diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2018-09-13 11:21:29 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2018-09-13 11:21:29 +0200 |
| commit | 0e29942f77715486995d996f80f82742812d75a2 (patch) | |
| tree | 966e8777b6be5bb92aa4589c10d087e03e0d3d64 /pkg/report/testdata/linux | |
| parent | 71907dafdbb47df824e03665e5b9fffa0dd07a9e (diff) | |
pkg/report: improve KMSAN report parsing
Extract guilty frame from stack.
Add few more ignored functions.
Add more tests.
Diffstat (limited to 'pkg/report/testdata/linux')
| -rw-r--r-- | pkg/report/testdata/linux/report/108 | 4 | ||||
| -rw-r--r-- | pkg/report/testdata/linux/report/219 | 4 | ||||
| -rw-r--r-- | pkg/report/testdata/linux/report/220 | 4 | ||||
| -rw-r--r-- | pkg/report/testdata/linux/report/301 | 41 | ||||
| -rw-r--r-- | pkg/report/testdata/linux/report/302 | 39 | ||||
| -rw-r--r-- | pkg/report/testdata/linux/report/303 | 56 | ||||
| -rw-r--r-- | pkg/report/testdata/linux/report/304 | 42 | ||||
| -rw-r--r-- | pkg/report/testdata/linux/report/305 | 34 |
8 files changed, 218 insertions, 6 deletions
diff --git a/pkg/report/testdata/linux/report/108 b/pkg/report/testdata/linux/report/108 index 513576697..310114bca 100644 --- a/pkg/report/testdata/linux/report/108 +++ b/pkg/report/testdata/linux/report/108 @@ -1,7 +1,7 @@ -TITLE: KMSAN: use of uninitialized memory in packet_set_ring +TITLE: KMSAN: uninit-value in packet_set_ring [ 208.131930] ================================================================== -[ 208.139343] BUG: KMSAN: use of uninitialized memory in packet_set_ring+0x11b8/0x2ff0 +[ 208.139343] BUG: KMSAN: uninit-value in packet_set_ring+0x11b8/0x2ff0 [ 208.147224] CPU: 0 PID: 12442 Comm: syz-executor0 Tainted: G B 4.13.0+ #12 [ 208.155359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.164705] Call Trace: diff --git a/pkg/report/testdata/linux/report/219 b/pkg/report/testdata/linux/report/219 index 546025214..a6712f76e 100644 --- a/pkg/report/testdata/linux/report/219 +++ b/pkg/report/testdata/linux/report/219 @@ -1,7 +1,7 @@ -TITLE: KMSAN: use of uninitialized memory in rt6_mtu_change_route +TITLE: KMSAN: uninit-value in rt6_mtu_change_route [ 69.998746] ================================================================== -[ 70.006190] BUG: KMSAN: use of uninitialized memory in rt6_mtu_change_route+0x4d8/0xa70 +[ 70.006190] BUG: KMSAN: uninit-value in rt6_mtu_change_route+0x4d8/0xa70 [ 70.014351] CPU: 0 PID: 8319 Comm: syz-executor7 Not tainted 4.16.0-rc4+ #63 [ 70.021546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.030902] Call Trace: diff --git a/pkg/report/testdata/linux/report/220 b/pkg/report/testdata/linux/report/220 index 56f6e6e52..96ba57740 100644 --- a/pkg/report/testdata/linux/report/220 +++ b/pkg/report/testdata/linux/report/220 @@ -1,7 +1,7 @@ -TITLE: KMSAN: use of uninitialized memory in show_trace_log_lvl +TITLE: KMSAN: uninit-value in show_trace_log_lvl [ 46.514273] ================================================================== -[ 46.521639] BUG: KMSAN: use of uninitialized memory in show_trace_log_lvl+0xda4/0x1030 +[ 46.521639] BUG: KMSAN: uninit-value in show_trace_log_lvl+0xda4/0x1030 [ 46.529696] CPU: 1 PID: 4975 Comm: syz-executor1 Not tainted 4.16.0-rc4+ #60 [ 46.536872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.546219] Call Trace: diff --git a/pkg/report/testdata/linux/report/301 b/pkg/report/testdata/linux/report/301 new file mode 100644 index 000000000..1bb85bf01 --- /dev/null +++ b/pkg/report/testdata/linux/report/301 @@ -0,0 +1,41 @@ +TITLE: KMSAN: kernel-infoleak in copy_siginfo_to_user + +[ 47.389823] ================================================================== +[ 47.397223] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x15d/0x1f0 +[ 47.403731] CPU: 0 PID: 4398 Comm: syz-executor001 Not tainted 4.19.0-rc3+ #45 +[ 47.411088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +[ 47.420459] Call Trace: +[ 47.423083] dump_stack+0x14b/0x190 +[ 47.426745] kmsan_report+0x183/0x2b0 +[ 47.430573] kmsan_internal_check_memory+0xfe/0x1f0 +[ 47.435592] kmsan_copy_to_user+0x73/0xb0 +[ 47.439764] _copy_to_user+0x15d/0x1f0 +[ 47.443663] copy_siginfo_to_user+0x81/0x130 +[ 47.448101] ptrace_request+0x2278/0x2680 +[ 47.452257] ? __msan_poison_alloca+0x173/0x1f0 +[ 47.456956] ? _raw_spin_lock_irqsave+0x41/0xe0 +[ 47.461649] ? wait_task_inactive+0x397/0x990 +[ 47.466185] ? kmsan_set_origin_inline+0x6b/0x120 +[ 47.471039] arch_ptrace+0xbdd/0x11a0 +[ 47.474841] ? ptrace_check_attach+0x182/0x5b0 +[ 47.479446] __se_sys_ptrace+0x2a2/0x7e0 +[ 47.483558] __x64_sys_ptrace+0x56/0x70 +[ 47.487534] do_syscall_64+0xb8/0x100 +[ 47.491343] entry_SYSCALL_64_after_hwframe+0x63/0xe7 +[ 47.496534] RIP: 0033:0x440df9 +[ 47.499746] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 +[ 47.518655] RSP: 002b:00007ffe8af43578 EFLAGS: 00000286 ORIG_RAX: 0000000000000065 +[ 47.526385] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440df9 +[ 47.533646] RDX: 0000000020000004 RSI: 0000000000000001 RDI: 0000000000004209 +[ 47.540912] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 +[ 47.548187] R10: 0000000020000100 R11: 0000000000000286 R12: 000000000000b922 +[ 47.555446] R13: 0000000000401dd0 R14: 0000000000000000 R15: 0000000000000000 +[ 47.562727] +[ 47.564347] Local variable description: ----kiov@ptrace_request +[ 47.570385] Variable was created at: +[ 47.574130] ptrace_request+0x19f/0x2680 +[ 47.578185] arch_ptrace+0xbdd/0x11a0 +[ 47.581987] +[ 47.583623] Bytes 0-15 of 128 are uninitialized +[ 47.588292] Memory access starts at ffff8801b751fca0 +[ 47.593393] ================================================================== diff --git a/pkg/report/testdata/linux/report/302 b/pkg/report/testdata/linux/report/302 new file mode 100644 index 000000000..0f9a82fa6 --- /dev/null +++ b/pkg/report/testdata/linux/report/302 @@ -0,0 +1,39 @@ +TITLE: KMSAN: kernel-infoleak in copy_siginfo_to_user + +[ 42.870355] ================================================================== +[ 42.877778] BUG: KMSAN: kernel-infoleak in copy_siginfo_to_user+0xf0/0x150 +[ 42.884792] CPU: 0 PID: 4543 Comm: syz-executor869 Not tainted 4.18.0-rc4+ #23 +[ 42.892143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +[ 42.901488] Call Trace: +[ 42.904076] dump_stack+0x185/0x1e0 +[ 42.907694] kmsan_report+0x195/0x2c0 +[ 42.911480] kmsan_internal_check_memory+0x10e/0x210 +[ 42.916571] kmsan_copy_to_user+0x83/0xe0 +[ 42.920708] copy_siginfo_to_user+0xf0/0x150 +[ 42.925103] ptrace_request+0x232d/0x2790 +[ 42.929251] ? __msan_metadata_ptr_for_store_1+0x13/0x20 +[ 42.934690] ? wait_task_inactive+0x821/0x9e0 +[ 42.939173] arch_ptrace+0xbcc/0x12c0 +[ 42.942959] ? ptrace_check_attach+0x182/0x5e0 +[ 42.947526] __se_sys_ptrace+0x2f0/0x850 +[ 42.951575] __x64_sys_ptrace+0x11e/0x170 +[ 42.955709] ? ptrace_regset+0x840/0x840 +[ 42.959757] do_syscall_64+0x15b/0x230 +[ 42.963636] entry_SYSCALL_64_after_hwframe+0x63/0xe7 +[ 42.968807] RIP: 0033:0x4401b9 +[ 42.971971] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 +[ 42.991161] RSP: 002b:00007ffcd9ce9e68 EFLAGS: 00000286 ORIG_RAX: 0000000000000065 +[ 42.998853] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00000000004401b9 +[ 43.006124] RDX: 0000000020000004 RSI: 0000000000000001 RDI: 0000000000004209 +[ 43.013388] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 +[ 43.020642] R10: 0000000020000100 R11: 0000000000000286 R12: 0000000000401a40 +[ 43.027898] R13: 0000000000401ad0 R14: 0000000000000000 R15: 0000000000000000 +[ 43.035162] +[ 43.036779] Local variable description: ----kiov@ptrace_request +[ 43.042818] Variable was created at: +[ 43.046520] ptrace_request+0x1bf/0x2790 +[ 43.050571] arch_ptrace+0xbcc/0x12c0 +[ 43.054344] +[ 43.055950] Bytes 0-15 of 128 are uninitialized +[ 43.060594] Memory access starts at ffff880193b8fca8 +[ 43.065675] ================================================================== diff --git a/pkg/report/testdata/linux/report/303 b/pkg/report/testdata/linux/report/303 new file mode 100644 index 000000000..a64a2d2bd --- /dev/null +++ b/pkg/report/testdata/linux/report/303 @@ -0,0 +1,56 @@ +TITLE: KMSAN: uninit-value in tipc_nl_node_get_link + +syzkaller login: [ 41.195107] ================================================================== +[ 41.202507] BUG: KMSAN: uninit-value in strcmp+0xf7/0x160 +[ 41.208024] CPU: 1 PID: 4527 Comm: syz-executor655 Not tainted 4.16.0+ #87 +[ 41.215027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +[ 41.224359] Call Trace: +[ 41.226931] dump_stack+0x185/0x1d0 +[ 41.230537] ? strcmp+0xf7/0x160 +[ 41.233887] kmsan_report+0x142/0x240 +[ 41.237673] __msan_warning_32+0x6c/0xb0 +[ 41.241720] strcmp+0xf7/0x160 +[ 41.244903] tipc_nl_node_get_link+0x220/0x6f0 +[ 41.249462] ? kmsan_set_origin+0x9e/0x160 +[ 41.253680] ? tipc_node_find_by_name+0x630/0x630 +[ 41.258514] genl_rcv_msg+0x1686/0x1810 +[ 41.262477] netlink_rcv_skb+0x378/0x600 +[ 41.266518] ? genl_unbind+0x350/0x350 +[ 41.270383] genl_rcv+0x63/0x80 +[ 41.273639] netlink_unicast+0x166b/0x1740 +[ 41.277852] ? genl_pernet_exit+0xa0/0xa0 +[ 41.281988] netlink_sendmsg+0x1048/0x1310 +[ 41.286206] ? netlink_getsockopt+0xc80/0xc80 +[ 41.290701] ___sys_sendmsg+0xec0/0x1310 +[ 41.294741] ? do_huge_pmd_anonymous_page+0x19d5/0x2520 +[ 41.300086] ? __fdget+0x4e/0x60 +[ 41.303431] ? __fget_light+0x56/0x710 +[ 41.307294] ? __fdget+0x4e/0x60 +[ 41.310641] ? __msan_metadata_ptr_for_load_1+0x10/0x20 +[ 41.315983] ? __fget_light+0x6b9/0x710 +[ 41.319949] SYSC_sendmsg+0x2a3/0x3d0 +[ 41.323731] SyS_sendmsg+0x54/0x80 +[ 41.327250] do_syscall_64+0x309/0x430 +[ 41.331116] ? ___sys_sendmsg+0x1310/0x1310 +[ 41.335417] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 +[ 41.340584] RIP: 0033:0x445589 +[ 41.343758] RSP: 002b:00007fb7ee66cdb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e +[ 41.351441] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445589 +[ 41.358692] RDX: 0000000000000000 RSI: 0000000020023000 RDI: 0000000000000003 +[ 41.365942] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 +[ 41.373191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 +[ 41.380439] R13: 00007fffa2bf3f3f R14: 00007fb7ee66d9c0 R15: 0000000000000001 +[ 41.387717] +[ 41.389320] Uninit was created at: +[ 41.392842] kmsan_internal_poison_shadow+0xb8/0x1b0 +[ 41.397923] kmsan_kmalloc+0x94/0x100 +[ 41.401726] kmsan_slab_alloc+0x11/0x20 +[ 41.405680] __kmalloc_node_track_caller+0xaed/0x11c0 +[ 41.410851] __alloc_skb+0x2cf/0x9f0 +[ 41.414566] netlink_sendmsg+0x9a6/0x1310 +[ 41.418703] ___sys_sendmsg+0xec0/0x1310 +[ 41.422744] SYSC_sendmsg+0x2a3/0x3d0 +[ 41.426521] SyS_sendmsg+0x54/0x80 +[ 41.430048] do_syscall_64+0x309/0x430 +[ 41.433923] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 +[ 41.439088] ================================================================== diff --git a/pkg/report/testdata/linux/report/304 b/pkg/report/testdata/linux/report/304 new file mode 100644 index 000000000..0ff26a72a --- /dev/null +++ b/pkg/report/testdata/linux/report/304 @@ -0,0 +1,42 @@ +TITLE: KMSAN: uninit-value in vti6_ioctl + +syzkaller login: [ 44.865333] ================================================================== +[ 44.872739] BUG: KMSAN: uninit-value in strlcpy+0x68/0x1c0 +[ 44.878347] CPU: 1 PID: 4514 Comm: syz-executor022 Not tainted 4.16.0+ #87 +[ 44.885339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +[ 44.894694] Call Trace: +[ 44.897273] dump_stack+0x185/0x1d0 +[ 44.900894] ? strlcpy+0x68/0x1c0 +[ 44.904330] kmsan_report+0x142/0x240 +[ 44.908119] __msan_warning_32+0x6c/0xb0 +[ 44.912173] strlcpy+0x68/0x1c0 +[ 44.915436] vti6_ioctl+0x1cea/0x3410 +[ 44.919230] ? vti6_tnl_xmit+0x2070/0x2070 +[ 44.923444] dev_ifsioc+0x8a8/0x10c0 +[ 44.927139] ? _cond_resched+0x3c/0xd0 +[ 44.931008] dev_ioctl+0xc3e/0x1cf0 +[ 44.934625] ? kmsan_set_origin+0x9e/0x160 +[ 44.938865] sock_ioctl+0x744/0xca0 +[ 44.942647] ? sock_poll+0x370/0x370 +[ 44.946373] do_vfs_ioctl+0xaf0/0x2440 +[ 44.950299] ? __msan_metadata_ptr_for_load_4+0x10/0x20 +[ 44.955672] ? __fget_light+0x1f5/0x710 +[ 44.959657] ? __msan_metadata_ptr_for_load_8+0x10/0x20 +[ 44.965033] SYSC_ioctl+0x1d2/0x260 +[ 44.968659] SyS_ioctl+0x54/0x80 +[ 44.972030] do_syscall_64+0x309/0x430 +[ 44.975910] ? ioctl_file_clone+0x4f0/0x4f0 +[ 44.980218] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 +[ 44.985389] RIP: 0033:0x43fe59 +[ 44.988556] RSP: 002b:00007ffeb63ff5b8 EFLAGS: 00000286 ORIG_RAX: 0000000000000010 +[ 44.996253] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe59 +[ 45.003592] RDX: 0000000020000000 RSI: 08000000000089f1 RDI: 0000000000000003 +[ 45.010853] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 +[ 45.018121] R10: 00000000004002c8 R11: 0000000000000286 R12: 0000000000401780 +[ 45.025377] R13: 0000000000401810 R14: 0000000000000000 R15: 0000000000000000 +[ 45.032627] +[ 45.034232] Local variable description: ----p1@vti6_ioctl +[ 45.039742] Variable was created at: +[ 45.043440] vti6_ioctl+0xc1/0x3410 +[ 45.047060] dev_ifsioc+0x8a8/0x10c0 +[ 45.050756] ================================================================== diff --git a/pkg/report/testdata/linux/report/305 b/pkg/report/testdata/linux/report/305 new file mode 100644 index 000000000..f2606c465 --- /dev/null +++ b/pkg/report/testdata/linux/report/305 @@ -0,0 +1,34 @@ +TITLE: KMSAN: uninit-value in __dev_mc_add + +syzkaller login: [ 30.164779] ================================================================== +[ 30.172283] BUG: KMSAN: uninit-value in memcmp+0x119/0x180 +[ 30.177916] CPU: 0 PID: 3 Comm: kworker/0:0 Not tainted 4.16.0+ #82 +[ 30.184318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +[ 30.193686] Workqueue: ipv6_addrconf addrconf_dad_work +[ 30.198962] Call Trace: +[ 30.201561] dump_stack+0x185/0x1d0 +[ 30.205216] ? memcmp+0x119/0x180 +[ 30.208673] kmsan_report+0x142/0x240 +[ 30.212484] __msan_warning_32+0x6c/0xb0 +[ 30.216549] memcmp+0x119/0x180 +[ 30.219845] __dev_mc_add+0x1c2/0x8e0 +[ 30.223658] ? ndisc_mc_map+0x59f/0x8c0 +[ 30.227634] dev_mc_add+0x6d/0x80 +[ 30.231092] igmp6_group_added+0x2db/0xa00 +[ 30.235338] ipv6_dev_mc_inc+0xe9e/0x1130 +[ 30.239495] addrconf_dad_work+0x427/0x2150 +[ 30.243823] ? ipv6_get_saddr_eval+0x1130/0x1130 +[ 30.248585] ? ipv6_get_saddr_eval+0x1130/0x1130 +[ 30.253348] process_one_work+0x12c6/0x1f60 +[ 30.257685] worker_thread+0x113c/0x24f0 +[ 30.261763] ? process_one_work+0x1f60/0x1f60 +[ 30.266254] kthread+0x539/0x720 +[ 30.269616] ? process_one_work+0x1f60/0x1f60 +[ 30.274097] ? kthread_blkcg+0xf0/0xf0 +[ 30.277976] ret_from_fork+0x35/0x40 +[ 30.281670] +[ 30.283279] Local variable description: ----buf@igmp6_group_added +[ 30.289491] Variable was created at: +[ 30.293192] igmp6_group_added+0x4a/0xa00 +[ 30.297338] ipv6_dev_mc_inc+0xe9e/0x1130 +[ 30.301465] ================================================================== |