syzbot


KMSAN: uninit-value in __update_load_avg_se

Status: auto-closed as invalid on 2022/04/28 15:54
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 303d, last: 303d

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in ___update_load_sum kernel/sched/pelt.c:194 [inline]
BUG: KMSAN: uninit-value in __update_load_avg_se+0x8f8/0x1590 kernel/sched/pelt.c:312
 ___update_load_sum kernel/sched/pelt.c:194 [inline]
 __update_load_avg_se+0x8f8/0x1590 kernel/sched/pelt.c:312
 update_load_avg kernel/sched/fair.c:3813 [inline]
 set_next_entity+0x86a/0x1b10 kernel/sched/fair.c:4437
 pick_next_task_fair+0x9d8/0x11f0 kernel/sched/fair.c:7309
 __pick_next_task kernel/sched/core.c:5593 [inline]
 pick_next_task+0x190/0x2d30 kernel/sched/core.c:5665
 __schedule+0xd0b/0x20a0 kernel/sched/core.c:6217
 schedule+0x269/0x350 kernel/sched/core.c:6326
 worker_thread+0x1dd1/0x21f0 kernel/workqueue.c:2466
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 ___update_load_sum kernel/sched/pelt.c:207 [inline]
 __update_load_avg_se+0x9aa/0x1590 kernel/sched/pelt.c:312
 update_load_avg kernel/sched/fair.c:3813 [inline]
 enqueue_entity+0x41a/0x34c0 kernel/sched/fair.c:4257
 enqueue_task_fair+0x4af/0x3d10 kernel/sched/fair.c:5588
 enqueue_task kernel/sched/core.c:1999 [inline]
 activate_task+0x1c5/0x5c0 kernel/sched/core.c:2024
 ttwu_do_activate kernel/sched/core.c:3600 [inline]
 ttwu_queue+0x322/0x7b0 kernel/sched/core.c:3796
 try_to_wake_up+0xcee/0x1740 kernel/sched/core.c:4119
 wake_up_process+0x34/0x40 kernel/sched/core.c:4203
 process_timeout+0x59/0x70 kernel/time/timer.c:1808
 call_timer_fn+0x81/0x540 kernel/time/timer.c:1421
 expire_timers+0x2f5/0x6d0 kernel/time/timer.c:1466
 __run_timers+0x66b/0x9f0 kernel/time/timer.c:1734
 run_timer_softirq+0x71/0xe0 kernel/time/timer.c:1747
 __do_softirq+0x1ee/0x7c5 kernel/softirq.c:558

Uninit was created at:
 slab_free_hook mm/slub.c:1710 [inline]
 slab_free_freelist_hook+0x27b/0x8e0 mm/slub.c:1766
 slab_free mm/slub.c:3530 [inline]
 kfree+0x2e7/0x9e0 mm/slub.c:4579
 acpi_os_free include/acpi/platform/aclinuxex.h:62 [inline]
 acpi_ns_get_node_unlocked+0x36f/0x541 drivers/acpi/acpica/nsutils.c:686
 acpi_ns_get_node+0x133/0x188 drivers/acpi/acpica/nsutils.c:726
 acpi_ns_evaluate+0x56c/0x13cc drivers/acpi/acpica/nseval.c:62
 acpi_ut_evaluate_object+0x228/0x9bc drivers/acpi/acpica/uteval.c:60
 acpi_ut_evaluate_numeric_object+0xb3/0x204 drivers/acpi/acpica/uteval.c:182
 acpi_ev_pci_config_region_setup+0x9a0/0xe02 drivers/acpi/acpica/evrgnini.c:272
 acpi_ev_address_space_dispatch+0x2fe/0x14c1 drivers/acpi/acpica/evregion.c:172
 acpi_ex_access_region+0x57b/0x1116 drivers/acpi/acpica/exfldio.c:246
 acpi_ex_field_datum_io+0x425/0xc0e drivers/acpi/acpica/exfldio.c:445
 acpi_ex_extract_from_field+0xc59/0x10b1 drivers/acpi/acpica/exfldio.c:690
 acpi_ex_read_data_from_field+0x8bc/0xb70 drivers/acpi/acpica/exfield.c:236
 acpi_ex_resolve_node_to_value+0x58b/0xdfc drivers/acpi/acpica/exresnte.c:177
 acpi_ex_resolve_to_value+0x4fd/0xe39 drivers/acpi/acpica/exresolv.c:76
 acpi_ds_evaluate_name_path+0x2d3/0x841 drivers/acpi/acpica/dsutils.c:783
 acpi_ds_exec_end_op+0x341/0x1f56 drivers/acpi/acpica/dswexec.c:374
 acpi_ps_parse_loop+0x1aca/0x32c8 drivers/acpi/acpica/psloop.c:525
 acpi_ps_parse_aml+0x343/0x15bf drivers/acpi/acpica/psparse.c:475
 acpi_ps_execute_method+0xa02/0xcc3 drivers/acpi/acpica/psxface.c:190
 acpi_ns_evaluate+0xac1/0x13cc drivers/acpi/acpica/nseval.c:205
 acpi_ut_evaluate_object+0x228/0x9bc drivers/acpi/acpica/uteval.c:60
 acpi_ut_execute_power_methods+0x16f/0x377 drivers/acpi/acpica/uteval.c:288
 acpi_get_object_info+0xbe7/0x1ea9 drivers/acpi/acpica/nsxfname.c:366
 acpi_set_pnp_ids drivers/acpi/scan.c:1334 [inline]
 acpi_init_device_object+0xc3d/0x6570 drivers/acpi/scan.c:1747
 acpi_add_single_object+0x175/0x3110 drivers/acpi/scan.c:1793
 acpi_bus_check_add+0x67e/0x1380 drivers/acpi/scan.c:2052
 acpi_bus_check_add_1+0x70/0x80 drivers/acpi/scan.c:2068
 acpi_ns_walk_namespace+0x634/0xb8e
 acpi_walk_namespace+0x3f3/0x49e drivers/acpi/acpica/nsxfeval.c:606
 acpi_bus_scan+0x176/0x3b0 drivers/acpi/scan.c:2365
 acpi_scan_init+0x2f7/0xc54 drivers/acpi/scan.c:2547
 acpi_init+0x21b/0x27d drivers/acpi/bus.c:1332
 do_one_initcall+0x352/0x9a0 init/main.c:1300
 do_initcall_level+0x1ea/0x3d4 init/main.c:1373
 do_initcalls+0x15c/0x210 init/main.c:1389
 do_basic_setup+0x22/0x24 init/main.c:1408
 kernel_init_freeable+0x324/0x4dc init/main.c:1613
 kernel_init+0x33/0x860 init/main.c:1502
 ret_from_fork+0x1f/0x30

CPU: 1 PID: 3558 Comm: kworker/1:5 Tainted: G        W         5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue:  0x0 (events)
=====================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2022/01/28 15:52 https://github.com/google/kmsan.git master 85cfd6e539bd 495e00c5 .config log report info KMSAN: uninit-value in __update_load_avg_se
* Struck through repros no longer work on HEAD.