syzbot

 sign-in | mailing list | source | docs
🐞 Open [984] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12475] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in update_stack_state (3)

Status: closed as invalid on 2020/07/22 14:22
Subsystems: kernel
[Documentation on labels]
First crash: 1372d, last: 1367d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in update_stack_state (2) kernel 2 1963d 1963d 0/26 auto-closed as invalid on 2019/06/02 23:19
upstream KMSAN: uninit-value in update_stack_state (4) rds C 1927 1311d 1367d 0/26 auto-obsoleted due to no activity on 2022/12/10 23:36
upstream KMSAN: uninit-value in update_stack_state fs C 103 2190d 2204d 0/26 closed as invalid on 2018/06/27 15:08

Sample crash report:
sd 0:0:1:0: [sg0] tag#2676 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
=====================================================
BUG: KMSAN: uninit-value in update_stack_state+0x1ee/0xb40 arch/x86/kernel/unwind_frame.c:202
CPU: 0 PID: 4862 Comm: systemd-journal Not tainted 5.8.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1df/0x240 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 update_stack_state+0x1ee/0xb40 arch/x86/kernel/unwind_frame.c:202
 unwind_next_frame+0x8c6/0xed0 arch/x86/kernel/unwind_frame.c:305
 arch_stack_walk+0x33e/0x3e0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x117/0x1a0 kernel/stacktrace.c:123
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310
 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247
 kmsan_memmove_metadata+0xe/0x10 mm/kmsan/kmsan.c:272
 __msan_memmove+0x43/0x50 mm/kmsan/kmsan_instr.c:92
 move_right lib/vsprintf.c:566 [inline]
 widen_string+0x487/0x830 lib/vsprintf.c:589
 string+0x65b/0x690 lib/vsprintf.c:616
 vsnprintf+0x207d/0x31b0 lib/vsprintf.c:2620
 sprintf+0x210/0x260 lib/vsprintf.c:2822
 print_caller kernel/printk/printk.c:1311 [inline]
 print_prefix kernel/printk/printk.c:1328 [inline]
 msg_print_text+0x4d8/0xb10 kernel/printk/printk.c:1345
 console_unlock+0xa1b/0x1ca0 kernel/printk/printk.c:2475
 vprintk_emit+0x44d/0x8b0 kernel/printk/printk.c:2028
 dev_vprintk_emit+0x937/0xb1f drivers/base/core.c:3883
 dev_printk_emit+0x1db/0x21d drivers/base/core.c:3894
 __dev_printk+0x3af/0x460 drivers/base/core.c:3906
 dev_printk+0x22b/0x273 drivers/base/core.c:3923
 scsi_print_result+0xfe0/0x1130 drivers/scsi/scsi_logging.c:445
 scsi_io_completion_action drivers/scsi/scsi_lib.c:786 [inline]
 scsi_io_completion+0x1efc/0x2710 drivers/scsi/scsi_lib.c:953
 scsi_finish_command+0x712/0x730 drivers/scsi/scsi.c:214
 scsi_softirq_done+0x787/0x9a0 drivers/scsi/scsi_lib.c:1460
 blk_done_softirq+0x304/0x4f0 block/blk-softirq.c:37
 __do_softirq+0x311/0x83d kernel/softirq.c:293
 asm_call_on_stack+0x12/0x20 arch/x86/entry/entry_64.S:711
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:23 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:50 [inline]
 do_softirq_own_stack+0x7c/0xa0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:390 [inline]
 __irq_exit_rcu+0x226/0x270 kernel/softirq.c:420
 irq_exit_rcu+0xe/0x10 kernel/softirq.c:432
 sysvec_call_function_single+0x107/0x130 arch/x86/kernel/smp.c:243
 asm_sysvec_call_function_single+0x12/0x20 arch/x86/include/asm/idtentry.h:601
RIP: 0010:__msan_chain_origin+0x70/0x90 mm/kmsan/kmsan_instr.c:168
Code: 7d 35 44 89 f7 e8 d0 f4 ff ff be ff ff ff ff 65 0f c1 35 43 e5 71 64 ff ce 75 1e 89 c3 e8 b8 70 2e ff 4c 89 7d e0 ff 75 e0 9d <89> d8 48 83 c4 10 5b 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 ea 03 ea a8
RSP: 0018:ffffba7340d5f9d8 EFLAGS: 00000246
RAX: 0000000017b300bb RBX: 0000000017b300bb RCX: 0000000007a900bb
RDX: 0000000000000a20 RSI: 0000000000000000 RDI: 0000000007b300bb
RBP: ffffba7340d5fa00 R08: 0000000000000003 R09: ffffba7340d5f78c
R10: 0000000000000003 R11: ffffffffa840083d R12: ffffba7340d29040
R13: 0000000000000000 R14: 0000000007a900bb R15: 0000000000000246
 ___bpf_prog_run+0x6c64/0x97a0 kernel/bpf/core.c:1391
 __bpf_prog_run32+0x101/0x170 kernel/bpf/core.c:1681
 bpf_dispatcher_nop_func include/linux/bpf.h:556 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:597 [inline]
 seccomp_run_filters kernel/seccomp.c:272 [inline]
 __seccomp_filter+0x59e/0x2720 kernel/seccomp.c:817
 __secure_computing+0x1fa/0x380 kernel/seccomp.c:950
 syscall_trace_enter+0x63b/0xe10 arch/x86/entry/common.c:194
 do_syscall_64+0x54/0x150 arch/x86/entry/common.c:382
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f384ecc4910
Code: Bad RIP value.
RSP: 002b:00007fff2b8847a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 000055ae82ebe430 RCX: 00007f384ecc4910
RDX: 0000000000000400 RSI: 000055ae82ec09d0 RDI: 0000000000000014
RBP: 0000000000000d68 R08: 0000000000000003 R09: 0000000000000410
R10: 00007f384ef82d98 R11: 0000000000000246 R12: 00007f384ef7f440
R13: 00007f384ef7e900 R14: 00000000000007ff R15: 000055ae82ebe430

Local variable ----filename@process_measurement created at:
 process_measurement+0x1c0/0x2ce0 security/integrity/ima/ima_main.c:198
 process_measurement+0x1c0/0x2ce0 security/integrity/ima/ima_main.c:198
=====================================================

Crashes (132):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/19 19:10 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report syz C ci-upstream-kmsan-gce
2020/07/19 18:10 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report syz ci-upstream-kmsan-gce
2020/07/22 13:32 https://github.com/google/kmsan.git master 91e18444d6b0 128cd85f .config console log report ci-upstream-kmsan-gce
2020/07/22 08:25 https://github.com/google/kmsan.git master 91e18444d6b0 128cd85f .config console log report ci-upstream-kmsan-gce
2020/07/22 04:35 https://github.com/google/kmsan.git master 91e18444d6b0 21f1765e .config console log report ci-upstream-kmsan-gce
2020/07/22 03:01 https://github.com/google/kmsan.git master 91e18444d6b0 21f1765e .config console log report ci-upstream-kmsan-gce
2020/07/21 21:18 https://github.com/google/kmsan.git master 91e18444d6b0 21f1765e .config console log report ci-upstream-kmsan-gce
2020/07/21 10:59 https://github.com/google/kmsan.git master 91e18444d6b0 d88894e6 .config console log report ci-upstream-kmsan-gce
2020/07/21 08:19 https://github.com/google/kmsan.git master 91e18444d6b0 d88894e6 .config console log report ci-upstream-kmsan-gce
2020/07/21 07:15 https://github.com/google/kmsan.git master 91e18444d6b0 d88894e6 .config console log report ci-upstream-kmsan-gce
2020/07/21 05:05 https://github.com/google/kmsan.git master 91e18444d6b0 d88894e6 .config console log report ci-upstream-kmsan-gce
2020/07/21 00:38 https://github.com/google/kmsan.git master 91e18444d6b0 4285ffa3 .config console log report ci-upstream-kmsan-gce
2020/07/20 08:27 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce
2020/07/20 06:54 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce
2020/07/19 12:38 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce
2020/07/22 12:29 https://github.com/google/kmsan.git master 91e18444d6b0 128cd85f .config console log report ci-upstream-kmsan-gce-386
2020/07/22 10:48 https://github.com/google/kmsan.git master 91e18444d6b0 128cd85f .config console log report ci-upstream-kmsan-gce-386
2020/07/22 09:03 https://github.com/google/kmsan.git master 91e18444d6b0 128cd85f .config console log report ci-upstream-kmsan-gce-386
2020/07/22 07:05 https://github.com/google/kmsan.git master 91e18444d6b0 128cd85f .config console log report ci-upstream-kmsan-gce-386
2020/07/22 01:56 https://github.com/google/kmsan.git master 91e18444d6b0 21f1765e .config console log report ci-upstream-kmsan-gce-386
2020/07/21 22:34 https://github.com/google/kmsan.git master 91e18444d6b0 21f1765e .config console log report ci-upstream-kmsan-gce-386
2020/07/21 19:30 https://github.com/google/kmsan.git master 91e18444d6b0 21f1765e .config console log report ci-upstream-kmsan-gce-386
2020/07/21 18:52 https://github.com/google/kmsan.git master 91e18444d6b0 21f1765e .config console log report ci-upstream-kmsan-gce-386
2020/07/21 17:33 https://github.com/google/kmsan.git master 91e18444d6b0 21f1765e .config console log report ci-upstream-kmsan-gce-386
2020/07/21 16:31 https://github.com/google/kmsan.git master 91e18444d6b0 21f1765e .config console log report ci-upstream-kmsan-gce-386
2020/07/21 14:47 https://github.com/google/kmsan.git master 91e18444d6b0 d88894e6 .config console log report ci-upstream-kmsan-gce-386
2020/07/21 13:34 https://github.com/google/kmsan.git master 91e18444d6b0 d88894e6 .config console log report ci-upstream-kmsan-gce-386
2020/07/21 09:48 https://github.com/google/kmsan.git master 91e18444d6b0 d88894e6 .config console log report ci-upstream-kmsan-gce-386
2020/07/21 06:07 https://github.com/google/kmsan.git master 91e18444d6b0 d88894e6 .config console log report ci-upstream-kmsan-gce-386
2020/07/21 01:53 https://github.com/google/kmsan.git master 91e18444d6b0 4285ffa3 .config console log report ci-upstream-kmsan-gce-386
2020/07/20 21:46 https://github.com/google/kmsan.git master 91e18444d6b0 4285ffa3 .config console log report ci-upstream-kmsan-gce-386
2020/07/20 19:54 https://github.com/google/kmsan.git master 91e18444d6b0 4285ffa3 .config console log report ci-upstream-kmsan-gce-386
2020/07/20 18:50 https://github.com/google/kmsan.git master 91e18444d6b0 4285ffa3 .config console log report ci-upstream-kmsan-gce-386
2020/07/20 17:08 https://github.com/google/kmsan.git master 91e18444d6b0 4285ffa3 .config console log report ci-upstream-kmsan-gce-386
2020/07/20 15:26 https://github.com/google/kmsan.git master 91e18444d6b0 4285ffa3 .config console log report ci-upstream-kmsan-gce-386
2020/07/20 15:10 https://github.com/google/kmsan.git master 91e18444d6b0 4285ffa3 .config console log report ci-upstream-kmsan-gce-386
2020/07/20 14:05 https://github.com/google/kmsan.git master 91e18444d6b0 4285ffa3 .config console log report ci-upstream-kmsan-gce-386
2020/07/20 12:43 https://github.com/google/kmsan.git master 91e18444d6b0 4285ffa3 .config console log report ci-upstream-kmsan-gce-386
2020/07/20 02:45 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce-386
2020/07/19 21:25 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce-386
2020/07/19 15:00 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce-386
2020/07/19 10:44 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce-386
2020/07/19 10:15 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce-386
2020/07/19 10:08 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce-386
2020/07/19 09:57 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce-386
2020/07/17 18:08 https://github.com/google/kmsan.git master 14525656779e 9c812472 .config console log report ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.