syzbot

 sign-in | mailing list | source | docs
🐞 Open [985] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in audit_log_vformat (2)

Status: fixed on 2020/06/18 13:57
Subsystems: audit
[Documentation on labels]
Reported-by: syzbot+49e69b4d71a420ceda3e@syzkaller.appspotmail.com
Fix commit: 763dafc520ad audit: check the length of userspace generated audit records
First crash: 1465d, last: 1440d
Discussions (7)
Title Replies (including bot) Last reply
[PATCH 4.4 00/70] 4.4.221-rc1 review 74 (74) 2020/05/02 23:27
[PATCH 4.9 00/80] 4.9.221-rc1 review 85 (85) 2020/05/02 23:18
[PATCH 4.14 000/117] 4.14.178-rc1 review 123 (123) 2020/05/02 23:17
[PATCH 5.6 000/167] 5.6.8-rc1 review 176 (176) 2020/04/30 06:41
[PATCH 5.4 000/168] 5.4.36-rc1 review 173 (173) 2020/04/29 14:05
[PATCH 4.19 000/131] 4.19.119-rc1 review 136 (136) 2020/04/29 14:04
KMSAN: uninit-value in audit_log_vformat (2) 3 (4) 2020/04/20 20:26
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in audit_log_vformat audit C 220 1465d 1516d 15/26 fixed on 2020/04/15 17:19
Last patch testing requests (2)
Created Duration User Patch Repo Result
2020/04/20 21:16 14m paul@paul-moore.com https://github.com/pcmoore/misc-linux_kernel.git audit-testing OK
2020/04/20 21:01 3m paul@paul-moore.com https://github.com/pcmoore/misc-linux_kernel.git audit-testing error OK

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:608 [inline]
BUG: KMSAN: uninit-value in string+0x522/0x690 lib/vsprintf.c:689
CPU: 1 PID: 8854 Comm: syz-executor694 Not tainted 5.6.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 string_nocheck lib/vsprintf.c:608 [inline]
 string+0x522/0x690 lib/vsprintf.c:689
 vsnprintf+0x207d/0x31b0 lib/vsprintf.c:2574
 audit_log_vformat+0x583/0xcd0 kernel/audit.c:1858
 audit_log_format+0x220/0x260 kernel/audit.c:1892
 audit_receive_msg kernel/audit.c:1344 [inline]
 audit_receive+0x18a4/0x6d50 kernel/audit.c:1515
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0xf9e/0x1100 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x1246/0x14d0 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x12b6/0x1350 net/socket.c:2345
 ___sys_sendmsg net/socket.c:2399 [inline]
 __sys_sendmsg+0x451/0x5f0 net/socket.c:2432
 __compat_sys_sendmsg net/compat.c:642 [inline]
 __do_compat_sys_sendmsg net/compat.c:649 [inline]
 __se_compat_sys_sendmsg net/compat.c:646 [inline]
 __ia32_compat_sys_sendmsg+0xed/0x130 net/compat.c:646
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7fa0d99
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000ffb27c7c EFLAGS: 00000246 ORIG_RAX: 0000000000000172
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200002c0
RDX: 0000000000000000 RSI: 00000000080ea078 RDI: 00000000ffb27cd0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127
 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:82
 slab_alloc_node mm/slub.c:2801 [inline]
 __kmalloc_node_track_caller+0xb40/0x1200 mm/slub.c:4420
 __kmalloc_reserve net/core/skbuff.c:142 [inline]
 __alloc_skb+0x2fd/0xac0 net/core/skbuff.c:210
 alloc_skb include/linux/skbuff.h:1081 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1175 [inline]
 netlink_sendmsg+0x7d3/0x14d0 net/netlink/af_netlink.c:1893
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x12b6/0x1350 net/socket.c:2345
 ___sys_sendmsg net/socket.c:2399 [inline]
 __sys_sendmsg+0x451/0x5f0 net/socket.c:2432
 __compat_sys_sendmsg net/compat.c:642 [inline]
 __do_compat_sys_sendmsg net/compat.c:649 [inline]
 __se_compat_sys_sendmsg net/compat.c:646 [inline]
 __ia32_compat_sys_sendmsg+0xed/0x130 net/compat.c:646
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
=====================================================

Crashes (104):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/04/19 07:03 https://github.com/google/kmsan.git master 5356842da2b5 365fba24 .config console log report syz C ci-upstream-kmsan-gce-386
2020/05/09 18:12 https://github.com/google/kmsan.git master a7b0442ddfb0 88cb3e92 .config console log report ci-upstream-kmsan-gce-386
2020/05/09 16:56 https://github.com/google/kmsan.git master a7b0442ddfb0 88cb3e92 .config console log report ci-upstream-kmsan-gce-386
2020/05/09 11:46 https://github.com/google/kmsan.git master a7b0442ddfb0 e97b06d3 .config console log report ci-upstream-kmsan-gce-386
2020/05/09 01:35 https://github.com/google/kmsan.git master 21c44613a2fe e97b06d3 .config console log report ci-upstream-kmsan-gce-386
2020/05/08 18:26 https://github.com/google/kmsan.git master 21c44613a2fe 2b98fdbc .config console log report ci-upstream-kmsan-gce-386
2020/05/07 15:42 https://github.com/google/kmsan.git master 21c44613a2fe 98cbd87b .config console log report ci-upstream-kmsan-gce-386
2020/05/07 04:51 https://github.com/google/kmsan.git master 21c44613a2fe 4618eb2d .config console log report ci-upstream-kmsan-gce-386
2020/05/06 18:14 https://github.com/google/kmsan.git master 21c44613a2fe 4618eb2d .config console log report ci-upstream-kmsan-gce-386
2020/05/06 16:14 https://github.com/google/kmsan.git master 21c44613a2fe 4618eb2d .config console log report ci-upstream-kmsan-gce-386
2020/05/06 03:19 https://github.com/google/kmsan.git master 21c44613a2fe 35b8eb30 .config console log report ci-upstream-kmsan-gce-386
2020/05/05 20:59 https://github.com/google/kmsan.git master 21c44613a2fe 4b76dd25 .config console log report ci-upstream-kmsan-gce-386
2020/05/05 18:01 https://github.com/google/kmsan.git master 21c44613a2fe 4b76dd25 .config console log report ci-upstream-kmsan-gce-386
2020/05/05 11:20 https://github.com/google/kmsan.git master 21c44613a2fe 9941337c .config console log report ci-upstream-kmsan-gce-386
2020/05/05 09:43 https://github.com/google/kmsan.git master 21c44613a2fe 9941337c .config console log report ci-upstream-kmsan-gce-386
2020/05/05 05:12 https://github.com/google/kmsan.git master 21c44613a2fe 9941337c .config console log report ci-upstream-kmsan-gce-386
2020/05/04 18:24 https://github.com/google/kmsan.git master 21c44613a2fe 58ae5e18 .config console log report ci-upstream-kmsan-gce-386
2020/05/03 22:00 https://github.com/google/kmsan.git master bfa90a4a3f3f 58ae5e18 .config console log report ci-upstream-kmsan-gce-386
2020/05/03 18:47 https://github.com/google/kmsan.git master bfa90a4a3f3f 58ae5e18 .config console log report ci-upstream-kmsan-gce-386
2020/05/03 11:43 https://github.com/google/kmsan.git master bfa90a4a3f3f 5457883a .config console log report ci-upstream-kmsan-gce-386
2020/05/03 01:29 https://github.com/google/kmsan.git master bfa90a4a3f3f 5457883a .config console log report ci-upstream-kmsan-gce-386
2020/05/02 16:11 https://github.com/google/kmsan.git master bfa90a4a3f3f 58da4c35 .config console log report ci-upstream-kmsan-gce-386
2020/05/02 05:45 https://github.com/google/kmsan.git master bfa90a4a3f3f bc734e7a .config console log report ci-upstream-kmsan-gce-386
2020/05/02 00:46 https://github.com/google/kmsan.git master bfa90a4a3f3f bc734e7a .config console log report ci-upstream-kmsan-gce-386
2020/05/01 22:46 https://github.com/google/kmsan.git master bfa90a4a3f3f bc734e7a .config console log report ci-upstream-kmsan-gce-386
2020/05/01 21:15 https://github.com/google/kmsan.git master bfa90a4a3f3f bc734e7a .config console log report ci-upstream-kmsan-gce-386
2020/05/01 15:21 https://github.com/google/kmsan.git master bfa90a4a3f3f a4d01b80 .config console log report ci-upstream-kmsan-gce-386
2020/05/01 12:02 https://github.com/google/kmsan.git master bfa90a4a3f3f a4d01b80 .config console log report ci-upstream-kmsan-gce-386
2020/05/01 04:34 https://github.com/google/kmsan.git master bfa90a4a3f3f 3698959a .config console log report ci-upstream-kmsan-gce-386
2020/04/30 22:55 https://github.com/google/kmsan.git master bfa90a4a3f3f 3698959a .config console log report ci-upstream-kmsan-gce-386
2020/04/29 22:10 https://github.com/google/kmsan.git master bfa90a4a3f3f 496a08ae .config console log report ci-upstream-kmsan-gce-386
2020/04/29 15:46 https://github.com/google/kmsan.git master bfa90a4a3f3f 496a08ae .config console log report ci-upstream-kmsan-gce-386
2020/04/29 12:46 https://github.com/google/kmsan.git master bfa90a4a3f3f e3ecea2e .config console log report ci-upstream-kmsan-gce-386
2020/04/29 09:56 https://github.com/google/kmsan.git master bfa90a4a3f3f e3ecea2e .config console log report ci-upstream-kmsan-gce-386
2020/04/29 00:02 https://github.com/google/kmsan.git master bfa90a4a3f3f e3ecea2e .config console log report ci-upstream-kmsan-gce-386
2020/04/28 14:18 https://github.com/google/kmsan.git master bfa90a4a3f3f e3ecea2e .config console log report ci-upstream-kmsan-gce-386
2020/04/28 03:11 https://github.com/google/kmsan.git master bfa90a4a3f3f 0ce7569e .config console log report ci-upstream-kmsan-gce-386
2020/04/27 19:07 https://github.com/google/kmsan.git master bfa90a4a3f3f 0ce7569e .config console log report ci-upstream-kmsan-gce-386
2020/04/27 11:27 https://github.com/google/kmsan.git master bfa90a4a3f3f 0ce7569e .config console log report ci-upstream-kmsan-gce-386
2020/04/26 19:19 https://github.com/google/kmsan.git master bfa90a4a3f3f 0ce7569e .config console log report ci-upstream-kmsan-gce-386
2020/04/26 11:59 https://github.com/google/kmsan.git master bfa90a4a3f3f 99b258dd .config console log report ci-upstream-kmsan-gce-386
2020/04/25 17:10 https://github.com/google/kmsan.git master bfa90a4a3f3f b8bb8e5f .config console log report ci-upstream-kmsan-gce-386
2020/04/25 10:03 https://github.com/google/kmsan.git master 9535d09e7cff 03d97a1b .config console log report ci-upstream-kmsan-gce-386
2020/04/25 08:11 https://github.com/google/kmsan.git master 9535d09e7cff 03d97a1b .config console log report ci-upstream-kmsan-gce-386
2020/04/15 17:48 https://github.com/google/kmsan.git master d3fe726112c4 3f3c5574 .config console log report ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.