syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in vb2_mmap

Status: closed as invalid on 2019/11/08 13:23
Subsystems: media
[Documentation on labels]
First crash: 2001d, last: 1935d

Sample crash report:
==================================================================
BUG: KMSAN: uninit-value in vb2_mmap+0xb2c/0xc90 drivers/media/common/videobuf2/videobuf2-core.c:1962
CPU: 1 PID: 6655 Comm: syz-executor291 Not tainted 4.19.0+ #77
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x32d/0x480 lib/dump_stack.c:113
 kmsan_report+0x1a2/0x2e0 mm/kmsan/kmsan.c:911
 __msan_warning+0x74/0xd0 mm/kmsan/kmsan_instr.c:415
 vb2_mmap+0xb2c/0xc90 drivers/media/common/videobuf2/videobuf2-core.c:1962
 vb2_fop_mmap+0xa9/0xd0 drivers/media/common/videobuf2/videobuf2-v4l2.c:832
 v4l2_mmap+0x212/0x400 drivers/media/v4l2-core/v4l2-dev.c:401
 call_mmap include/linux/fs.h:1813 [inline]
 mmap_region+0x3a21/0x4910 mm/mmap.c:1762
 do_mmap+0x182d/0x1e60 mm/mmap.c:1535
 do_mmap_pgoff include/linux/mm.h:2298 [inline]
 vm_mmap_pgoff+0x328/0x450 mm/util.c:357
 ksys_mmap_pgoff+0xa3f/0xaf0 mm/mmap.c:1585
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline]
 __se_sys_mmap+0x172/0x1a0 arch/x86/kernel/sys_x86_64.c:91
 __x64_sys_mmap+0x69/0x90 arch/x86/kernel/sys_x86_64.c:91
 do_syscall_64+0xcf/0x110 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x44a279
Code: e8 cc e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b cc fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f6b99a3bd98 EFLAGS: 00000212 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 000000000044a279
RDX: 0000000000000001 RSI: 0000000000003000 RDI: 0000000020ffa000
RBP: 00000000006dbc20 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000001011 R11: 0000000000000212 R12: 00000000006dbc2c
R13: 6469762f7665642f R14: 00007f6b99a3c9c0 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:252 [inline]
 kmsan_internal_alloc_meta_for_pages+0x155/0x740 mm/kmsan/kmsan.c:689
 kmsan_alloc_page+0x77/0xe0 mm/kmsan/kmsan_hooks.c:320
 __alloc_pages_nodemask+0x12cc/0x6640 mm/page_alloc.c:4416
 alloc_pages_current+0x584/0x7e0 mm/mempolicy.c:2093
 alloc_pages include/linux/gfp.h:511 [inline]
 alloc_slab_page mm/slub.c:1459 [inline]
 allocate_slab mm/slub.c:1604 [inline]
 new_slab+0x3c0/0x1f70 mm/slub.c:1675
 new_slab_objects mm/slub.c:2438 [inline]
 ___slab_alloc+0x12a7/0x1e40 mm/slub.c:2590
 __slab_alloc mm/slub.c:2630 [inline]
 slab_alloc_node mm/slub.c:2693 [inline]
 __kmalloc_node_track_caller+0xe08/0x14e0 mm/slub.c:4360
 __kmalloc_reserve net/core/skbuff.c:138 [inline]
 __alloc_skb+0x42b/0xeb0 net/core/skbuff.c:206
 alloc_skb include/linux/skbuff.h:996 [inline]
 nlmsg_new include/net/netlink.h:511 [inline]
 inet_netconf_notify_devconf+0x219/0x450 net/ipv4/devinet.c:1906
 __devinet_sysctl_register+0x673/0x780 net/ipv4/devinet.c:2341
 devinet_sysctl_register+0x2ef/0x3a0 net/ipv4/devinet.c:2375
 inetdev_init+0x4a6/0xb80 net/ipv4/devinet.c:264
 inetdev_event+0x69d/0x1d80 net/ipv4/devinet.c:1468
 notifier_call_chain kernel/notifier.c:93 [inline]
 __raw_notifier_call_chain kernel/notifier.c:394 [inline]
 raw_notifier_call_chain+0x13d/0x240 kernel/notifier.c:401
 call_netdevice_notifiers_info net/core/dev.c:1733 [inline]
 call_netdevice_notifiers net/core/dev.c:1751 [inline]
 register_netdevice+0x2164/0x26e0 net/core/dev.c:8532
 register_netdev+0x93/0xd0 net/core/dev.c:8618
 ip6gre_init_net+0x454/0x760 net/ipv6/ip6_gre.c:1590
 ops_init+0x2fe/0x760 net/core/net_namespace.c:129
 setup_net+0x480/0x1240 net/core/net_namespace.c:314
 copy_net_ns+0x7b5/0xb80 net/core/net_namespace.c:437
 create_new_namespaces+0x9f8/0xed0 kernel/nsproxy.c:107
 unshare_nsproxy_namespaces+0x280/0x360 kernel/nsproxy.c:206
 ksys_unshare+0xa5a/0x1460 kernel/fork.c:2490
 __do_sys_unshare kernel/fork.c:2558 [inline]
 __se_sys_unshare+0x41/0x60 kernel/fork.c:2556
 __x64_sys_unshare+0x32/0x50 kernel/fork.c:2556
 do_syscall_64+0xcf/0x110 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
==================================================================

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/11/03 12:54 https://github.com/google/kmsan.git master 88b95ef4c780 8bd6bd63 .config console log report syz C ci-upstream-kmsan-gce
2019/01/08 07:06 https://github.com/google/kmsan.git master 48128c3ca084 37dd2683 .config console log report ci-upstream-kmsan-gce
2018/11/20 22:14 https://github.com/google/kmsan.git master 0891758b8cda 9aca6b52 .config console log report ci-upstream-kmsan-gce
2018/11/12 10:09 https://github.com/google/kmsan.git master 56c832411f89 7b5f8621 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.