syzbot

 sign-in | mailing list | source | docs
🐞 Open [987] Subsystems 🐞 Fixed [5238] 🐞 Invalid [12509] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in kallsyms_lookup (3)

Status: auto-closed as invalid on 2021/01/01 15:28
Subsystems: kernel
[Documentation on labels]
First crash: 1407d, last: 1301d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in kallsyms_lookup (2) kernel 23 1444d 1467d 0/26 closed as invalid on 2020/05/14 13:06
upstream KMSAN: uninit-value in kallsyms_lookup kernel C 69 2175d 2196d 0/26 closed as invalid on 2018/06/27 15:18
upstream KMSAN: uninit-value in kallsyms_lookup (4) kernel 2 1086d 1190d 0/26 auto-closed as invalid on 2021/08/03 21:49

Sample crash report:
 napi_poll+0x443/0x1100 net/core/dev.c:6688
 net_rx_action+0x35c/0xd40 net/core/dev.c:6758
 __do_softirq+0x2ea/0x7f5 kernel/softirq.c:299
Uninit was created at:
=====================================================
BUG: KMSAN: uninit-value in is_kernel include/linux/kallsyms.h:42 [inline]
BUG: KMSAN: uninit-value in is_ksym_addr include/linux/kallsyms.h:50 [inline]
BUG: KMSAN: uninit-value in kallsyms_lookup+0x1c2/0x8d0 kernel/kallsyms.c:291
CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x21c/0x280 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:122
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:201
 is_kernel include/linux/kallsyms.h:42 [inline]
 is_ksym_addr include/linux/kallsyms.h:50 [inline]
 kallsyms_lookup+0x1c2/0x8d0 kernel/kallsyms.c:291
 __sprint_symbol+0x140/0x5b0 kernel/kallsyms.c:364
 sprint_symbol+0x7c/0x90 kernel/kallsyms.c:395
 symbol_string+0x197/0x4c0 lib/vsprintf.c:972
 pointer+0x60c/0x1c30 lib/vsprintf.c:2224
 vsnprintf+0x1b35/0x35c0 lib/vsprintf.c:2622
 vscnprintf+0xbe/0x1c0 lib/vsprintf.c:2721
 vprintk_store+0xf5/0x1440 kernel/printk/printk.c:1951
 vprintk_emit+0x300/0x990 kernel/printk/printk.c:2018
 vprintk_default+0x90/0xa0 kernel/printk/printk.c:2054
 vprintk_func+0x2f7/0x300 kernel/printk/printk_safe.c:393
 printk+0x18b/0x1d3 kernel/printk/printk.c:2085
 stack_trace_print+0x1b1/0x1f0 kernel/stacktrace.c:32
 kmsan_print_origin+0x1a0/0x1b0 mm/kmsan/kmsan_report.c:63
 kmsan_internal_chain_origin+0x76/0x130 mm/kmsan/kmsan.c:303
 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:248
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:268
 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:114
 pskb_expand_head+0x51c/0x1e30 net/core/skbuff.c:1640
 __skb_cow include/linux/skbuff.h:3160 [inline]
 skb_cow_head include/linux/skbuff.h:3194 [inline]
 __vlan_insert_inner_tag include/linux/if_vlan.h:341 [inline]
 vlan_insert_inner_tag include/linux/if_vlan.h:411 [inline]
 vlan_insert_tag include/linux/if_vlan.h:436 [inline]
 vlan_insert_tag_set_proto include/linux/if_vlan.h:455 [inline]
 __vlan_hwaccel_push_inside include/linux/if_vlan.h:497 [inline]
 validate_xmit_vlan net/core/dev.c:3600 [inline]
 validate_xmit_skb+0x7c3/0x1aa0 net/core/dev.c:3620
 __dev_queue_xmit+0x2aa5/0x4470 net/core/dev.c:4128
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4169
 br_dev_queue_push_xmit+0xba8/0xc90 net/bridge/br_forward.c:52
 NF_HOOK include/linux/netfilter.h:301 [inline]
 br_forward_finish net/bridge/br_forward.c:65 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 __br_forward+0xd73/0xec0 net/bridge/br_forward.c:109
 deliver_clone net/bridge/br_forward.c:125 [inline]
 maybe_deliver net/bridge/br_forward.c:181 [inline]
 br_flood+0xcbe/0x1130 net/bridge/br_forward.c:223
 br_handle_frame_finish+0x1e35/0x2020 net/bridge/br_input.c:166
 nf_hook_bridge_pre net/bridge/br_input.c:250 [inline]
 br_handle_frame+0x12c9/0x25a0 net/bridge/br_input.c:356
 __netif_receive_skb_core+0x3710/0x6520 net/core/dev.c:5180
 __netif_receive_skb_one_core net/core/dev.c:5284 [inline]
 __netif_receive_skb+0x164/0x670 net/core/dev.c:5400
 process_backlog+0x50d/0xba0 net/core/dev.c:6242
 napi_poll+0x443/0x1100 net/core/dev.c:6688
 net_rx_action+0x35c/0xd40 net/core/dev.c:6758
 __do_softirq+0x2ea/0x7f5 kernel/softirq.c:299
 run_ksoftirqd+0x25/0x40 kernel/softirq.c:656
 smpboot_thread_fn+0x5f5/0xa90 kernel/smpboot.c:165
 kthread+0x551/0x590 kernel/kthread.c:293
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Uninit was created at:
 kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:143
 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:268 [inline]
 kmsan_alloc_page+0xc5/0x1a0 mm/kmsan/kmsan_shadow.c:292
 __alloc_pages_nodemask+0xf34/0x1120 mm/page_alloc.c:4927
 __alloc_pages include/linux/gfp.h:509 [inline]
 __alloc_pages_node include/linux/gfp.h:522 [inline]
 alloc_pages_node include/linux/gfp.h:536 [inline]
 __page_frag_cache_refill mm/page_alloc.c:5002 [inline]
 page_frag_alloc+0x35b/0x880 mm/page_alloc.c:5032
 __netdev_alloc_skb+0xc3d/0xc90 net/core/skbuff.c:456
 netdev_alloc_skb include/linux/skbuff.h:2821 [inline]
 dev_alloc_skb include/linux/skbuff.h:2834 [inline]
 __ieee80211_beacon_get+0x37e3/0x4df0 net/mac80211/tx.c:4819
 ieee80211_beacon_get_tim+0x109/0x800 net/mac80211/tx.c:4933
 ieee80211_beacon_get include/net/mac80211.h:4845 [inline]
 mac80211_hwsim_beacon_tx+0x1c3/0xb80 drivers/net/wireless/mac80211_hwsim.c:1676
 __iterate_interfaces net/mac80211/util.c:737 [inline]
 ieee80211_iterate_active_interfaces_atomic+0x40a/0x610 net/mac80211/util.c:773
 mac80211_hwsim_beacon+0x11d/0x2e0 drivers/net/wireless/mac80211_hwsim.c:1717
 __run_hrtimer+0x7cd/0xf00 kernel/time/hrtimer.c:1524
 __hrtimer_run_queues kernel/time/hrtimer.c:1588 [inline]
 hrtimer_run_softirq+0x3bf/0x690 kernel/time/hrtimer.c:1605
 __do_softirq+0x2ea/0x7f5 kernel/softirq.c:299
=====================================================

Crashes (16):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/10/02 07:00 https://github.com/google/kmsan.git master 5edb1df295b9 9602ddf4 .config console log report info ci-upstream-kmsan-gce
2020/09/19 16:24 https://github.com/google/kmsan.git master c5a13b33ec11 53ce8104 .config console log report info ci-upstream-kmsan-gce
2020/09/16 14:46 https://github.com/google/kmsan.git master 6c24608b4b24 18d7d030 .config console log report info ci-upstream-kmsan-gce
2020/09/16 05:28 https://github.com/google/kmsan.git master 3b3ea6028136 18d7d030 .config console log report info ci-upstream-kmsan-gce
2020/09/14 09:22 https://github.com/google/kmsan.git master 3b3ea6028136 2d3cdd63 .config console log report ci-upstream-kmsan-gce
2020/09/12 15:41 https://github.com/google/kmsan.git master 3b3ea6028136 ce441f06 .config console log report ci-upstream-kmsan-gce
2020/09/11 07:34 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce
2020/09/09 12:50 https://github.com/google/kmsan.git master 3b3ea6028136 0ea7a887 .config console log report ci-upstream-kmsan-gce
2020/08/25 02:01 https://github.com/google/kmsan.git master ce8056d1f79e 344da168 .config console log report ci-upstream-kmsan-gce
2020/08/14 08:36 https://github.com/google/kmsan.git master ce8056d1f79e 424dd8e7 .config console log report ci-upstream-kmsan-gce
2020/07/26 22:41 https://github.com/google/kmsan.git master 93f54a72361a 51265195 .config console log report ci-upstream-kmsan-gce
2020/07/22 12:49 https://github.com/google/kmsan.git master 91e18444d6b0 128cd85f .config console log report ci-upstream-kmsan-gce
2020/07/13 14:00 https://github.com/google/kmsan.git master f0d5ec902b23 f90ec899 .config console log report ci-upstream-kmsan-gce
2020/06/18 09:23 https://github.com/google/kmsan.git master f0d5ec902b23 d45a4d69 .config console log report ci-upstream-kmsan-gce
2020/09/16 19:21 https://github.com/google/kmsan.git master 6c24608b4b24 18d7d030 .config console log report info ci-upstream-kmsan-gce-386
2020/08/15 17:31 https://github.com/google/kmsan.git master ce8056d1f79e 424dd8e7 .config console log report ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.