Received: by 10.192.165.148 with SMTP id m20csp4295164imm;
        Tue, 8 May 2018 06:18:51 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpBqz3AvccTee+8m6eP8GNVMwMhHe0d4t1b9V1S/mVzzIuJnltRqGDW6UKNagKCNjDdeK2b
X-Received: by 2002:a17:902:700a:: with SMTP id y10-v6mr41888367plk.265.1525785531527;
        Tue, 08 May 2018 06:18:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525785531; cv=none;
        d=google.com; s=arc-20160816;
        b=pT9oaZjZ21XO0BgOMRm7Cv1PKJCt+zuGJ0KE/08YI+K9Ha9ATDln/Z0gDdOJDFDW40
         6GnpSmqqAzqEQ2mbqAfy/wZ7dePj4mYfnkwwR529sy2u92qpTyMvE3ApIGsMLQZbaUxA
         0wcKzcUAkg6zkIhGZ/eCfmf+X4e+l2WX/VzXwpQLuvhuOpWwIGh94CdSj3FJMCIpKqvD
         sX1FPxYiJMKoc7MKD95/JM5p2kCdPeoCN1e2DiGZYaRKSFmIHUgtdHp+0zW9eVuIvRw/
         lLthSF+nMjuaUETxPndEEwvkNdyAAeEZqONRuEfxp0v9FyF/v35OhHne47eflww6qFxD
         L2CA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:arc-authentication-results;
        bh=qetW1jYkimudnIdQcN8Y92hlNUFIoqjVRqrcP+cPJUo=;
        b=PyeRzs7tHWKQ4NKxF2P9nhTXbgYvHWrhJknW9VC1qmEXG/JyY7JQ10v843xGAQTgmQ
         XVQYh/X5nXZ1ZwqCQx//V4HQo13uqrUMSZ8zu5NVf0h2PzDjHgU0Bni3Y5bweHHDUQRU
         t66/eonZGoFmj8uhmESrGI/oEXaaeSudtq3f/803yZwr2STdtA7xP2U4xMgpRcS08GAw
         SKX1x76nXdqUMxeRbhTSLC60UqTs6JL2ywwwBuzL8Hsz/lTMveh54vsULxsfStgr2v1u
         KZPcXzZhhcmKWF9UVxBM1Kv3GDLzs42QUioht7Z1nFTgnG+TFdrUZ8hsr9E8YvjDB6lX
         WN9Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g6-v6si20062099pgr.72.2018.05.08.06.18.37;
        Tue, 08 May 2018 06:18:51 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755059AbeEHNSV (ORCPT <rfc822;mailist1go@gmail.com>
        + 99 others); Tue, 8 May 2018 09:18:21 -0400
Received: from mail5.windriver.com ([192.103.53.11]:33930 "EHLO mail5.wrs.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751952AbeEHNST (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 8 May 2018 09:18:19 -0400
Received: from ALA-HCA.corp.ad.wrs.com (ala-hca.corp.ad.wrs.com [147.11.189.40])
        by mail5.wrs.com (8.15.2/8.15.2) with ESMTPS id w48DG8Lu020676
        (version=TLSv1 cipher=AES128-SHA bits=128 verify=FAIL);
        Tue, 8 May 2018 06:16:39 -0700
Received: from [128.224.155.90] (128.224.155.90) by ALA-HCA.corp.ad.wrs.com
 (147.11.189.50) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 8 May
 2018 06:16:21 -0700
Subject: Re: KMSAN: uninit-value in strcmp
To:     David Miller <davem@davemloft.net>,
        <syzbot+df0257c92ffd4fcc58cd@syzkaller.appspotmail.com>
CC:     <jon.maloy@ericsson.com>, <linux-kernel@vger.kernel.org>,
        <netdev@vger.kernel.org>, <syzkaller-bugs@googlegroups.com>,
        <tipc-discussion@lists.sourceforge.net>
References: <00000000000059f907056b519603@google.com>
 <20180503.152213.740988890883315228.davem@davemloft.net>
From:   Ying Xue <ying.xue@windriver.com>
Message-ID: <cb60d6f0-4e32-b360-d1f2-032ee7777fcd@windriver.com>
Date:   Tue, 8 May 2018 21:12:14 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <20180503.152213.740988890883315228.davem@davemloft.net>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [128.224.155.90]
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 05/04/2018 03:22 AM, David Miller wrote:
> From: syzbot <syzbot+df0257c92ffd4fcc58cd@syzkaller.appspotmail.com>
> Date: Thu, 03 May 2018 11:44:02 -0700
> 
>> Call Trace:
>>  __dump_stack lib/dump_stack.c:17 [inline]
>>  dump_stack+0x185/0x1d0 lib/dump_stack.c:53
>>  kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
>>  __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683
>>  strcmp+0xf7/0x160 lib/string.c:329
>>  tipc_nl_node_get_link+0x220/0x6f0 net/tipc/node.c:1881
>>  genl_family_rcv_msg net/netlink/genetlink.c:599 [inline]
> 
> Hmmm, TIPC_NL_LINK_GET uses tipc_nl_policy, which has a proper nesting
> entry for TIPC_NLA_LINK.  I wonder how the code goes about validating
> TIPC_NLA_LINK_NAME in such a case?  Does it?
> 
> This may be the problem.

David, you are right. This is absolutely a real bug. As you said, we
didn't validate TIPC_NLA_LINK_NAME attribute in tipc_nl_node_get_link()
at all.

I will submit a patch to fix the issue soon.

>