From: Stefan Hajnoczi <stefanha@redhat.com>
To: Alexander Potapenko <glider@google.com>
Cc: syzbot <syzbot+d7521c1e3841ed075a42@syzkaller.appspotmail.com>,
jasowang@redhat.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com, virtualization@lists.linux.dev,
xuanzhuo@linux.alibaba.com, bonzini@redhat.com,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [syzbot] [virtualization?] KMSAN: uninit-value in virtqueue_add (4)
Date: Wed, 24 Jan 2024 16:25:31 -0500 [thread overview]
Message-ID: <20240124212531.GA609846@fedora> (raw)
In-Reply-To: <CAG_fn=XmxeUePHFth5asQvHvo3=QSL4tB4yS5_3UVHWYJ=VRnw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2610 bytes --]
On Wed, Jan 24, 2024 at 11:47:32AM +0100, Alexander Potapenko wrote:
> On Thu, Jan 4, 2024 at 9:45 PM Stefan Hajnoczi <stefanha@redhat.com> wrote:
> >
> > On Tue, Jan 02, 2024 at 08:03:46AM -0500, Michael S. Tsirkin wrote:
> > > On Mon, Jan 01, 2024 at 05:38:24AM -0800, syzbot wrote:
> > > > Hello,
> > > >
> > > > syzbot found the following issue on:
> > > >
> > > > HEAD commit: fbafc3e621c3 Merge tag 'for_linus' of git://git.kernel.org..
> > > > git tree: upstream
> > > > console+strace: https://syzkaller.appspot.com/x/log.txt?x=173df3e9e80000
> > > > kernel config: https://syzkaller.appspot.com/x/.config?x=e0c7078a6b901aa3
> > > > dashboard link: https://syzkaller.appspot.com/bug?extid=d7521c1e3841ed075a42
> > > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1300b4a1e80000
> > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=130b0379e80000
> > > >
> > > > Downloadable assets:
> > > > disk image: https://storage.googleapis.com/syzbot-assets/1520f7b6daa4/disk-fbafc3e6.raw.xz
> > > > vmlinux: https://storage.googleapis.com/syzbot-assets/8b490af009d5/vmlinux-fbafc3e6.xz
> > > > kernel image: https://storage.googleapis.com/syzbot-assets/202ca200f4a4/bzImage-fbafc3e6.xz
> > > >
> > > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > > Reported-by: syzbot+d7521c1e3841ed075a42@syzkaller.appspotmail.com
> > > >
> > > > =====================================================
> >
> > Hi Alexander,
> > Please take a look at this KMSAN failure. The uninitialized memory was
> > created for the purpose of writing a coredump. vring_map_one_sg() should
> > have direction=DMA_TO_DEVICE.
> >
> Hi Stefan,
>
> I took a closer look, and am pretty confident this is a false positive.
> I tried adding memset(..., 0xab, PAGE_SIZE << order) to alloc_pages()
> and never saw
> the 0xab pattern in the buffers for which KMSAN reported an error.
>
> This probably isn't an error in 88938359e2df ("virtio: kmsan:
> check/unpoison scatterlist in
> vring_map_one_sg()"), which by itself should be doing a sane thing:
> report an error if an
> uninitialized buffer is passed to it. It is more likely that we're
> missing some initialization that
> happens in coredump.c
>
> Does anyone have an idea where coredump.c is supposed to be
> initializing these pages?
> Maybe there are some inline assembly functions involved in copying the data?
Thanks for your time looking into this!
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2024-01-24 21:25 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-01 13:38 [syzbot] [virtualization?] KMSAN: uninit-value in virtqueue_add (4) syzbot
2024-01-02 7:38 ` Tetsuo Handa
2024-01-03 9:59 ` Tetsuo Handa
2024-02-21 11:04 ` Tetsuo Handa
2024-01-02 7:38 ` [syzbot] " syzbot
2024-01-02 13:03 ` Michael S. Tsirkin
2024-01-04 20:45 ` Stefan Hajnoczi
2024-01-24 10:47 ` Alexander Potapenko
2024-01-24 21:25 ` Stefan Hajnoczi [this message]
2024-01-26 0:43 ` Edward Adam Davis
2024-01-26 1:26 ` [syzbot] [mm] " syzbot
2024-01-26 1:35 ` [syzbot] [virtualization?] " Edward Adam Davis
2024-01-26 1:43 ` [syzbot] [mm] " syzbot
2024-01-26 10:19 ` [syzbot] [virtualization?] " Alexander Potapenko
2024-01-26 6:57 ` Edward Adam Davis
2024-01-26 7:34 ` [syzbot] [mm] " syzbot
2024-02-24 5:53 ` [syzbot] [virtualization?] " Tetsuo Handa
2024-02-24 6:22 ` [syzbot] [mm] " syzbot
2024-02-24 10:47 ` [syzbot] [virtualization?] " Tetsuo Handa
2024-02-24 11:19 ` [syzbot] [mm] " syzbot
2024-02-24 14:03 ` [syzbot] [virtualization?] " Tetsuo Handa
2024-02-24 14:24 ` [syzbot] [mm] " syzbot
2024-02-25 0:01 ` [syzbot] [virtualization?] " Tetsuo Handa
2024-02-25 0:21 ` [syzbot] [mm] " syzbot
2024-02-25 0:27 ` [syzbot] [virtualization?] " Edward Adam Davis
2024-02-25 0:52 ` [syzbot] [mm] " syzbot
2024-02-25 1:50 ` [syzbot] Re: [syzbot] [virtualization?] " syzbot
2024-02-25 2:42 ` syzbot
2024-02-25 3:59 ` syzbot
2024-03-06 13:14 ` syzbot
2024-03-26 10:35 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240124212531.GA609846@fedora \
--to=stefanha@redhat.com \
--cc=bonzini@redhat.com \
--cc=glider@google.com \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=syzbot+d7521c1e3841ed075a42@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=virtualization@lists.linux.dev \
--cc=xuanzhuo@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.