syzbot


KMSAN: uninit-value in bcmp

Status: fixed on 2023/02/24 13:50
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+d8b02c920ae8f3e0be75@syzkaller.appspotmail.com
Fix commit: 4f1dc7d9756e fs/ntfs3: Validate attribute name offset
First crash: 1782d, last: 424d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit 4f1dc7d9756e66f3f876839ea174df2e656b7f79
Author: Edward Lo <edward.lo@ambergroup.io>
Date: Fri Sep 9 01:04:00 2022 +0000

  fs/ntfs3: Validate attribute name offset

  
Discussions (3)
Title Replies (including bot) Last reply
KMSAN: uninit-value in bcmp 1 (3) 2023/02/20 06:52
Reminder: 99 open syzbot bugs in net subsystem 14 (14) 2019/07/31 15:13
Reminder: 94 open syzbot bugs in net subsystem 1 (1) 2019/06/25 05:48
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in bcmp ntfs3 C done 289 92d 250d 25/26 fixed on 2023/12/21 03:45
upstream KMSAN: uninit-value in bcmp (2) sound btrfs C 7 42d 64d 1/26 upstream: reported C repro on 2024/01/14 10:15
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 284d 1453d 22/26 fixed on 2023/06/08 14:41
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 388d 740d 22/26 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in tipc_sk_lookup tipc 8 775d 829d 0/26 auto-closed as invalid on 2022/05/03 21:09
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) net C 748 741d 830d 20/26 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in number (4) kernel C 7189 481d 860d 0/26 closed as invalid on 2022/11/28 10:01
upstream KMSAN: uninit-value in preempt_count_add kernel C 6657 526d 526d 0/26 closed as invalid on 2022/10/10 13:29
Last patch testing requests (1)
Created Duration User Patch Repo Result
2021/06/13 15:40 19m phind.uet@gmail.com https://github.com/google/kmsan.git master OK

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in memcmp lib/string.c:765 [inline]
BUG: KMSAN: uninit-value in bcmp+0xbf/0x1c0 lib/string.c:797
 memcmp lib/string.c:765 [inline]
 bcmp+0xbf/0x1c0 lib/string.c:797
 ____sys_sendmsg+0x7f3/0xe90 net/socket.c:2477
 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2536
 __sys_sendmmsg+0x40d/0xa40 net/socket.c:2622
 __do_sys_sendmmsg net/socket.c:2651 [inline]
 __se_sys_sendmmsg net/socket.c:2648 [inline]
 __x64_sys_sendmmsg+0xb8/0x120 net/socket.c:2648
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was stored to memory at:
 ____sys_sendmsg+0xc46/0xe90 net/socket.c:2490
 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2536
 __sys_sendmmsg+0x40d/0xa40 net/socket.c:2622
 __do_sys_sendmmsg net/socket.c:2651 [inline]
 __se_sys_sendmmsg net/socket.c:2648 [inline]
 __x64_sys_sendmmsg+0xb8/0x120 net/socket.c:2648
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Local variable sin created at:
 udpv6_sendmsg+0x56/0x4440 net/ipv6/udp.c:1298
 inet6_sendmsg+0x101/0x180 net/ipv6/af_inet6.c:653

CPU: 1 PID: 3487 Comm: syz-executor289 Not tainted 6.0.0-rc5-syzkaller-48539-g523d2ce66d07 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
=====================================================

Crashes (907):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/09/23 05:10 https://github.com/google/kmsan.git master 523d2ce66d07 0042f2b4 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in bcmp
2020/07/09 20:29 https://github.com/google/kmsan.git master f0d5ec902b23 bc238812 .config console log report syz C ci-upstream-kmsan-gce
2019/06/16 05:29 https://github.com/google/kmsan.git master 14cf4e4151b0 442206d7 .config console log report syz C ci-upstream-kmsan-gce
2019/05/02 23:44 https://github.com/google/kmsan.git master d062d017e907 e9039493 .config console log report syz C ci-upstream-kmsan-gce
2020/07/29 04:07 https://github.com/google/kmsan.git master 93f54a72361a cb93dc6a .config console log report syz C ci-upstream-kmsan-gce-386
2022/11/28 20:20 upstream b7b275e60bcd 247de55b .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: use-after-free Read in bcmp
2023/01/19 13:47 https://github.com/google/kmsan.git master e919e2b1bc1c 1b826a2f .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in bcmp
2022/09/23 04:03 https://github.com/google/kmsan.git master 523d2ce66d07 0042f2b4 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in bcmp
2022/03/02 01:47 https://github.com/google/kmsan.git master 724946410067 45a13a73 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in bcmp
2022/06/14 09:15 https://github.com/google/kmsan.git master 2f3064574275 0f087040 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/06/14 07:44 https://github.com/google/kmsan.git master 2f3064574275 0f087040 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/06/13 23:19 https://github.com/google/kmsan.git master 2f3064574275 0f087040 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/06/13 20:37 https://github.com/google/kmsan.git master 2f3064574275 0d5abf15 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/04/06 22:47 https://github.com/google/kmsan.git master 33d9269ef6e0 97582466 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/04/06 21:35 https://github.com/google/kmsan.git master 33d9269ef6e0 97582466 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/03/12 00:39 https://github.com/google/kmsan.git master 724946410067 9e8eaa75 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/02/23 04:15 https://github.com/google/kmsan.git master 724946410067 6e821dbf .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/02/06 20:54 https://github.com/google/kmsan.git master 85cfd6e539bd a7dab638 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/02/04 05:09 https://github.com/google/kmsan.git master 85cfd6e539bd 30646bfe .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/02/03 20:48 https://github.com/google/kmsan.git master 85cfd6e539bd 4ebb2798 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/02/03 13:10 https://github.com/google/kmsan.git master 85cfd6e539bd 4ebb2798 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/02/02 06:25 https://github.com/google/kmsan.git master 85cfd6e539bd 4ebb2798 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/02/01 18:15 https://github.com/google/kmsan.git master 85cfd6e539bd c1c1631d .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/31 16:24 https://github.com/google/kmsan.git master 85cfd6e539bd 6b7c57fe .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/28 02:33 https://github.com/google/kmsan.git master 85cfd6e539bd 64a8e201 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/25 13:19 https://github.com/google/kmsan.git master 85cfd6e539bd 2cbffd88 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/25 05:22 https://github.com/google/kmsan.git master 85cfd6e539bd 2cbffd88 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/23 03:28 https://github.com/google/kmsan.git master 85cfd6e539bd 214351e1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/21 22:26 https://github.com/google/kmsan.git master 85cfd6e539bd 214351e1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/20 23:15 https://github.com/google/kmsan.git master 85cfd6e539bd b838eb76 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/18 15:22 https://github.com/google/kmsan.git master fa3879a274df 731a2d23 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/17 14:35 https://github.com/google/kmsan.git master fa3879a274df 731a2d23 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/17 07:55 https://github.com/google/kmsan.git master fa3879a274df 723cfaf0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/17 06:16 https://github.com/google/kmsan.git master fa3879a274df 723cfaf0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/17 02:49 https://github.com/google/kmsan.git master fa3879a274df 723cfaf0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/17 00:35 https://github.com/google/kmsan.git master fa3879a274df 723cfaf0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/16 13:08 https://github.com/google/kmsan.git master fa3879a274df 723cfaf0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/15 07:24 https://github.com/google/kmsan.git master fa3879a274df 723cfaf0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/01/07 21:55 https://github.com/google/kmsan.git master 81c325bbf94e 2ca0d385 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bcmp
2022/12/20 12:06 upstream aeba12b26c79 c52b2efb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in bcmp
2022/12/14 15:23 upstream e2ca6ba6ba01 b18f0a64 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: use-after-free Read in bcmp
2022/12/06 18:15 upstream bce9332220bd d88f3abb .config console log report info ci2-upstream-fs KASAN: use-after-free Read in bcmp
2022/12/03 20:44 upstream a1e9185d20b5 e080de16 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in bcmp
2022/11/28 16:49 upstream b7b275e60bcd 247de55b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in bcmp
2022/11/21 08:14 upstream eb7081409f94 5bb70014 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: use-after-free Read in bcmp
2022/11/19 12:53 upstream ab290eaddc4c 5bb70014 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in bcmp
2022/11/12 03:39 upstream eb037f16f7e8 f42ee5d8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: use-after-free Read in bcmp
2022/11/11 01:09 upstream 1767a722a708 3ead01ad .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in bcmp
2022/10/30 04:34 upstream b229b6ca5abb 2a71366b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in bcmp
2022/10/29 21:48 upstream b229b6ca5abb 2a71366b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in bcmp
2022/10/29 11:59 upstream b229b6ca5abb 899d812a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in bcmp
2022/10/29 07:11 upstream b229b6ca5abb 899d812a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in bcmp
2022/10/27 17:38 upstream b229b6ca5abb 5c716ff6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: use-after-free Read in bcmp
2022/10/12 19:12 upstream 493ffd6605b2 16a9c9e0 .config console log report info [disk image] [vmlinux] ci2-upstream-fs KASAN: use-after-free Read in bcmp
2022/10/08 22:48 upstream 62e6e5940c0c aea5da89 .config console log report info [disk image] [vmlinux] ci2-upstream-fs KASAN: use-after-free Read in bcmp
2022/10/05 08:35 upstream 0326074ff465 267e3bb1 .config console log report info [disk image] [vmlinux] ci2-upstream-fs KASAN: use-after-free Read in bcmp
2022/09/11 20:02 upstream b96fbd602d35 356d8217 .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in bcmp
2022/01/27 03:07 upstream 0280e3c58f92 2cbffd88 .config console log report info ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in bcmp
2021/01/16 09:59 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config console log report info ci-upstream-kmsan-gce
2019/05/02 14:52 https://github.com/google/kmsan.git master d062d017e907 7516d9fa .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.