Re: [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2)

From: syzbot
Date: Tue Mar 12 2024 - 10:33:02 EST

Next message: Florian Westphal: "Re: KASAN: slab-use-after-free Read in ip_finish_output"
Previous message: Christian Brauner: "Re: [PATCH] fs_parser: move fsparam_string_empty() helper into header"
Next in thread: syzbot: "Re: [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

T1] usbhid: USB HID core driver
[ 41.445057][ T1] usbcore: registered new interface driver es2_ap_driver
[ 41.452522][ T1] comedi: version 0.7.76 - http://www.comedi.org
[ 41.462013][ T1] usbcore: registered new interface driver dt9812
[ 41.470508][ T1] usbcore: registered new interface driver ni6501
[ 41.478004][ T1] usbcore: registered new interface driver usbdux
[ 41.485497][ T1] usbcore: registered new interface driver usbduxfast
[ 41.493272][ T1] usbcore: registered new interface driver usbduxsigma
[ 41.501230][ T1] usbcore: registered new interface driver vmk80xx
[ 41.509250][ T1] usbcore: registered new interface driver prism2_usb
[ 41.518077][ T1] usbcore: registered new interface driver r8712u
[ 41.525021][ T1] greybus: registered new driver hid
[ 41.531212][ T1] greybus: registered new driver gbphy
[ 41.537142][ T1] gb_gbphy: registered new driver usb
[ 41.542897][ T1] asus_wmi: ASUS WMI generic driver loaded
[ 41.738826][ T1] usbcore: registered new interface driver snd-usb-audio
[ 41.747671][ T1] usbcore: registered new interface driver snd-ua101
[ 41.756259][ T1] usbcore: registered new interface driver snd-usb-usx2y
[ 41.764396][ T1] usbcore: registered new interface driver snd-usb-us122l
[ 41.772587][ T1] usbcore: registered new interface driver snd-usb-caiaq
[ 41.781306][ T1] usbcore: registered new interface driver snd-usb-6fire
[ 41.790406][ T1] usbcore: registered new interface driver snd-usb-hiface
[ 41.799287][ T1] usbcore: registered new interface driver snd-bcd2000
[ 41.807204][ T1] usbcore: registered new interface driver snd_usb_pod
[ 41.815236][ T1] usbcore: registered new interface driver snd_usb_podhd
[ 41.823341][ T1] usbcore: registered new interface driver snd_usb_toneport
[ 41.831585][ T1] usbcore: registered new interface driver snd_usb_variax
[ 41.839634][ T1] drop_monitor: Initializing network drop monitor service
[ 41.848496][ T1] NET: Registered PF_LLC protocol family
[ 41.854636][ T1] GACT probability on
[ 41.858817][ T1] Mirror/redirect action on
[ 41.863972][ T1] Simple TC action Loaded
[ 41.876090][ T1] netem: version 1.3
[ 41.880422][ T1] u32 classifier
[ 41.884012][ T1] Performance counters on
[ 41.890459][ T1] input device check on
[ 41.895664][ T1] Actions configured
[ 41.921296][ T1] nf_conntrack_irc: failed to register helpers
[ 41.928588][ T1] nf_conntrack_sane: failed to register helpers
[ 42.073937][ T1] nf_conntrack_sip: failed to register helpers
[ 42.090482][ T1] xt_time: kernel timezone is -0000
[ 42.096261][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 42.103352][ T1] IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
[ 42.113694][ T1] IPVS: ipvs loaded.
[ 42.117739][ T1] IPVS: [rr] scheduler registered.
[ 42.122901][ T1] IPVS: [wrr] scheduler registered.
[ 42.128228][ T1] IPVS: [lc] scheduler registered.
[ 42.133405][ T1] IPVS: [wlc] scheduler registered.
[ 42.138759][ T1] IPVS: [fo] scheduler registered.
[ 42.143924][ T1] IPVS: [ovf] scheduler registered.
[ 42.149391][ T1] IPVS: [lblc] scheduler registered.
[ 42.154820][ T1] IPVS: [lblcr] scheduler registered.
[ 42.160239][ T1] IPVS: [dh] scheduler registered.
[ 42.165456][ T1] IPVS: [sh] scheduler registered.
[ 42.170640][ T1] IPVS: [mh] scheduler registered.
[ 42.175915][ T1] IPVS: [sed] scheduler registered.
[ 42.181264][ T1] IPVS: [nq] scheduler registered.
[ 42.186471][ T1] IPVS: [twos] scheduler registered.
[ 42.191914][ T1] IPVS: [sip] pe registered.
[ 42.198686][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 42.213107][ T1] gre: GRE over IPv4 demultiplexor driver
[ 42.219041][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 42.246435][ T1] IPv4 over IPsec tunneling driver
[ 42.260657][ T1] Initializing XFRM netlink socket
[ 42.268642][ T1] IPsec XFRM device driver
[ 42.275059][ T1] NET: Registered PF_INET6 protocol family
[ 42.326632][ T1] Segment Routing with IPv6
[ 42.331207][ T1] RPL Segment Routing with IPv6
[ 42.337084][ T1] In-situ OAM (IOAM) with IPv6
[ 42.342955][ T1] mip6: Mobile IPv6
[ 42.351543][ T1] =====================================================
[ 42.351775][ T1] BUG: KMSAN: use-after-free in __list_add_valid_or_report+0xeb/0x2c0
[ 42.351917][ T1] __list_add_valid_or_report+0xeb/0x2c0
[ 42.352049][ T1] stack_depot_save_flags+0x554/0x6a0
[ 42.352178][ T1] stack_depot_save+0x12/0x20
[ 42.352283][ T1] ref_tracker_alloc+0x215/0x700
[ 42.352396][ T1] net_rx_queue_update_kobjects+0x1eb/0xa80
[ 42.352510][ T1] netdev_register_kobject+0x30e/0x530
[ 42.352609][ T1] register_netdevice+0x1995/0x2180
[ 42.352703][ T1] register_netdev+0xa5/0xe0
[ 42.352791][ T1] vti6_init_net+0x3f9/0x6a0
[ 42.352910][ T1] ops_init+0x30c/0x880
[ 42.352973][ T1] register_pernet_operations+0x523/0xa00
[ 42.353034][ T1] register_pernet_device+0x4f/0x180
[ 42.353092][ T1] vti6_tunnel_init+0x34/0x450
[ 42.353185][ T1] do_one_initcall+0x219/0x970
[ 42.353263][ T1] do_initcall_level+0x140/0x350
[ 42.353346][ T1] do_initcalls+0xf0/0x1e0
[ 42.353418][ T1] do_basic_setup+0x22/0x30
[ 42.353491][ T1] kernel_init_freeable+0x30b/0x4c0
[ 42.353569][ T1] kernel_init+0x2f/0x7e0
[ 42.353651][ T1] ret_from_fork+0x6d/0x90
[ 42.353723][ T1] ret_from_fork_asm+0x1a/0x30
[ 42.353801][ T1]
[ 42.353811][ T1] Uninit was created at:
[ 42.353928][ T1] free_unref_page_prepare+0xc1/0xad0
[ 42.354016][ T1] free_unref_page+0x59/0x730
[ 42.354119][ T1] destroy_large_folio+0x12a/0x1d0
[ 42.354239][ T1] __folio_put_large+0x101/0x110
[ 42.354353][ T1] __folio_put+0x153/0x160
[ 42.354441][ T1] free_large_kmalloc+0x167/0x210
[ 42.354529][ T1] kfree+0x4e3/0xa40
[ 42.354605][ T1] kmsan_vmap_pages_range_noflush+0x347/0x3d0
[ 42.354702][ T1] __vmalloc_node_range+0x217c/0x28c0
[ 42.354772][ T1] vmalloc_huge+0x92/0xb0
[ 42.354834][ T1] alloc_large_system_hash+0x459/0xa30
[ 42.354904][ T1] dcache_init+0x125/0x220
[ 42.354980][ T1] vfs_caches_init+0x7c/0xd0
[ 42.355056][ T1] start_kernel+0x8d8/0xa60
[ 42.355125][ T1] x86_64_start_reservations+0x2e/0x30
[ 42.355190][ T1] x86_64_start_kernel+0x98/0xa0
[ 42.355280][ T1] secondary_startup_64_no_verify+0x15f/0x16b
[ 42.355364][ T1]
[ 42.355375][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.8.0-syzkaller-01185-g855684c7d938-dirty #0
[ 42.355437][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 42.355469][ T1] =====================================================
[ 42.355485][ T1] Disabling lock debugging due to kernel taint
[ 42.355505][ T1] Kernel panic - not syncing: kmsan.panic set ...
[ 42.355529][ T1] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G B 6.8.0-syzkaller-01185-g855684c7d938-dirty #0
[ 42.355590][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 42.355621][ T1] Call Trace:
[ 42.355640][ T1] <TASK>
[ 42.355659][ T1] dump_stack_lvl+0x1bf/0x240
[ 42.355746][ T1] dump_stack+0x1e/0x30
[ 42.355818][ T1] panic+0x4e2/0xcc0
[ 42.355896][ T1] ? kmsan_get_metadata+0x121/0x1c0
[ 42.355998][ T1] kmsan_report+0x2d5/0x2e0
[ 42.356087][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356181][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356276][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356363][ T1] ? __msan_warning+0x95/0x110
[ 42.356442][ T1] ? __list_add_valid_or_report+0xeb/0x2c0
[ 42.356539][ T1] ? stack_depot_save_flags+0x554/0x6a0
[ 42.356620][ T1] ? stack_depot_save+0x12/0x20
[ 42.356694][ T1] ? ref_tracker_alloc+0x215/0x700
[ 42.356772][ T1] ? net_rx_queue_update_kobjects+0x1eb/0xa80
[ 42.356846][ T1] ? netdev_register_kobject+0x30e/0x530
[ 42.356916][ T1] ? register_netdevice+0x1995/0x2180
[ 42.356973][ T1] ? register_netdev+0xa5/0xe0
[ 42.356973][ T1] ? vti6_init_net+0x3f9/0x6a0
[ 42.356973][ T1] ? ops_init+0x30c/0x880
[ 42.356973][ T1] ? register_pernet_operations+0x523/0xa00
[ 42.356973][ T1] ? register_pernet_device+0x4f/0x180
[ 42.356973][ T1] ? vti6_tunnel_init+0x34/0x450
[ 42.356973][ T1] ? do_one_initcall+0x219/0x970
[ 42.356973][ T1] ? do_initcall_level+0x140/0x350
[ 42.356973][ T1] ? do_initcalls+0xf0/0x1e0
[ 42.356973][ T1] ? do_basic_setup+0x22/0x30
[ 42.356973][ T1] ? kernel_init_freeable+0x30b/0x4c0
[ 42.356973][ T1] ? kernel_init+0x2f/0x7e0
[ 42.356973][ T1] ? ret_from_fork+0x6d/0x90
[ 42.356973][ T1] ? ret_from_fork_asm+0x1a/0x30
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] ? _raw_spin_lock_irqsave+0x35/0xc0
[ 42.356973][ T1] ? filter_irq_stacks+0x60/0x1a0
[ 42.356973][ T1] ? stack_depot_save_flags+0x2c/0x6a0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] __msan_warning+0x95/0x110
[ 42.356973][ T1] __list_add_valid_or_report+0xeb/0x2c0
[ 42.356973][ T1] stack_depot_save_flags+0x554/0x6a0
[ 42.356973][ T1] stack_depot_save+0x12/0x20
[ 42.356973][ T1] ref_tracker_alloc+0x215/0x700
[ 42.356973][ T1] ? dev_uevent_filter+0x53/0x110
[ 42.356973][ T1] ? net_rx_queue_update_kobjects+0x1eb/0xa80
[ 42.356973][ T1] ? netdev_register_kobject+0x30e/0x530
[ 42.356973][ T1] ? register_netdevice+0x1995/0x2180
[ 42.356973][ T1] ? register_netdev+0xa5/0xe0
[ 42.356973][ T1] ? vti6_init_net+0x3f9/0x6a0
[ 42.356973][ T1] ? ops_init+0x30c/0x880
[ 42.356973][ T1] ? register_pernet_operations+0x523/0xa00
[ 42.356973][ T1] ? register_pernet_device+0x4f/0x180
[ 42.356973][ T1] ? vti6_tunnel_init+0x34/0x450
[ 42.356973][ T1] ? do_one_initcall+0x219/0x970
[ 42.356973][ T1] ? do_initcall_level+0x140/0x350
[ 42.356973][ T1] ? do_initcalls+0xf0/0x1e0
[ 42.356973][ T1] ? do_basic_setup+0x22/0x30
[ 42.356973][ T1] ? kernel_init_freeable+0x30b/0x4c0
[ 42.356973][ T1] ? kernel_init+0x2f/0x7e0
[ 42.356973][ T1] ? ret_from_fork+0x6d/0x90
[ 42.356973][ T1] net_rx_queue_update_kobjects+0x1eb/0xa80
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] netdev_register_kobject+0x30e/0x530
[ 42.356973][ T1] register_netdevice+0x1995/0x2180
[ 42.356973][ T1] register_netdev+0xa5/0xe0
[ 42.356973][ T1] vti6_init_net+0x3f9/0x6a0
[ 42.356973][ T1] ? __pfx_vti6_init_net+0x10/0x10
[ 42.356973][ T1] ops_init+0x30c/0x880
[ 42.356973][ T1] register_pernet_operations+0x523/0xa00
[ 42.356973][ T1] register_pernet_device+0x4f/0x180
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] vti6_tunnel_init+0x34/0x450
[ 42.356973][ T1] ? __pfx_vti6_tunnel_init+0x10/0x10
[ 42.356973][ T1] do_one_initcall+0x219/0x970
[ 42.356973][ T1] ? __pfx_vti6_tunnel_init+0x10/0x10
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] ? filter_irq_stacks+0x164/0x1a0
[ 42.356973][ T1] ? stack_depot_save_flags+0x2c/0x6a0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] ? parse_args+0x152c/0x1600
[ 42.356973][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 42.356973][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 42.356973][ T1] ? __pfx_vti6_tunnel_init+0x10/0x10
[ 42.356973][ T1] do_initcall_level+0x140/0x350
[ 42.356973][ T1] do_initcalls+0xf0/0x1e0
[ 42.356973][ T1] ? __pfx_native_smp_prepare_cpus+0x10/0x10
[ 42.356973][ T1] do_basic_setup+0x22/0x30
[ 42.356973][ T1] kernel_init_freeable+0x30b/0x4c0
[ 42.356973][ T1] ? __pfx_kernel_init+0x10/0x10
[ 42.356973][ T1] kernel_init+0x2f/0x7e0
[ 42.356973][ T1] ? __pfx_kernel_init+0x10/0x10
[ 42.356973][ T1] ret_from_fork+0x6d/0x90
[ 42.356973][ T1] ? __pfx_kernel_init+0x10/0x10
[ 42.356973][ T1] ret_from_fork_asm+0x1a/0x30
[ 42.356973][ T1] </TASK>
[ 42.356973][ T1] Kernel Offset: disabled

syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.4'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2225259581=/tmp/go-build -gno-record-gcc-switches'

git status (err=<nil>)
HEAD detached at b438bd66d
nothing to commit, working tree clean

tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b438bd66d6f95113d52f25c25bfef0e963c8ce8d -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240109-174804'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b438bd66d6f95113d52f25c25bfef0e963c8ce8d -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240109-174804'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b438bd66d6f95113d52f25c25bfef0e963c8ce8d -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240109-174804'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"b438bd66d6f95113d52f25c25bfef0e963c8ce8d\"

Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=136675fa180000

Tested on:

commit: 855684c7 Merge tag 'x86_tdx_for_6.9' of git://git.kern..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=6b3a9c97e8057f25
dashboard link: https://syzkaller.appspot.com/bug?extid=2ef3a8ce8e91b5a50098
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=13951646180000

Next message: Florian Westphal: "Re: KASAN: slab-use-after-free Read in ip_finish_output"
Previous message: Christian Brauner: "Re: [PATCH] fs_parser: move fsparam_string_empty() helper into header"
Next in thread: syzbot: "Re: [syzbot] [net?] KMSAN: uninit-value in hsr_get_node (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]