syzbot

 sign-in | mailing list | source | docs
🐞 Open [1589]
Subsystems
🐞 Fixed [6153]
🐞 Invalid [15397]
Missing Backports [172]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in seq_printf

Status: auto-closed as invalid on 2020/03/04 05:44
Subsystems: fs
[Documentation on labels]
First crash: 1975d, last: 1946d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in seq_printf (2) fs C 99 1023d 1289d 0/28 auto-closed as invalid on 2022/09/30 02:43
upstream KASAN: slab-out-of-bounds Read in seq_printf fs 3 30d 67d 0/28 moderation: reported on 2025/01/26 09:47
upstream KMSAN: kernel-infoleak in __skb_datagram_iter net 68 555d 660d 23/28 fixed on 2023/09/28 17:51

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in hex_string+0x7d8/0x8d0 lib/vsprintf.c:1098
CPU: 1 PID: 30496 Comm: syz-executor.1 Not tainted 5.4.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0x128/0x220 mm/kmsan/kmsan_report.c:108
 __msan_warning+0x57/0xa0 mm/kmsan/kmsan_instr.c:245
 hex_string+0x7d8/0x8d0 lib/vsprintf.c:1098
 pointer+0xbfe/0x1d10 lib/vsprintf.c:2136
 vsnprintf+0x1c0c/0x3210 lib/vsprintf.c:2514
 seq_vprintf fs/seq_file.c:403 [inline]
 seq_printf+0x2dc/0x480 fs/seq_file.c:418
 dev_mc_seq_show+0x319/0x460 net/core/net-procfs.c:327
 seq_read+0x1568/0x1d90 fs/seq_file.c:268
 proc_reg_read+0x25f/0x360 fs/proc/inode.c:223
 do_loop_readv_writev fs/read_write.c:714 [inline]
 do_iter_read+0x8e0/0xe10 fs/read_write.c:935
 vfs_readv+0x1ee/0x280 fs/read_write.c:997
 kernel_readv fs/splice.c:359 [inline]
 default_file_splice_read+0xab0/0x1100 fs/splice.c:414
 do_splice_to fs/splice.c:877 [inline]
 splice_direct_to_actor+0x587/0x1130 fs/splice.c:954
 do_splice_direct+0x342/0x580 fs/splice.c:1063
 do_sendfile+0x1010/0x1d20 fs/read_write.c:1464
 __do_sys_sendfile64 fs/read_write.c:1525 [inline]
 __se_sys_sendfile64+0x2bb/0x360 fs/read_write.c:1511
 __x64_sys_sendfile64+0x56/0x70 fs/read_write.c:1511
 do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45a679
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fb28923dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a679
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000080000002 R11: 0000000000000246 R12: 00007fb28923e6d4
R13: 00000000004c8f39 R14: 00000000004e0a98 R15: 00000000ffffffff

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:149 [inline]
 kmsan_internal_chain_origin+0xb9/0x170 mm/kmsan/kmsan.c:317
 kmsan_memcpy_memmove_metadata+0x25c/0x2e0 mm/kmsan/kmsan.c:252
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:272
 __msan_memcpy+0x56/0x70 mm/kmsan/kmsan_instr.c:129
 __hw_addr_create_ex net/core/dev_addr_lists.c:33 [inline]
 __hw_addr_add_ex net/core/dev_addr_lists.c:76 [inline]
 __dev_mc_add+0x432/0x8e0 net/core/dev_addr_lists.c:766
 dev_mc_add+0x6d/0x80 net/core/dev_addr_lists.c:783
 ip_mc_filter_add net/ipv4/igmp.c:1144 [inline]
 igmp_group_added+0x2a0/0xb60 net/ipv4/igmp.c:1330
 ____ip_mc_inc_group+0xe34/0xf00 net/ipv4/igmp.c:1463
 __ip_mc_inc_group net/ipv4/igmp.c:1472 [inline]
 ip_mc_inc_group net/ipv4/igmp.c:1478 [inline]
 ip_mc_up+0x1d0/0x3f0 net/ipv4/igmp.c:1777
 inetdev_event+0x1d7c/0x1df0 net/ipv4/devinet.c:1573
 notifier_call_chain kernel/notifier.c:95 [inline]
 __raw_notifier_call_chain kernel/notifier.c:396 [inline]
 raw_notifier_call_chain+0x13d/0x240 kernel/notifier.c:403
 __dev_notify_flags+0x3dc/0x830 net/core/dev.c:1668
 dev_change_flags+0x1d6/0x260 net/core/dev.c:7958
 devinet_ioctl+0x12f2/0x2a10 net/ipv4/devinet.c:1137
 inet_ioctl+0x602/0x840 net/ipv4/af_inet.c:957
 sock_do_ioctl+0x108/0x5e0 net/socket.c:1038
 sock_ioctl+0x981/0xf90 net/socket.c:1189
 do_vfs_ioctl+0xea8/0x2c50 fs/ioctl.c:46
 ksys_ioctl fs/ioctl.c:713 [inline]
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl+0x1da/0x270 fs/ioctl.c:718
 __x64_sys_ioctl+0x4a/0x70 fs/ioctl.c:718
 do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Local variable description: ----buf.i@igmp_group_added
Variable was created at:
 ip_mc_filter_add net/ipv4/igmp.c:1134 [inline]
 igmp_group_added+0x144/0xb60 net/ipv4/igmp.c:1330
 ip_mc_filter_add net/ipv4/igmp.c:1134 [inline]
 igmp_group_added+0x144/0xb60 net/ipv4/igmp.c:1330
=====================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/12/05 05:38 https://github.com/google/kmsan.git master 141b13f7780f b2088328 .config console log report ci-upstream-kmsan-gce
2019/11/17 06:59 https://github.com/google/kmsan.git master 9c6a71628ab9 d5696d51 .config console log report ci-upstream-kmsan-gce
2019/11/06 10:21 https://github.com/google/kmsan.git master c235b34ba03a bc2c6e45 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.