-12 14:30 ` [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2) syzbot
[not found] <20240312.233252.1252431549899302393.syoshida@redhat.com>
2024-03-12 15:18 ` syzbot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.