KMSAN: uninit-value in netif_skb_features
53 views
Skip to first unread message
syzbot
Apr 12, 2018, 4:01:02 AM4/12/18
to bpoi...@suse.com, da...@davemloft.net, edum...@google.com, elena.r...@intel.com, kees...@chromium.org, linux-...@vger.kernel.org, mal...@google.com, net...@vger.kernel.org, rami....@intel.com, syzkall...@googlegroups.com, wil...@google.com
Hello,
syzbot hit the following crash on
https://github.com/google/kmsan.git/master commit
e2ab7e8abba47a2f2698216258e5d8727ae58717 (Fri Apr 6 16:24:31 2018 +0000)
kmsan: temporarily disable visitAsmInstruction() to help syzbot
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=0bbe42c764feafa82c5a
So far this crash happened 30 times on
https://github.com/google/kmsan.git/master.
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=4850744041668608
syzkaller reproducer:
https://syzkaller.appspot.com/x/repro.syz?id=6289386287136768
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=4577411249209344
Kernel config:
https://syzkaller.appspot.com/x/.config?id=6627248707860932248
compiler: clang version 7.0.0 (trunk 329391)
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0bbe42...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
==================================================================
BUG: KMSAN: uninit-value in eth_type_vlan include/linux/if_vlan.h:283
[inline]
BUG: KMSAN: uninit-value in skb_vlan_tagged_multi
include/linux/if_vlan.h:656 [inline]
BUG: KMSAN: uninit-value in vlan_features_check include/linux/if_vlan.h:672
[inline]
BUG: KMSAN: uninit-value in dflt_features_check net/core/dev.c:2949 [inline]
BUG: KMSAN: uninit-value in netif_skb_features+0xd1b/0xdc0
net/core/dev.c:3009
CPU: 1 PID: 3582 Comm: syzkaller435149 Not tainted 4.16.0+ #82
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x185/0x1d0 lib/dump_stack.c:53
kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
__msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676
eth_type_vlan include/linux/if_vlan.h:283 [inline]
skb_vlan_tagged_multi include/linux/if_vlan.h:656 [inline]
vlan_features_check include/linux/if_vlan.h:672 [inline]
dflt_features_check net/core/dev.c:2949 [inline]
netif_skb_features+0xd1b/0xdc0 net/core/dev.c:3009
validate_xmit_skb+0x89/0x1320 net/core/dev.c:3084
__dev_queue_xmit+0x1cb2/0x2b60 net/core/dev.c:3549
dev_queue_xmit+0x4b/0x60 net/core/dev.c:3590
packet_snd net/packet/af_packet.c:2944 [inline]
packet_sendmsg+0x7c57/0x8a10 net/packet/af_packet.c:2969
sock_sendmsg_nosec net/socket.c:630 [inline]
sock_sendmsg net/socket.c:640 [inline]
sock_write_iter+0x3b9/0x470 net/socket.c:909
do_iter_readv_writev+0x7bb/0x970 include/linux/fs.h:1776
do_iter_write+0x30d/0xd40 fs/read_write.c:932
vfs_writev fs/read_write.c:977 [inline]
do_writev+0x3c9/0x830 fs/read_write.c:1012
SYSC_writev+0x9b/0xb0 fs/read_write.c:1085
SyS_writev+0x56/0x80 fs/read_write.c:1082
do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
RIP: 0033:0x43ffa9
RSP: 002b:00007fff2cff3948 EFLAGS: 00000217 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffa9
RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00000000006cb018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004018d0
R13: 0000000000401960 R14: 0000000000000000 R15: 0000000000000000
Uninit was created at:
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:188
kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:314
kmsan_slab_alloc+0x11/0x20 mm/kmsan/kmsan.c:321
slab_post_alloc_hook mm/slab.h:445 [inline]
slab_alloc_node mm/slub.c:2737 [inline]
__kmalloc_node_track_caller+0xaed/0x11c0 mm/slub.c:4369
__kmalloc_reserve net/core/skbuff.c:138 [inline]
__alloc_skb+0x2cf/0x9f0 net/core/skbuff.c:206
alloc_skb include/linux/skbuff.h:984 [inline]
alloc_skb_with_frags+0x1d4/0xb20 net/core/skbuff.c:5234
sock_alloc_send_pskb+0xb56/0x1190 net/core/sock.c:2085
packet_alloc_skb net/packet/af_packet.c:2803 [inline]
packet_snd net/packet/af_packet.c:2894 [inline]
packet_sendmsg+0x6444/0x8a10 net/packet/af_packet.c:2969
sock_sendmsg_nosec net/socket.c:630 [inline]
sock_sendmsg net/socket.c:640 [inline]
sock_write_iter+0x3b9/0x470 net/socket.c:909
do_iter_readv_writev+0x7bb/0x970 include/linux/fs.h:1776
do_iter_write+0x30d/0xd40 fs/read_write.c:932
vfs_writev fs/read_write.c:977 [inline]
do_writev+0x3c9/0x830 fs/read_write.c:1012
SYSC_writev+0x9b/0xb0 fs/read_write.c:1085
SyS_writev+0x56/0x80 fs/read_write.c:1082
do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
==================================================================
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzbot hit the following crash on
https://github.com/google/kmsan.git/master commit
e2ab7e8abba47a2f2698216258e5d8727ae58717 (Fri Apr 6 16:24:31 2018 +0000)
kmsan: temporarily disable visitAsmInstruction() to help syzbot
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=0bbe42c764feafa82c5a
So far this crash happened 30 times on
https://github.com/google/kmsan.git/master.
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=4850744041668608
syzkaller reproducer:
https://syzkaller.appspot.com/x/repro.syz?id=6289386287136768
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=4577411249209344
Kernel config:
https://syzkaller.appspot.com/x/.config?id=6627248707860932248
compiler: clang version 7.0.0 (trunk 329391)
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0bbe42...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
==================================================================
BUG: KMSAN: uninit-value in eth_type_vlan include/linux/if_vlan.h:283
[inline]
BUG: KMSAN: uninit-value in skb_vlan_tagged_multi
include/linux/if_vlan.h:656 [inline]
BUG: KMSAN: uninit-value in vlan_features_check include/linux/if_vlan.h:672
[inline]
BUG: KMSAN: uninit-value in dflt_features_check net/core/dev.c:2949 [inline]
BUG: KMSAN: uninit-value in netif_skb_features+0xd1b/0xdc0
net/core/dev.c:3009
CPU: 1 PID: 3582 Comm: syzkaller435149 Not tainted 4.16.0+ #82
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x185/0x1d0 lib/dump_stack.c:53
kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
__msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676
eth_type_vlan include/linux/if_vlan.h:283 [inline]
skb_vlan_tagged_multi include/linux/if_vlan.h:656 [inline]
vlan_features_check include/linux/if_vlan.h:672 [inline]
dflt_features_check net/core/dev.c:2949 [inline]
netif_skb_features+0xd1b/0xdc0 net/core/dev.c:3009
validate_xmit_skb+0x89/0x1320 net/core/dev.c:3084
__dev_queue_xmit+0x1cb2/0x2b60 net/core/dev.c:3549
dev_queue_xmit+0x4b/0x60 net/core/dev.c:3590
packet_snd net/packet/af_packet.c:2944 [inline]
packet_sendmsg+0x7c57/0x8a10 net/packet/af_packet.c:2969
sock_sendmsg_nosec net/socket.c:630 [inline]
sock_sendmsg net/socket.c:640 [inline]
sock_write_iter+0x3b9/0x470 net/socket.c:909
do_iter_readv_writev+0x7bb/0x970 include/linux/fs.h:1776
do_iter_write+0x30d/0xd40 fs/read_write.c:932
vfs_writev fs/read_write.c:977 [inline]
do_writev+0x3c9/0x830 fs/read_write.c:1012
SYSC_writev+0x9b/0xb0 fs/read_write.c:1085
SyS_writev+0x56/0x80 fs/read_write.c:1082
do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
RIP: 0033:0x43ffa9
RSP: 002b:00007fff2cff3948 EFLAGS: 00000217 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffa9
RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00000000006cb018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004018d0
R13: 0000000000401960 R14: 0000000000000000 R15: 0000000000000000
Uninit was created at:
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:188
kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:314
kmsan_slab_alloc+0x11/0x20 mm/kmsan/kmsan.c:321
slab_post_alloc_hook mm/slab.h:445 [inline]
slab_alloc_node mm/slub.c:2737 [inline]
__kmalloc_node_track_caller+0xaed/0x11c0 mm/slub.c:4369
__kmalloc_reserve net/core/skbuff.c:138 [inline]
__alloc_skb+0x2cf/0x9f0 net/core/skbuff.c:206
alloc_skb include/linux/skbuff.h:984 [inline]
alloc_skb_with_frags+0x1d4/0xb20 net/core/skbuff.c:5234
sock_alloc_send_pskb+0xb56/0x1190 net/core/sock.c:2085
packet_alloc_skb net/packet/af_packet.c:2803 [inline]
packet_snd net/packet/af_packet.c:2894 [inline]
packet_sendmsg+0x6444/0x8a10 net/packet/af_packet.c:2969
sock_sendmsg_nosec net/socket.c:630 [inline]
sock_sendmsg net/socket.c:640 [inline]
sock_write_iter+0x3b9/0x470 net/socket.c:909
do_iter_readv_writev+0x7bb/0x970 include/linux/fs.h:1776
do_iter_write+0x30d/0xd40 fs/read_write.c:932
vfs_writev fs/read_write.c:977 [inline]
do_writev+0x3c9/0x830 fs/read_write.c:1012
SYSC_writev+0x9b/0xb0 fs/read_write.c:1085
SyS_writev+0x56/0x80 fs/read_write.c:1082
do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
==================================================================
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
Dmitry Vyukov
Apr 12, 2018, 4:03:37 AM4/12/18
to syzbot, bpoi...@suse.com, David Miller, Eric Dumazet, Reshetova, Elena, Kees Cook, LKML, Mike Maloney, netdev, rami....@intel.com, syzkaller-bugs, Willem de Bruijn, makita....@lab.ntt.co.jp
On Thu, Apr 12, 2018 at 10:01 AM, syzbot
<syzbot+0bbe42...@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot hit the following crash on https://github.com/google/kmsan.git/master
> commit
> e2ab7e8abba47a2f2698216258e5d8727ae58717 (Fri Apr 6 16:24:31 2018 +0000)
> kmsan: temporarily disable visitAsmInstruction() to help syzbot
> syzbot dashboard link:
> https://syzkaller.appspot.com/bug?extid=0bbe42c764feafa82c5a
>
> So far this crash happened 30 times on
> https://github.com/google/kmsan.git/master.
> C reproducer: https://syzkaller.appspot.com/x/repro.c?id=4850744041668608
> syzkaller reproducer:
> https://syzkaller.appspot.com/x/repro.syz?id=6289386287136768
> Raw console output:
> https://syzkaller.appspot.com/x/log.txt?id=4577411249209344
> Kernel config:
> https://syzkaller.appspot.com/x/.config?id=6627248707860932248
> compiler: clang version 7.0.0 (trunk 329391)
+Toshiaki as this seems to be related to the recent vlan tagging changes.
<syzbot+0bbe42...@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot hit the following crash on https://github.com/google/kmsan.git/master
> commit
> e2ab7e8abba47a2f2698216258e5d8727ae58717 (Fri Apr 6 16:24:31 2018 +0000)
> kmsan: temporarily disable visitAsmInstruction() to help syzbot
> syzbot dashboard link:
> https://syzkaller.appspot.com/bug?extid=0bbe42c764feafa82c5a
>
> So far this crash happened 30 times on
> https://github.com/google/kmsan.git/master.
> C reproducer: https://syzkaller.appspot.com/x/repro.c?id=4850744041668608
> syzkaller reproducer:
> https://syzkaller.appspot.com/x/repro.syz?id=6289386287136768
> Raw console output:
> https://syzkaller.appspot.com/x/log.txt?id=4577411249209344
> Kernel config:
> https://syzkaller.appspot.com/x/.config?id=6627248707860932248
> compiler: clang version 7.0.0 (trunk 329391)
This also seems to be related to
https://groups.google.com/d/msg/syzkaller-bugs/FNEavkB4QaM/efXl2AeRBgAJ
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/089e082d0cb81b67d10569a2283f%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Toshiaki Makita
Apr 13, 2018, 4:28:54 AM4/13/18
to Dmitry Vyukov, syzbot, bpoi...@suse.com, David Miller, Eric Dumazet, Reshetova, Elena, Kees Cook, LKML, Mike Maloney, netdev, rami....@intel.com, syzkaller-bugs, Willem de Bruijn
On 2018/04/12 17:03, Dmitry Vyukov wrote:
> On Thu, Apr 12, 2018 at 10:01 AM, syzbot
> <syzbot+0bbe42...@syzkaller.appspotmail.com> wrote:
>> Hello,
>>
>> syzbot hit the following crash on https://github.com/google/kmsan.git/master
>> commit
>> e2ab7e8abba47a2f2698216258e5d8727ae58717 (Fri Apr 6 16:24:31 2018 +0000)
>> kmsan: temporarily disable visitAsmInstruction() to help syzbot
>> syzbot dashboard link:
>> https://syzkaller.appspot.com/bug?extid=0bbe42c764feafa82c5a
>>
>> So far this crash happened 30 times on
>> https://github.com/google/kmsan.git/master.
>> C reproducer: https://syzkaller.appspot.com/x/repro.c?id=4850744041668608
>> syzkaller reproducer:
>> https://syzkaller.appspot.com/x/repro.syz?id=6289386287136768
>> Raw console output:
>> https://syzkaller.appspot.com/x/log.txt?id=4577411249209344
>> Kernel config:
>> https://syzkaller.appspot.com/x/.config?id=6627248707860932248
>> compiler: clang version 7.0.0 (trunk 329391)
>
> +Toshiaki as this seems to be related to the recent vlan tagging changes.
Seems not.
> On Thu, Apr 12, 2018 at 10:01 AM, syzbot
> <syzbot+0bbe42...@syzkaller.appspotmail.com> wrote:
>> Hello,
>>
>> syzbot hit the following crash on https://github.com/google/kmsan.git/master
>> commit
>> e2ab7e8abba47a2f2698216258e5d8727ae58717 (Fri Apr 6 16:24:31 2018 +0000)
>> kmsan: temporarily disable visitAsmInstruction() to help syzbot
>> syzbot dashboard link:
>> https://syzkaller.appspot.com/bug?extid=0bbe42c764feafa82c5a
>>
>> So far this crash happened 30 times on
>> https://github.com/google/kmsan.git/master.
>> C reproducer: https://syzkaller.appspot.com/x/repro.c?id=4850744041668608
>> syzkaller reproducer:
>> https://syzkaller.appspot.com/x/repro.syz?id=6289386287136768
>> Raw console output:
>> https://syzkaller.appspot.com/x/log.txt?id=4577411249209344
>> Kernel config:
>> https://syzkaller.appspot.com/x/.config?id=6627248707860932248
>> compiler: clang version 7.0.0 (trunk 329391)
>
> +Toshiaki as this seems to be related to the recent vlan tagging changes.
Probably skb_vlan_tagged_multi() needs to call pskb_may_pull() before
accessing skb->data? I'll confirm it later.
Toshiaki Makita
syzbot
Apr 16, 2018, 12:35:04 AM4/16/18
to makita....@lab.ntt.co.jp, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but build/boot failed:
kernel build failed: failed to run /usr/bin/make [make bzImage -j 32
CC=/syzkaller/clang-kmsan/bin/clang]: exit status 2
arch/x86/Makefile:184: *** Compiler lacks asm-goto support.. Stop.
Tested on net commit
c246fd333f84e6a0a8572f991637aa102f5e1865 (Sun Apr 15 08:07:12 2018 +0000)
filter.txt: update 'tools/net/' to 'tools/bpf/'
compiler: clang version 7.0.0 (trunk 329391)
Patch: https://syzkaller.appspot.com/x/patch.diff?id=6270935644504064
syzbot tried to test the proposed patch but build/boot failed:
kernel build failed: failed to run /usr/bin/make [make bzImage -j 32
CC=/syzkaller/clang-kmsan/bin/clang]: exit status 2
arch/x86/Makefile:184: *** Compiler lacks asm-goto support.. Stop.
Tested on net commit
c246fd333f84e6a0a8572f991637aa102f5e1865 (Sun Apr 15 08:07:12 2018 +0000)
filter.txt: update 'tools/net/' to 'tools/bpf/'
compiler: clang version 7.0.0 (trunk 329391)
syzbot
Apr 16, 2018, 1:07:02 AM4/16/18
to makita....@lab.ntt.co.jp, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but build/boot failed:
^
syzbot tried to test the proposed patch but build/boot failed:
In file included from drivers/gpu/drm/i915/intel_overlay.c:28:
In file included from ./include/drm/drmP.h:36:
In file included from ./include/linux/cdev.h:5:
In file included from ./include/linux/kobject.h:20:
In file included from ./include/linux/sysfs.h:16:
In file included from ./include/linux/kernfs.h:14:
In file included from ./include/linux/idr.h:15:
In file included from ./include/linux/radix-tree.h:29:
In file included from ./include/linux/spinlock.h:88:
In file included from ./arch/x86/include/asm/spinlock.h:43:
In file included from ./arch/x86/include/asm/qrwlock.h:6:
./include/asm-generic/qrwlock.h:75:36: warning: comparison of integers of
different signs: 'int' and 'u32' (aka 'unsigned int') [-Wsign-compare]
cnts, cnts | _QW_LOCKED) ==
cnts);
~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~
./include/linux/compiler.h:76:40: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
In file included from drivers/gpu/drm/i915/intel_modes.c:29:
In file included from ./include/drm/drmP.h:37:
In file included from ./include/linux/dma-mapping.h:11:
In file included from ./include/linux/scatterlist.h:8:
In file included from ./include/linux/mm.h:1094:
./include/linux/vmstat.h:156:2: warning: comparison of integers of
different signs: 'int' and 'unsigned int' [-Wsign-compare]
for_each_online_cpu(cpu)
^~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/cpumask.h:766:36: note: expanded from
macro 'for_each_online_cpu'
#define for_each_online_cpu(cpu) for_each_cpu((cpu), cpu_online_mask)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/cpumask.h:231:9: note: expanded from macro 'for_each_cpu'
(cpu) < nr_cpu_ids;)
~~~ ^ ~~~~~~~~~~
In file included from drivers/gpu/drm/i915/intel_modes.c:29:
In file included from ./include/drm/drmP.h:37:
In file included from ./include/linux/dma-mapping.h:11:
In file included from ./include/linux/scatterlist.h:8:
In file included from ./include/linux/mm.h:1094:
./include/linux/vmstat.h:221:2: warning: comparison of integers of
different signs: 'int' and 'unsigned int' [-Wsign-compare]
for_each_online_cpu(cpu)
^~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/cpumask.h:766:36: note: expanded from
macro 'for_each_online_cpu'
#define for_each_online_cpu(cpu) for_each_cpu((cpu), cpu_online_mask)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/cpumask.h:231:9: note: expanded from macro 'for_each_cpu'
(cpu) < nr_cpu_ids;)
~~~ ^ ~~~~~~~~~~
CC drivers/gpu/drm/i915/intel_sideband.o
In file included from drivers/gpu/drm/i915/intel_overlay.c:28:
In file included from ./include/drm/drmP.h:36:
In file included from ./include/linux/cdev.h:5:
In file included from ./include/linux/kobject.h:20:
In file included from ./include/linux/sysfs.h:16:
In file included from ./include/linux/kernfs.h:14:
In file included from ./include/linux/idr.h:16:
In file included from ./include/linux/gfp.h:6:
./include/linux/mmzone.h:987:44: warning: comparison of integers of
different signs: 'int' and 'enum zone_type' [-Wsign-compare]
if (likely(!nodes && zonelist_zone_idx(z) <= highest_zoneidx))
~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~
./include/linux/compiler.h:76:40: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
In file included from drivers/gpu/drm/i915/intel_psr.c:54:
In file included from ./include/drm/drmP.h:36:
In file included from ./include/linux/cdev.h:5:
In file included from ./include/linux/kobject.h:20:
In file included from ./include/linux/sysfs.h:16:
In file included from ./include/linux/kernfs.h:14:
In file included from ./include/linux/idr.h:15:
In file included from ./include/linux/radix-tree.h:27:
In file included from ./include/linux/preempt.h:81:
In file included from ./arch/x86/include/asm/preempt.h:7:
./include/linux/thread_info.h:134:29: warning: comparison of integers of
different signs: 'int' and 'size_t' (aka 'unsigned long') [-Wsign-compare]
if (unlikely(sz >= 0 && sz < bytes)) {
~~ ^ ~~~~~
./include/linux/compiler.h:77:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
In file included from drivers/gpu/drm/i915/intel_psr.c:54:
In file included from ./include/drm/drmP.h:36:
In file included from ./include/linux/cdev.h:5:
In file included from ./include/linux/kobject.h:20:
In file included from ./include/linux/sysfs.h:16:
In file included from ./include/linux/kernfs.h:14:
In file included from ./include/linux/idr.h:15:
In file included from ./include/linux/radix-tree.h:29:
In file included from ./include/linux/spinlock.h:88:
In file included from ./arch/x86/include/asm/spinlock.h:43:
In file included from ./arch/x86/include/asm/qrwlock.h:6:
./include/asm-generic/qrwlock.h:75:36: warning: comparison of integers of
different signs: 'int' and 'u32' (aka 'unsigned int') [-Wsign-compare]
cnts, cnts | _QW_LOCKED) ==
cnts);
~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~
./include/linux/compiler.h:76:40: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
In file included from drivers/gpu/drm/i915/intel_sideband.c:25:
In file included from drivers/gpu/drm/i915/i915_drv.h:36:
In file included from ./include/linux/io-mapping.h:22:
In file included from ./include/linux/slab.h:15:
In file included from ./include/linux/gfp.h:5:
In file included from ./include/linux/mmdebug.h:5:
In file included from ./include/linux/bug.h:5:
In file included from ./arch/x86/include/asm/bug.h:83:
In file included from ./include/asm-generic/bug.h:18:
In file included from ./include/linux/kernel.h:11:
In file included from ./include/linux/bitops.h:38:
In file included from ./arch/x86/include/asm/bitops.h:521:
In file included from ./include/asm-generic/bitops/le.h:6:
In file included from ./arch/x86/include/uapi/asm/byteorder.h:5:
In file included from ./include/linux/byteorder/little_endian.h:11:
./include/linux/byteorder/generic.h:195:16: warning: comparison of integers
of different signs: 'int' and 'size_t' (aka 'unsigned long')
[-Wsign-compare]
for (i = 0; i < len; i++)
~ ^ ~~~
./include/linux/byteorder/generic.h:203:16: warning: comparison of integers
of different signs: 'int' and 'size_t' (aka 'unsigned long')
[-Wsign-compare]
for (i = 0; i < len; i++)
~ ^ ~~~
In file included from drivers/gpu/drm/i915/intel_overlay.c:28:
In file included from ./include/drm/drmP.h:36:
In file included from ./include/linux/cdev.h:8:
In file included from ./include/linux/device.h:25:
In file included from ./include/linux/ratelimit.h:6:
In file included from ./include/linux/sched.h:15:
In file included from ./include/linux/sem.h:5:
In file included from ./include/uapi/linux/sem.h:5:
In file included from ./include/linux/ipc.h:7:
./include/linux/rhashtable.h:304:34: warning: comparison of integers of
different signs: 'int' and 'unsigned int' [-Wsign-compare]
return atomic_read(&ht->nelems) > (tbl->size / 4 * 3) &&
~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~
./include/linux/rhashtable.h:317:34: warning: comparison of integers of
different signs: 'int' and 'unsigned int' [-Wsign-compare]
return atomic_read(&ht->nelems) < (tbl->size * 3 / 10) &&
~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~
./include/linux/rhashtable.h:329:34: warning: comparison of integers of
different signs: 'int' and 'const unsigned int' [-Wsign-compare]
return atomic_read(&ht->nelems) > tbl->size &&
~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~
./include/linux/rhashtable.h:341:34: warning: comparison of integers of
different signs: 'int' and 'const unsigned int' [-Wsign-compare]
return atomic_read(&ht->nelems) >= ht->max_elems;
~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~
CC drivers/gpu/drm/i915/intel_sprite.o
15 warnings generated.
In file included from drivers/gpu/drm/i915/intel_sprite.c:32:
In file included from ./include/drm/drmP.h:35:
In file included from ./include/linux/agp_backend.h:33:
In file included from ./include/linux/list.h:9:
In file included from ./include/linux/kernel.h:11:
In file included from ./include/linux/bitops.h:38:
In file included from ./arch/x86/include/asm/bitops.h:521:
In file included from ./include/asm-generic/bitops/le.h:6:
In file included from ./arch/x86/include/uapi/asm/byteorder.h:5:
In file included from ./include/linux/byteorder/little_endian.h:11:
./include/linux/byteorder/generic.h:195:16: warning: comparison of integers
of different signs: 'int' and 'size_t' (aka 'unsigned long')
[-Wsign-compare]
for (i = 0; i < len; i++)
~ ^ ~~~
./include/linux/byteorder/generic.h:203:16: warning: comparison of integers
of different signs: 'int' and 'size_t' (aka 'unsigned long')
[-Wsign-compare]
for (i = 0; i < len; i++)
~ ^ ~~~
In file included from drivers/gpu/drm/i915/intel_psr.c:54:
In file included from ./include/drm/drmP.h:36:
In file included from ./include/linux/cdev.h:5:
In file included from ./include/linux/kobject.h:20:
In file included from ./include/linux/sysfs.h:16:
In file included from ./include/linux/kernfs.h:14:
In file included from ./include/linux/idr.h:16:
In file included from ./include/linux/gfp.h:6:
./include/linux/mmzone.h:987:44: warning: comparison of integers of
different signs: 'int' and 'enum zone_type' [-Wsign-compare]
if (likely(!nodes && zonelist_zone_idx(z) <= highest_zoneidx))
~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~
./include/linux/compiler.h:76:40: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
CC drivers/gpu/drm/radeon/kv_dpm.o
In file included from drivers/gpu/drm/i915/intel_overlay.c:28:
In file included from ./include/drm/drmP.h:37:
In file included from ./include/linux/dma-mapping.h:11:
In file included from ./include/linux/scatterlist.h:8:
In file included from ./include/linux/mm.h:26:
In file included from ./include/linux/page_ref.h:7:
./include/linux/page-flags.h:162:21: warning: comparison of integers of
different signs: 'const unsigned long' and 'long' [-Wsign-compare]
return page->flags == PAGE_POISON_PATTERN;
~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~
CC drivers/gpu/drm/amd/amdgpu/cik_sdma.o
In file included from drivers/gpu/drm/i915/intel_sideband.c:25:
In file included from drivers/gpu/drm/i915/i915_drv.h:36:
In file included from ./include/linux/io-mapping.h:22:
In file included from ./include/linux/slab.h:15:
In file included from ./include/linux/gfp.h:6:
In file included from ./include/linux/mmzone.h:8:
In file included from ./include/linux/spinlock.h:51:
In file included from ./include/linux/preempt.h:81:
In file included from ./arch/x86/include/asm/preempt.h:7:
./include/linux/thread_info.h:134:29: warning: comparison of integers of
different signs: 'int' and 'size_t' (aka 'unsigned long') [-Wsign-compare]
if (unlikely(sz >= 0 && sz < bytes)) {
~~ ^ ~~~~~
./include/linux/compiler.h:77:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
In file included from drivers/gpu/drm/i915/intel_sideband.c:25:
In file included from drivers/gpu/drm/i915/i915_drv.h:36:
In file included from ./include/linux/io-mapping.h:22:
In file included from ./include/linux/slab.h:15:
In file included from ./include/linux/gfp.h:6:
In file included from ./include/linux/mmzone.h:8:
In file included from ./include/linux/spinlock.h:88:
In file included from ./arch/x86/include/asm/spinlock.h:43:
In file included from ./arch/x86/include/asm/qrwlock.h:6:
./include/asm-generic/qrwlock.h:75:36: warning: comparison of integers of
different signs: 'int' and 'u32' (aka 'unsigned int') [-Wsign-compare]
cnts, cnts | _QW_LOCKED) ==
cnts);
~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~
./include/linux/compiler.h:76:40: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
In file included from drivers/gpu/drm/i915/intel_psr.c:54:
In file included from ./include/drm/drmP.h:36:
In file included from ./include/linux/cdev.h:8:
In file included from ./include/linux/device.h:25:
In file included from ./include/linux/ratelimit.h:6:
In file included from ./include/linux/sched.h:15:
In file included from ./include/linux/sem.h:5:
In file included from ./include/uapi/linux/sem.h:5:
In file included from ./include/linux/ipc.h:7:
./include/linux/rhashtable.h:304:34: warning: comparison of integers of
different signs: 'int' and 'unsigned int' [-Wsign-compare]
return atomic_read(&ht->nelems) > (tbl->size / 4 * 3) &&
~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~
./include/linux/rhashtable.h:317:34: warning: comparison of integers of
different signs: 'int' and 'unsigned int' [-Wsign-compare]
return atomic_read(&ht->nelems) < (tbl->size * 3 / 10) &&
~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~
./include/linux/rhashtable.h:329:34: warning: comparison of integers of
different signs: 'int' and 'const unsigned int' [-Wsign-compare]
return atomic_read(&ht->nelems) > tbl->size &&
~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~
./include/linux/rhashtable.h:341:34: warning: comparison of integers of
different signs: 'int' and 'const unsigned int' [-Wsign-compare]
return atomic_read(&ht->nelems) >= ht->max_elems;
~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~
In file included from drivers/gpu/drm/i915/intel_modes.c:30:
In file included from drivers/gpu/drm/i915/intel_drv.h:33:
In file included from drivers/gpu/drm/i915/i915_drv.h:45:
./include/linux/reservation.h:122:17: warning: comparison of integers of
different signs: 'int' and 'u32' (aka 'unsigned int') [-Wsign-compare]
for (i = 0; i < fobj->shared_count; ++i)
~ ^ ~~~~~~~~~~~~~~~~~~
In file included from drivers/gpu/drm/i915/intel_modes.c:30:
In file included from drivers/gpu/drm/i915/intel_drv.h:33:
In file included from drivers/gpu/drm/i915/i915_drv.h:46:
In file included from ./include/linux/shmem_fs.h:6:
In file included from ./include/linux/swap.h:9:
In file included from ./include/linux/memcontrol.h:31:
In file included from ./include/linux/writeback.h:184:
./include/linux/bio.h:403:14: warning: comparison of integers of different
signs: 'int' and 'unsigned int' [-Wsign-compare]
if (sectors >= bio_sectors(bio))
~~~~~~~ ^ ~~~~~~~~~~~~~~~~
In file included from drivers/gpu/drm/i915/intel_sprite.c:32:
In file included from ./include/drm/drmP.h:36:
In file included from ./include/linux/cdev.h:5:
In file included from ./include/linux/kobject.h:20:
In file included from ./include/linux/sysfs.h:16:
In file included from ./include/linux/kernfs.h:14:
In file included from ./include/linux/idr.h:15:
In file included from ./include/linux/radix-tree.h:27:
In file included from ./include/linux/preempt.h:81:
In file included from ./arch/x86/include/asm/preempt.h:7:
./include/linux/thread_info.h:134:29: warning: comparison of integers of
different signs: 'int' and 'size_t' (aka 'unsigned long') [-Wsign-compare]
if (unlikely(sz >= 0 && sz < bytes)) {
~~ ^ ~~~~~
./include/linux/compiler.h:77:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
CC drivers/gpu/drm/i915/intel_acpi.o
In file included from drivers/gpu/drm/i915/intel_sprite.c:32:
In file included from ./include/drm/drmP.h:36:
In file included from ./include/linu
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/log.txt?id=5976087213375488
Tested on net commit
c246fd333f84e6a0a8572f991637aa102f5e1865 (Sun Apr 15 08:07:12 2018 +0000)
filter.txt: update 'tools/net/' to 'tools/bpf/'
compiler: clang version 7.0.0 (trunk 329391)
Dmitry Vyukov
Apr 16, 2018, 5:15:54 AM4/16/18
to syzbot, Toshiaki Makita, syzkaller-bugs
Hi Toshiaki,
Note KMSAN bugs can only to be tested on KMSAN tree, see
https://github.com/google/syzkaller/blob/master/docs/syzbot.md#kmsan-bugs
for details.
We need to provide better diagnostics and better error message for this.
Note KMSAN bugs can only to be tested on KMSAN tree, see
https://github.com/google/syzkaller/blob/master/docs/syzbot.md#kmsan-bugs
for details.
We need to provide better diagnostics and better error message for this.
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/0000000000002be1c00569f0318d%40google.com.
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
Toshiaki Makita
Apr 16, 2018, 5:50:53 AM4/16/18
to Dmitry Vyukov, syzbot, syzkaller-bugs
On 2018/04/16 18:15, Dmitry Vyukov wrote:
> Hi Toshiaki,
>
> Note KMSAN bugs can only to be tested on KMSAN tree, see
> https://github.com/google/syzkaller/blob/master/docs/syzbot.md#kmsan-bugs
> for details.
> We need to provide better diagnostics and better error message for this.
Thanks, will try using it.
> Hi Toshiaki,
>
> Note KMSAN bugs can only to be tested on KMSAN tree, see
> https://github.com/google/syzkaller/blob/master/docs/syzbot.md#kmsan-bugs
> for details.
> We need to provide better diagnostics and better error message for this.
--
Toshiaki Makita
Dmitry Vyukov
Apr 16, 2018, 5:54:27 AM4/16/18
to syzbot, Toshiaki Makita, syzkaller-bugs
On Mon, Apr 16, 2018 at 11:15 AM, Dmitry Vyukov <dvy...@google.com> wrote:
> Hi Toshiaki,
>
> Note KMSAN bugs can only to be tested on KMSAN tree, see
> https://github.com/google/syzkaller/blob/master/docs/syzbot.md#kmsan-bugs
> for details.
> We need to provide better diagnostics and better error message for this.
This also uncovered several problems in syzbot.
> Hi Toshiaki,
>
> Note KMSAN bugs can only to be tested on KMSAN tree, see
> https://github.com/google/syzkaller/blob/master/docs/syzbot.md#kmsan-bugs
> for details.
> We need to provide better diagnostics and better error message for this.
First, broken link to full error text. This is now fixed with:
https://github.com/google/syzkaller/commit/802ac9125dff4a0cfc5d124994c04c0944538489
Then we need to properly diagnose when KMSAN is tested on non-KMSAN
tree, I've filed https://github.com/google/syzkaller/issues/567 for
this.
Then, the bogus "Compiler lacks asm-goto support" error in the first
request. I think it's caused by the fact that we reuse build dir
between test requests and it saves a bunch of build time for repeated
requests, but breaks when gcc build dir is then reused with clang.
I've field https://github.com/google/syzkaller/issues/568 for this.
As a workaround what you did looks good -- touch Makefile should cause
make to rebuild everything.
Please bear with us, we also have bugs.
syzbot
Apr 16, 2018, 6:01:02 AM4/16/18
to makita....@lab.ntt.co.jp, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but build/boot failed:
for ((bkt) = 0, obj = NULL; obj == NULL && (bkt) < HASH_SIZE(name);\
syzbot tried to test the proposed patch but build/boot failed:
~~~ ^ ~~~~~~~~~~~~~~~
In file included from drivers/gpu/drm/i915/intel_lpe_audio.c:68:
In file included from drivers/gpu/drm/i915/i915_drv.h:45:
./include/linux/reservation.h:122:17: warning: comparison of integers of
different signs: 'int' and 'u32' (aka 'unsigned int') [-Wsign-compare]
for (i = 0; i < fobj->shared_count; ++i)
~ ^ ~~~~~~~~~~~~~~~~~~
In file included from drivers/gpu/drm/i915/intel_lpe_audio.c:68:
./include/linux/reservation.h:122:17: warning: comparison of integers of
different signs: 'int' and 'u32' (aka 'unsigned int') [-Wsign-compare]
for (i = 0; i < fobj->shared_count; ++i)
~ ^ ~~~~~~~~~~~~~~~~~~
In file included from drivers/gpu/drm/i915/i915_drv.h:46:
In file included from ./include/linux/shmem_fs.h:6:
In file included from ./include/linux/swap.h:9:
In file included from ./include/linux/memcontrol.h:31:
In file included from ./include/linux/writeback.h:184:
./include/linux/bio.h:403:14: warning: comparison of integers of different
signs: 'int' and 'unsigned int' [-Wsign-compare]
if (sectors >= bio_sectors(bio))
~~~~~~~ ^ ~~~~~~~~~~~~~~~~
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_transform.o
In file included from ./include/linux/shmem_fs.h:6:
In file included from ./include/linux/swap.h:9:
In file included from ./include/linux/memcontrol.h:31:
In file included from ./include/linux/writeback.h:184:
./include/linux/bio.h:403:14: warning: comparison of integers of different
signs: 'int' and 'unsigned int' [-Wsign-compare]
if (sectors >= bio_sectors(bio))
~~~~~~~ ^ ~~~~~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:626:42: warning:
equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((data->graphics_micro_tile_mode
== bw_def_rotated_micro_tiling)) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:626:42: note:
remove extraneous parentheses around the comparison to silence this warning
if ((data->graphics_micro_tile_mode
== bw_def_rotated_micro_tiling)) {
~
^ ~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:626:42: note:
use '=' to turn this equality comparison into an assignment
if ((data->graphics_micro_tile_mode
== bw_def_rotated_micro_tiling)) {
^~
=
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:637:42: warning:
equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((data->underlay_micro_tile_mode
== bw_def_display_micro_tiling)) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:637:42: note:
remove extraneous parentheses around the comparison to silence this warning
if ((data->underlay_micro_tile_mode
== bw_def_display_micro_tiling)) {
~
^ ~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:637:42: note:
use '=' to turn this equality comparison into an assignment
if ((data->underlay_micro_tile_mode
== bw_def_display_micro_tiling)) {
^~
=
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:646:42: warning:
equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((data->graphics_micro_tile_mode
== bw_def_display_micro_tiling)) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:646:42: note:
remove extraneous parentheses around the comparison to silence this warning
if ((data->graphics_micro_tile_mode
== bw_def_display_micro_tiling)) {
~
^ ~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:646:42: note:
use '=' to turn this equality comparison into an assignment
if ((data->graphics_micro_tile_mode
== bw_def_display_micro_tiling)) {
^~
=
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_clocks.o
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:1445:49:
warning: equality comparison with extraneous parentheses
[-Wparentheses-equality]
if ((number_of_aligned_displays_with_no_margin ==
number_of_displays_enabled)) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:1445:49: note:
remove extraneous parentheses around the comparison to silence this warning
if ((number_of_aligned_displays_with_no_margin ==
number_of_displays_enabled)) {
~
^ ~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:1445:49: note:
use '=' to turn this equality comparison into an assignment
if ((number_of_aligned_displays_with_no_margin ==
number_of_displays_enabled)) {
^~
=
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:1807:48:
warning: equality comparison with extraneous parentheses
[-Wparentheses-equality]
if ((data->display_pstate_change_enable[i]
== 1)) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:1807:48: note:
remove extraneous parentheses around the comparison to silence this warning
if ((data->display_pstate_change_enable[i]
== 1)) {
~
^ ~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:1807:48: note:
use '=' to turn this equality comparison into an assignment
if ((data->display_pstate_change_enable[i]
== 1)) {
^~
=
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:1819:48:
warning: equality comparison with extraneous parentheses
[-Wparentheses-equality]
if ((data->display_pstate_change_enable[i]
== 1)) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:1819:48: note:
remove extraneous parentheses around the comparison to silence this warning
if ((data->display_pstate_change_enable[i]
== 1)) {
~
^ ~
drivers/gpu/drm/amd/amdgpu/../display/dc/calcs/dce_calcs.c:1819:48: note:
use '=' to turn this equality comparison into an assignment
if ((data->display_pstate_change_enable[i]
== 1)) {
^~
=
19 warnings generated.
13 warnings generated.
16 warnings generated.
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_opp.o
17 warnings generated.
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_dmcu.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_abm.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_ipp.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/gpio_base.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/gpio_service.o
13 warnings generated.
drivers/gpu/drm/i915/gvt/dmabuf.c:65:2: warning: comparison of integers of
different signs: 'int' and '__u32' (aka 'unsigned int') [-Wsign-compare]
for_each_sg(st->sgl, sg, fb_info->size, i) {
^ ~~~~~~~~~~~~~ ~
./include/linux/scatterlist.h:156:35: note: expanded from
macro 'for_each_sg'
for (__i = 0, sg = (sglist); __i < (nr); __i++, sg = sg_next(sg))
~~~ ^ ~~
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/hw_factory.o
drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/smu7_hwmgr.o: warning:
objtool: smu7_set_sclk_od() falls through to next function
smu7_get_mclk_od()
drivers/gpu/drm/amd/amdgpu/../powerplay/hwmgr/smu7_hwmgr.o: warning:
objtool: smu7_set_mclk_od() falls through to next function
smu7_read_sensor()
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/hw_gpio.o
13 warnings generated.
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/hw_hpd.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/hw_ddc.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/hw_translate.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce80/hw_translate_dce80.o
drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_transform.c:1129:24:
warning: implicit conversion from enumeration type 'enum
graphics_csc_adjust_type' to different enumeration type 'enum
grph_color_adjust_option' [-Wenum-conversion]
xfm_dce, tbl_entry, GRAPHICS_CSC_ADJUST_TYPE_SW);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dce_clocks.c:307:4: warning:
implicit conversion from enumeration type 'enum dm_pp_clocks_state' to
different enumeration type 'enum dm_pp_power_level' [-Wenum-conversion]
clocks_state };
^~~~~~~~~~~~
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce80/hw_factory_dce80.o
13 warnings generated.
14 warnings generated.
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce110/hw_translate_dce110.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce110/hw_factory_dce110.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce120/hw_translate_dce120.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/dce120/hw_factory_dce120.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/diagnostics/hw_translate_diag.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/gpio/diagnostics/hw_factory_diag.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/aux_engine.o
1 warning generated.
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/engine_base.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/i2caux.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/i2c_engine.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/i2c_generic_hw_engine.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/i2c_hw_engine.o
18 warnings generated.
CC drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/i2c_sw_engine.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce80/i2caux_dce80.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce80/i2c_hw_engine_dce80.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce80/i2c_sw_engine_dce80.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce100/i2caux_dce100.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/i2caux_dce110.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/i2c_sw_engine_dce110.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/i2c_hw_engine_dce110.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce110/aux_engine_dce110.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce112/i2caux_dce112.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/dce120/i2caux_dce120.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/i2caux/diagnostics/i2caux_diag.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/irq/irq_service.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/irq/dce80/irq_service_dce80.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/irq/dce110/irq_service_dce110.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/irq/dce120/irq_service_dce120.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/virtual/virtual_link_encoder.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/virtual/virtual_stream_encoder.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce120/dce120_resource.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce120/dce120_timing_generator.o
17 warnings generated.
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce120/dce120_hw_sequencer.o
18 warnings generated.
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce112/dce112_compressor.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce112/dce112_hw_sequencer.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_timing_generator.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce112/dce112_resource.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_compressor.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_hw_sequencer.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_resource.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_opp_regamma_v.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_opp_csc_v.o
1 warning generated.
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_timing_generator_v.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_mem_input_v.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_opp_v.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_transform_v.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce100/dce100_resource.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce100/dce100_hw_sequencer.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce80/dce80_timing_generator.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce80/dce80_compressor.o
CC
drivers/gpu/drm/amd/amdgpu/../display/dc/dce80/dce80_hw_sequencer.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dce80/dce80_resource.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_hw_sequencer.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_sink.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_surface.o
drivers/gpu/drm/amd/amdgpu/../display/dc/dce110/dce110_opp_csc_v.c:730:24:
warning: implicit conversion from enumeration type 'enum
graphics_csc_adjust_type' to different enumeration type 'enum
grph_color_adjust_option' [-Wenum-conversion]
xfm_dce, tbl_entry, GRAPHICS_CSC_ADJUST_TYPE_SW);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link_hwss.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link_dp.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link_ddc.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_debug.o
1 warning generated.
CC drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.o
CC drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.o
CC drivers/gpu/drm/amd/amdgpu/../display/modules/freesync/freesync.o
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link_dp.c:1929:26:
warning: implicit conversion from enumeration type 'enum ddc_result' to
different enumeration type 'enum dc_status' [-Wenum-conversion]
enum dc_status result = DDC_RESULT_UNKNOWN;
~~~~~~ ^~~~~~~~~~~~~~~~~~
1 warning generated.
19 warnings generated.
30 warnings generated.
AR drivers/gpu/drm/i915/i915.o
AR drivers/gpu/drm/i915/built-in.o
6 warnings generated.
AR drivers/gpu/drm/amd/amdgpu/amdgpu.o
AR drivers/gpu/drm/amd/amdgpu/built-in.o
AR drivers/gpu/drm/built-in.o
AR drivers/gpu/built-in.o
Makefile:1061: recipe for target 'drivers' failed
make: *** [drivers] Error 2
Error text is too large and was truncated, full error text is at:
Tested on https://github.com/google/kmsan.git/master commit
48c6a2b0ab1b752451cdc40b5392471ed1a2a329 (Mon Apr 16 08:42:26 2018 +0000)
mm/kmsan: fix origin calculation in kmsan_internal_check_memory
compiler: clang version 7.0.0 (trunk 329391)
Dmitry Vyukov
Apr 16, 2018, 7:08:11 AM4/16/18
to syzbot, Toshiaki Makita, syzkaller-bugs
This is related to your patch, right?
./include/linux/if_vlan.h:652:31: error: passing 'const struct sk_buff
*' to parameter of type 'struct sk_buff *' discards qualifiers
[-Werror,-Wincompatible-pointer-types-discards-qualifiers]
if (unlikely(!pskb_may_pull(skb, VLAN_ETH_HLEN)))
./include/linux/if_vlan.h:652:31: error: passing 'const struct sk_buff
*' to parameter of type 'struct sk_buff *' discards qualifiers
[-Werror,-Wincompatible-pointer-types-discards-qualifiers]
if (unlikely(!pskb_may_pull(skb, VLAN_ETH_HLEN)))
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/0000000000009ab1c80569f44c04%40google.com.
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
Toshiaki Makita
Apr 16, 2018, 7:17:24 AM4/16/18
to Dmitry Vyukov, syzbot, syzkaller-bugs
On 2018/04/16 20:07, Dmitry Vyukov wrote:
> This is related to your patch, right?
>
> ./include/linux/if_vlan.h:652:31: error: passing 'const struct sk_buff
> *' to parameter of type 'struct sk_buff *' discards qualifiers
> [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
> if (unlikely(!pskb_may_pull(skb, VLAN_ETH_HLEN)))
Yes, it's my bad. Forgot to drop const qualifiers.
> This is related to your patch, right?
>
> ./include/linux/if_vlan.h:652:31: error: passing 'const struct sk_buff
> *' to parameter of type 'struct sk_buff *' discards qualifiers
> [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
> if (unlikely(!pskb_may_pull(skb, VLAN_ETH_HLEN)))
Sorry for confusion.
--
Toshiaki Makita
syzbot
Apr 16, 2018, 7:42:02 AM4/16/18
to makita....@lab.ntt.co.jp, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered
crash:
KMSAN: uninit-value in cpu_load_update
==================================================================
BUG: KMSAN: uninit-value in cpu_load_update+0x873/0xa10
kernel/sched/fair.c:5437
CPU: 0 PID: 3817 Comm: sshd Not tainted 4.16.0+ #1
cpu_load_update_active+0x2a8/0x390 kernel/sched/fair.c:5565
scheduler_tick+0x2a2/0x490 kernel/sched/core.c:3092
update_process_times+0x157/0x1a0 kernel/time/timer.c:1641
tick_sched_handle kernel/time/tick-sched.c:162 [inline]
tick_sched_timer+0x33b/0x4b0 kernel/time/tick-sched.c:1194
__run_hrtimer kernel/time/hrtimer.c:1349 [inline]
__hrtimer_run_queues+0xc54/0x1630 kernel/time/hrtimer.c:1411
hrtimer_interrupt+0x426/0xaf0 kernel/time/hrtimer.c:1469
local_apic_timer_interrupt+0x6b/0x250 arch/x86/kernel/apic/apic.c:1025
smp_apic_timer_interrupt+0x5a/0x90 arch/x86/kernel/apic/apic.c:1053
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:857
</IRQ>
RIP: 0010:my_phys_addr_valid mm/kmsan/kmsan_instr.c:103 [inline]
RIP: 0010:my_virt_addr_valid mm/kmsan/kmsan_instr.c:125 [inline]
RIP: 0010:msan_get_shadow_origin_ptr+0xa9/0x230 mm/kmsan/kmsan_instr.c:256
RSP: 0018:ffff8801d495e6a8 EFLAGS: 00000207 ORIG_RAX: ffffffffffffff12
RAX: ffff88025f116308 RBX: ffffffff8832b000 RCX: ffff8801df11632e
RDX: 00000001df116308 RSI: 0000000000000004 RDI: ffff8801df116308
RBP: ffff8801d495e6d8 R08: 0000000001080001 R09: 0000000000000002
R10: 0000000000000000 R11: ffffffff85b210d0 R12: 0000000000000000
R13: ffff8801df116300 R14: ffffffff8832a000 R15: ffff8801df116308
__msan_metadata_ptr_for_load_4+0x10/0x20 mm/kmsan/kmsan_instr.c:320
slab_pre_alloc_hook mm/slab.h:426 [inline]
slab_alloc_node mm/slub.c:2663 [inline]
slab_alloc mm/slub.c:2745 [inline]
kmem_cache_alloc+0x1db/0xb80 mm/slub.c:2750
skb_clone+0x31e/0x590 net/core/skbuff.c:1280
dev_queue_xmit_nit+0x4ea/0x1230 net/core/dev.c:1959
xmit_one net/core/dev.c:3022 [inline]
dev_hard_start_xmit+0x27c/0xc80 net/core/dev.c:3042
sch_direct_xmit+0x540/0x8f0 net/sched/sch_generic.c:327
qdisc_restart net/sched/sch_generic.c:399 [inline]
__qdisc_run+0x1822/0x3730 net/sched/sch_generic.c:410
__dev_xmit_skb net/core/dev.c:3217 [inline]
__dev_queue_xmit+0x1784/0x2b90 net/core/dev.c:3525
dev_queue_xmit+0x4b/0x60 net/core/dev.c:3590
neigh_hh_output include/net/neighbour.h:472 [inline]
neigh_output include/net/neighbour.h:480 [inline]
ip_finish_output2+0x1198/0x1390 net/ipv4/ip_output.c:229
ip_finish_output+0xcbd/0x1000 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:277 [inline]
ip_output+0x502/0x5c0 net/ipv4/ip_output.c:405
dst_output include/net/dst.h:443 [inline]
ip_local_out net/ipv4/ip_output.c:124 [inline]
ip_queue_xmit+0x1fb4/0x21d0 net/ipv4/ip_output.c:504
tcp_transmit_skb+0x3938/0x5290 net/ipv4/tcp_output.c:1176
tcp_write_xmit+0x4321/0xb920 net/ipv4/tcp_output.c:2394
__tcp_push_pending_frames+0x124/0x3f0 net/ipv4/tcp_output.c:2567
tcp_push+0x8b6/0x9c0 net/ipv4/tcp.c:726
tcp_sendmsg_locked+0x57f6/0x6fc0 net/ipv4/tcp.c:1426
tcp_sendmsg+0xb2/0x100 net/ipv4/tcp.c:1463
inet_sendmsg+0x492/0x750 net/ipv4/af_inet.c:764
call_write_iter include/linux/fs.h:1782 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x726/0x920 fs/read_write.c:482
vfs_write+0x463/0x8d0 fs/read_write.c:544
SYSC_write+0x172/0x360 fs/read_write.c:589
SyS_write+0x55/0x80 fs/read_write.c:581
do_syscall_64+0x2f1/0x440 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
RIP: 0033:0x7f7db888e370
RSP: 002b:00007ffcf7d70218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000048 RCX: 00007f7db888e370
RDX: 0000000000000048 RSI: 00005654998fa440 RDI: 0000000000000003
RBP: 00005654998fa440 R08: 0000000000000001 R09: 0101010101010101
R10: 0000000000000008 R11: 0000000000000246 R12: 00007ffcf7d7027c
R13: 0000565498be7fb4 R14: 0000000000000028 R15: 0000565498be9ca0
Uninit was stored to memory at:
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
kmsan_save_stack mm/kmsan/kmsan.c:293 [inline]
kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:684
__msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:521
cpu_load_update+0x841/0xa10 kernel/sched/fair.c:5428
cpu_load_update_active+0x2a8/0x390 kernel/sched/fair.c:5565
scheduler_tick+0x2a2/0x490 kernel/sched/core.c:3092
update_process_times+0x157/0x1a0 kernel/time/timer.c:1641
tick_sched_handle kernel/time/tick-sched.c:162 [inline]
tick_sched_timer+0x33b/0x4b0 kernel/time/tick-sched.c:1194
__run_hrtimer kernel/time/hrtimer.c:1349 [inline]
__hrtimer_run_queues+0xc54/0x1630 kernel/time/hrtimer.c:1411
hrtimer_interrupt+0x426/0xaf0 kernel/time/hrtimer.c:1469
local_apic_timer_interrupt+0x6b/0x250 arch/x86/kernel/apic/apic.c:1025
smp_apic_timer_interrupt+0x5a/0x90 arch/x86/kernel/apic/apic.c:1053
Local variable description: ----flags.i.i.i.i@_raw_spin_lock_irqsave
Variable was created at:
_raw_spin_lock_irqsave+0x45/0xf0 kernel/locking/spinlock.c:150
hrtimer_interrupt+0x101/0xaf0 kernel/time/hrtimer.c:1450
==================================================================
Tested on https://github.com/google/kmsan.git/master commit
48c6a2b0ab1b752451cdc40b5392471ed1a2a329 (Mon Apr 16 08:42:26 2018 +0000)
mm/kmsan: fix origin calculation in kmsan_internal_check_memory
compiler: clang version 7.0.0 (trunk 329391)
Patch: https://syzkaller.appspot.com/x/patch.diff?id=5097070616641536
Kernel config:
https://syzkaller.appspot.com/x/.config?id=6627248707860932248
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=5521466200162304
syzbot has tested the proposed patch but the reproducer still triggered
crash:
KMSAN: uninit-value in cpu_load_update
==================================================================
BUG: KMSAN: uninit-value in cpu_load_update+0x873/0xa10
kernel/sched/fair.c:5437
CPU: 0 PID: 3817 Comm: sshd Not tainted 4.16.0+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x185/0x1d0 lib/dump_stack.c:53
kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
__msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676
cpu_load_update+0x873/0xa10 kernel/sched/fair.c:5437
dump_stack+0x185/0x1d0 lib/dump_stack.c:53
kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
__msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676
cpu_load_update_active+0x2a8/0x390 kernel/sched/fair.c:5565
scheduler_tick+0x2a2/0x490 kernel/sched/core.c:3092
update_process_times+0x157/0x1a0 kernel/time/timer.c:1641
tick_sched_handle kernel/time/tick-sched.c:162 [inline]
tick_sched_timer+0x33b/0x4b0 kernel/time/tick-sched.c:1194
__run_hrtimer kernel/time/hrtimer.c:1349 [inline]
__hrtimer_run_queues+0xc54/0x1630 kernel/time/hrtimer.c:1411
hrtimer_interrupt+0x426/0xaf0 kernel/time/hrtimer.c:1469
local_apic_timer_interrupt+0x6b/0x250 arch/x86/kernel/apic/apic.c:1025
smp_apic_timer_interrupt+0x5a/0x90 arch/x86/kernel/apic/apic.c:1053
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:857
</IRQ>
RIP: 0010:my_phys_addr_valid mm/kmsan/kmsan_instr.c:103 [inline]
RIP: 0010:my_virt_addr_valid mm/kmsan/kmsan_instr.c:125 [inline]
RIP: 0010:msan_get_shadow_origin_ptr+0xa9/0x230 mm/kmsan/kmsan_instr.c:256
RSP: 0018:ffff8801d495e6a8 EFLAGS: 00000207 ORIG_RAX: ffffffffffffff12
RAX: ffff88025f116308 RBX: ffffffff8832b000 RCX: ffff8801df11632e
RDX: 00000001df116308 RSI: 0000000000000004 RDI: ffff8801df116308
RBP: ffff8801d495e6d8 R08: 0000000001080001 R09: 0000000000000002
R10: 0000000000000000 R11: ffffffff85b210d0 R12: 0000000000000000
R13: ffff8801df116300 R14: ffffffff8832a000 R15: ffff8801df116308
__msan_metadata_ptr_for_load_4+0x10/0x20 mm/kmsan/kmsan_instr.c:320
slab_pre_alloc_hook mm/slab.h:426 [inline]
slab_alloc_node mm/slub.c:2663 [inline]
slab_alloc mm/slub.c:2745 [inline]
kmem_cache_alloc+0x1db/0xb80 mm/slub.c:2750
skb_clone+0x31e/0x590 net/core/skbuff.c:1280
dev_queue_xmit_nit+0x4ea/0x1230 net/core/dev.c:1959
xmit_one net/core/dev.c:3022 [inline]
dev_hard_start_xmit+0x27c/0xc80 net/core/dev.c:3042
sch_direct_xmit+0x540/0x8f0 net/sched/sch_generic.c:327
qdisc_restart net/sched/sch_generic.c:399 [inline]
__qdisc_run+0x1822/0x3730 net/sched/sch_generic.c:410
__dev_xmit_skb net/core/dev.c:3217 [inline]
__dev_queue_xmit+0x1784/0x2b90 net/core/dev.c:3525
dev_queue_xmit+0x4b/0x60 net/core/dev.c:3590
neigh_hh_output include/net/neighbour.h:472 [inline]
neigh_output include/net/neighbour.h:480 [inline]
ip_finish_output2+0x1198/0x1390 net/ipv4/ip_output.c:229
ip_finish_output+0xcbd/0x1000 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:277 [inline]
ip_output+0x502/0x5c0 net/ipv4/ip_output.c:405
dst_output include/net/dst.h:443 [inline]
ip_local_out net/ipv4/ip_output.c:124 [inline]
ip_queue_xmit+0x1fb4/0x21d0 net/ipv4/ip_output.c:504
tcp_transmit_skb+0x3938/0x5290 net/ipv4/tcp_output.c:1176
tcp_write_xmit+0x4321/0xb920 net/ipv4/tcp_output.c:2394
__tcp_push_pending_frames+0x124/0x3f0 net/ipv4/tcp_output.c:2567
tcp_push+0x8b6/0x9c0 net/ipv4/tcp.c:726
tcp_sendmsg_locked+0x57f6/0x6fc0 net/ipv4/tcp.c:1426
tcp_sendmsg+0xb2/0x100 net/ipv4/tcp.c:1463
inet_sendmsg+0x492/0x750 net/ipv4/af_inet.c:764
sock_sendmsg_nosec net/socket.c:630 [inline]
sock_sendmsg net/socket.c:640 [inline]
sock_write_iter+0x3be/0x470 net/socket.c:909
sock_sendmsg net/socket.c:640 [inline]
call_write_iter include/linux/fs.h:1782 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x726/0x920 fs/read_write.c:482
vfs_write+0x463/0x8d0 fs/read_write.c:544
SYSC_write+0x172/0x360 fs/read_write.c:589
SyS_write+0x55/0x80 fs/read_write.c:581
do_syscall_64+0x2f1/0x440 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
RIP: 0033:0x7f7db888e370
RSP: 002b:00007ffcf7d70218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000048 RCX: 00007f7db888e370
RDX: 0000000000000048 RSI: 00005654998fa440 RDI: 0000000000000003
RBP: 00005654998fa440 R08: 0000000000000001 R09: 0101010101010101
R10: 0000000000000008 R11: 0000000000000246 R12: 00007ffcf7d7027c
R13: 0000565498be7fb4 R14: 0000000000000028 R15: 0000565498be9ca0
Uninit was stored to memory at:
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
kmsan_save_stack mm/kmsan/kmsan.c:293 [inline]
kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:684
__msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:521
cpu_load_update+0x841/0xa10 kernel/sched/fair.c:5428
cpu_load_update_active+0x2a8/0x390 kernel/sched/fair.c:5565
scheduler_tick+0x2a2/0x490 kernel/sched/core.c:3092
update_process_times+0x157/0x1a0 kernel/time/timer.c:1641
tick_sched_handle kernel/time/tick-sched.c:162 [inline]
tick_sched_timer+0x33b/0x4b0 kernel/time/tick-sched.c:1194
__run_hrtimer kernel/time/hrtimer.c:1349 [inline]
__hrtimer_run_queues+0xc54/0x1630 kernel/time/hrtimer.c:1411
hrtimer_interrupt+0x426/0xaf0 kernel/time/hrtimer.c:1469
local_apic_timer_interrupt+0x6b/0x250 arch/x86/kernel/apic/apic.c:1025
smp_apic_timer_interrupt+0x5a/0x90 arch/x86/kernel/apic/apic.c:1053
Local variable description: ----flags.i.i.i.i@_raw_spin_lock_irqsave
Variable was created at:
_raw_spin_lock_irqsave+0x45/0xf0 kernel/locking/spinlock.c:150
hrtimer_interrupt+0x101/0xaf0 kernel/time/hrtimer.c:1450
==================================================================
Tested on https://github.com/google/kmsan.git/master commit
48c6a2b0ab1b752451cdc40b5392471ed1a2a329 (Mon Apr 16 08:42:26 2018 +0000)
mm/kmsan: fix origin calculation in kmsan_internal_check_memory
compiler: clang version 7.0.0 (trunk 329391)
Kernel config:
https://syzkaller.appspot.com/x/.config?id=6627248707860932248
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=5521466200162304
Dmitry Vyukov
Apr 16, 2018, 7:44:23 AM4/16/18
to syzbot, Toshiaki Makita, syzkaller-bugs
syzbot
Apr 16, 2018, 7:58:01 AM4/16/18
to dvy...@google.com, makita....@lab.ntt.co.jp, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+0bbe42...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on https://github.com/google/kmsan.git/master commit
48c6a2b0ab1b752451cdc40b5392471ed1a2a329 (Mon Apr 16 08:42:26 2018 +0000)
mm/kmsan: fix origin calculation in kmsan_internal_check_memory
compiler: clang version 7.0.0 (trunk 329391)
Patch: https://syzkaller.appspot.com/x/patch.diff?id=6327930934263808
Kernel config:
https://syzkaller.appspot.com/x/.config?id=6627248707860932248
---
There is no WARRANTY for the result, to the extent permitted by applicable
law.
Except when otherwise stated in writing syzbot provides the result "AS IS"
without warranty of any kind, either expressed or implied, but not limited
to,
the implied warranties of merchantability and fittness for a particular
purpose.
The entire risk as to the quality of the result is with you. Should the
result
prove defective, you assume the cost of all necessary servicing, repair or
correction.
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+0bbe42...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on https://github.com/google/kmsan.git/master commit
48c6a2b0ab1b752451cdc40b5392471ed1a2a329 (Mon Apr 16 08:42:26 2018 +0000)
mm/kmsan: fix origin calculation in kmsan_internal_check_memory
compiler: clang version 7.0.0 (trunk 329391)
Kernel config:
https://syzkaller.appspot.com/x/.config?id=6627248707860932248
---
There is no WARRANTY for the result, to the extent permitted by applicable
law.
Except when otherwise stated in writing syzbot provides the result "AS IS"
without warranty of any kind, either expressed or implied, but not limited
to,
the implied warranties of merchantability and fittness for a particular
purpose.
The entire risk as to the quality of the result is with you. Should the
result
prove defective, you assume the cost of all necessary servicing, repair or
correction.
Dmitry Vyukov
Apr 16, 2018, 8:19:24 AM4/16/18
to syzbot, Toshiaki Makita, syzkaller-bugs
On Mon, Apr 16, 2018 at 1:58 PM, syzbot
<syzbot+0bbe42...@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger
> crash:
Okay! We should be good now.
<syzbot+0bbe42...@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger
> crash:
Reply all
Reply to author
Forward
0 new messages