Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp331652ybl; Thu, 30 Jan 2020 23:18:26 -0800 (PST) X-Google-Smtp-Source: APXvYqy+plohtdvYjo1Fw0F4vw4FzIpJ0DMWu7PKt2wSHDgX+gyD/qoMNSYI65FcasRbeF8QByn9 X-Received: by 2002:a9d:4c14:: with SMTP id l20mr6576789otf.125.1580455106722; Thu, 30 Jan 2020 23:18:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580455106; cv=none; d=google.com; s=arc-20160816; b=cKzcQoESE1wxyl73uOEhG/C461J6SRIZYs1U5T5sXMk7+90NcjL8/jaQuyj/AcC1Ug ahDsTOK3GrhwJAnuT+Ir25n0TQnk1iEfwl26o4qxwy6zxQdLGr+5nmwFaOtQlksChbsu aVOpiH59Gk1b/Yxhf3aB8gd9CnZVkH0YTTQP0ZhVa9AvgcjwGrOqga4+LiKyOq/L08wL V9WleY1cIvLr3W4DoYsVlU5T05C/gRTggctGAh8zYz9vbBuUSFHdGYCaJzfANunp3p4I +9w9DSGzZ+vftyHXYwbmCbH2nTXaDAYwL674TVEEPRKQGVALVfXrBJixUc638M/Pn7F0 ViXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=262ZcO9nGFIaHjYtWQmk/Eq3eRhsSEhvvzLlMTVZhgY=; b=pe+GIBrybnmcd+6H5g/Wm/MB9DNzbaQpF3X5xPOw8K459aMOJtBISEzmkFEUH0cjCm Z419Sq+F/eCYxazJttk3htXxTkdCmIUcac1nbcIHYTlSwYQ0f33NOflwC9akn7zfGFRP Uk8RN/N8sTV3EI9okxeQl04l8kVj3iYmNaI5LmQS6LTCknIUlX/cy/CP3rZA6MqDYknv 07PNF6ZBIsO1z6dmDvhssyuOUxbTjD4tV3xmQKCu1BaZq49CYkOmCiXMYmA3iL5TEmEV 6uI4tsAe/H6ie1WI7/1y1yWEzpJ00wOt5QsesNrwHc3NViaKFWWRTllcg7p+mcpNKWxe PbiA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@narfation.org header.s=20121 header.b=FjZFhdVl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=narfation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u13si4671571otg.56.2020.01.30.23.18.14; Thu, 30 Jan 2020 23:18:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@narfation.org header.s=20121 header.b=FjZFhdVl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=narfation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728107AbgAaHRR (ORCPT + 99 others); Fri, 31 Jan 2020 02:17:17 -0500 Received: from dvalin.narfation.org ([213.160.73.56]:50542 "EHLO dvalin.narfation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727525AbgAaHRR (ORCPT ); Fri, 31 Jan 2020 02:17:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=narfation.org; s=20121; t=1580455033; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=262ZcO9nGFIaHjYtWQmk/Eq3eRhsSEhvvzLlMTVZhgY=; b=FjZFhdVlICftOoiLbHemtSAy0XBE3r+42d6JOwo//ijPAlEUJX+SV0rnYBhkW9n5ZqvcEP vBrlbfVrkXMYAC7c7Essy9zyIhRaTigK7RfYYWqF3PI9JO3Z2rgy8fadByAxLZ940L8WDj P5Um687AdLKfLRALbkt72RYd4I9HAaI= From: Sven Eckelmann To: syzbot Cc: a@unstable.cc, b.a.t.m.a.n@lists.open-mesh.org, davem@davemloft.net, glider@google.com, linux-kernel@vger.kernel.org, mareklindner@neomailbox.ch, netdev@vger.kernel.org, sw@simonwunderlich.de, syzkaller-bugs@googlegroups.com, Arvid Brodin Subject: Re: KMSAN: uninit-value in batadv_interface_tx (2) Date: Fri, 31 Jan 2020 08:17:05 +0100 Message-ID: <2402337.3Z8xRsGYif@bentobox> In-Reply-To: <00000000000038fa02059d614893@google.com> References: <00000000000038fa02059d614893@google.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2318064.iM8dZQ9v1p"; micalg="pgp-sha512"; protocol="application/pgp-signature" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --nextPart2318064.iM8dZQ9v1p Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" On Thursday, 30 January 2020 21:27:12 CET syzbot wrote: [...] > dashboard link: https://syzkaller.appspot.com/bug?extid=24458cef7d37351dd0c3 [...] > Reported-by: syzbot+24458cef7d37351dd0c3@syzkaller.appspotmail.com [...] > ===================================================== > BUG: KMSAN: uninit-value in batadv_interface_tx+0x10cf/0x2450 net/batman-adv/soft-interface.c:264 This line is just comparing the eth_hdr(skb)->h_dest with the STP address (static const buffer). Is there some situation when hsr would not initialize offset for eth_hdr() correctly or where h_dest is not initialized from a correctly initialized value? At least the comparisons with eth_hdr(skb)->h_source didn't cause this error. Regarding my assupmtion: it seems like the hsr_xmit is only initializing the h_source in master mode. And there even more conditions (see hsr_addr_subst_dest) for initializing the h_dest in master mode. Btw. the code in hsr which "stored this" was if (skb_put_padto(skb, ETH_ZLEN + HSR_HLEN)) return; [...] > batadv_interface_tx+0x10cf/0x2450 net/batman-adv/soft-interface.c:264 > __netdev_start_xmit include/linux/netdevice.h:4447 [inline] > netdev_start_xmit include/linux/netdevice.h:4461 [inline] > xmit_one net/core/dev.c:3420 [inline] > dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3436 > __dev_queue_xmit+0x37de/0x4220 net/core/dev.c:4013 > dev_queue_xmit+0x4b/0x60 net/core/dev.c:4046 > hsr_xmit net/hsr/hsr_forward.c:228 [inline] > hsr_forward_do net/hsr/hsr_forward.c:285 [inline] > hsr_forward_skb+0x2614/0x30d0 net/hsr/hsr_forward.c:361 > hsr_handle_frame+0x385/0x4b0 net/hsr/hsr_slave.c:43 > __netif_receive_skb_core+0x21de/0x5840 net/core/dev.c:5051 > __netif_receive_skb_one_core net/core/dev.c:5148 [inline] > __netif_receive_skb net/core/dev.c:5264 [inline] > process_backlog+0x936/0x1410 net/core/dev.c:6095 > napi_poll net/core/dev.c:6532 [inline] > net_rx_action+0x786/0x1ab0 net/core/dev.c:6600 > __do_softirq+0x311/0x83d kernel/softirq.c:293 > run_ksoftirqd+0x25/0x40 kernel/softirq.c:607 > smpboot_thread_fn+0x493/0x980 kernel/smpboot.c:165 > kthread+0x4b5/0x4f0 kernel/kthread.c:256 > ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353 > > Uninit was stored to memory at: > kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] > kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 > kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247 > kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 > __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:116 > pskb_expand_head+0x38b/0x1b00 net/core/skbuff.c:1637 > __skb_pad+0x47f/0x900 net/core/skbuff.c:1805 > __skb_put_padto include/linux/skbuff.h:3193 [inline] > skb_put_padto include/linux/skbuff.h:3212 [inline] > send_hsr_supervision_frame+0x122d/0x1500 net/hsr/hsr_device.c:310 > hsr_announce+0x1e2/0x370 net/hsr/hsr_device.c:341 > call_timer_fn+0x218/0x510 kernel/time/timer.c:1404 > expire_timers kernel/time/timer.c:1449 [inline] > __run_timers+0xcff/0x1210 kernel/time/timer.c:1773 > run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786 > __do_softirq+0x311/0x83d kernel/softirq.c:293 Kind regards, Sven --nextPart2318064.iM8dZQ9v1p Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF10rh2Elc9zjMuACXYcKB8Eme0YFAl4z1HEACgkQXYcKB8Em e0ZO0Q/9HNGZvABsLfWxI93iMpHwWUH4pakoQ7Grba5VxXvEhQiGRUwYuY8DHAHO V2uHFRAaldEZebz7Q3YMOD/Ysj6IyGROaUSFHKhC4vs9VlEKH/ojanzpE4SPS50L lXfQ83UiDH+Tz83Ur5pk2CPJ/CQ3B8g8My1+uqrLgs4s216tLWYdfHvp7KEtfp1y jNYCL/f9BxV9D93Djxv0qVtWEfYPQYipVq9iPgsIG8FRUbCbXiY841eogk/idFNe 0uoOPzMBwfV7ODnAszvi7J0Rg0fa5yunULu4v3yh/SGizu6GIsICa0w9kt5wVWKJ hzNtAtw2L+RClZnrukDs8NY19QoFBtFNBXi0E6/Y/loEoa9FIGdRx2hcOplrCmhC siEMhxfWwYlMl+kRas/YTt4jMBilT1Fp89b2prn2YcW8I64QSwyCacTwhZIhvkGy FCudRlfjBEPbd9uti/37/NXXcv3Nq3ecbdBcALeIaNL+R9CYuemXOfJVkRpgcCs/ otUv3ZKFMeVkML4g+dn4DMcL+UnUlo3ehjKuObJXOdfTnZ4eBQkbIaZA34PQ+zRg vNxDwM/e2qg6VjvQ2LzoIqPQ5FEb7lPNPBsXQN2kPFJGHwnSocohyJK0aa7FGIB/ RhIMVpyKiR8Zg/r5wUwGhrtGX+lrLp9xRWzWBZ5eyAmdPpOxS70= =e1ZJ -----END PGP SIGNATURE----- --nextPart2318064.iM8dZQ9v1p--