KMSAN: uninit-value in set_selection

KMSAN: uninit-value in set_selection_kernel
Status: upstream: reported on 2020/03/12 21:47
Reported-by: syzbot+0b81ae727db96ee52ca8@syzkaller.appspotmail.com
First crash: 223d, last: 1d08h

Sample crash report:

=====================================================
BUG: KMSAN: uninit-value in store_utf8 drivers/tty/vt/selection.c:136 [inline]
BUG: KMSAN: uninit-value in vc_selection_store_chars drivers/tty/vt/selection.c:209 [inline]
BUG: KMSAN: uninit-value in vc_do_selection drivers/tty/vt/selection.c:313 [inline]
BUG: KMSAN: uninit-value in vc_selection drivers/tty/vt/selection.c:350 [inline]
BUG: KMSAN: uninit-value in set_selection_kernel+0x3086/0x3930 drivers/tty/vt/selection.c:359
CPU: 1 PID: 26087 Comm: syz-executor.0 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x21c/0x280 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:122
 __msan_warning+0x55/0x90 mm/kmsan/kmsan_instr.c:201
 store_utf8 drivers/tty/vt/selection.c:136 [inline]
 vc_selection_store_chars drivers/tty/vt/selection.c:209 [inline]
 vc_do_selection drivers/tty/vt/selection.c:313 [inline]
 vc_selection drivers/tty/vt/selection.c:350 [inline]
 set_selection_kernel+0x3086/0x3930 drivers/tty/vt/selection.c:359
 set_selection_user+0x12a/0x170 drivers/tty/vt/selection.c:185
 tioclinux+0x24d/0xd00 drivers/tty/vt/vt.c:3155
 vt_ioctl+0x1a55/0x67e0 drivers/tty/vt/vt_ioctl.c:862
 vt_compat_ioctl+0x5cb/0x1030 drivers/tty/vt/vt_ioctl.c:1257
 tty_compat_ioctl+0x74b/0x1660 drivers/tty/tty_io.c:2847
 __do_compat_sys_ioctl fs/ioctl.c:842 [inline]
 __se_compat_sys_ioctl+0x53d/0x1100 fs/ioctl.c:793
 __ia32_compat_sys_ioctl+0x4a/0x70 fs/ioctl.c:793
 do_syscall_32_irqs_on arch/x86/entry/common.c:80 [inline]
 __do_fast_syscall_32+0x129/0x180 arch/x86/entry/common.c:139
 do_fast_syscall_32+0x6a/0xc0 arch/x86/entry/common.c:162
 do_SYSENTER_32+0x73/0x90 arch/x86/entry/common.c:205
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
RIP: 0023:0xf7fdd549
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f55d70cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000541c
RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:143
 kmsan_alloc_page+0xce/0x1d0 mm/kmsan/kmsan_shadow.c:278
 __alloc_pages_nodemask+0x84e/0x1040 mm/page_alloc.c:4938
 alloc_pages_current+0x79b/0xb40 mm/mempolicy.c:2275
 alloc_pages include/linux/gfp.h:545 [inline]
 __vmalloc_area_node mm/vmalloc.c:2459 [inline]
 __vmalloc_node_range+0x92b/0x1370 mm/vmalloc.c:2525
 __vmalloc_node mm/vmalloc.c:2568 [inline]
 vmalloc+0xe0/0xf0 mm/vmalloc.c:2601
 vc_uniscr_alloc drivers/tty/vt/vt.c:346 [inline]
 vc_do_resize+0x749/0x30e0 drivers/tty/vt/vt.c:1233
 vc_resize+0xc3/0xe0 drivers/tty/vt/vt.c:1346
 vt_resizex drivers/tty/vt/vt_ioctl.c:818 [inline]
 vt_ioctl+0x6545/0x67e0 drivers/tty/vt/vt_ioctl.c:1036
 vt_compat_ioctl+0x5cb/0x1030 drivers/tty/vt/vt_ioctl.c:1257
 tty_compat_ioctl+0x74b/0x1660 drivers/tty/tty_io.c:2847
 __do_compat_sys_ioctl fs/ioctl.c:842 [inline]
 __se_compat_sys_ioctl+0x53d/0x1100 fs/ioctl.c:793
 __ia32_compat_sys_ioctl+0x4a/0x70 fs/ioctl.c:793
 do_syscall_32_irqs_on arch/x86/entry/common.c:80 [inline]
 __do_fast_syscall_32+0x129/0x180 arch/x86/entry/common.c:139
 do_fast_syscall_32+0x6a/0xc0 arch/x86/entry/common.c:162
 do_SYSENTER_32+0x73/0x90 arch/x86/entry/common.c:205
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
=====================================================

Crashes (27):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Maintainers
ci-upstream-kmsan-gce-386	2020/10/20 02:04	https://github.com/google/kmsan.git master	e67f4ba8	ff4a3345	.config	log	report	info	gregkh@linuxfoundation.org, jirislaby@kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/10/17 17:46	https://github.com/google/kmsan.git master	e67f4ba8	fea47c01	.config	log	report	info	gregkh@linuxfoundation.org, jirislaby@kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/10/14 13:13	https://github.com/google/kmsan.git master	e67f4ba8	fc7735a2	.config	log	report	info	gregkh@linuxfoundation.org, jirislaby@kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/10/13 03:10	https://github.com/google/kmsan.git master	e67f4ba8	d32b0bbf	.config	log	report	info	gregkh@linuxfoundation.org, jirislaby@kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/10/10 15:42	https://github.com/google/kmsan.git master	e67f4ba8	93817d89	.config	log	report	info	gregkh@linuxfoundation.org, jirislaby@kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/10/09 19:10	https://github.com/google/kmsan.git master	5edb1df2	d81b165e	.config	log	report	info	gregkh@linuxfoundation.org, jirislaby@kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/10/09 06:02	https://github.com/google/kmsan.git master	5edb1df2	92390980	.config	log	report	info	gregkh@linuxfoundation.org, jirislaby@kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/10/07 21:00	https://github.com/google/kmsan.git master	5edb1df2	1880b4a9	.config	log	report	info	gregkh@linuxfoundation.org, jirislaby@kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/09/19 04:37	https://github.com/google/kmsan.git master	c5a13b33	53ce8104	.config	log	report	info	gregkh@linuxfoundation.org, jirislaby@kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/09/15 11:33	https://github.com/google/kmsan.git master	3b3ea602	6989d6f6	.config	log	report	info	gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/09/11 23:46	https://github.com/google/kmsan.git master	3b3ea602	79fb24e2	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/09/11 11:39	https://github.com/google/kmsan.git master	3b3ea602	adfb8b4e	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/09/09 23:47	https://github.com/google/kmsan.git master	3b3ea602	409809d8	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/09/07 16:22	https://github.com/google/kmsan.git master	3b3ea602	abf9ba4f	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/08/31 02:13	https://github.com/google/kmsan.git master	3b3ea602	d5a3ae1f	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/08/24 02:07	https://github.com/google/kmsan.git master	ce8056d1	cef5ae68	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/08/13 13:59	https://github.com/google/kmsan.git master	ce8056d1	bc15f7db	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/06/13 18:54	https://github.com/google/kmsan.git master	f0d5ec90	dbce178a	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/06/07 15:58	https://github.com/google/kmsan.git master	f0d5ec90	2c2b926c	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/05/03 18:49	https://github.com/google/kmsan.git master	bfa90a4a	58ae5e18	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/04/17 20:32	https://github.com/google/kmsan.git master	5356842d	435c6d53	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/25 06:37	https://github.com/google/kmsan.git master	a58741ac	41f049cc	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/24 06:41	https://github.com/google/kmsan.git master	a58741ac	33e14df3	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/18 19:32	https://github.com/google/kmsan.git master	a58741ac	0a96a13c	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/12 09:01	https://github.com/google/kmsan.git master	8bbbc5cf	d850e9d0	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/12 08:29	https://github.com/google/kmsan.git master	8bbbc5cf	d850e9d0	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/11 16:35	https://github.com/google/kmsan.git master	8bbbc5cf	e7caca8e	.config	log	report		gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org