KMSAN: uninit-value in gc

KMSAN: uninit-value in gc_worker (2)
Status: auto-closed as invalid on 2020/05/24 00:33
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 650d, last: 650d

similar bugs (2):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KMSAN: uninit-value in gc_worker (3)				1	444d	439d	0/22	auto-closed as invalid on 2021/01/14 20:45
upstream	KMSAN: uninit-value in gc_worker				10	1230d	1242d	9/22	fixed on 2018/08/08 18:10

Sample crash report:

=====================================================
BUG: KMSAN: uninit-value in gc_worker+0x7b4/0x1340 net/netfilter/nf_conntrack_core.c:1262
CPU: 1 PID: 501 Comm: kworker/1:4 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_power_efficient gc_worker
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 gc_worker+0x7b4/0x1340 net/netfilter/nf_conntrack_core.c:1262
 process_one_work+0x1555/0x1f40 kernel/workqueue.c:2264
 worker_thread+0xef6/0x2450 kernel/workqueue.c:2410
 kthread+0x4b5/0x4f0 kernel/kthread.c:256
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310
 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165
 clear_buffer_attributes+0x490/0x530 drivers/tty/vt/vt.c:956
 vgacon_do_font_op+0x804/0x950 drivers/video/console/vgacon.c:1213
 vgacon_font_set+0x20c/0x930 drivers/video/console/vgacon.c:1294
 con_font_set drivers/tty/vt/vt.c:4538 [inline]
 con_font_op+0x19e9/0x1d60 drivers/tty/vt/vt.c:4603
 compat_fontx_ioctl drivers/tty/vt/vt_ioctl.c:1097 [inline]
 vt_compat_ioctl+0xae7/0x10c0 drivers/tty/vt/vt_ioctl.c:1200
 tty_compat_ioctl+0xa29/0x1850 drivers/tty/tty_io.c:2849
 __do_compat_sys_ioctl fs/ioctl.c:857 [inline]
 __se_compat_sys_ioctl+0x57c/0xed0 fs/ioctl.c:808
 __ia32_compat_sys_ioctl+0xd9/0x110 fs/ioctl.c:808
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310
 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165
 clear_buffer_attributes+0x4cb/0x530 drivers/tty/vt/vt.c:956
 vgacon_do_font_op+0x804/0x950 drivers/video/console/vgacon.c:1213
 vgacon_font_set+0x20c/0x930 drivers/video/console/vgacon.c:1294
 con_font_set drivers/tty/vt/vt.c:4538 [inline]
 con_font_op+0x19e9/0x1d60 drivers/tty/vt/vt.c:4603
 compat_fontx_ioctl drivers/tty/vt/vt_ioctl.c:1097 [inline]
 vt_compat_ioctl+0xae7/0x10c0 drivers/tty/vt/vt_ioctl.c:1200
 tty_compat_ioctl+0xa29/0x1850 drivers/tty/tty_io.c:2849
 __do_compat_sys_ioctl fs/ioctl.c:857 [inline]
 __se_compat_sys_ioctl+0x57c/0xed0 fs/ioctl.c:808
 __ia32_compat_sys_ioctl+0xd9/0x110 fs/ioctl.c:808
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139

Uninit was created at:
 kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:144
 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:307 [inline]
 kmsan_alloc_page+0x12a/0x310 mm/kmsan/kmsan_shadow.c:336
 __alloc_pages_nodemask+0x5712/0x5e80 mm/page_alloc.c:4775
 alloc_pages_current+0x67d/0x990 mm/mempolicy.c:2211
 alloc_pages include/linux/gfp.h:534 [inline]
 alloc_slab_page+0x111/0x12f0 mm/slub.c:1530
 allocate_slab mm/slub.c:1675 [inline]
 new_slab+0x2bc/0x1130 mm/slub.c:1741
 new_slab_objects mm/slub.c:2492 [inline]
 ___slab_alloc+0x1533/0x1f30 mm/slub.c:2643
 __slab_alloc mm/slub.c:2683 [inline]
 slab_alloc_node mm/slub.c:2757 [inline]
 slab_alloc mm/slub.c:2802 [inline]
 kmem_cache_alloc+0xb23/0xd70 mm/slub.c:2807
 __nf_conntrack_alloc+0x16d/0x6e0 net/netfilter/nf_conntrack_core.c:1371
 init_conntrack+0x3ac/0x1ff0 net/netfilter/nf_conntrack_core.c:1450
 resolve_normal_ct net/netfilter/nf_conntrack_core.c:1548 [inline]
 nf_conntrack_in+0x1338/0x268a net/netfilter/nf_conntrack_core.c:1708
 ipv4_conntrack_local+0x1ba/0x300 net/netfilter/nf_conntrack_proto.c:200
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_slow+0x16e/0x400 net/netfilter/core.c:512
 nf_hook include/linux/netfilter.h:262 [inline]
 __ip_local_out+0x69b/0x800 net/ipv4/ip_output.c:114
 ip_local_out net/ipv4/ip_output.c:123 [inline]
 __ip_queue_xmit+0x1a89/0x21a0 net/ipv4/ip_output.c:530
 ip_queue_xmit+0xcc/0xf0 include/net/ip.h:237
 __tcp_transmit_skb+0x439c/0x6090 net/ipv4/tcp_output.c:1234
 tcp_transmit_skb net/ipv4/tcp_output.c:1250 [inline]
 tcp_connect+0x4337/0x6920 net/ipv4/tcp_output.c:3657
 tcp_v4_connect+0x21fd/0x2370 net/ipv4/tcp_ipv4.c:311
 __inet_stream_connect+0x2fb/0x1340 net/ipv4/af_inet.c:655
 inet_stream_connect+0x101/0x180 net/ipv4/af_inet.c:719
 rds_tcp_conn_path_connect+0x8a7/0xb80 net/rds/tcp_connect.c:172
 rds_connect_worker+0x2a6/0x470 net/rds/threads.c:176
 process_one_work+0x1555/0x1f40 kernel/workqueue.c:2264
 worker_thread+0xef6/0x2450 kernel/workqueue.c:2410
 kthread+0x4b5/0x4f0 kernel/kthread.c:256
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353
=====================================================

Crashes (1):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kmsan-gce-386	2020/02/24 00:25	https://github.com/google/kmsan.git master	8bbbc5cf3dca	d801cb02	.config	log	report