| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Apr 2024 10:39:31 +0200 From: Alexander Potapenko <glider@...gle.com> To: syzbot <syzbot+355c5bb8c1445c871ee8@...kaller.appspotmail.com> Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, pabeni@...hat.com, syzkaller-bugs@...glegroups.com Subject: Re: [syzbot] [net?] KMSAN: uninit-value in unwind_dump On Fri, Apr 19, 2024 at 6:36 PM syzbot <syzbot+355c5bb8c1445c871ee8@...kaller.appspotmail.com> wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: 0bbac3facb5d Linux 6.9-rc4 > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=13403bcb180000 > kernel config: https://syzkaller.appspot.com/x/.config?x=87a805e655619c64 > dashboard link: https://syzkaller.appspot.com/bug?extid=355c5bb8c1445c871ee8 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/93eb2bab28b5/disk-0bbac3fa.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/47a883d2dfaa/vmlinux-0bbac3fa.xz > kernel image: https://storage.googleapis.com/syzbot-assets/6bc56900ec1d/bzImage-0bbac3fa.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+355c5bb8c1445c871ee8@...kaller.appspotmail.com > > WARNING: kernel stack frame pointer at ffff88813fd05fe8 in kworker/1:1:42 has bad value ffff888103513fe8 > unwind stack type:0 next_sp:ffff888103513fd8 mask:0x4 graph_idx:0 > ===================================================== > BUG: KMSAN: uninit-value in unwind_dump+0x5a0/0x730 arch/x86/kernel/unwind_frame.c:60 > unwind_dump+0x5a0/0x730 arch/x86/kernel/unwind_frame.c:60 > unwind_next_frame+0x2d6/0x470 > arch_stack_walk+0x1ec/0x2d0 arch/x86/kernel/stacktrace.c:25 > stack_trace_save+0xaa/0xe0 kernel/stacktrace.c:122 > ref_tracker_free+0x103/0xec0 lib/ref_tracker.c:239 > __netns_tracker_free include/net/net_namespace.h:348 [inline] > put_net_track include/net/net_namespace.h:363 [inline] > __sk_destruct+0x5aa/0xb70 net/core/sock.c:2204 > sk_destruct net/core/sock.c:2223 [inline] > __sk_free+0x6de/0x760 net/core/sock.c:2234 > sk_free+0x70/0xc0 net/core/sock.c:2245 > deferred_put_nlk_sk+0x243/0x270 net/netlink/af_netlink.c:744 > rcu_do_batch kernel/rcu/tree.c:2196 [inline] > rcu_core+0xa59/0x1e70 kernel/rcu/tree.c:2471 > rcu_core_si+0x12/0x20 kernel/rcu/tree.c:2488 > __do_softirq+0x1c0/0x7d7 kernel/softirq.c:554 > invoke_softirq kernel/softirq.c:428 [inline] > __irq_exit_rcu kernel/softirq.c:633 [inline] > irq_exit_rcu+0x6a/0x130 kernel/softirq.c:645 > instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] > sysvec_apic_timer_interrupt+0x83/0x90 arch/x86/kernel/apic/apic.c:1043 > > Local variable tx created at: > ieee80211_get_buffered_bc+0x44/0x970 net/mac80211/tx.c:5886 > mac80211_hwsim_beacon_tx+0x63b/0xb40 drivers/net/wireless/virtual/mac80211_hwsim.c:2303 > > CPU: 1 PID: 42 Comm: kworker/1:1 Not tainted 6.9.0-rc4-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 > Workqueue: usb_hub_wq hub_event > ===================================================== This seems to be a false positive caused by KMSAN instrumenting READ_ONCE_NOCHECK(), although it is not supposed to. I was going to define it as follows under __SANITIZE_MEMORY__: #define __no_sanitize_or_inline __no_kmsan_checks notrace __maybe_unused , but I find the name __no_sanitize_or_inline a bit unfortunate because it doesn't distinguish between "do not instrument this code" and "do not report bugs in this code", which have different meanings from KMSAN perspective.
Powered by blists - more mailing lists