syzbot

 sign-in | mailing list | source | docs
🐞 Open [1508]
Subsystems
🐞 Fixed [6531]
🐞 Invalid [16651]
Missing Backports [205]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in rcu_cblist_dequeue

Status: closed as invalid on 2018/09/05 11:20
Subsystems: mm
[Documentation on labels]
First crash: 2699d, last: 2615d

Sample crash report:
==================================================================
BUG: KMSAN: uninit-value in rcu_cblist_dequeue+0x233/0x270 kernel/rcu/rcu_segcblist.c:55
CPU: 1 PID: 16712 Comm: syz-executor704 Not tainted 4.17.0+ #9
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x188/0x2a0 mm/kmsan/kmsan.c:1125
 __msan_warning_32+0x70/0xc0 mm/kmsan/kmsan_instr.c:620
 rcu_cblist_dequeue+0x233/0x270 kernel/rcu/rcu_segcblist.c:55
 rcu_do_batch kernel/rcu/tree.c:2673 [inline]
 invoke_rcu_callbacks kernel/rcu/tree.c:2930 [inline]
 __rcu_process_callbacks kernel/rcu/tree.c:2897 [inline]
 rcu_process_callbacks+0x19a7/0x2060 kernel/rcu/tree.c:2914
 __do_softirq+0x592/0x979 kernel/softirq.c:285
 invoke_softirq kernel/softirq.c:365 [inline]
 irq_exit+0x202/0x240 kernel/softirq.c:405
 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:525
 smp_apic_timer_interrupt+0x64/0x90 arch/x86/kernel/apic/apic.c:1055
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:866
 </IRQ>
RIP: 0010:msan_get_shadow_origin_ptr+0x212/0x230 mm/kmsan/kmsan_instr.c:291
RSP: 0000:ffff8801a1eff638 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
RAX: 000000000acacca4 RBX: ffffffff8b58a000 RCX: 0000000000000003
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8acacca4
RBP: ffff8801a1eff668 R08: 0000000001080020 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000001 R14: ffffffff8b589000 R15: ffffffff8acacca4
 __msan_metadata_ptr_for_load_4+0x10/0x20 mm/kmsan/kmsan_instr.c:320
 should_fail_alloc_page mm/page_alloc.c:3057 [inline]
 prepare_alloc_pages mm/page_alloc.c:4326 [inline]
 __alloc_pages_nodemask+0x46a/0x5cc0 mm/page_alloc.c:4365
 alloc_pages_vma+0xcc6/0x17f0 mm/mempolicy.c:2057
 wp_page_copy+0x461/0x2470 mm/memory.c:2491
 do_wp_page+0xe83/0x2fa0 include/linux/spinlock_api_smp.h:152
 handle_pte_fault mm/memory.c:3981 [inline]
 __handle_mm_fault mm/memory.c:4089 [inline]
 handle_mm_fault+0x33a9/0x7ed0 mm/memory.c:4126
 __do_page_fault+0xec6/0x1a10 arch/x86/mm/fault.c:1400
 do_page_fault+0xb7/0x250 arch/x86/mm/fault.c:1477
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1163
RIP: 0033:0x404c46
RSP: 002b:000000000080ef08 EFLAGS: 00010246
RAX: 0000000000dedc00 RBX: 000000000080ef10 RCX: 0000000000810010
RDX: 0000000000810010 RSI: 00000000006e5e90 RDI: 0000000000dedc20
RBP: 000000000080ef50 R08: 0000000000000001 R09: 0000000000ded940
R10: 0000000000dedc10 R11: 0000000000000202 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:282 [inline]
 kmsan_save_stack mm/kmsan/kmsan.c:297 [inline]
 kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:689
 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:464
 rcu_segcblist_enqueue+0x24c/0x2d0 kernel/rcu/rcu_segcblist.c:150
 __call_rcu+0x227/0xef0 kernel/rcu/tree.c:3057
 call_rcu_sched+0x32/0x40 kernel/rcu/tree.c:3097
 shmem_destroy_inode+0xbc/0xe0 mm/shmem.c:3884
 destroy_inode fs/inode.c:267 [inline]
 evict+0xc82/0xdb0 fs/inode.c:575
 iput_final fs/inode.c:1520 [inline]
 iput+0xb02/0xe50 fs/inode.c:1546
 dentry_unlink_inode+0x850/0x8b0 fs/dcache.c:376
 __dentry_kill+0x87e/0xd40 fs/dcache.c:568
 dentry_kill+0x1a9/0xc70 fs/dcache.c:674
 dput+0x277/0x560 fs/dcache.c:850
 __fput+0x95d/0xa30 fs/file_table.c:227
 ____fput+0x37/0x40 fs/file_table.c:243
 task_work_run+0x22e/0x2b0 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0x110e/0x3930 kernel/exit.c:867
 do_group_exit+0x1a0/0x360 kernel/exit.c:970
 get_signal+0x1405/0x1ec0 kernel/signal.c:2482
 do_signal+0xb8/0x1d20 arch/x86/kernel/signal.c:810
 exit_to_usermode_loop arch/x86/entry/common.c:162 [inline]
 prepare_exit_to_usermode+0x271/0x3a0 arch/x86/entry/common.c:196
 syscall_return_slowpath+0xe9/0x710 arch/x86/entry/common.c:265
 do_syscall_64+0x1ad/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:282 [inline]
 kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:192
 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:318
 kmem_cache_alloc+0xa97/0xb70 mm/slub.c:2772
 __d_alloc+0x8b/0xe40 fs/dcache.c:1638
 d_alloc fs/dcache.c:1722 [inline]
 d_alloc_parallel+0x1a8/0x22e0 fs/dcache.c:2519
 lookup_open fs/namei.c:3099 [inline]
 do_last fs/namei.c:3277 [inline]
 path_openat+0x16b3/0x6640 fs/namei.c:3506
 do_filp_open+0x261/0x640 fs/namei.c:3540
 do_sys_open+0x624/0x960 fs/open.c:1101
 ksys_open include/linux/syscalls.h:1263 [inline]
 __do_sys_creat fs/open.c:1159 [inline]
 __se_sys_creat fs/open.c:1157 [inline]
 __x64_sys_creat+0xaf/0xe0 fs/open.c:1157
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
==================================================================

Crashes (33):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/06/24 17:20 https://github.com/google/kmsan.git master 123906095e30 2064fc5c .config console log report syz C ci-upstream-kmsan-gce
2018/04/21 04:35 https://github.com/google/kmsan.git master 48c6a2b0ab1b ca03d688 .config console log report syz C ci-upstream-kmsan-gce
2018/04/10 01:50 https://github.com/google/kmsan.git master e2ab7e8abba4 b9f65507 .config console log report syz C ci-upstream-kmsan-gce
2018/05/30 12:26 https://github.com/google/kmsan.git master 8fc8ecd1c58a 2f93b54f .config console log report syz ci-upstream-kmsan-gce
2018/04/30 07:00 https://github.com/google/kmsan.git master d2d741e5d189 bb79c6ab .config console log report syz ci-upstream-kmsan-gce
2018/04/16 17:38 https://github.com/google/kmsan.git master 48c6a2b0ab1b 802ac912 .config console log report syz ci-upstream-kmsan-gce
2018/04/07 22:07 https://github.com/google/kmsan.git master e2ab7e8abba4 66f22a7f .config console log report syz ci-upstream-kmsan-gce
2018/07/01 10:53 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report ci-upstream-kmsan-gce
2018/06/26 23:27 https://github.com/google/kmsan.git master 123906095e30 b0294c53 .config console log report ci-upstream-kmsan-gce
2018/06/25 03:01 https://github.com/google/kmsan.git master 123906095e30 2064fc5c .config console log report ci-upstream-kmsan-gce
2018/06/21 06:04 https://github.com/google/kmsan.git master 123906095e30 095ef806 .config console log report ci-upstream-kmsan-gce
2018/06/17 17:43 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config console log report ci-upstream-kmsan-gce
2018/06/15 08:36 https://github.com/google/kmsan.git master 88e0e95b30f1 27c5f59f .config console log report ci-upstream-kmsan-gce
2018/06/13 16:45 https://github.com/google/kmsan.git master 81c310582f0e 27c5f59f .config console log report ci-upstream-kmsan-gce
2018/06/13 02:06 https://github.com/google/kmsan.git master 5cdf0501ac1b 6dcbc435 .config console log report ci-upstream-kmsan-gce
2018/06/13 00:31 https://github.com/google/kmsan.git master 5cdf0501ac1b 6dcbc435 .config console log report ci-upstream-kmsan-gce
2018/06/10 03:51 https://github.com/google/kmsan.git master d6c351f832e3 866118af .config console log report ci-upstream-kmsan-gce
2018/06/09 19:49 https://github.com/google/kmsan.git master d6c351f832e3 866118af .config console log report ci-upstream-kmsan-gce
2018/06/07 01:07 https://github.com/google/kmsan.git master b9a5d319699c e0e534c6 .config console log report ci-upstream-kmsan-gce
2018/06/06 23:42 https://github.com/google/kmsan.git master b9a5d319699c e0e534c6 .config console log report ci-upstream-kmsan-gce
2018/06/06 15:58 https://github.com/google/kmsan.git master b9a5d319699c 41f9540d .config console log report ci-upstream-kmsan-gce
2018/06/03 08:18 https://github.com/google/kmsan.git master 8fc8ecd1c58a 2f93b54f .config console log report ci-upstream-kmsan-gce
2018/05/31 08:22 https://github.com/google/kmsan.git master 8fc8ecd1c58a 2f93b54f .config console log report ci-upstream-kmsan-gce
2018/05/20 04:58 https://github.com/google/kmsan.git master 9f127b7ceaf7 f48c20b8 .config console log report ci-upstream-kmsan-gce
2018/05/19 14:22 https://github.com/google/kmsan.git master 9f127b7ceaf7 849705db .config console log report ci-upstream-kmsan-gce
2018/05/16 05:20 https://github.com/google/kmsan.git master 06b2df0593a8 68ce85f1 .config console log report ci-upstream-kmsan-gce
2018/05/11 06:50 https://github.com/google/kmsan.git master 74ee2200b89f 12c7428a .config console log report ci-upstream-kmsan-gce
2018/05/08 13:16 https://github.com/google/kmsan.git master d2d741e5d189 045bbd4a .config console log report ci-upstream-kmsan-gce
2018/05/08 12:20 https://github.com/google/kmsan.git master d2d741e5d189 045bbd4a .config console log report ci-upstream-kmsan-gce
2018/05/06 04:00 https://github.com/google/kmsan.git master d2d741e5d189 78b251cb .config console log report ci-upstream-kmsan-gce
2018/05/06 02:19 https://github.com/google/kmsan.git master d2d741e5d189 78b251cb .config console log report ci-upstream-kmsan-gce
2018/04/28 12:50 https://github.com/google/kmsan.git master d2d741e5d189 d5a5d045 .config console log report ci-upstream-kmsan-gce
2018/04/11 08:29 https://github.com/google/kmsan.git master 35ff515e4bda 8b8de427 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.