syzbot


KMSAN: uninit-value in kallsyms_lookup (4)

Status: auto-closed as invalid on 2021/08/03 21:49
Subsystems: kernel
[Documentation on labels]
First crash: 1163d, last: 1058d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in kallsyms_lookup (2) kernel 23 1417d 1439d 0/26 closed as invalid on 2020/05/14 13:06
upstream KMSAN: uninit-value in kallsyms_lookup kernel C 69 2148d 2168d 0/26 closed as invalid on 2018/06/27 15:18
upstream KMSAN: uninit-value in kallsyms_lookup (3) kernel 16 1274d 1380d 0/26 auto-closed as invalid on 2021/01/01 15:28

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in is_kernel include/linux/kallsyms.h:42 [inline]
BUG: KMSAN: uninit-value in is_ksym_addr include/linux/kallsyms.h:50 [inline]
BUG: KMSAN: uninit-value in kallsyms_lookup+0x1b5/0x910 kernel/kallsyms.c:297
CPU: 1 PID: 23580 Comm: kworker/u4:1 Not tainted 5.12.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bond1 bond_alb_monitor
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x24c/0x2e0 lib/dump_stack.c:120
 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:197
 is_kernel include/linux/kallsyms.h:42 [inline]
 is_ksym_addr include/linux/kallsyms.h:50 [inline]
 kallsyms_lookup+0x1b5/0x910 kernel/kallsyms.c:297
 __sprint_symbol+0x140/0x5b0 kernel/kallsyms.c:370
 sprint_symbol+0x7c/0x90 kernel/kallsyms.c:401
 symbol_string+0x197/0x4c0 lib/vsprintf.c:972
 pointer+0x65a/0x1ea0 lib/vsprintf.c:2250
 vsnprintf+0x15f2/0x3600 lib/vsprintf.c:2655
 vprintk_store+0x2ab/0x1df0 kernel/printk/printk.c:1990
 vprintk_emit+0x28e/0x8b0 kernel/printk/printk.c:2098
 vprintk_default+0x86/0xa0 kernel/printk/printk.c:2132
 vprintk_func+0x2ed/0x2f0 kernel/printk/printk_safe.c:401
 printk+0x180/0x1cd kernel/printk/printk.c:2163
 stack_trace_print+0x1a3/0x1f0 kernel/stacktrace.c:32
 kmsan_print_origin+0x1a0/0x1b0 mm/kmsan/kmsan_report.c:59
 kmsan_internal_chain_origin+0x76/0x130 mm/kmsan/kmsan.c:281
 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:226
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:246
 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110
 pskb_expand_head+0x4f5/0x1e20 net/core/skbuff.c:1687
 __skb_cow include/linux/skbuff.h:3232 [inline]
 skb_cow_head include/linux/skbuff.h:3266 [inline]
 gre_tap_xmit+0x948/0xd10 net/ipv4/ip_gre.c:727
 __netdev_start_xmit include/linux/netdevice.h:4825 [inline]
 netdev_start_xmit include/linux/netdevice.h:4839 [inline]
 xmit_one+0x2b6/0x760 net/core/dev.c:3605
 dev_hard_start_xmit+0x196/0x420 net/core/dev.c:3621
 sch_direct_xmit+0x57c/0x1a60 net/sched/sch_generic.c:314
 qdisc_restart net/sched/sch_generic.c:377 [inline]
 __qdisc_run+0x35b/0x490 net/sched/sch_generic.c:385
 qdisc_run include/net/pkt_sched.h:136 [inline]
 __dev_xmit_skb net/core/dev.c:3807 [inline]
 __dev_queue_xmit+0x26ad/0x4600 net/core/dev.c:4162
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4227
 alb_send_lp_vid+0x711/0x7b0 drivers/net/bonding/bond_alb.c:935
 alb_send_learning_packets drivers/net/bonding/bond_alb.c:997 [inline]
 bond_alb_monitor+0x5e9/0x2090 drivers/net/bonding/bond_alb.c:1556
 process_one_work+0x1219/0x1fe0 kernel/workqueue.c:2275
 worker_thread+0x10ec/0x2340 kernel/workqueue.c:2421
 kthread+0x521/0x560 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Local variable ----state.i.i@ip_mc_output created at:
 nf_hook include/linux/netfilter.h:251 [inline]
 NF_HOOK_COND include/linux/netfilter.h:289 [inline]
 ip_mc_output+0xbe4/0x1260 net/ipv4/ip_output.c:417
 nf_hook include/linux/netfilter.h:251 [inline]
 NF_HOOK_COND include/linux/netfilter.h:289 [inline]
 ip_mc_output+0xbe4/0x1260 net/ipv4/ip_output.c:417
=====================================================
=====================================================
BUG: KMSAN: uninit-value in get_symbol_pos+0x336/0xc30 kernel/kallsyms.c:221
CPU: 1 PID: 23580 Comm: kworker/u4:1 Tainted: G    B             5.12.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bond1 bond_alb_monitor
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x24c/0x2e0 lib/dump_stack.c:120
 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:197
 get_symbol_pos+0x336/0xc30 kernel/kallsyms.c:221
 kallsyms_lookup+0x281/0x910 kernel/kallsyms.c:300
 __sprint_symbol+0x140/0x5b0 kernel/kallsyms.c:370
 sprint_symbol+0x7c/0x90 kernel/kallsyms.c:401
 symbol_string+0x197/0x4c0 lib/vsprintf.c:972
 pointer+0x65a/0x1ea0 lib/vsprintf.c:2250
 vsnprintf+0x15f2/0x3600 lib/vsprintf.c:2655
 vprintk_store+0x2ab/0x1df0 kernel/printk/printk.c:1990
 vprintk_emit+0x28e/0x8b0 kernel/printk/printk.c:2098
 vprintk_default+0x86/0xa0 kernel/printk/printk.c:2132
 vprintk_func+0x2ed/0x2f0 kernel/printk/printk_safe.c:401
 printk+0x180/0x1cd kernel/printk/printk.c:2163
 stack_trace_print+0x1a3/0x1f0 kernel/stacktrace.c:32
 kmsan_print_origin+0x1a0/0x1b0 mm/kmsan/kmsan_report.c:59
 kmsan_internal_chain_origin+0x76/0x130 mm/kmsan/kmsan.c:281
 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:226
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:246
 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110
 pskb_expand_head+0x4f5/0x1e20 net/core/skbuff.c:1687
 __skb_cow include/linux/skbuff.h:3232 [inline]
 skb_cow_head include/linux/skbuff.h:3266 [inline]
 gre_tap_xmit+0x948/0xd10 net/ipv4/ip_gre.c:727
 __netdev_start_xmit include/linux/netdevice.h:4825 [inline]
 netdev_start_xmit include/linux/netdevice.h:4839 [inline]
 xmit_one+0x2b6/0x760 net/core/dev.c:3605
 dev_hard_start_xmit+0x196/0x420 net/core/dev.c:3621
 sch_direct_xmit+0x57c/0x1a60 net/sched/sch_generic.c:314
 qdisc_restart net/sched/sch_generic.c:377 [inline]
 __qdisc_run+0x35b/0x490 net/sched/sch_generic.c:385
 qdisc_run include/net/pkt_sched.h:136 [inline]
 __dev_xmit_skb net/core/dev.c:3807 [inline]
 __dev_queue_xmit+0x26ad/0x4600 net/core/dev.c:4162
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4227
 alb_send_lp_vid+0x711/0x7b0 drivers/net/bonding/bond_alb.c:935
 alb_send_learning_packets drivers/net/bonding/bond_alb.c:997 [inline]
 bond_alb_monitor+0x5e9/0x2090 drivers/net/bonding/bond_alb.c:1556
 process_one_work+0x1219/0x1fe0 kernel/workqueue.c:2275
 worker_thread+0x10ec/0x2340 kernel/workqueue.c:2421
 kthread+0x521/0x560 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Local variable ----state.i.i@ip_mc_output created at:
 nf_hook include/linux/netfilter.h:251 [inline]
 NF_HOOK_COND include/linux/netfilter.h:289 [inline]
 ip_mc_output+0xbe4/0x1260 net/ipv4/ip_output.c:417
 nf_hook include/linux/netfilter.h:251 [inline]
 NF_HOOK_COND include/linux/netfilter.h:289 [inline]
 ip_mc_output+0xbe4/0x1260 net/ipv4/ip_output.c:417
=====================================================
=====================================================
BUG: KMSAN: uninit-value in kallsyms_sym_address kernel/kallsyms.c:157 [inline]
BUG: KMSAN: uninit-value in get_symbol_pos+0x316/0xc30 kernel/kallsyms.c:223
CPU: 1 PID: 23580 Comm: kworker/u4:1 Tainted: G    B             5.12.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bond1 bond_alb_monitor
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x24c/0x2e0 lib/dump_stack.c:120
 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:197
 kallsyms_sym_address kernel/kallsyms.c:157 [inline]
 get_symbol_pos+0x316/0xc30 kernel/kallsyms.c:223
 kallsyms_lookup+0x281/0x910 kernel/kallsyms.c:300
 __sprint_symbol+0x140/0x5b0 kernel/kallsyms.c:370
 sprint_symbol+0x7c/0x90 kernel/kallsyms.c:401
 symbol_string+0x197/0x4c0 lib/vsprintf.c:972
 pointer+0x65a/0x1ea0 lib/vsprintf.c:2250
Lost 31720 message(s)!

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/05/05 21:40 https://github.com/google/kmsan.git master 4ebaab5fb428 06c27ff5 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kallsyms_lookup
2021/01/21 14:09 https://github.com/google/kmsan.git master 73d62e81b476 d4f4eca5 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kallsyms_lookup
* Struck through repros no longer work on HEAD.