syzbot

 sign-in | mailing list | source | docs
🐞 Open [992] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12509] Missing Backports [84] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in xa_load

Status: fixed on 2020/09/16 22:51
Subsystems: rdma
[Documentation on labels]
Reported-by: syzbot+086ab5ca9eafd2379aa6@syzkaller.appspotmail.com
Fix commit: 31142a4ba617 RDMA/cm: Add min length checks to user structure copies
First crash: 1378d, last: 1318d
Discussions (2)
Title Replies (including bot) Last reply
[Linux-kernel-mentees] [PATCH] infiniband: Fix uninit-value in ucma_connect() 4 (4) 2020/07/27 14:58
KMSAN: uninit-value in xa_load 0 (1) 2020/07/22 05:53
Last patch testing requests (1)
Created Duration User Patch Repo Result
2020/07/26 01:46 18m yepeilin.cs@gmail.com patch https://github.com/google/kmsan.git master OK

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in xas_start lib/xarray.c:190 [inline]
BUG: KMSAN: uninit-value in xas_load lib/xarray.c:233 [inline]
BUG: KMSAN: uninit-value in xa_load+0x83b/0x8a0 lib/xarray.c:1305
CPU: 0 PID: 8440 Comm: syz-executor560 Not tainted 5.8.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1df/0x240 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 xas_start lib/xarray.c:190 [inline]
 xas_load lib/xarray.c:233 [inline]
 xa_load+0x83b/0x8a0 lib/xarray.c:1305
 _ucma_find_context drivers/infiniband/core/ucma.c:139 [inline]
 ucma_get_ctx+0x7f/0x310 drivers/infiniband/core/ucma.c:152
 ucma_get_ctx_dev drivers/infiniband/core/ucma.c:175 [inline]
 ucma_accept+0x259/0xc90 drivers/infiniband/core/ucma.c:1148
 ucma_write+0x5c5/0x630 drivers/infiniband/core/ucma.c:1764
 do_loop_readv_writev fs/read_write.c:737 [inline]
 do_iter_write+0x710/0xdc0 fs/read_write.c:1020
 vfs_writev fs/read_write.c:1091 [inline]
 do_writev+0x42d/0x8f0 fs/read_write.c:1134
 __do_sys_writev fs/read_write.c:1207 [inline]
 __se_sys_writev+0x9b/0xb0 fs/read_write.c:1204
 __x64_sys_writev+0x4a/0x70 fs/read_write.c:1204
 do_syscall_64+0xb0/0x150 arch/x86/entry/common.c:386
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4402e9
Code: Bad RIP value.
RSP: 002b:00007fffa058a4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402e9
RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401af0
R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000

Local variable ----cmd@ucma_accept created at:
 ucma_accept+0x95/0xc90 drivers/infiniband/core/ucma.c:1137
 ucma_accept+0x95/0xc90 drivers/infiniband/core/ucma.c:1137
=====================================================

Crashes (208):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/19 05:15 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report syz C ci-upstream-kmsan-gce
2020/09/15 22:58 https://github.com/google/kmsan.git master 3b3ea6028136 6989d6f6 .config console log report info ci-upstream-kmsan-gce
2020/09/13 00:40 https://github.com/google/kmsan.git master 3b3ea6028136 ce441f06 .config console log report ci-upstream-kmsan-gce
2020/09/10 07:18 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/07 22:12 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/06 16:55 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/06 12:04 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/05 10:16 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/04 20:59 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/04 07:20 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/03 22:26 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/03 06:22 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/02 01:33 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/08/31 21:27 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce
2020/08/31 14:19 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce
2020/08/31 13:41 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce
2020/08/30 04:18 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce
2020/08/29 12:00 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce
2020/08/29 06:51 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce
2020/08/29 04:27 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce
2020/08/28 00:02 https://github.com/google/kmsan.git master ce8056d1f79e 816e0689 .config console log report ci-upstream-kmsan-gce
2020/08/27 18:49 https://github.com/google/kmsan.git master ce8056d1f79e 816e0689 .config console log report ci-upstream-kmsan-gce
2020/07/17 23:42 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce
2020/09/08 15:20 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/08 00:48 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/07 11:49 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/07 10:47 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/07 08:08 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/07 07:00 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/07 02:46 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/05 12:44 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/05 08:27 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/05 02:05 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/04 13:48 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/04 07:16 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/04 01:12 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/03 11:08 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/01 13:43 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce-386
2020/09/01 07:09 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce-386
2020/09/01 03:50 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce-386
2020/09/01 02:29 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce-386
2020/08/31 23:49 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce-386
2020/08/31 11:55 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce-386
2020/08/31 04:47 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce-386
2020/08/30 23:04 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce-386
2020/08/30 16:47 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce-386
2020/08/30 07:09 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce-386
2020/08/30 01:04 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config console log report ci-upstream-kmsan-gce-386
2020/08/28 16:35 https://github.com/google/kmsan.git master ce8056d1f79e 816e0689 .config console log report ci-upstream-kmsan-gce-386
2020/08/28 05:43 https://github.com/google/kmsan.git master ce8056d1f79e 816e0689 .config console log report ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.