syzbot

 sign-in | mailing list | source | docs
🐞 Open [1034] Subsystems 🐞 Fixed [5279] 🐞 Invalid [12607] Missing Backports [87] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in virtqueue_add (3)

Status: auto-obsoleted due to no activity on 2023/02/12 03:53
Subsystems: virt
[Documentation on labels]
First crash: 846d, last: 553d
Similar bugs (22)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in _copy_to_iter (8) mm C 21180 337d 431d 22/26 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in virtqueue_add (4) mm C 201906 4h36m 130d 1/26 upstream: reported C repro on 2024/01/01 13:38
upstream KMSAN: uninit-value in virtqueue_add virt C 271 1388d 1504d 0/26 closed as invalid on 2020/07/22 14:02
android-54 KASAN: use-after-free Read in virtqueue_add C 2 35d 1062d 0/2 upstream: reported C repro on 2021/06/13 11:51
upstream KMSAN: uninit-value in skb_release_data (3) net C 10 660d 1339d 0/26 auto-obsoleted due to no activity on 2022/11/17 07:20
upstream KMSAN: uninit-value in hsr_register_frame_in net C 197 293d 1914d 0/26 auto-obsoleted due to no activity on 2024/02/18 18:09
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 337d 1506d 22/26 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in ipv6_find_tlv net C 271 378d 1732d 22/26 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in bpf_prog_run_generic_xdp can C 399 7h30m 539d 0/26 upstream: reported C repro on 2022/11/18 11:39
upstream KMSAN: uninit-value in ax25cmp (2) hams C 51 597d 858d 0/26 closed as invalid on 2022/11/18 11:50
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 441d 793d 22/26 fixed on 2023/02/24 13:50
upstream KMSAN: kernel-infoleak in __skb_datagram_iter net 68 227d 332d 23/26 fixed on 2023/09/28 17:51
upstream KMSAN: uninit-value in can_send can C 630 536d 554d 22/26 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in IP6_ECN_decapsulate net C 981 143d 2059d 25/26 fixed on 2023/12/21 03:45
upstream KMSAN: uninit-value in inet_frag_find (2) net 2 850d 858d 0/26 auto-closed as invalid on 2022/04/11 17:13
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) net C 748 794d 883d 20/26 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in eth_type_trans (2) net C 4587 14h55m 1570d 0/26 upstream: reported C repro on 2020/01/22 16:47
upstream KMSAN: uninit-value in hsr_fill_frame_info (2) net C 65 293d 576d 0/26 auto-obsoleted due to no activity on 2023/10/30 13:38
upstream KMSAN: uninit-value in xfrm_state_find net C error done 215 357d 2156d 22/26 fixed on 2023/07/01 16:05
upstream KMSAN: uninit-value in post_read_mst_fixup fs 199 830d 1270d 0/26 auto-closed as invalid on 2022/05/31 07:12
upstream KMSAN: uninit-value in __crc32c_le_base (2) crypto C 6207 403d 1475d 0/26 closed as invalid on 2023/04/06 23:31
upstream KMSAN: uninit-value in nilfs_add_checksums_on_logs nilfs 1079 337d 431d 22/26 fixed on 2023/06/08 14:41

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in vring_map_one_sg drivers/virtio/virtio_ring.c:362 [inline]
BUG: KMSAN: uninit-value in virtqueue_add_split drivers/virtio/virtio_ring.c:585 [inline]
BUG: KMSAN: uninit-value in virtqueue_add+0x1d96/0x6270 drivers/virtio/virtio_ring.c:2096
 vring_map_one_sg drivers/virtio/virtio_ring.c:362 [inline]
 virtqueue_add_split drivers/virtio/virtio_ring.c:585 [inline]
 virtqueue_add+0x1d96/0x6270 drivers/virtio/virtio_ring.c:2096
 virtqueue_add_sgs+0x182/0x1a0 drivers/virtio/virtio_ring.c:2130
 __virtscsi_add_cmd drivers/scsi/virtio_scsi.c:459 [inline]
 virtscsi_add_cmd+0x861/0xb00 drivers/scsi/virtio_scsi.c:493
 virtscsi_queuecommand+0x900/0xb00 drivers/scsi/virtio_scsi.c:590
 scsi_dispatch_cmd+0x54e/0xbf0 drivers/scsi/scsi_lib.c:1524
 scsi_queue_rq+0x4088/0x4720 drivers/scsi/scsi_lib.c:1760
 blk_mq_dispatch_rq_list+0x1495/0x41e0 block/blk-mq.c:1991
 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:173 [inline]
 blk_mq_do_dispatch_sched+0xdd1/0x16d0 block/blk-mq-sched.c:187
 __blk_mq_sched_dispatch_requests+0x442/0x630
 blk_mq_sched_dispatch_requests+0x159/0x2c0 block/blk-mq-sched.c:339
 __blk_mq_run_hw_queue+0xee/0x260 block/blk-mq.c:2109
 __blk_mq_delay_run_hw_queue+0x149/0x6d0 block/blk-mq.c:2185
 blk_mq_run_hw_queue+0x4d7/0x7d0 block/blk-mq.c:2233
 blk_mq_sched_insert_requests+0x4e5/0x760 block/blk-mq-sched.c:493
 blk_mq_dispatch_plug_list+0x66b/0x880 block/blk-mq.c:2693
 blk_mq_flush_plug_list+0x759/0x8e0 block/blk-mq.c:2735
 __blk_flush_plug+0x5f6/0x680 block/blk-core.c:1138
 blk_finish_plug+0x71/0x90 block/blk-core.c:1162
 wb_writeback+0xdc3/0xe30 fs/fs-writeback.c:2078
 wb_do_writeback+0x25a/0x11c0 fs/fs-writeback.c:2187
 wb_workfn+0x194/0x600 fs/fs-writeback.c:2227
 process_one_work+0xb27/0x13e0 kernel/workqueue.c:2289
 worker_thread+0x1076/0x1d60 kernel/workqueue.c:2436
 kthread+0x31b/0x430 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306

Uninit was created at:
 __alloc_pages+0x9f1/0xe80 mm/page_alloc.c:5578
 alloc_pages+0xaae/0xd80 mm/mempolicy.c:2285
 folio_alloc+0x3e/0x120 mm/mempolicy.c:2295
 filemap_alloc_folio mm/filemap.c:971 [inline]
 __filemap_get_folio+0xe59/0x1b00 mm/filemap.c:1965
 pagecache_get_page+0x4a/0x2f0 mm/folio-compat.c:110
 grab_cache_page_write_begin+0x51/0x70 mm/folio-compat.c:122
 ext4_write_begin+0x3a4/0x3190 fs/ext4/inode.c:1188
 ext4_da_write_begin+0x609/0x1190 fs/ext4/inode.c:2979
 generic_perform_write+0x3f1/0xbf0 mm/filemap.c:3753
 ext4_buffered_write_iter+0x5ec/0xbe0 fs/ext4/file.c:285
 ext4_file_write_iter+0x1d3f/0x3430
 call_write_iter include/linux/fs.h:2191 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x830/0x1570 fs/read_write.c:584
 ksys_write+0x21b/0x4e0 fs/read_write.c:637
 __do_sys_write fs/read_write.c:649 [inline]
 __se_sys_write fs/read_write.c:646 [inline]
 __ia32_sys_write+0x8d/0xd0 fs/read_write.c:646
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

Bytes 8-4095 of 4096 are uninitialized
Memory access of size 4096 starts at ffff8880474ee000

CPU: 0 PID: 3635 Comm: kworker/u4:8 Not tainted 6.1.0-rc3-syzkaller-62446-ge5527cb41a93 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
Workqueue: writeback wb_workfn (flush-8:0)
=====================================================

Crashes (13):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/11/04 00:26 https://github.com/google/kmsan.git master e5527cb41a93 6d752409 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/11/01 17:33 https://github.com/google/kmsan.git master be8b0d020631 edac4fd1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/09/21 00:06 https://github.com/google/kmsan.git master 523d2ce66d07 c4b8ccfd .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/08/08 22:43 https://github.com/google/kmsan.git master 1b070a5d1a2c 88e3a122 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/08/02 19:26 https://github.com/google/kmsan.git master f469ea3cc7c5 1c9013ac .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/07/26 02:40 https://github.com/google/kmsan.git master 97117d69c353 34795c51 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/07/20 20:44 https://github.com/google/kmsan.git master 97117d69c353 88cb1383 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/07/18 12:54 https://github.com/google/kmsan.git master 97117d69c353 ff988920 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/06/18 08:53 https://github.com/google/kmsan.git master 365ac3bfacfb 8f633d84 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/04/01 14:03 https://github.com/google/kmsan.git master 1978a14f70af 20955a24 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/01/18 15:49 https://github.com/google/kmsan.git master fa3879a274df 731a2d23 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/01/16 10:46 https://github.com/google/kmsan.git master fa3879a274df 723cfaf0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
2022/01/15 15:02 https://github.com/google/kmsan.git master fa3879a274df 723cfaf0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in virtqueue_add
* Struck through repros no longer work on HEAD.