syzbot

 sign-in | mailing list | source | docs
🐞 Open [1477]
Subsystems
🐞 Fixed [6786]
🐞 Invalid [17534]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in null_handle_rq

Status: auto-closed as invalid on 2020/10/13 09:01
Subsystems: block
[Documentation on labels]
First crash: 1977d, last: 1977d

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in bvec_iter_advance include/linux/bvec.h:101 [inline]
BUG: KMSAN: uninit-value in bio_advance_iter include/linux/bio.h:149 [inline]
BUG: KMSAN: uninit-value in null_handle_rq+0x10b1/0x1430 drivers/block/null_blk_main.c:1138
CPU: 0 PID: 22381 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 bvec_iter_advance include/linux/bvec.h:101 [inline]
 bio_advance_iter include/linux/bio.h:149 [inline]
 null_handle_rq+0x10b1/0x1430 drivers/block/null_blk_main.c:1138
 null_process_cmd+0x350/0x17c0 drivers/block/null_blk_main.c:1326
 null_handle_cmd+0x872/0x1780 drivers/block/null_blk_main.c:1352
 null_queue_rq+0x607/0x6a0 drivers/block/null_blk_main.c:1472
 blk_mq_dispatch_rq_list+0xf55/0x2c20 block/blk-mq.c:1265
 blk_mq_do_dispatch_sched block/blk-mq-sched.c:115 [inline]
 blk_mq_sched_dispatch_requests+0xbe0/0x1840 block/blk-mq-sched.c:216
 __blk_mq_run_hw_queue+0x171/0x3a0 block/blk-mq.c:1391
 __blk_mq_delay_run_hw_queue+0x15d/0x6a0 block/blk-mq.c:1468
 blk_mq_run_hw_queue+0x4ac/0x670 block/blk-mq.c:1521
 blk_mq_sched_insert_requests+0x496/0x640 block/blk-mq-sched.c:474
 blk_mq_flush_plug_list+0xb31/0xca0 block/blk-mq.c:1771
 blk_flush_plug_list+0x70f/0x790 block/blk-core.c:1760
 blk_mq_make_request+0x19fc/0x3090 block/blk-mq.c:2043
 generic_make_request+0x407/0x1290 block/blk-core.c:1075
 submit_bio+0x479/0x960 block/blk-core.c:1200
 blk_next_bio block/blk-lib.c:19 [inline]
 __blkdev_issue_zero_pages+0x35e/0x9f0 block/blk-lib.c:284
 blkdev_issue_zeroout+0x4b6/0x800 block/blk-lib.c:378
 blk_ioctl_zeroout block/ioctl.c:270 [inline]
 blkdev_common_ioctl+0x3486/0x3500 block/ioctl.c:608
 blkdev_ioctl+0x8df/0xd90 block/ioctl.c:716
 block_ioctl+0x16e/0x1c0 fs/block_dev.c:2005
 vfs_ioctl fs/ioctl.c:47 [inline]
 ksys_ioctl fs/ioctl.c:771 [inline]
 __do_sys_ioctl fs/ioctl.c:780 [inline]
 __se_sys_ioctl+0x2e9/0x410 fs/ioctl.c:778
 __x64_sys_ioctl+0x4a/0x70 fs/ioctl.c:778
 do_syscall_64+0xb8/0x160 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cba9
Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f66fb15ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e2d20 RCX: 000000000045cba9
RDX: 0000000020000000 RSI: 000000000000127f RDI: 0000000000000006
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000023a R14: 00000000004c49c1 R15: 00007f66fb15f6d4

Uninit was created at:
 kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:144
 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:269 [inline]
 kmsan_alloc_page+0xb9/0x180 mm/kmsan/kmsan_shadow.c:293
 __alloc_pages_nodemask+0x56a2/0x5dc0 mm/page_alloc.c:4848
 __alloc_pages include/linux/gfp.h:504 [inline]
 alloc_page_interleave mm/mempolicy.c:2161 [inline]
 alloc_pages_current+0x2e5/0x990 mm/mempolicy.c:2293
 alloc_pages include/linux/gfp.h:540 [inline]
 alloc_slab_page+0x122/0x1310 mm/slub.c:1531
 allocate_slab mm/slub.c:1676 [inline]
 new_slab+0x2bc/0x1130 mm/slub.c:1742
 new_slab_objects mm/slub.c:2491 [inline]
 ___slab_alloc+0x14a3/0x2040 mm/slub.c:2652
 __slab_alloc mm/slub.c:2692 [inline]
 slab_alloc_node mm/slub.c:2766 [inline]
 slab_alloc mm/slub.c:2811 [inline]
 kmem_cache_alloc+0xb23/0xd70 mm/slub.c:2816
 mempool_alloc_slab+0x66/0xc0 mm/mempool.c:513
 mempool_init_node+0x384/0xa50 mm/mempool.c:202
 mempool_create_node mm/mempool.c:271 [inline]
 mempool_create+0x193/0x240 mm/mempool.c:256
 mempool_create_slab_pool include/linux/mempool.h:69 [inline]
 sg_pool_init+0x127/0x2f4 lib/sg_pool.c:157
 do_one_initcall+0x4c9/0x930 init/main.c:1160
 do_initcall_level+0x332/0x3cd init/main.c:1233
 do_initcalls+0x15f/0x215 init/main.c:1249
 do_basic_setup+0x33/0x36 init/main.c:1269
 kernel_init_freeable+0x244/0x3e3 init/main.c:1453
 kernel_init+0x1f/0x6e0 init/main.c:1360
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/15 08:57 https://github.com/google/kmsan.git master f0d5ec902b23 609fb517 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.