From: Martin KaFai Lau <martin.lau@linux.dev>
To: Alexander Potapenko <glider@google.com>
Cc: Networking <netdev@vger.kernel.org>,
joannelkoong@gmail.com, Jakub Kicinski <kuba@kernel.org>
Subject: Re: Use of uninit value in inet_bind2_bucket_find
Date: Tue, 27 Sep 2022 10:22:39 -0700 [thread overview]
Message-ID: <41d8ccc9-5488-ae23-c019-ba73662187f8@linux.dev> (raw)
In-Reply-To: <CAG_fn=XtQDq2h+Kv70awUfmbHeuPRDm8fKP8+psweUdVd7hOQA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3293 bytes --]
On 9/27/22 9:34 AM, Alexander Potapenko wrote:
> On Tue, Sep 27, 2022 at 2:33 AM Martin KaFai Lau <martin.lau@linux.dev> wrote:
>>
>> On 9/19/22 6:41 AM, Alexander Potapenko wrote:
>>> Hi Joanne, Jakub et al.,
>>>
>>> When building next-20220919 with KMSAN I am seeing the following error
>>> at boot time:
>>>
>>> =====================================================
>>> BUG: KMSAN: uninit-value in inet_bind2_bucket_find+0x71f/0x790
>>> net/ipv4/inet_hashtables.c:827
>>> inet_bind2_bucket_find+0x71f/0x790 net/ipv4/inet_hashtables.c:827
>>> inet_csk_get_port+0x2415/0x32e0 net/ipv4/inet_connection_sock.c:529
>>> __inet6_bind+0x1474/0x1a20 net/ipv6/af_inet6.c:406
>>> inet6_bind+0x176/0x360 net/ipv6/af_inet6.c:465
>>> __sys_bind+0x5b3/0x750 net/socket.c:1776
>>> __do_sys_bind net/socket.c:1787
>>> __se_sys_bind net/socket.c:1785
>>> __x64_sys_bind+0x8d/0xe0 net/socket.c:1785
>>> do_syscall_x64 arch/x86/entry/common.c:50
>>> do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
>>> entry_SYSCALL_64_after_hwframe+0x63/0xcd ??:?
>>>
>>> Uninit was created at:
>>> slab_post_alloc_hook+0x156/0xb40 mm/slab.h:759
>>> slab_alloc_node mm/slub.c:3331
>>> slab_alloc mm/slub.c:3339
>>> __kmem_cache_alloc_lru mm/slub.c:3346
>>> kmem_cache_alloc+0x47e/0x9f0 mm/slub.c:3355
>>> inet_bind2_bucket_create+0x4b/0x3b0 net/ipv4/inet_hashtables.c:128
>>> inet_csk_get_port+0x2513/0x32e0 net/ipv4/inet_connection_sock.c:533
>>> __inet_bind+0xbd2/0x1040 net/ipv4/af_inet.c:525
>>> inet_bind+0x184/0x360 net/ipv4/af_inet.c:456
>>> __sys_bind+0x5b3/0x750 net/socket.c:1776
>>> __do_sys_bind net/socket.c:1787
>>> __se_sys_bind net/socket.c:1785
>>> __x64_sys_bind+0x8d/0xe0 net/socket.c:1785
>>> do_syscall_x64 arch/x86/entry/common.c:50
>>> do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
>>> entry_SYSCALL_64_after_hwframe+0x63/0xcd ??:?
>>>
>>> CPU: 3 PID: 5983 Comm: sshd Not tainted 6.0.0-rc6-next-20220919 #211
>>> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
>>> 1.16.0-debian-1.16.0-4 04/01/2014
>>> =====================================================
>>>
>>> I think this is related to "net: Add a bhash2 table hashed by port and
>>> address", could you please take a look?
>>> This error is not reported on v6.0-rc5 (note that KMSAN only exists in
>>> -next and as a v6.0-rc5 fork at https://github.com/google/kmsan).
>>
>> Hi Alex, thanks for the report.
>>
>> I have posted a fix [0]. I have problem getting kmsan kernel to boot.
>> Could you help to give the patch a try ? Thanks.
>>
>> [0]: https://lore.kernel.org/netdev/20220927002544.3381205-1-kafai@fb.com/
>
> Hi Martin,
>
> Thanks, I'll give it a shot.
>
> Could you please share the config you're using to build KMSAN? I am
> really curious about what's wrong.
The config is attached. My qemu setup has the very first WARN like
[ 1.296999] DEBUG_LOCKS_WARN_ON(lockdep_hardirqs_enabled())
[ 1.297077] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:5508
check_flags+0x63/0x180
and followed by many
[ 1.772919] BUG: KMSAN: uninit-value in __init_waitqueue_head+0x110/0x140
[ 1.773852] __init_waitqueue_head+0x110/0x140
[ 1.774853] dup_fd+0x146/0x1080
[ 1.775329] copy_files+0xcd/0x210
and then panic
[-- Attachment #2: config.xz --]
[-- Type: application/x-xz, Size: 22244 bytes --]
next prev parent reply other threads:[~2022-09-27 17:22 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-19 13:41 Use of uninit value in inet_bind2_bucket_find Alexander Potapenko
2022-09-27 0:33 ` Martin KaFai Lau
2022-09-27 16:34 ` Alexander Potapenko
2022-09-27 17:22 ` Martin KaFai Lau [this message]
2022-09-28 11:58 ` Alexander Potapenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41d8ccc9-5488-ae23-c019-ba73662187f8@linux.dev \
--to=martin.lau@linux.dev \
--cc=glider@google.com \
--cc=joannelkoong@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.