| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [usb?] KMSAN: uninit-value in bcmp (3) | 0 (1) | 2024/08/11 22:40 |
syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [usb?] KMSAN: uninit-value in bcmp (3) | 0 (1) | 2024/08/11 22:40 |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KMSAN: uninit-value in bcmp net | C | error | done | 907 | 602d | 1922d | 22/27 | fixed on 2023/02/24 13:50 |
| upstream | KASAN: use-after-free Read in bcmp ntfs3 | C | done | 289 | 269d | 428d | 25/27 | fixed on 2023/12/21 03:45 | |
| upstream | KMSAN: uninit-value in bcmp (2) sound btrfs | C | 7 | 220d | 242d | 25/27 | fixed on 2024/04/10 03:59 |
===================================================== BUG: KMSAN: uninit-value in memcmp lib/string.c:665 [inline] BUG: KMSAN: uninit-value in bcmp+0xc3/0x1c0 lib/string.c:697 memcmp lib/string.c:665 [inline] bcmp+0xc3/0x1c0 lib/string.c:697 iowarrior_callback+0x3fe/0xa30 drivers/usb/misc/iowarrior.c:185 __usb_hcd_giveback_urb+0x572/0x840 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x157/0x720 drivers/usb/core/hcd.c:1734 dummy_timer+0xd3f/0x6aa0 drivers/usb/gadget/udc/dummy_hcd.c:1987 __run_hrtimer kernel/time/hrtimer.c:1689 [inline] __hrtimer_run_queues+0x564/0xe40 kernel/time/hrtimer.c:1753 hrtimer_interrupt+0x3ab/0x1490 kernel/time/hrtimer.c:1815 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0xa6/0x3a0 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x40/0x90 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:702 __msan_metadata_ptr_for_load_8+0x5/0x40 mm/kmsan/instrumentation.c:94 __bpf_prog_run32+0xc2/0xf0 kernel/bpf/core.c:2251 bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline] __bpf_prog_run include/linux/filter.h:691 [inline] bpf_prog_run include/linux/filter.h:698 [inline] bpf_prog_run_pin_on_cpu include/linux/filter.h:715 [inline] bpf_prog_run_clear_cb include/linux/filter.h:956 [inline] run_filter+0x150/0x3f0 net/packet/af_packet.c:2148 packet_rcv+0x57b/0x1f20 net/packet/af_packet.c:2221 deliver_skb net/core/dev.c:2237 [inline] deliver_ptype_list_skb net/core/dev.c:2252 [inline] __netif_receive_skb_core+0x53f9/0x6c90 net/core/dev.c:5612 __netif_receive_skb_list_core+0x31e/0x1670 net/core/dev.c:5737 __netif_receive_skb_list net/core/dev.c:5804 [inline] netif_receive_skb_list_internal+0x1085/0x1700 net/core/dev.c:5896 gro_normal_list include/net/gro.h:515 [inline] napi_complete_done+0x425/0x880 net/core/dev.c:6247 virtqueue_napi_complete drivers/net/virtio_net.c:694 [inline] virtnet_poll+0x5b9d/0x6a20 drivers/net/virtio_net.c:2826 __napi_poll+0xe7/0x980 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [inline] net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963 handle_softirqs+0x1ce/0x800 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0x68/0x120 kernel/softirq.c:637 irq_exit_rcu+0x12/0x20 kernel/softirq.c:649 common_interrupt+0x94/0xa0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x2b/0x40 arch/x86/include/asm/idtentry.h:693 smap_save arch/x86/include/asm/smap.h:51 [inline] get_shadow_origin_ptr mm/kmsan/instrumentation.c:35 [inline] __msan_metadata_ptr_for_store_8+0x18/0x40 mm/kmsan/instrumentation.c:94 plist_check_list+0x78/0xa30 lib/plist.c:46 plist_check_head lib/plist.c:60 [inline] plist_del+0x61d/0x8a0 lib/plist.c:142 __futex_unqueue+0x99/0x120 kernel/futex/core.c:521 __futex_wake_mark kernel/futex/waitwake.c:115 [inline] futex_wake_mark+0x137/0x320 kernel/futex/waitwake.c:140 futex_wake+0x600/0x8f0 kernel/futex/waitwake.c:192 do_futex+0x380/0x4a0 kernel/futex/syscalls.c:107 __do_sys_futex kernel/futex/syscalls.c:179 [inline] __se_sys_futex+0x22c/0x6f0 kernel/futex/syscalls.c:160 __x64_sys_futex+0x11f/0x1a0 kernel/futex/syscalls.c:160 x64_sys_call+0x29cc/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:203 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3994 [inline] slab_alloc_node mm/slub.c:4037 [inline] __do_kmalloc_node mm/slub.c:4157 [inline] __kmalloc_noprof+0x661/0xf30 mm/slub.c:4170 kmalloc_noprof include/linux/slab.h:685 [inline] kmalloc_array_noprof include/linux/slab.h:726 [inline] iowarrior_probe+0x10ea/0x1b90 drivers/usb/misc/iowarrior.c:836 usb_probe_interface+0xd6f/0x1350 drivers/usb/core/driver.c:399 really_probe+0x4db/0xd90 drivers/base/dd.c:657 __driver_probe_device+0x2ab/0x5d0 drivers/base/dd.c:799 driver_probe_device+0x72/0x890 drivers/base/dd.c:829 __device_attach_driver+0x568/0x9e0 drivers/base/dd.c:957 bus_for_each_drv+0x403/0x620 drivers/base/bus.c:457 __device_attach+0x3c1/0x650 drivers/base/dd.c:1029 device_initial_probe+0x32/0x40 drivers/base/dd.c:1078 bus_probe_device+0x3dc/0x5c0 drivers/base/bus.c:532 device_add+0x13aa/0x1ba0 drivers/base/core.c:3682 usb_set_configuration+0x31c9/0x38d0 drivers/usb/core/message.c:2210 usb_generic_driver_probe+0x109/0x2a0 drivers/usb/core/generic.c:254 usb_probe_device+0x3a7/0x690 drivers/usb/core/driver.c:294 really_probe+0x4db/0xd90 drivers/base/dd.c:657 __driver_probe_device+0x2ab/0x5d0 drivers/base/dd.c:799 driver_probe_device+0x72/0x890 drivers/base/dd.c:829 __device_attach_driver+0x568/0x9e0 drivers/base/dd.c:957 bus_for_each_drv+0x403/0x620 drivers/base/bus.c:457 __device_attach+0x3c1/0x650 drivers/base/dd.c:1029 device_initial_probe+0x32/0x40 drivers/base/dd.c:1078 bus_probe_device+0x3dc/0x5c0 drivers/base/bus.c:532 device_add+0x13aa/0x1ba0 drivers/base/core.c:3682 usb_new_device+0x15f4/0x2470 drivers/usb/core/hub.c:2651 hub_port_connect drivers/usb/core/hub.c:5521 [inline] hub_port_connect_change drivers/usb/core/hub.c:5661 [inline] port_event drivers/usb/core/hub.c:5821 [inline] hub_event+0x4ff8/0x72d0 drivers/usb/core/hub.c:5903 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xae0/0x1c40 kernel/workqueue.c:3312 worker_thread+0xea5/0x1520 kernel/workqueue.c:3390 kthread+0x3dd/0x540 kernel/kthread.c:389 ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 CPU: 0 UID: 0 PID: 8442 Comm: syz.1.610 Not tainted 6.11.0-rc3-syzkaller-00036-g9d5906799f7d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 =====================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2024/08/15 08:24 | upstream | 9d5906799f7d | e4bacdaf | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kmsan-gce-root | KMSAN: uninit-value in bcmp | ||
| 2024/08/08 13:41 | upstream | 6a0e38264012 | de12cf65 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kmsan-gce-386-root | KMSAN: uninit-value in bcmp | ||
| 2024/08/08 13:41 | upstream | 6a0e38264012 | de12cf65 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kmsan-gce-386-root | KMSAN: uninit-value in bcmp | ||
| 2024/08/08 13:40 | upstream | 6a0e38264012 | de12cf65 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kmsan-gce-386-root | KMSAN: uninit-value in bcmp | ||
| 2024/08/07 22:36 | upstream | d4560686726f | 7b2f2f35 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kmsan-gce-386-root | KMSAN: uninit-value in bcmp | ||
| 2024/08/07 22:32 | upstream | d4560686726f | 7b2f2f35 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kmsan-gce-386-root | KMSAN: uninit-value in bcmp |