KMSAN: uninit-value in set_selection

KMSAN: uninit-value in set_selection_kernel
Status: upstream: reported on 2020/03/12 21:47
Reported-by: syzbot+0b81ae727db96ee52ca8@syzkaller.appspotmail.com
First crash: 83d, last: 30d

Sample crash report:

=====================================================
BUG: KMSAN: uninit-value in store_utf8 drivers/tty/vt/selection.c:132 [inline]
BUG: KMSAN: uninit-value in __set_selection_kernel drivers/tty/vt/selection.c:323 [inline]
BUG: KMSAN: uninit-value in set_selection_kernel+0x2c1b/0x3430 drivers/tty/vt/selection.c:349
CPU: 1 PID: 31794 Comm: syz-executor.3 Not tainted 5.6.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 store_utf8 drivers/tty/vt/selection.c:132 [inline]
 __set_selection_kernel drivers/tty/vt/selection.c:323 [inline]
 set_selection_kernel+0x2c1b/0x3430 drivers/tty/vt/selection.c:349
 set_selection_user+0x10a/0x150 drivers/tty/vt/selection.c:181
 tioclinux+0x584/0xc40 drivers/tty/vt/vt.c:3049
 vt_ioctl+0x1db1/0x57d0 drivers/tty/vt/vt_ioctl.c:364
 vt_compat_ioctl+0x6f3/0x10c0 drivers/tty/vt/vt_ioctl.c:1237
 tty_compat_ioctl+0xa24/0x1830 drivers/tty/tty_io.c:2847
 __do_compat_sys_ioctl fs/ioctl.c:857 [inline]
 __se_compat_sys_ioctl+0x57c/0xed0 fs/ioctl.c:808
 __ia32_compat_sys_ioctl+0xd9/0x110 fs/ioctl.c:808
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f9cd99
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f5d970cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000541c
RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:144
 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:280 [inline]
 kmsan_alloc_page+0xb9/0x180 mm/kmsan/kmsan_shadow.c:304
 __alloc_pages_nodemask+0x5712/0x5e80 mm/page_alloc.c:4776
 alloc_pages_current+0x67d/0x990 mm/mempolicy.c:2211
 alloc_pages include/linux/gfp.h:532 [inline]
 kmalloc_order mm/slab_common.c:1324 [inline]
 kmalloc_order_trace+0x8d/0x450 mm/slab_common.c:1340
 kmalloc_large include/linux/slab.h:484 [inline]
 __kmalloc+0x319/0x460 mm/slub.c:3847
 kmalloc include/linux/slab.h:560 [inline]
 vc_uniscr_alloc+0x95/0x730 drivers/tty/vt/vt.c:353
 vc_do_resize+0x5e7/0x2bd0 drivers/tty/vt/vt.c:1203
 vc_resize+0xc3/0xe0 drivers/tty/vt/vt.c:1315
 vt_ioctl+0x55ff/0x57d0 drivers/tty/vt/vt_ioctl.c:891
 vt_compat_ioctl+0x6f3/0x10c0 drivers/tty/vt/vt_ioctl.c:1237
 tty_compat_ioctl+0xa24/0x1830 drivers/tty/tty_io.c:2847
 __do_compat_sys_ioctl fs/ioctl.c:857 [inline]
 __se_compat_sys_ioctl+0x57c/0xed0 fs/ioctl.c:808
 __ia32_compat_sys_ioctl+0xd9/0x110 fs/ioctl.c:808
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
=====================================================

Crashes (8):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Maintainers
ci-upstream-kmsan-gce-386	2020/05/03 18:49	https://github.com/google/kmsan.git master	bfa90a4a	58ae5e18	.config	log	report	gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org
ci-upstream-kmsan-gce-386	2020/04/17 20:32	https://github.com/google/kmsan.git master	5356842d	435c6d53	.config	log	report	gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/25 06:37	https://github.com/google/kmsan.git master	a58741ac	41f049cc	.config	log	report	gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/24 06:41	https://github.com/google/kmsan.git master	a58741ac	33e14df3	.config	log	report	gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/18 19:32	https://github.com/google/kmsan.git master	a58741ac	0a96a13c	.config	log	report	gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/12 09:01	https://github.com/google/kmsan.git master	8bbbc5cf	d850e9d0	.config	log	report	gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/12 08:29	https://github.com/google/kmsan.git master	8bbbc5cf	d850e9d0	.config	log	report	gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org
ci-upstream-kmsan-gce-386	2020/03/11 16:35	https://github.com/google/kmsan.git master	8bbbc5cf	e7caca8e	.config	log	report	gregkh@linuxfoundation.org, jslaby@suse.com, linux-kernel@vger.kernel.org, okash.khawaja@gmail.com, samuel.thibault@ens-lyon.org