[syzbot] [net?] KMSAN: uninit-value in unwind_dump
9 views
Skip to first unread message
syzbot
Apr 19, 2024, 12:36:31 PM (13 days ago) Apr 19
to da...@davemloft.net, edum...@google.com, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 0bbac3facb5d Linux 6.9-rc4
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13403bcb180000
kernel config: https://syzkaller.appspot.com/x/.config?x=87a805e655619c64
dashboard link: https://syzkaller.appspot.com/bug?extid=355c5bb8c1445c871ee8
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/93eb2bab28b5/disk-0bbac3fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/47a883d2dfaa/vmlinux-0bbac3fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6bc56900ec1d/bzImage-0bbac3fa.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+355c5b...@syzkaller.appspotmail.com
WARNING: kernel stack frame pointer at ffff88813fd05fe8 in kworker/1:1:42 has bad value ffff888103513fe8
unwind stack type:0 next_sp:ffff888103513fd8 mask:0x4 graph_idx:0
=====================================================
BUG: KMSAN: uninit-value in unwind_dump+0x5a0/0x730 arch/x86/kernel/unwind_frame.c:60
unwind_dump+0x5a0/0x730 arch/x86/kernel/unwind_frame.c:60
unwind_next_frame+0x2d6/0x470
arch_stack_walk+0x1ec/0x2d0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0xaa/0xe0 kernel/stacktrace.c:122
ref_tracker_free+0x103/0xec0 lib/ref_tracker.c:239
__netns_tracker_free include/net/net_namespace.h:348 [inline]
put_net_track include/net/net_namespace.h:363 [inline]
__sk_destruct+0x5aa/0xb70 net/core/sock.c:2204
sk_destruct net/core/sock.c:2223 [inline]
__sk_free+0x6de/0x760 net/core/sock.c:2234
sk_free+0x70/0xc0 net/core/sock.c:2245
deferred_put_nlk_sk+0x243/0x270 net/netlink/af_netlink.c:744
rcu_do_batch kernel/rcu/tree.c:2196 [inline]
rcu_core+0xa59/0x1e70 kernel/rcu/tree.c:2471
rcu_core_si+0x12/0x20 kernel/rcu/tree.c:2488
__do_softirq+0x1c0/0x7d7 kernel/softirq.c:554
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu kernel/softirq.c:633 [inline]
irq_exit_rcu+0x6a/0x130 kernel/softirq.c:645
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0x83/0x90 arch/x86/kernel/apic/apic.c:1043
Local variable tx created at:
ieee80211_get_buffered_bc+0x44/0x970 net/mac80211/tx.c:5886
mac80211_hwsim_beacon_tx+0x63b/0xb40 drivers/net/wireless/virtual/mac80211_hwsim.c:2303
CPU: 1 PID: 42 Comm: kworker/1:1 Not tainted 6.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: usb_hub_wq hub_event
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 0bbac3facb5d Linux 6.9-rc4
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13403bcb180000
kernel config: https://syzkaller.appspot.com/x/.config?x=87a805e655619c64
dashboard link: https://syzkaller.appspot.com/bug?extid=355c5bb8c1445c871ee8
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/93eb2bab28b5/disk-0bbac3fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/47a883d2dfaa/vmlinux-0bbac3fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6bc56900ec1d/bzImage-0bbac3fa.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+355c5b...@syzkaller.appspotmail.com
WARNING: kernel stack frame pointer at ffff88813fd05fe8 in kworker/1:1:42 has bad value ffff888103513fe8
unwind stack type:0 next_sp:ffff888103513fd8 mask:0x4 graph_idx:0
=====================================================
BUG: KMSAN: uninit-value in unwind_dump+0x5a0/0x730 arch/x86/kernel/unwind_frame.c:60
unwind_dump+0x5a0/0x730 arch/x86/kernel/unwind_frame.c:60
unwind_next_frame+0x2d6/0x470
arch_stack_walk+0x1ec/0x2d0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0xaa/0xe0 kernel/stacktrace.c:122
ref_tracker_free+0x103/0xec0 lib/ref_tracker.c:239
__netns_tracker_free include/net/net_namespace.h:348 [inline]
put_net_track include/net/net_namespace.h:363 [inline]
__sk_destruct+0x5aa/0xb70 net/core/sock.c:2204
sk_destruct net/core/sock.c:2223 [inline]
__sk_free+0x6de/0x760 net/core/sock.c:2234
sk_free+0x70/0xc0 net/core/sock.c:2245
deferred_put_nlk_sk+0x243/0x270 net/netlink/af_netlink.c:744
rcu_do_batch kernel/rcu/tree.c:2196 [inline]
rcu_core+0xa59/0x1e70 kernel/rcu/tree.c:2471
rcu_core_si+0x12/0x20 kernel/rcu/tree.c:2488
__do_softirq+0x1c0/0x7d7 kernel/softirq.c:554
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu kernel/softirq.c:633 [inline]
irq_exit_rcu+0x6a/0x130 kernel/softirq.c:645
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0x83/0x90 arch/x86/kernel/apic/apic.c:1043
Local variable tx created at:
ieee80211_get_buffered_bc+0x44/0x970 net/mac80211/tx.c:5886
mac80211_hwsim_beacon_tx+0x63b/0xb40 drivers/net/wireless/virtual/mac80211_hwsim.c:2303
CPU: 1 PID: 42 Comm: kworker/1:1 Not tainted 6.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: usb_hub_wq hub_event
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Alexander Potapenko
Apr 22, 2024, 4:40:13 AM (10 days ago) Apr 22
to syzbot, da...@davemloft.net, edum...@google.com, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
READ_ONCE_NOCHECK(), although it is not supposed to.
I was going to define it as follows under __SANITIZE_MEMORY__:
#define __no_sanitize_or_inline __no_kmsan_checks notrace __maybe_unused
, but I find the name __no_sanitize_or_inline a bit unfortunate
because it doesn't distinguish between "do not instrument this code"
and "do not report bugs in this code", which have different meanings
from KMSAN perspective.
Reply all
Reply to author
Forward
0 new messages