syzbot


KMSAN: uninit-value in vsscanf

Status: auto-closed as invalid on 2022/09/27 18:52
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 406d, last: 340d
similar bugs (8):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: unable to handle kernel paging request in vsscanf (2) 2 479d 581d 0/1 auto-closed as invalid on 2022/02/11 22:53
linux-4.19 BUG: unable to handle kernel paging request in vsscanf (3) 1 287d 287d 0/1 auto-closed as invalid on 2022/08/22 19:56
upstream KMSAN: uninit-value in snd_pcm_hw_rule_add (2) 18 234d 501d 0/24 auto-closed as invalid on 2022/09/15 02:38
upstream KMSAN: uninit-value in seq_printf (2) C 99 235d 501d 0/24 auto-closed as invalid on 2022/09/30 02:43
upstream KMSAN: uninit-value in hid_connect C 176 95d 446d 0/24 closed as invalid on 2022/11/03 08:52
upstream KMSAN: uninit-value in number (4) C 7189 74d 453d 0/24 closed as invalid on 2022/11/28 10:01
upstream KMSAN: uninit-value in preempt_count_add C 6657 119d 119d 0/24 closed as invalid on 2022/10/10 13:29
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) btrfs ntfs3 erofs udf C 137094 now 333d 23/24 internal: reported C repro on 2022/03/09 07:32
Last patch testing requests:
Created Duration User Patch Repo Result
2022/09/27 16:30 20m retest repro https://github.com/google/kmsan.git master OK log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in vsscanf+0x3dbc/0x4400 lib/vsprintf.c:3649
 vsscanf+0x3dbc/0x4400 lib/vsprintf.c:3649
 sscanf+0x206/0x250 lib/vsprintf.c:3702
 get_l2cap_conn+0x1d6/0x760 net/bluetooth/6lowpan.c:960
 lowpan_control_write+0x31d/0xf70 net/bluetooth/6lowpan.c:1100
 full_proxy_write+0x2c2/0x440 fs/debugfs/file.c:236
 vfs_write+0x8ce/0x2030 fs/read_write.c:588
 ksys_write+0x28b/0x510 fs/read_write.c:643
 __do_sys_write fs/read_write.c:655 [inline]
 __se_sys_write fs/read_write.c:652 [inline]
 __x64_sys_write+0xdb/0x120 fs/read_write.c:652
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Local variable info created at:
 console_unlock+0x54/0x1d60 kernel/printk/printk.c:2608
 vcs_write+0x2786/0x2940 drivers/tty/vt/vc_screen.c:699

CPU: 0 PID: 4815 Comm: syz-executor.2 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (9):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kmsan-gce 2022/01/09 19:21 https://github.com/google/kmsan.git master 81c325bbf94e 2ca0d385 .config console log report syz KMSAN: uninit-value in vsscanf
ci-upstream-kmsan-gce 2022/03/02 18:38 https://github.com/google/kmsan.git master 724946410067 45a13a73 .config console log report info KMSAN: uninit-value in vsscanf
ci-upstream-kmsan-gce 2022/01/09 14:34 https://github.com/google/kmsan.git master 81c325bbf94e 2ca0d385 .config console log report info KMSAN: uninit-value in vsscanf
ci-upstream-kmsan-gce 2022/01/03 20:14 https://github.com/google/kmsan.git master 81c325bbf94e 4a3f34f2 .config console log report info KMSAN: uninit-value in vsscanf
ci-upstream-kmsan-gce 2021/12/30 23:25 https://github.com/google/kmsan.git master 81c325bbf94e 2e49f10d .config console log report info KMSAN: uninit-value in vsscanf
ci-upstream-kmsan-gce-386 2022/01/14 15:39 https://github.com/google/kmsan.git master fa3879a274df 53e00b45 .config console log report info KMSAN: uninit-value in vsscanf
ci-upstream-kmsan-gce-386 2022/01/12 02:42 https://github.com/google/kmsan.git master fa3879a274df 44d1319a .config console log report info KMSAN: uninit-value in vsscanf
ci-upstream-kmsan-gce-386 2022/01/11 16:04 https://github.com/google/kmsan.git master fa3879a274df 1884f55a .config console log report info KMSAN: uninit-value in vsscanf
ci-upstream-kmsan-gce-386 2021/12/26 14:40 https://github.com/google/kmsan.git master 81c325bbf94e e4f103c4 .config console log report info KMSAN: uninit-value in vsscanf
* Struck through repros no longer work on HEAD.