Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp5041813rwi; Mon, 17 Oct 2022 14:41:39 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4WZ5nb6XIFetvOJ9DG5N5WF6t9lScux9aloaIlmUi7999IBeqaj3Z5n1ePUO9IGgjJlTA2 X-Received: by 2002:a17:906:8a6a:b0:78d:f18e:5d6f with SMTP id hy10-20020a1709068a6a00b0078df18e5d6fmr10314578ejc.489.1666042899686; Mon, 17 Oct 2022 14:41:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666042899; cv=none; d=google.com; s=arc-20160816; b=Uh0aSXKfXLVKe53mT2zmGZhZEDvbBpXia/wWrUgOruavjYJXdjKVD9/99h4K1ZtWf6 SXbpV9xQ7w6CTiyLQf8UiTii5wi2je0mMy6yvO6OCRifeXWXJseUhbzzemo+CUoOi5Db gJP6s1r7OiabtLz4qY1DFuaj/UrOaS8k/IXCTQ8B1AWLbSnFBFZl4H2GHOSfb7uKKhDs VAiM1qpvJcj1j/gKsgsBJ9S5r2Nu/qpzPVi/MPzKpjnyVv7zD+DpWFPX932SLQzRRNkZ iM7MOEi3+FalBMuC4Sj1Gkc+VSfq9dhoCBieXzKYAQCEMJKGgUn+cVf3WBDxWIccolMy DkKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=46MPYDcSyFVz6GkTBNDhV/x3uqfsygrrwPwLQqkUp+w=; b=1Kwj1Ck/UwgYpV6SxefKS2gqFGiRqP6YisleMwfpFifPw1Fge+TbqAkKrJscVnmueW ccppRfgeTZOkYIMae3s74wdwnjYXAfR96HDwcdaRPn7lGRrV7U3ZfFsFRH4NZFkULN2p KVDKUbE+7D5Mmg/tvOmUuNj7NiNPpFHg+ck9YEz/40428NKw2Cuj91UJ3smh+qOgtpkd XZ2tpid0+/Eej+v0UccPG2UC55qVdTg0v+G2lLcIHwXDfaPod+kbkBbJ0XkfbjBpVu2H PP0TH6sAPVJgZnaf0c36T5OhPWv82Jz4InY7+2rI/BuXLsWftSBMCXOy9TSUnhkmjdil YaZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=jzPeBXpO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n1-20020a1709062bc100b0077d26491a9csi8628136ejg.141.2022.10.17.14.41.14; Mon, 17 Oct 2022 14:41:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=jzPeBXpO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229990AbiJQVIY (ORCPT + 99 others); Mon, 17 Oct 2022 17:08:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44116 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230262AbiJQVIP (ORCPT ); Mon, 17 Oct 2022 17:08:15 -0400 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 57F9575FD6 for ; Mon, 17 Oct 2022 14:08:09 -0700 (PDT) Received: by mail-pf1-x449.google.com with SMTP id cu10-20020a056a00448a00b00562f2ff1058so6746100pfb.23 for ; Mon, 17 Oct 2022 14:08:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=46MPYDcSyFVz6GkTBNDhV/x3uqfsygrrwPwLQqkUp+w=; b=jzPeBXpOTdnBBqSUUx+JsE7CbYRwJhXYYE8ercipoXpii37ZMHhrX9uxh1TCt/bhpA p4diyFb1+ilOBUx9wd3BL4ND5dvCsY3p3L/+MOoQDUZl4cn9EEB0pICqDW/GlAZICXDE c9hP+YebzW3cfrn2Df91htYo6q4dFJ4EBdqTThpL6BQexammj8BVByu2iNL4gVrwc3dO fljjEGCbLk6Nq6Nh89klNTskGCrgbtmBWexrUdnnhoXxsjLzUvFJOCPa5IvxXqW3vK1O j5z9RhpxbFCgR9ho4MsVfOOaFeFBDafphClmUJsPjRlYXPQ0Zx2LCHqF/AANW1mGHmeq /Kdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=46MPYDcSyFVz6GkTBNDhV/x3uqfsygrrwPwLQqkUp+w=; b=jAsZYOOCv59hBVUfR61yN+6Ue3vGEd/wwT8WrEhGiEUj0FmuRPlm4LdrpPEN8SsJ7G 6cQcI133J71hOfcJyzUfWRQ182tUs428CWu1k86NOJwDX6I5Fejwfuv4MLrpwtdmBGGc ETWeG+ubnJQiKscwQsL/Ye0s8Z9Do4Y8SKCZJMEuLuvC0D342Yea5gjz36ZkmoycnYpq i4Njt2pc6QjfZ083qHO7jb518iAx1YZppcvvKzhzB8vid0SEB7rhkpHTYiKnwEELce6v bN0oJA4Pmc150xx+um/ADhX9RwuukCOtr6uL3hG8VxChyjg686QCVKEo9Ac0UA7hmaAa Th3A== X-Gm-Message-State: ACrzQf1N+KCX2wbrHOCHR5gM3zequLWjzfSxCEP3/sHnVOoh32CNIk38 ZT+2VCUd0HILeqCBjVh5UnUYJNI= X-Received: from sdf.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5935]) (user=sdf job=sendgmr) by 2002:a17:90b:2741:b0:20a:ebc3:6513 with SMTP id qi1-20020a17090b274100b0020aebc36513mr16120594pjb.29.1666040887804; Mon, 17 Oct 2022 14:08:07 -0700 (PDT) Date: Mon, 17 Oct 2022 14:08:06 -0700 In-Reply-To: <20221017121344.1258c0f1@kernel.org> Mime-Version: 1.0 References: <0000000000004438f605ead95255@google.com> <20221017121344.1258c0f1@kernel.org> Message-ID: Subject: Re: [syzbot] KMSAN: uninit-value in erspan_build_header From: sdf@google.com To: Jakub Kicinski Cc: syzbot , davem@davemloft.net, dsahern@kernel.org, edumazet@google.com, glider@google.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, pabeni@redhat.com, syzkaller-bugs@googlegroups.com, yoshfuji@linux-ipv6.org, bpf@vger.kernel.org, yuehaibing@huawei.com, Lorenz Bauer Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/17, Jakub Kicinski wrote: > CC: bpf, looks like we have a packet with uninitialized payload > generated by BPF_PROG_TEST_RUN? Sounds similar to [0] and [1]. 0: https://lore.kernel.org/bpf/ce5d58a3-32ed-fa81-d490-ce854cfca927@huawei.com/T/#t 1: https://lore.kernel.org/bpf/CAKH8qBugSdWHP7mtNxrnLLR+56u_0OCx3xQOkJSV-+RUvDAeNg@mail.gmail.com/T/#t > On Wed, 12 Oct 2022 09:59:52 -0700 syzbot wrote: > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 968c2729e576 x86: kmsan: fix comment in kmsan_shadow.c > > git tree: https://github.com/google/kmsan.git master > > console output: https://syzkaller.appspot.com/x/log.txt?x=100cd00c880000 > > kernel config: > https://syzkaller.appspot.com/x/.config?x=131312b26465c190 > > dashboard link: > https://syzkaller.appspot.com/bug?extid=d551178aab6a783dc249 > > compiler: clang version 15.0.0 > (https://github.com/llvm/llvm-project.git > 610139d2d9ce6746b3c617fb3e2f7886272d26ff), GNU ld (GNU Binutils for > Debian) 2.35.2 > > userspace arch: i386 > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > Downloadable assets: > > disk image: > https://storage.googleapis.com/syzbot-assets/c78ce21b953f/disk-968c2729.raw.xz > > vmlinux: > https://storage.googleapis.com/syzbot-assets/22868d826804/vmlinux-968c2729.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the > commit: > > Reported-by: syzbot+d551178aab6a783dc249@syzkaller.appspotmail.com > > > > ===================================================== > > BUG: KMSAN: uninit-value in erspan_build_header+0x16d/0x330 > include/net/erspan.h:197 > > erspan_build_header+0x16d/0x330 include/net/erspan.h:197 > > erspan_xmit+0x11a2/0x1f00 net/ipv4/ip_gre.c:701 > > __netdev_start_xmit include/linux/netdevice.h:4819 [inline] > > netdev_start_xmit include/linux/netdevice.h:4833 [inline] > > xmit_one+0x14e/0x5f0 net/core/dev.c:3590 > > dev_hard_start_xmit+0xe5/0x370 net/core/dev.c:3606 > > sch_direct_xmit+0x3f1/0xdb0 net/sched/sch_generic.c:342 > > __dev_xmit_skb+0xc22/0x1a30 net/core/dev.c:3817 > > __dev_queue_xmit+0x12cb/0x31f0 net/core/dev.c:4222 > > dev_queue_xmit include/linux/netdevice.h:3008 [inline] > > __bpf_tx_skb net/core/filter.c:2115 [inline] > > __bpf_redirect_common net/core/filter.c:2154 [inline] > > __bpf_redirect+0x1293/0x13b0 net/core/filter.c:2161 > > ____bpf_clone_redirect net/core/filter.c:2430 [inline] > > bpf_clone_redirect+0x324/0x470 net/core/filter.c:2402 > > ___bpf_prog_run+0x7ed/0xaee0 kernel/bpf/core.c:1813 > > __bpf_prog_run512+0xc2/0x110 kernel/bpf/core.c:2038 > > bpf_dispatcher_nop_func include/linux/bpf.h:903 [inline] > > __bpf_prog_run include/linux/filter.h:594 [inline] > > bpf_prog_run include/linux/filter.h:601 [inline] > > bpf_test_run+0x592/0xd20 net/bpf/test_run.c:402 > > bpf_prog_test_run_skb+0x1625/0x20b0 net/bpf/test_run.c:1141 > > bpf_prog_test_run+0x6a0/0x730 kernel/bpf/syscall.c:3620 > > __sys_bpf+0x88d/0xe70 kernel/bpf/syscall.c:4971 > > __do_sys_bpf kernel/bpf/syscall.c:5057 [inline] > > __se_sys_bpf kernel/bpf/syscall.c:5055 [inline] > > __ia32_sys_bpf+0x9c/0xe0 kernel/bpf/syscall.c:5055 > > do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] > > __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 > > do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 > > do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 > > entry_SYSENTER_compat_after_hwframe+0x70/0x82 > > > > Uninit was created at: > > slab_post_alloc_hook mm/slab.h:732 [inline] > > slab_alloc_node mm/slub.c:3258 [inline] > > __kmalloc_node_track_caller+0x814/0x1250 mm/slub.c:4970 > > kmalloc_reserve net/core/skbuff.c:362 [inline] > > pskb_expand_head+0x24a/0x1a80 net/core/skbuff.c:1729 > > __skb_cow include/linux/skbuff.h:3529 [inline] > > skb_cow_head include/linux/skbuff.h:3563 [inline] > > erspan_xmit+0xad2/0x1f00 net/ipv4/ip_gre.c:688 > > __netdev_start_xmit include/linux/netdevice.h:4819 [inline] > > netdev_start_xmit include/linux/netdevice.h:4833 [inline] > > xmit_one+0x14e/0x5f0 net/core/dev.c:3590 > > dev_hard_start_xmit+0xe5/0x370 net/core/dev.c:3606 > > sch_direct_xmit+0x3f1/0xdb0 net/sched/sch_generic.c:342 > > __dev_xmit_skb+0xc22/0x1a30 net/core/dev.c:3817 > > __dev_queue_xmit+0x12cb/0x31f0 net/core/dev.c:4222 > > dev_queue_xmit include/linux/netdevice.h:3008 [inline] > > __bpf_tx_skb net/core/filter.c:2115 [inline] > > __bpf_redirect_common net/core/filter.c:2154 [inline] > > __bpf_redirect+0x1293/0x13b0 net/core/filter.c:2161 > > ____bpf_clone_redirect net/core/filter.c:2430 [inline] > > bpf_clone_redirect+0x324/0x470 net/core/filter.c:2402 > > ___bpf_prog_run+0x7ed/0xaee0 kernel/bpf/core.c:1813 > > __bpf_prog_run512+0xc2/0x110 kernel/bpf/core.c:2038 > > bpf_dispatcher_nop_func include/linux/bpf.h:903 [inline] > > __bpf_prog_run include/linux/filter.h:594 [inline] > > bpf_prog_run include/linux/filter.h:601 [inline] > > bpf_test_run+0x592/0xd20 net/bpf/test_run.c:402 > > bpf_prog_test_run_skb+0x1625/0x20b0 net/bpf/test_run.c:1141 > > bpf_prog_test_run+0x6a0/0x730 kernel/bpf/syscall.c:3620 > > __sys_bpf+0x88d/0xe70 kernel/bpf/syscall.c:4971 > > __do_sys_bpf kernel/bpf/syscall.c:5057 [inline] > > __se_sys_bpf kernel/bpf/syscall.c:5055 [inline] > > __ia32_sys_bpf+0x9c/0xe0 kernel/bpf/syscall.c:5055 > > do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] > > __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 > > do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 > > do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 > > entry_SYSENTER_compat_after_hwframe+0x70/0x82 > > > > CPU: 0 PID: 12499 Comm: syz-executor.1 Not tainted > 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 09/22/2022 > > ===================================================== > > > > > > --- > > This report is generated by a bot. It may contain errors. > > See https://goo.gl/tpsmEJ for more information about syzbot. > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > syzbot will keep track of this issue. See: > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot.