syzbot


KMSAN: uninit-value in do_user_addr_fault (3)

Status: closed as invalid on 2022/05/12 12:08
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+6684a9d1b4d61d0b8f3e@syzkaller.appspotmail.com
Fix commit: Revert "kernel: kmsan: don't instrument stacktrace.c"
First crash: 1105d, last: 880d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] KMSAN: uninit-value in do_user_addr_fault (3) 1 (2) 2022/03/24 14:16
Similar bugs (10)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in exit_to_user_mode_loop (3) kernel C 2558 847d 1105d 0/28 auto-closed as invalid on 2022/09/22 19:06
upstream KMSAN: uninit-value in do_user_addr_fault (2) bpf 15 1113d 1114d 0/28 closed as invalid on 2021/09/27 07:07
upstream KMSAN: uninit-value in irqtime_account_irq (2) mm cgroups C 7 893d 1026d 0/28 auto-closed as invalid on 2022/09/02 15:33
upstream KMSAN: uninit-value in ieee802154_subif_start_xmit bpf C done 119 433d 429d 23/28 fixed on 2023/10/12 12:47
upstream KMSAN: uninit-value in number (4) kernel C 7189 685d 1064d 0/28 closed as invalid on 2022/11/28 10:01
upstream KMSAN: uninit-value in stack_trace_consume_entry net C 706 794d 790d 0/28 auto-obsoleted due to no activity on 2022/12/04 06:07
upstream KMSAN: uninit-value in preempt_count_add kernel C 6657 730d 730d 0/28 closed as invalid on 2022/10/10 13:29
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 592d 944d 22/28 fixed on 2023/02/24 13:50
upstream KASAN: slab-out-of-bounds Read in arch_stack_walk cgroups 316 542d 876d 0/28 auto-obsoleted due to no activity on 2023/07/31 10:45
upstream KMSAN: uninit-value in native_apic_mem_write (2) kernel syz 148 595d 608d 0/28 auto-obsoleted due to no activity on 2023/05/13 00:04

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in arch_stack_walk+0x1ad/0x3c0 arch/x86/kernel/stacktrace.c:21
 arch_stack_walk+0x1ad/0x3c0 arch/x86/kernel/stacktrace.c:21
 stack_trace_save+0x43/0x60 kernel/stacktrace.c:122
 kmsan_save_stack_with_flags mm/kmsan/core.c:80 [inline]
 kmsan_internal_chain_origin+0xa9/0x110 mm/kmsan/core.c:217
 kmsan_internal_memmove_metadata+0x1f2/0x2e0 mm/kmsan/core.c:165
 __msan_memcpy+0x65/0x90 mm/kmsan/instrumentation.c:127
 sock_write_iter+0x605/0x690 net/socket.c:1062
 do_iter_readv_writev+0xa7f/0xc70
 do_iter_write+0x52c/0x1500 fs/read_write.c:851
 vfs_writev fs/read_write.c:924 [inline]
 do_writev+0x645/0xe00 fs/read_write.c:967
 __do_sys_writev fs/read_write.c:1040 [inline]
 __se_sys_writev fs/read_write.c:1037 [inline]
 __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Local variable regs created at:
 __bpf_prog_run32+0x84/0x180 kernel/bpf/core.c:1796
 bpf_dispatcher_nop_func include/linux/bpf.h:785 [inline]
 __bpf_prog_run include/linux/filter.h:626 [inline]
 bpf_prog_run include/linux/filter.h:633 [inline]
 __bpf_prog_run_save_cb+0x168/0x580 include/linux/filter.h:756

CPU: 1 PID: 3474 Comm: syz-executor178 Not tainted 5.17.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (680):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/02/19 13:37 https://github.com/google/kmsan.git master 724946410067 3cd800e4 .config console log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in arch_stack_walk
2022/01/26 12:03 https://github.com/google/kmsan.git master 85cfd6e539bd 2cbffd88 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in do_user_addr_fault
2021/09/29 13:45 https://github.com/google/kmsan.git master 90f502f5d016 d82cb927 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in do_user_addr_fault
2022/04/04 11:44 https://github.com/google/kmsan.git master 1978a14f70af 79a2a8fc .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in arch_stack_walk
2022/04/04 09:01 https://github.com/google/kmsan.git master 1978a14f70af 79a2a8fc .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in arch_stack_walk
2022/04/04 04:30 https://github.com/google/kmsan.git master 1978a14f70af 79a2a8fc .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in arch_stack_walk
2022/04/04 02:23 https://github.com/google/kmsan.git master 1978a14f70af 79a2a8fc .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in arch_stack_walk
2022/04/03 23:08 https://github.com/google/kmsan.git master 1978a14f70af 79a2a8fc .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in arch_stack_walk
2022/05/12 07:49 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d beb0b407 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/05/12 00:33 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d beb0b407 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/05/10 20:51 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 8d7b3b67 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/05/10 09:46 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 8b277b8e .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/05/07 23:54 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d e60b1103 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/05/06 18:36 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d e60b1103 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/05/06 10:42 https://github.com/google/kmsan.git master d6e2c8c7eb40 e60b1103 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kcov_task_exit
2022/05/06 07:24 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d efeff0a5 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/05/06 06:11 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d efeff0a5 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/05/05 16:57 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d b3f09415 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/05/05 14:30 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d b3f09415 .config console log report info ci-qemu2-riscv64 KASAN: stack-out-of-bounds Read in arch_stack_walk
2022/05/03 20:21 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d dc9e5259 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/05/03 08:26 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 7ee63e2c .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/05/01 19:45 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 2df221f6 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/05/01 13:24 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 2df221f6 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/30 08:54 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d ad6b95d8 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/04/30 05:03 https://github.com/google/kmsan.git master d6e2c8c7eb40 ad6b95d8 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kcov_task_exit
2022/04/29 19:44 https://github.com/google/kmsan.git master d6e2c8c7eb40 44a5ca63 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kcov_task_exit
2022/04/28 21:05 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d e9076525 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/28 18:08 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d e9076525 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/28 14:34 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 8a1f1f07 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/04/26 21:20 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 1fa34c1b .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/26 08:35 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 1fa34c1b .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/04/26 05:38 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 152baedd .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/04/25 21:48 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 152baedd .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/04/25 18:13 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d c889aef9 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/22 20:59 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 131df97d .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/22 09:39 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 2738b391 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/21 05:16 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d d4befee1 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/20 13:12 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 160a3f31 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/04/19 23:07 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 7d7bc738 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/19 19:08 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d c334415e .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/17 06:15 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 8bcc32a6 .config console log report info ci-qemu2-riscv64 KASAN: stack-out-of-bounds Read in arch_stack_walk
2022/04/17 00:38 https://github.com/google/kmsan.git master 33d9269ef6e0 8bcc32a6 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bpf_get_branch_snapshot
2022/04/16 19:17 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 8bcc32a6 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/04/16 10:21 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 8bcc32a6 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/04/16 03:21 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 8bcc32a6 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/15 11:44 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 8bcc32a6 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/14 07:11 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d b17b2923 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/14 03:47 https://github.com/google/kmsan.git master 33d9269ef6e0 b17b2923 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bpf_get_branch_snapshot
2022/04/13 03:22 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d dacb3f1c .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/11 21:07 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d af01ee7d .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/11 14:52 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d af01ee7d .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/10 00:14 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d e22c3da3 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/09 19:56 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d e22c3da3 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/09 03:58 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d e22c3da3 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/07 18:56 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d c6ff3e05 .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/07 01:46 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 97582466 .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/04/05 14:01 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 5915c2cb .config console log report info ci-qemu2-riscv64 KASAN: slab-out-of-bounds Read in arch_stack_walk
2022/04/05 05:29 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 5915c2cb .config console log report info ci-qemu2-riscv64 KASAN: use-after-free Read in arch_stack_walk
2022/04/05 02:43 https://github.com/google/kmsan.git master 33d9269ef6e0 5915c2cb .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in bpf_get_branch_snapshot
2022/04/04 14:24 https://github.com/google/kmsan.git master 1978a14f70af 5915c2cb .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in arch_stack_walk
2022/04/04 13:50 https://github.com/google/kmsan.git master 1978a14f70af 5915c2cb .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in arch_stack_walk
2022/03/31 01:26 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 9d49f3a7 .config console log report info ci-qemu2-riscv64 KASAN: out-of-bounds Read in arch_stack_walk
* Struck through repros no longer work on HEAD.