Received: by 10.192.165.148 with SMTP id m20csp4295164imm; Tue, 8 May 2018 06:18:51 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpBqz3AvccTee+8m6eP8GNVMwMhHe0d4t1b9V1S/mVzzIuJnltRqGDW6UKNagKCNjDdeK2b X-Received: by 2002:a17:902:700a:: with SMTP id y10-v6mr41888367plk.265.1525785531527; Tue, 08 May 2018 06:18:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525785531; cv=none; d=google.com; s=arc-20160816; b=pT9oaZjZ21XO0BgOMRm7Cv1PKJCt+zuGJ0KE/08YI+K9Ha9ATDln/Z0gDdOJDFDW40 6GnpSmqqAzqEQ2mbqAfy/wZ7dePj4mYfnkwwR529sy2u92qpTyMvE3ApIGsMLQZbaUxA 0wcKzcUAkg6zkIhGZ/eCfmf+X4e+l2WX/VzXwpQLuvhuOpWwIGh94CdSj3FJMCIpKqvD sX1FPxYiJMKoc7MKD95/JM5p2kCdPeoCN1e2DiGZYaRKSFmIHUgtdHp+0zW9eVuIvRw/ lLthSF+nMjuaUETxPndEEwvkNdyAAeEZqONRuEfxp0v9FyF/v35OhHne47eflww6qFxD L2CA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=qetW1jYkimudnIdQcN8Y92hlNUFIoqjVRqrcP+cPJUo=; b=PyeRzs7tHWKQ4NKxF2P9nhTXbgYvHWrhJknW9VC1qmEXG/JyY7JQ10v843xGAQTgmQ XVQYh/X5nXZ1ZwqCQx//V4HQo13uqrUMSZ8zu5NVf0h2PzDjHgU0Bni3Y5bweHHDUQRU t66/eonZGoFmj8uhmESrGI/oEXaaeSudtq3f/803yZwr2STdtA7xP2U4xMgpRcS08GAw SKX1x76nXdqUMxeRbhTSLC60UqTs6JL2ywwwBuzL8Hsz/lTMveh54vsULxsfStgr2v1u KZPcXzZhhcmKWF9UVxBM1Kv3GDLzs42QUioht7Z1nFTgnG+TFdrUZ8hsr9E8YvjDB6lX WN9Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g6-v6si20062099pgr.72.2018.05.08.06.18.37; Tue, 08 May 2018 06:18:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755059AbeEHNSV (ORCPT + 99 others); Tue, 8 May 2018 09:18:21 -0400 Received: from mail5.windriver.com ([192.103.53.11]:33930 "EHLO mail5.wrs.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751952AbeEHNST (ORCPT ); Tue, 8 May 2018 09:18:19 -0400 Received: from ALA-HCA.corp.ad.wrs.com (ala-hca.corp.ad.wrs.com [147.11.189.40]) by mail5.wrs.com (8.15.2/8.15.2) with ESMTPS id w48DG8Lu020676 (version=TLSv1 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 8 May 2018 06:16:39 -0700 Received: from [128.224.155.90] (128.224.155.90) by ALA-HCA.corp.ad.wrs.com (147.11.189.50) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 8 May 2018 06:16:21 -0700 Subject: Re: KMSAN: uninit-value in strcmp To: David Miller , CC: , , , , References: <00000000000059f907056b519603@google.com> <20180503.152213.740988890883315228.davem@davemloft.net> From: Ying Xue Message-ID: Date: Tue, 8 May 2018 21:12:14 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180503.152213.740988890883315228.davem@davemloft.net> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [128.224.155.90] Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/04/2018 03:22 AM, David Miller wrote: > From: syzbot > Date: Thu, 03 May 2018 11:44:02 -0700 > >> Call Trace: >> __dump_stack lib/dump_stack.c:17 [inline] >> dump_stack+0x185/0x1d0 lib/dump_stack.c:53 >> kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 >> __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683 >> strcmp+0xf7/0x160 lib/string.c:329 >> tipc_nl_node_get_link+0x220/0x6f0 net/tipc/node.c:1881 >> genl_family_rcv_msg net/netlink/genetlink.c:599 [inline] > > Hmmm, TIPC_NL_LINK_GET uses tipc_nl_policy, which has a proper nesting > entry for TIPC_NLA_LINK. I wonder how the code goes about validating > TIPC_NLA_LINK_NAME in such a case? Does it? > > This may be the problem. David, you are right. This is absolutely a real bug. As you said, we didn't validate TIPC_NLA_LINK_NAME attribute in tipc_nl_node_get_link() at all. I will submit a patch to fix the issue soon. >