syzbot

 sign-in | mailing list | source | docs
🐞 Open [1170] Subsystems 🐞 Fixed [4404] 🐞 Invalid [9904] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in qrtr_tx_resume

Status: upstream: reported C repro on 2023/01/25 10:42
Subsystems: arm-msm net (incorrect?)
Reported-by: syzbot+4436c9630a45820fda76@syzkaller.appspotmail.com
First crash: 60d, last: 20d

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in qrtr_tx_resume+0x185/0x1f0 net/qrtr/af_qrtr.c:230
 qrtr_tx_resume+0x185/0x1f0 net/qrtr/af_qrtr.c:230
 qrtr_endpoint_post+0xf85/0x11b0 net/qrtr/af_qrtr.c:519
 qrtr_tun_write_iter+0x270/0x400 net/qrtr/tun.c:108
 call_write_iter include/linux/fs.h:2189 [inline]
 aio_write+0x63a/0x950 fs/aio.c:1600
 io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019
 __do_sys_io_submit fs/aio.c:2078 [inline]
 __se_sys_io_submit+0x293/0x770 fs/aio.c:2048
 __x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:766 [inline]
 slab_alloc_node mm/slub.c:3452 [inline]
 __kmem_cache_alloc_node+0x71f/0xce0 mm/slub.c:3491
 __do_kmalloc_node mm/slab_common.c:967 [inline]
 __kmalloc_node_track_caller+0x114/0x3b0 mm/slab_common.c:988
 kmalloc_reserve net/core/skbuff.c:492 [inline]
 __alloc_skb+0x3af/0x8f0 net/core/skbuff.c:565
 __netdev_alloc_skb+0x120/0x7d0 net/core/skbuff.c:630
 qrtr_endpoint_post+0xbd/0x11b0 net/qrtr/af_qrtr.c:446
 qrtr_tun_write_iter+0x270/0x400 net/qrtr/tun.c:108
 call_write_iter include/linux/fs.h:2189 [inline]
 aio_write+0x63a/0x950 fs/aio.c:1600
 io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019
 __do_sys_io_submit fs/aio.c:2078 [inline]
 __se_sys_io_submit+0x293/0x770 fs/aio.c:2048
 __x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 0 PID: 4984 Comm: syz-executor328 Not tainted 6.2.0-rc5-syzkaller-80200-g41c66f470616 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
=====================================================

Crashes (7):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kmsan-gce 2023/01/24 22:14 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config strace log report syz C [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in qrtr_tx_resume
ci-upstream-kmsan-gce 2023/03/05 11:59 https://github.com/google/kmsan.git master 944070199c5e f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in qrtr_tx_resume
ci-upstream-kmsan-gce 2023/03/05 11:49 https://github.com/google/kmsan.git master 944070199c5e f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in qrtr_tx_resume
ci-upstream-kmsan-gce 2023/03/05 11:49 https://github.com/google/kmsan.git master 944070199c5e f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in qrtr_tx_resume
ci-upstream-kmsan-gce 2023/01/24 22:32 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in qrtr_tx_resume
ci-upstream-kmsan-gce 2023/01/24 20:29 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in qrtr_tx_resume
ci-upstream-kmsan-gce-386 2023/01/24 20:38 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in qrtr_tx_resume
* Struck through repros no longer work on HEAD.