syzbot


KMSAN: uninit-value in snapshot_compat_ioctl

Status: upstream: reported C repro on 2020/02/26 15:59
Reported-by: syzbot+af962bf9e7e27bccd025@syzkaller.appspotmail.com
First crash: 954d, last: 880d
Patch testing requests:
Created Duration User Patch Repo Result
2022/08/30 16:27 7m https://github.com/google/kmsan.git master error
2020/09/14 12:46 19m anant.thazhemadam@gmail.com https://github.com/google/kmsan.git master OK

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in kmsan_check_memory+0xd/0x10 mm/kmsan/kmsan_hooks.c:413
CPU: 1 PID: 11659 Comm: syz-executor923 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 kmsan_internal_check_memory+0x358/0x3d0 mm/kmsan/kmsan.c:457
 kmsan_check_memory+0xd/0x10 mm/kmsan/kmsan_hooks.c:413
 snapshot_compat_ioctl+0x559/0x650 kernel/power/user.c:422
 __do_compat_sys_ioctl fs/ioctl.c:857 [inline]
 __se_compat_sys_ioctl+0x57c/0xed0 fs/ioctl.c:808
 __ia32_compat_sys_ioctl+0xd9/0x110 fs/ioctl.c:808
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f70d99
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000ffec145c EFLAGS: 00000213 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080083313
RDX: 0000000000000000 RSI: 00000000080ea078 RDI: 00000000ffec14b0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310
 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165
 snapshot_compat_ioctl+0x5e0/0x650 kernel/power/user.c:422
 __do_compat_sys_ioctl fs/ioctl.c:857 [inline]
 __se_compat_sys_ioctl+0x57c/0xed0 fs/ioctl.c:808
 __ia32_compat_sys_ioctl+0xd9/0x110 fs/ioctl.c:808
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139

Local variable ----offset@snapshot_compat_ioctl created at:
 get_current arch/x86/include/asm/current.h:15 [inline]
 snapshot_compat_ioctl+0x324/0x650 kernel/power/user.c:418
 get_current arch/x86/include/asm/current.h:15 [inline]
 snapshot_compat_ioctl+0x324/0x650 kernel/power/user.c:418

Bytes 0-7 of 8 are uninitialized
Memory access of size 8 starts at ffff9946c156bd30
=====================================================

Crashes (43):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce-386 2020/02/22 20:19 https://github.com/google/kmsan.git master 8bbbc5cf3dca 2c36e7a7 .config log report syz C
ci-upstream-kmsan-gce-386 2020/05/05 21:08 https://github.com/google/kmsan.git master 21c44613a2fe 4b76dd25 .config log report
ci-upstream-kmsan-gce-386 2020/04/30 21:19 https://github.com/google/kmsan.git master bfa90a4a3f3f 3698959a .config log report
ci-upstream-kmsan-gce-386 2020/04/16 19:11 https://github.com/google/kmsan.git master 5356842da2b5 c743fcb3 .config log report
ci-upstream-kmsan-gce-386 2020/04/13 11:14 https://github.com/google/kmsan.git master 75303409203b 17a986e5 .config log report
ci-upstream-kmsan-gce-386 2020/04/13 11:13 https://github.com/google/kmsan.git master 75303409203b 17a986e5 .config log report
ci-upstream-kmsan-gce-386 2020/04/13 11:12 https://github.com/google/kmsan.git master 75303409203b 17a986e5 .config log report
ci-upstream-kmsan-gce-386 2020/04/13 11:12 https://github.com/google/kmsan.git master 75303409203b 17a986e5 .config log report
ci-upstream-kmsan-gce-386 2020/04/11 11:38 https://github.com/google/kmsan.git master 75303409203b a8c6a3f8 .config log report
ci-upstream-kmsan-gce-386 2020/04/11 11:25 https://github.com/google/kmsan.git master 75303409203b a8c6a3f8 .config log report
ci-upstream-kmsan-gce-386 2020/04/03 09:24 https://github.com/google/kmsan.git master 75303409203b a34e2c33 .config log report
ci-upstream-kmsan-gce-386 2020/03/24 12:26 https://github.com/google/kmsan.git master a58741ac26cc 33e14df3 .config log report
ci-upstream-kmsan-gce-386 2020/03/24 12:22 https://github.com/google/kmsan.git master a58741ac26cc 33e14df3 .config log report
ci-upstream-kmsan-gce-386 2020/03/19 16:50 https://github.com/google/kmsan.git master a58741ac26cc 2c31c529 .config log report
ci-upstream-kmsan-gce-386 2020/03/19 15:56 https://github.com/google/kmsan.git master a58741ac26cc 2c31c529 .config log report
ci-upstream-kmsan-gce-386 2020/03/18 20:02 https://github.com/google/kmsan.git master a58741ac26cc 0a96a13c .config log report
ci-upstream-kmsan-gce-386 2020/03/16 21:15 https://github.com/google/kmsan.git master a58741ac26cc 749688d2 .config log report
ci-upstream-kmsan-gce-386 2020/03/15 20:14 https://github.com/google/kmsan.git master 8bbbc5cf3dca 749688d2 .config log report
ci-upstream-kmsan-gce-386 2020/03/15 06:13 https://github.com/google/kmsan.git master 8bbbc5cf3dca 749688d2 .config log report
ci-upstream-kmsan-gce-386 2020/03/14 18:57 https://github.com/google/kmsan.git master 8bbbc5cf3dca 749688d2 .config log report
ci-upstream-kmsan-gce-386 2020/03/14 14:24 https://github.com/google/kmsan.git master 8bbbc5cf3dca 749688d2 .config log report
ci-upstream-kmsan-gce-386 2020/03/14 14:24 https://github.com/google/kmsan.git master 8bbbc5cf3dca 749688d2 .config log report
ci-upstream-kmsan-gce-386 2020/03/13 07:21 https://github.com/google/kmsan.git master 8bbbc5cf3dca d850e9d0 .config log report
ci-upstream-kmsan-gce-386 2020/03/12 16:36 https://github.com/google/kmsan.git master 8bbbc5cf3dca d850e9d0 .config log report
ci-upstream-kmsan-gce-386 2020/03/11 02:16 https://github.com/google/kmsan.git master 8bbbc5cf3dca 35f53e45 .config log report
ci-upstream-kmsan-gce-386 2020/03/10 02:11 https://github.com/google/kmsan.git master 8bbbc5cf3dca 35f53e45 .config log report
ci-upstream-kmsan-gce-386 2020/03/10 02:11 https://github.com/google/kmsan.git master 8bbbc5cf3dca 35f53e45 .config log report
ci-upstream-kmsan-gce-386 2020/03/10 01:49 https://github.com/google/kmsan.git master 8bbbc5cf3dca 35f53e45 .config log report
ci-upstream-kmsan-gce-386 2020/03/10 01:43 https://github.com/google/kmsan.git master 8bbbc5cf3dca 35f53e45 .config log report
ci-upstream-kmsan-gce-386 2020/03/10 01:39 https://github.com/google/kmsan.git master 8bbbc5cf3dca 35f53e45 .config log report
ci-upstream-kmsan-gce-386 2020/03/10 01:38 https://github.com/google/kmsan.git master 8bbbc5cf3dca 35f53e45 .config log report
ci-upstream-kmsan-gce-386 2020/03/10 01:38 https://github.com/google/kmsan.git master 8bbbc5cf3dca 35f53e45 .config log report
ci-upstream-kmsan-gce-386 2020/03/03 06:18 https://github.com/google/kmsan.git master 8bbbc5cf3dca c88c7b75 .config log report
ci-upstream-kmsan-gce-386 2020/03/02 13:15 https://github.com/google/kmsan.git master 8bbbc5cf3dca c88c7b75 .config log report
ci-upstream-kmsan-gce-386 2020/03/01 12:35 https://github.com/google/kmsan.git master 8bbbc5cf3dca c88c7b75 .config log report
ci-upstream-kmsan-gce-386 2020/02/27 04:32 https://github.com/google/kmsan.git master 8bbbc5cf3dca 59b57593 .config log report
ci-upstream-kmsan-gce-386 2020/02/27 04:24 https://github.com/google/kmsan.git master 8bbbc5cf3dca 59b57593 .config log report
ci-upstream-kmsan-gce-386 2020/02/27 00:05 https://github.com/google/kmsan.git master 8bbbc5cf3dca 59b57593 .config log report
ci-upstream-kmsan-gce-386 2020/02/25 19:05 https://github.com/google/kmsan.git master 8bbbc5cf3dca 59b57593 .config log report
ci-upstream-kmsan-gce-386 2020/02/22 15:30 https://github.com/google/kmsan.git master 8bbbc5cf3dca 2c36e7a7 .config log report
ci-upstream-kmsan-gce-386 2020/02/22 15:29 https://github.com/google/kmsan.git master 8bbbc5cf3dca 2c36e7a7 .config log report
ci-upstream-kmsan-gce-386 2020/02/22 15:18 https://github.com/google/kmsan.git master 8bbbc5cf3dca 2c36e7a7 .config log report
* Struck through repros no longer work on HEAD.