From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C371BC2B9F4 for ; Mon, 14 Jun 2021 18:53:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 840E261246 for ; Mon, 14 Jun 2021 18:53:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233558AbhFNSzH (ORCPT ); Mon, 14 Jun 2021 14:55:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57998 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232992AbhFNSzG (ORCPT ); Mon, 14 Jun 2021 14:55:06 -0400 Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 629F2C061574 for ; Mon, 14 Jun 2021 11:53:03 -0700 (PDT) Received: by mail-qt1-x833.google.com with SMTP id o20so9349816qtr.8 for ; Mon, 14 Jun 2021 11:53:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=LsxxzhDAt0cyX21wSpSzW9B7eIE5gsFNuCODsfXCxLs=; b=BWv9nXi2eSS+briii2CN777aKBTjzeFVwNj9cOgcDo47cmkClDrJAOLp7bq0hoKw3K jFpvLwRFnmL0qPoWVOOzcIVltxV0ButJOgw6hBbYTwX9RyCBzIYCqlraNu/R0vh5vrEZ +UhRVqHmUTY5QyrA2xKDvcny35akhWEZ3SfCezR6ELNVZryYl4VfEU7xaheTtIqRAotg oX1l29ww0rOUpxFeQDDOKv2EUo4X8SPejdPPe8U9A8kvJ8XKiLmBmTUQ8IBdei1sxbnN 2MmgHW/GiBa9yyoz5sm/78obAaVR14dzv5xeOXb9se08eUT6HemTKLV2ktYC3mUNU0rv DeVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=LsxxzhDAt0cyX21wSpSzW9B7eIE5gsFNuCODsfXCxLs=; b=oYW/Bi0uoS3kOGPURAfNKthfDAIur4qnwbeV+JWogmytFjhZnD02z4NtjxWy/o+sg5 Cz33cFcOD9LcJuLDKOxVPboIGNOR0S5G0ah4yKQRIHJHmEYQGXgNNjRP560cC9V5lBSS +F0ZSLUhWGsZq4LUMXsLAQiLyZg0eEyQdwalFNQSFcd8BLI2tlUkTlbkwybcBRJKrO65 GB7s9hBJfsksKSHEMzJOHwTkla9Cmkr0KIeFCveSI4WfAH/6udw2Uu3uh/yrEZy/YA/o JHcnd1swQq79wioO2nTGvJlaJ84Ptsn3ZhND5WANc4YIF0mKlhkQZHtMf3KZoBfrzrsS UPWQ== X-Gm-Message-State: AOAM533Yml58MBXlhWm5S1KclXBbxr3viouHgy5Q+OHLf986GH70T/EG u0nWwfYnNvxUrZQmkSnWKKb++g== X-Google-Smtp-Source: ABdhPJxzcRKLaj9v0WCybLcKXJSdjgERUTuQy/oj4is1kn7qZ/gygWLfi/Co83JAj7esKo6VPWS/wA== X-Received: by 2002:a05:622a:1751:: with SMTP id l17mr17887789qtk.35.1623696782026; Mon, 14 Jun 2021 11:53:02 -0700 (PDT) Received: from ?IPv6:2620:10d:c0a8:11d9::1287? ([2620:10d:c091:480::1:a94c]) by smtp.gmail.com with ESMTPSA id v16sm10593792qkj.10.2021.06.14.11.53.00 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Jun 2021 11:53:01 -0700 (PDT) Subject: Re: [syzbot] KMSAN: uninit-value in generic_bin_search (2) To: syzbot , clm@fb.com, dsterba@suse.com, glider@google.com, linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com References: <0000000000009c083105c4b34e70@google.com> From: Josef Bacik Message-ID: <8ba465e6-f933-6224-ef74-c5aa898a1022@toxicpanda.com> Date: Mon, 14 Jun 2021 14:52:59 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <0000000000009c083105c4b34e70@google.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/14/21 1:41 AM, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 6099c9da x86: entry: speculatively unpoison pt_regs in do_.. > git tree: https://github.com/google/kmsan.git master > console output: https://syzkaller.appspot.com/x/log.txt?x=12c7a057d00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=4e6842a91012889c > dashboard link: https://syzkaller.appspot.com/bug?extid=8aa9678d1cda7a0432b7 > compiler: Debian clang version 11.0.1-2 > userspace arch: i386 > > Unfortunately, I don't have any reproducer for this issue yet. > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+8aa9678d1cda7a0432b7@syzkaller.appspotmail.com > > tracehook_notify_resume include/linux/tracehook.h:189 [inline] > exit_to_user_mode_loop kernel/entry/common.c:174 [inline] > exit_to_user_mode_prepare+0x486/0x560 kernel/entry/common.c:208 > __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline] > syscall_exit_to_user_mode+0x35/0x60 kernel/entry/common.c:301 > __do_fast_syscall_32+0x14f/0x180 arch/x86/entry/common.c:145 > do_fast_syscall_32+0x77/0xd0 arch/x86/entry/common.c:168 > do_SYSENTER_32+0x73/0x90 arch/x86/entry/common.c:211 > entry_SYSENTER_compat_after_hwframe+0x4d/0x5c > ===================================================== > ===================================================== > BUG: KMSAN: uninit-value in btrfs_comp_cpu_keys fs/btrfs/ctree.c:1556 [inline] > BUG: KMSAN: uninit-value in comp_keys fs/btrfs/ctree.c:1528 [inline] > BUG: KMSAN: uninit-value in generic_bin_search+0x799/0xbc0 fs/btrfs/ctree.c:1702 > CPU: 1 PID: 9364 Comm: syz-executor.2 Tainted: G B 5.12.0-rc6-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:79 [inline] > dump_stack+0x24c/0x2e0 lib/dump_stack.c:120 > kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118 > __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:197 > btrfs_comp_cpu_keys fs/btrfs/ctree.c:1556 [inline] > comp_keys fs/btrfs/ctree.c:1528 [inline] > generic_bin_search+0x799/0xbc0 fs/btrfs/ctree.c:1702 > btrfs_bin_search fs/btrfs/ctree.c:1724 [inline] This appears to be a bug in KMSAN, the code is doing the correct thing and it appears to be complaining about tmp, which is initialized either in the if or else part. The else part may be what's confusing KMSAM here as it's essentially struct btrfs_disk_key tmp; struct btrfs_disk_key unaligned; else { memcpy(&unaligned, ptr, len); // read_extent_buffer is basically memcpy tmp = &unaligned; } Thanks, Josef