syzbot


KMSAN: uninit-value in p9pdu_readf

Status: fixed on 2022/03/08 16:11
Subsystems: v9fs
[Documentation on labels]
Reported-by: syzbot+06472778c97ed94af66d@syzkaller.appspotmail.com
Fix commit: 27eb4c3144f7 9p/net: fix missing error check in p9_check_errors
First crash: 925d, last: 807d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 5.10 000/575] 5.10.80-rc1 review 595 (595) 2022/07/31 10:51
[PATCH 4.19 000/323] 4.19.218-rc1 review 339 (339) 2021/12/04 10:30
[PATCH 5.15 000/917] 5.15.3-rc1 review 945 (945) 2021/11/24 18:04
[PATCH 5.4 000/355] 5.4.160-rc1 review 373 (373) 2021/11/16 16:50
[PATCH 5.14 000/849] 5.14.19-rc1 review 859 (859) 2021/11/16 14:04
[syzbot] KMSAN: uninit-value in p9pdu_readf 4 (5) 2021/10/11 07:02
Similar bugs (9)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in kallsyms_lookup_buildid usb C 232 566d 842d 0/26 closed as invalid on 2022/11/03 10:09
upstream KMSAN: uninit-value in seq_printf (2) fs C 99 673d 939d 0/26 auto-closed as invalid on 2022/09/30 02:43
upstream KMSAN: uninit-value in kallsyms_lookup_buildid (2) kernel 12 425d 433d 0/26 closed as invalid on 2023/03/06 11:22
upstream KMSAN: uninit-value in hid_connect kernel C 176 533d 883d 0/26 closed as invalid on 2022/11/03 08:52
upstream KMSAN: uninit-value in number (4) kernel C 7189 512d 890d 0/26 closed as invalid on 2022/11/28 10:01
upstream KMSAN: uninit-value in preempt_count_add kernel C 6657 557d 557d 0/26 closed as invalid on 2022/10/10 13:29
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 419d 771d 22/26 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in profile_hits (3) kernel C 248 7h53m 113d 0/26 upstream: reported C repro on 2023/12/26 15:59
upstream KMSAN: uninit-value in asix_mdio_read (3) usb C 1582 702d 767d 22/26 fixed on 2023/02/24 13:51

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in p9pdu_vreadf net/9p/protocol.c:135 [inline]
BUG: KMSAN: uninit-value in p9pdu_readf+0x463f/0x4f70 net/9p/protocol.c:526
 p9pdu_vreadf net/9p/protocol.c:135 [inline]
 p9pdu_readf+0x463f/0x4f70 net/9p/protocol.c:526
 p9pdu_vreadf net/9p/protocol.c:312 [inline]
 p9pdu_readf+0x1cbe/0x4f70 net/9p/protocol.c:526
 p9_client_getattr_dotl+0x2da/0x7f0 net/9p/client.c:1768
 v9fs_mount+0xf11/0x1460 fs/9p/vfs_super.c:160
 legacy_get_tree+0x163/0x2e0 fs/fs_context.c:610
 vfs_get_tree+0xd8/0x5d0 fs/super.c:1500
 do_new_mount+0x7b5/0x16f0 fs/namespace.c:2988
 path_mount+0x1021/0x28b0 fs/namespace.c:3318
 do_mount fs/namespace.c:3331 [inline]
 __do_sys_mount fs/namespace.c:3539 [inline]
 __se_sys_mount+0x8a8/0x9d0 fs/namespace.c:3516
 __ia32_sys_mount+0x157/0x1b0 fs/namespace.c:3516
 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline]
 __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180
 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c

Local variable rf created at:
 __schedule+0x53/0x20a0 kernel/sched/core.c:6136
 schedule+0x269/0x350 kernel/sched/core.c:6326

CPU: 1 PID: 6099 Comm: syz-executor.4 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/02/01 14:51 https://github.com/google/kmsan.git master 85cfd6e539bd c1c1631d .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2022/01/18 13:02 https://github.com/google/kmsan.git master fa3879a274df 731a2d23 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2022/01/12 18:40 https://github.com/google/kmsan.git master fa3879a274df 44d1319a .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2022/01/09 08:28 https://github.com/google/kmsan.git master 81c325bbf94e 2ca0d385 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2022/01/04 13:01 https://github.com/google/kmsan.git master 81c325bbf94e 7f723fbe .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2021/12/31 23:32 https://github.com/google/kmsan.git master 81c325bbf94e e1768e9c .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2021/12/22 22:24 https://github.com/google/kmsan.git master 81c325bbf94e 6caa12e4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2021/12/20 08:12 https://github.com/google/kmsan.git master b0a8b5053e8b 021b36cb .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2021/12/17 11:00 https://github.com/google/kmsan.git master b0a8b5053e8b 44068e19 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2021/12/10 01:56 https://github.com/google/kmsan.git master 8b936c96768e 4d4ce9bc .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2021/10/25 22:28 https://github.com/google/kmsan.git master 0f36cda66082 4f0000ee .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2021/10/17 07:31 https://github.com/google/kmsan.git master d6493d2046c4 0c5d9412 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2021/10/15 07:22 https://github.com/google/kmsan.git master c7f84f4e1147 aab7690b .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
2021/10/05 22:19 https://github.com/google/kmsan.git master c7f84f4e1147 0a63fd36 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in p9pdu_readf
* Struck through repros no longer work on HEAD.