syzbot

 sign-in | mailing list | source | docs
🐞 Open [987] Subsystems 🐞 Fixed [5238] 🐞 Invalid [12509] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in ip6_compressed_string

Status: fixed on 2019/04/29 21:49
Subsystems: net nfs
[Documentation on labels]
Reported-by: syzbot+047a11c361b872896a4f@syzkaller.appspotmail.com
Fix commit: 7c2bd9a39845 NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
First crash: 1981d, last: 1823d
Discussions (14)
Title Replies (including bot) Last reply
[PATCH 4.4 000/266] 4.4.180-stable review 282 (282) 2019/05/17 09:42
[PATCH 3.18 00/86] 3.18.140-stable review 93 (93) 2019/05/16 14:59
[PATCH 5.0 00/89] 5.0.11-stable review 106 (106) 2019/05/03 11:48
[PATCH 4.19 000/100] 4.19.38-stable review 108 (108) 2019/05/02 05:30
[PATCH 4.14 00/53] 4.14.115-stable review 59 (59) 2019/05/01 16:44
[PATCH 4.9 00/41] 4.9.172-stable review 47 (47) 2019/05/01 16:43
[PATCH AUTOSEL 5.0 01/79] ASoC: tlv320aic3x: fix reset gpio reference counting 83 (83) 2019/04/28 01:06
[PATCH AUTOSEL 3.18 1/8] ASoC: ab8500: Mark expected switch fall-through 8 (8) 2019/04/27 01:44
[PATCH AUTOSEL 4.4 1/9] ASoC: ab8500: Mark expected switch fall-through 9 (9) 2019/04/27 01:43
[PATCH AUTOSEL 4.9 01/16] ASoC: ab8500: Mark expected switch fall-through 16 (16) 2019/04/27 01:43
[PATCH AUTOSEL 4.14 01/32] ASoC: hdmi-codec: fix S/PDIF DAI 32 (32) 2019/04/27 01:42
[PATCH AUTOSEL 4.19 01/53] ASoC: tlv320aic3x: fix reset gpio reference counting 53 (53) 2019/04/27 01:40
[PATCH] NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. 1 (1) 2019/03/30 01:21
KMSAN: uninit-value in ip6_compressed_string 0 (1) 2018/11/28 17:40
Last patch testing requests (1)
Created Duration User Patch Repo Result
2019/04/07 14:50 19m penguin-kernel@i-love.sakura.ne.jp patch https://github.com/google/kmsan.git master OK

Sample crash report:
==================================================================
BUG: KMSAN: uninit-value in ip6_compressed_string+0x1de/0x1490 lib/vsprintf.c:1174
CPU: 1 PID: 10632 Comm: syz-executor156 Not tainted 5.1.0-rc4+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x173/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x131/0x2a0 mm/kmsan/kmsan.c:619
 __msan_warning+0x7a/0xf0 mm/kmsan/kmsan_instr.c:310
 ip6_compressed_string+0x1de/0x1490 lib/vsprintf.c:1174
 ip6_addr_string+0x165/0x2b0 lib/vsprintf.c:1263
 pointer+0x10f2/0x1660 lib/vsprintf.c:2009
 vsnprintf+0x1c24/0x3230 lib/vsprintf.c:2400
 snprintf+0x246/0x290 lib/vsprintf.c:2529
 rpc_ntop6_noscopeid net/sunrpc/addr.c:56 [inline]
 rpc_sockaddr2uaddr+0x4ec/0x730 net/sunrpc/addr.c:281
 rpcb_getport_async+0xfbe/0x1790 net/sunrpc/rpcb_clnt.c:773
 call_bind net/sunrpc/clnt.c:1879 [inline]
 call_encode+0xba0/0x1650 net/sunrpc/clnt.c:1832
 call_allocate+0x1a5/0x920 net/sunrpc/clnt.c:1715
 call_refreshresult+0x15d/0x580 net/sunrpc/clnt.c:1669
 call_refresh net/sunrpc/clnt.c:1650 [inline]
 call_reserveresult+0x6b8/0x740 net/sunrpc/clnt.c:1582
 call_reserve net/sunrpc/clnt.c:1559 [inline]
 call_start+0x73c/0x790 net/sunrpc/clnt.c:1543
 __rpc_execute+0x968/0x1610 net/sunrpc/sched.c:832
 rpc_execute+0x437/0x6d0 net/sunrpc/sched.c:900
 rpc_run_task+0x8b8/0xbb0 net/sunrpc/clnt.c:1062
 rpc_call_sync net/sunrpc/clnt.c:1091 [inline]
 rpc_ping net/sunrpc/clnt.c:2609 [inline]
 rpc_create_xprt+0x5a3/0xd50 net/sunrpc/clnt.c:479
 rpc_create+0xaa6/0xb30 net/sunrpc/clnt.c:587
 nfs_create_rpc_client+0x723/0x920 fs/nfs/client.c:517
 nfs_init_client+0xb8/0x1d0 fs/nfs/client.c:629
 nfs_get_client+0x1487/0x16a0 fs/nfs/client.c:419
 nfs_init_server fs/nfs/client.c:665 [inline]
 nfs_create_server+0xb9a/0x3550 fs/nfs/client.c:949
 nfs_try_mount+0x1134/0x1550 fs/nfs/super.c:1818
 nfs_fs_mount+0x36b2/0x3a70 fs/nfs/super.c:2691
 legacy_get_tree+0x163/0x2d0 fs/fs_context.c:584
 vfs_get_tree+0x1ae/0x810 fs/super.c:1481
 do_new_mount fs/namespace.c:2622 [inline]
 do_mount+0x31d4/0x65f0 fs/namespace.c:2942
 ksys_mount+0x32e/0x3d0 fs/namespace.c:3151
 __do_sys_mount fs/namespace.c:3165 [inline]
 __se_sys_mount+0xe5/0x110 fs/namespace.c:3162
 __x64_sys_mount+0x62/0x80 fs/namespace.c:3162
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x440259
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffd251d6208 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440259
RDX: 0000000020000180 RSI: 0000000020000140 RDI: 0000000000000000
RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ae0
R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:205 [inline]
 kmsan_save_stack mm/kmsan/kmsan.c:220 [inline]
 kmsan_internal_chain_origin+0x134/0x230 mm/kmsan/kmsan.c:426
 kmsan_memcpy_memmove_metadata+0x989/0xd60 mm/kmsan/kmsan.c:304
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:324
 __msan_memcpy+0x58/0x70 mm/kmsan/kmsan_instr.c:139
 ip6_compressed_string+0xbe/0x1490 lib/vsprintf.c:1170
 ip6_addr_string+0x165/0x2b0 lib/vsprintf.c:1263
 pointer+0x10f2/0x1660 lib/vsprintf.c:2009
 vsnprintf+0x1c24/0x3230 lib/vsprintf.c:2400
 snprintf+0x246/0x290 lib/vsprintf.c:2529
 rpc_ntop6_noscopeid net/sunrpc/addr.c:56 [inline]
 rpc_sockaddr2uaddr+0x4ec/0x730 net/sunrpc/addr.c:281
 rpcb_getport_async+0xfbe/0x1790 net/sunrpc/rpcb_clnt.c:773
 call_bind net/sunrpc/clnt.c:1879 [inline]
 call_encode+0xba0/0x1650 net/sunrpc/clnt.c:1832
 call_allocate+0x1a5/0x920 net/sunrpc/clnt.c:1715
 call_refreshresult+0x15d/0x580 net/sunrpc/clnt.c:1669
 call_refresh net/sunrpc/clnt.c:1650 [inline]
 call_reserveresult+0x6b8/0x740 net/sunrpc/clnt.c:1582
 call_reserve net/sunrpc/clnt.c:1559 [inline]
 call_start+0x73c/0x790 net/sunrpc/clnt.c:1543
 __rpc_execute+0x968/0x1610 net/sunrpc/sched.c:832
 rpc_execute+0x437/0x6d0 net/sunrpc/sched.c:900
 rpc_run_task+0x8b8/0xbb0 net/sunrpc/clnt.c:1062
 rpc_call_sync net/sunrpc/clnt.c:1091 [inline]
 rpc_ping net/sunrpc/clnt.c:2609 [inline]
 rpc_create_xprt+0x5a3/0xd50 net/sunrpc/clnt.c:479
 rpc_create+0xaa6/0xb30 net/sunrpc/clnt.c:587
 nfs_create_rpc_client+0x723/0x920 fs/nfs/client.c:517
 nfs_init_client+0xb8/0x1d0 fs/nfs/client.c:629
 nfs_get_client+0x1487/0x16a0 fs/nfs/client.c:419
 nfs_init_server fs/nfs/client.c:665 [inline]
 nfs_create_server+0xb9a/0x3550 fs/nfs/client.c:949
 nfs_try_mount+0x1134/0x1550 fs/nfs/super.c:1818
 nfs_fs_mount+0x36b2/0x3a70 fs/nfs/super.c:2691
 legacy_get_tree+0x163/0x2d0 fs/fs_context.c:584
 vfs_get_tree+0x1ae/0x810 fs/super.c:1481
 do_new_mount fs/namespace.c:2622 [inline]
 do_mount+0x31d4/0x65f0 fs/namespace.c:2942
 ksys_mount+0x32e/0x3d0 fs/namespace.c:3151
 __do_sys_mount fs/namespace.c:3165 [inline]
 __se_sys_mount+0xe5/0x110 fs/namespace.c:3162
 __x64_sys_mount+0x62/0x80 fs/namespace.c:3162
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7

Local variable description: ----addr@rpcb_getport_async
Variable was created at:
 rpcb_getport_async+0xb3/0x1790 net/sunrpc/rpcb_clnt.c:673
 call_bind net/sunrpc/clnt.c:1879 [inline]
 call_encode+0xba0/0x1650 net/sunrpc/clnt.c:1832
==================================================================

Crashes (9024):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/04/26 07:53 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report syz C ci-upstream-kmsan-gce
2019/04/19 19:31 https://github.com/google/kmsan.git master 199a02db1f61 b0e8efcb .config console log report syz C ci-upstream-kmsan-gce
2019/03/21 23:11 https://github.com/google/kmsan.git master c10a026b8dee dce6e62f .config console log report syz C ci-upstream-kmsan-gce
2019/03/17 06:58 https://github.com/google/kmsan.git master 43cfd3b1484f bab43553 .config console log report syz C ci-upstream-kmsan-gce
2019/02/19 11:31 https://github.com/google/kmsan.git master fa1981bee40f 59f36113 .config console log report syz C ci-upstream-kmsan-gce
2018/11/25 04:45 https://github.com/google/kmsan.git master fffec98ae2a6 ecc7c870 .config console log report syz C ci-upstream-kmsan-gce
2019/04/29 15:32 https://github.com/google/kmsan.git master d00d85b733bd b617407b .config console log report ci-upstream-kmsan-gce
2019/04/29 14:17 https://github.com/google/kmsan.git master d00d85b733bd b617407b .config console log report ci-upstream-kmsan-gce
2019/04/29 07:50 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/29 06:42 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/29 04:13 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/28 23:24 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/28 19:51 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/28 16:50 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/28 15:34 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/28 13:45 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/28 08:42 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/28 05:56 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/28 01:13 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/27 21:53 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/27 21:05 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/27 13:55 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/27 12:49 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/27 12:11 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/27 03:59 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/27 01:38 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 21:32 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 19:43 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 18:36 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 17:37 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 16:16 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 14:53 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 13:01 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 12:01 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 11:45 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 09:28 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 06:47 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 05:40 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 04:28 https://github.com/google/kmsan.git master 199a02db1f61 b617407b .config console log report ci-upstream-kmsan-gce
2019/04/26 01:32 https://github.com/google/kmsan.git master 199a02db1f61 f46aabc8 .config console log report ci-upstream-kmsan-gce
2019/04/26 00:33 https://github.com/google/kmsan.git master 199a02db1f61 f46aabc8 .config console log report ci-upstream-kmsan-gce
2019/04/25 22:27 https://github.com/google/kmsan.git master 199a02db1f61 f46aabc8 .config console log report ci-upstream-kmsan-gce
2019/04/25 21:03 https://github.com/google/kmsan.git master 199a02db1f61 f46aabc8 .config console log report ci-upstream-kmsan-gce
2019/04/25 18:36 https://github.com/google/kmsan.git master 199a02db1f61 f46aabc8 .config console log report ci-upstream-kmsan-gce
2019/04/25 17:38 https://github.com/google/kmsan.git master 199a02db1f61 f46aabc8 .config console log report ci-upstream-kmsan-gce
2019/04/25 16:17 https://github.com/google/kmsan.git master 199a02db1f61 f46aabc8 .config console log report ci-upstream-kmsan-gce
2019/04/25 14:35 https://github.com/google/kmsan.git master 199a02db1f61 8e3c52b1 .config console log report ci-upstream-kmsan-gce
2019/04/25 08:31 https://github.com/google/kmsan.git master 199a02db1f61 8e3c52b1 .config console log report ci-upstream-kmsan-gce
2019/04/25 06:25 https://github.com/google/kmsan.git master 199a02db1f61 8e3c52b1 .config console log report ci-upstream-kmsan-gce
2018/11/22 19:29 https://github.com/google/kmsan.git master 50031178f793 2ee77802 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.