syzbot

 sign-in | mailing list | source | docs
🐞 Open [1513]
Subsystems
🐞 Fixed [6633]
🐞 Invalid [17000]
Missing Backports [212]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in load_script

Status: closed as invalid on 2018/04/22 15:44
Subsystems: mm fs
[Documentation on labels]
First crash: 2740d, last: 2726d

Sample crash report:
IPVS: ftp: loaded support on port[0] = 21
==================================================================
BUG: KMSAN: uninit-value in load_script+0x3ae/0xcd0 fs/binfmt_script.c:24
CPU: 1 PID: 4518 Comm: syzkaller390098 Not tainted 4.16.0+ #85
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:53
 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:683
 load_script+0x3ae/0xcd0 fs/binfmt_script.c:24
 search_binary_handler+0x2ef/0xac0 fs/exec.c:1638
 exec_binprm fs/exec.c:1680 [inline]
 do_execveat_common+0x1f4d/0x2ce0 fs/exec.c:1802
 do_execve fs/exec.c:1847 [inline]
 SYSC_execve+0xe2/0x110 fs/exec.c:1928
 SyS_execve+0x56/0x80 fs/exec.c:1923
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
RIP: 0033:0x446049
RSP: 002b:00007f77b3dfcda8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00000000006f0024 RCX: 0000000000446049
RDX: 0000000020000040 RSI: 0000000020000180 RDI: 0000000020000200
RBP: 00000000006f0020 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
R13: 6573752b666c6573 R14: 7079745f656d696d R15: 0000000000002710

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
 kmsan_save_stack mm/kmsan/kmsan.c:293 [inline]
 kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:684
 kmsan_memcpy_origins+0x11d/0x170 mm/kmsan/kmsan.c:526
 __msan_memcpy+0x109/0x160 mm/kmsan/kmsan_instr.c:477
 _copy_to_iter+0xea2/0x28f0 lib/iov_iter.c:571
 copy_to_iter include/linux/uio.h:106 [inline]
 copy_page_to_iter+0x383/0x1b70 lib/iov_iter.c:712
 shmem_file_read_iter+0x99f/0x1180 mm/shmem.c:2507
 call_read_iter include/linux/fs.h:1776 [inline]
 new_sync_read fs/read_write.c:401 [inline]
 __vfs_read+0x7dd/0x9b0 fs/read_write.c:413
 vfs_read+0x36c/0x6c0 fs/read_write.c:447
 kernel_read+0x11f/0x1a0 fs/read_write.c:426
 prepare_binprm+0x982/0xad0 fs/exec.c:1566
 do_execveat_common+0x1b35/0x2ce0 fs/exec.c:1783
 do_execve fs/exec.c:1847 [inline]
 SYSC_execve+0xe2/0x110 fs/exec.c:1928
 SyS_execve+0x56/0x80 fs/exec.c:1923
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
 kmsan_alloc_meta_for_pages+0x161/0x3a0 mm/kmsan/kmsan.c:814
 kmsan_alloc_page+0x82/0xe0 mm/kmsan/kmsan.c:868
 __alloc_pages_nodemask+0xf5b/0x5dc0 mm/page_alloc.c:4283
 alloc_pages_vma+0xcc8/0x1800 mm/mempolicy.c:2019
 shmem_alloc_page mm/shmem.c:1471 [inline]
 shmem_alloc_and_acct_page+0x6d5/0x1000 mm/shmem.c:1496
 shmem_getpage_gfp+0x35db/0x5770 mm/shmem.c:1771
 shmem_getpage mm/shmem.c:131 [inline]
 shmem_file_read_iter+0x508/0x1180 mm/shmem.c:2456
 call_read_iter include/linux/fs.h:1776 [inline]
 new_sync_read fs/read_write.c:401 [inline]
 __vfs_read+0x7dd/0x9b0 fs/read_write.c:413
 vfs_read+0x36c/0x6c0 fs/read_write.c:447
 kernel_read+0x11f/0x1a0 fs/read_write.c:426
 prepare_binprm+0x982/0xad0 fs/exec.c:1566
 do_execveat_common+0x1b35/0x2ce0 fs/exec.c:1783
 do_execve fs/exec.c:1847 [inline]
 SYSC_execve+0xe2/0x110 fs/exec.c:1928
 SyS_execve+0x56/0x80 fs/exec.c:1923
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
==================================================================

Crashes (11):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/22 12:59 https://github.com/google/kmsan.git master a7f95e9c8a95 d23fcf6c .config console log report syz C ci-upstream-kmsan-gce
2018/04/20 17:32 https://github.com/google/kmsan.git master 48c6a2b0ab1b cc402841 .config console log report syz C ci-upstream-kmsan-gce
2018/04/19 22:05 https://github.com/google/kmsan.git master 48c6a2b0ab1b 3642839c .config console log report syz C ci-upstream-kmsan-gce
2018/04/19 06:30 https://github.com/google/kmsan.git master 48c6a2b0ab1b 829f0234 .config console log report syz C ci-upstream-kmsan-gce
2018/04/18 03:20 https://github.com/google/kmsan.git master 48c6a2b0ab1b b80fd3b5 .config console log report syz C ci-upstream-kmsan-gce
2018/04/16 14:41 https://github.com/google/kmsan.git master 48c6a2b0ab1b 802ac912 .config console log report syz C ci-upstream-kmsan-gce
2018/04/14 19:57 https://github.com/google/kmsan.git master 35ff515e4bda 7a67784c .config console log report syz C ci-upstream-kmsan-gce
2018/04/12 06:11 https://github.com/google/kmsan.git master 35ff515e4bda 9cd56d71 .config console log report syz C ci-upstream-kmsan-gce
2018/04/10 06:26 https://github.com/google/kmsan.git master e2ab7e8abba4 b9f65507 .config console log report syz C ci-upstream-kmsan-gce
2018/04/09 12:48 https://github.com/google/kmsan.git master e2ab7e8abba4 f13fb445 .config console log report syz C ci-upstream-kmsan-gce
2018/04/08 08:59 https://github.com/google/kmsan.git master e2ab7e8abba4 66f22a7f .config console log report syz C ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.