syzbot


KMSAN: uninit-value in batadv_nc_purge_paths

Status: closed as invalid on 2025/09/03 18:42
Subsystems: batman
[Documentation on labels]
First crash: 105d, last: 56d

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in batadv_nc_purge_paths+0x661/0x740 net/batman-adv/network-coding.c:443
 batadv_nc_purge_paths+0x661/0x740 net/batman-adv/network-coding.c:443
 batadv_nc_worker+0x369/0x1aa0 net/batman-adv/network-coding.c:720
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xb8e/0x1d80 kernel/workqueue.c:3319
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3400
 kthread+0xd59/0xf00 kernel/kthread.c:463
 ret_from_fork+0x1e3/0x310 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4186 [inline]
 slab_alloc_node mm/slub.c:4229 [inline]
 __do_kmalloc_node mm/slub.c:4364 [inline]
 __kmalloc_noprof+0x95f/0x1310 mm/slub.c:4377
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kmalloc_array_noprof include/linux/slab.h:948 [inline]
 batadv_hash_new+0xc1/0x4b0 net/batman-adv/hash.c:52
 batadv_nc_mesh_init+0x194/0x4d0 net/batman-adv/network-coding.c:143
 batadv_mesh_init+0x4dc/0x720 net/batman-adv/main.c:221
 batadv_meshif_init_late+0x5cb/0x6d0 net/batman-adv/mesh-interface.c:813
 register_netdevice+0x51e/0x25d0 net/core/dev.c:11121
 batadv_meshif_newlink+0x167/0x1b0 net/batman-adv/mesh-interface.c:1088
 rtnl_newlink_create+0x419/0x1250 net/core/rtnetlink.c:3825
 __rtnl_newlink net/core/rtnetlink.c:3942 [inline]
 rtnl_newlink+0x2f13/0x3a90 net/core/rtnetlink.c:4057
 rtnetlink_rcv_msg+0x106f/0x14b0 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x54d/0x680 net/netlink/af_netlink.c:2552
 rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6973
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0xf04/0x12b0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x10b3/0x1250 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x330/0x3d0 net/socket.c:729
 __sys_sendto+0x593/0x720 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0x130/0x200 net/socket.c:2231
 x64_sys_call+0x3910/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:45
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 1 UID: 0 PID: 3761 Comm: kworker/u8:15 Tainted: G      D W           syzkaller #0 PREEMPT(none) 
Tainted: [D]=DIE, [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: bat_events batadv_nc_worker

=====================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/21 03:05 upstream 41cd3fd15263 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in batadv_nc_purge_paths
2025/08/03 06:19 upstream 89748acdf226 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in batadv_nc_purge_paths
2025/07/02 23:23 upstream b4911fb0b060 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in batadv_nc_purge_paths
* Struck through repros no longer work on HEAD.