syzbot


KMSAN: uninit-value in corrupted

Status: closed as invalid on 2021/11/18 13:55
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 230d, last: 230d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in corrupted (3) C done 45 241d 409d 22/22 fixed on 2021/11/10 00:50
android-54 BUG: unable to handle kernel NULL pointer dereference in corrupted C 183 5d12h 569d 0/2 upstream: reported C repro on 2020/12/07 19:36
linux-4.19 BUG: corrupted list in corrupted C error 4 3d02h 641d 0/1 upstream: reported C repro on 2020/09/27 07:51
upstream KASAN: use-after-free Read in corrupted (4) C done error 7 26d 688d 0/22 upstream: reported C repro on 2020/08/11 12:47

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in number+0xd27/0x24c0 lib/vsprintf.c:490
 number+0xd27/0x24c0 lib/vsprintf.c:490
 vsnprintf+0x1f3a/0x36a0 lib/vsprintf.c:2863
 snprintf+0x244/0x290 lib/vsprintf.c:2930
 tomoyo_print_header security/tomoyo/audit.c:165 [inline]
 tomoyo_init_log+0xd39/0x3b50 security/tomoyo/audit.c:255
 tomoyo_supervisor+0x8bd/0x2820 security/tomoyo/common.c:2097
 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline]
 tomoyo_path_permission security/tomoyo/file.c:587 [inline]
 tomoyo_check_open_permission+0x72b/0xe10 security/tomoyo/file.c:777
 tomoyo_file_open+0x24f/0x2d0 security/tomoyo/tomoyo.c:311
 security_file_open+0xb1/0x1f0 security/security.c:1634
 do_dentry_open+0x4de/0x1bd0 fs/open.c:809
 vfs_open+0xaf/0xe0 fs/open.c:945
 do_open fs/namei.c:3428 [inline]
 path_openat+0x53d7/0x5eb0 fs/namei.c:3561
 do_filp_open+0x306/0x760 fs/namei.c:3588
 do_sys_openat2+0x263/0x8f0 fs/open.c:1200
 do_sys_open fs/open.c:1216 [inline]
 __do_sys_openat fs/open.c:1232 [inline]
 __se_sys_openat fs/open.c:1227 [inline]
 __x64_sys_openat+0x35f/0x3c0 fs/open.c:1227
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Local variable freed created at:
 alloc_vmap_area+0xe3/0x4330
 __get_vm_area_node+0x480/0x7f0 mm/vmalloc.c:2441
=====================================================

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2021/11/12 05:49 https://github.com/google/kmsan.git master a3e5c559028e 75b04091 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce-386 2021/11/12 08:54 https://github.com/google/kmsan.git master a3e5c559028e 75b04091 .config log report syz KMSAN: uninit-value in corrupted