Hi When using Healer to fuzz the Linux kernel, KMSAN reported an uninit-value in sc_check_events. The bug was trigger when fault injection was enabled. However, this report doesn't make sense to me, because I found that scsi_execute_req will memset the provided sshdr (scsi_normalize_sense -> memset) unconditionally. It's possible that I misunderstood the call stack to the sr_check_events, or that there's a bug in KMSAN, so I'm reporting this bug to you to confirm what the problem is. Here are the details: commit: 4ebaab5fb428374552175aa39832abf5cedb916a version: Linux 5.12 git tree: kmsan kernel config and full log can be found in the attached file. FAULT INJECTION LOG: ===================================================== FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 23380 Comm: executor Not tainted 5.12.0-rc6+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack+0x1ff/0x275 should_fail+0x8b0/0x9d0 __should_failslab+0x1f4/0x290 should_failslab+0x29/0x70 __kmalloc+0xbc/0x560 ? bio_kmalloc+0xc4/0x310 ? kmsan_get_metadata+0x4f/0x180 bio_kmalloc+0xc4/0x310 ? kmsan_get_metadata+0x11d/0x180 blk_rq_map_kern+0xa05/0x1310 ? kmsan_get_shadow_origin_ptr+0x84/0xb0 ? kmsan_get_metadata+0x11d/0x180 ? kmsan_get_shadow_origin_ptr+0x84/0xb0 ? __msan_metadata_ptr_for_store_4+0x13/0x20 ? scsi_initialize_rq+0x94/0xe0 __scsi_execute+0x307/0xb10 sr_check_events+0x1f4/0x10b0 ? kmsan_internal_unpoison_shadow+0x42/0x70 ? kmsan_get_metadata+0x11d/0x180 cdrom_check_events+0xb7/0x240 ? kmsan_get_metadata+0x11d/0x180 sr_block_check_events+0x450/0x740 ? sr_block_compat_ioctl+0x410/0x410 disk_check_events+0x15b/0x860 ? kmsan_get_metadata+0x11d/0x180 ? kmsan_get_shadow_origin_ptr+0x84/0xb0 bdev_check_media_change+0x2f2/0x730 sr_block_open+0x3ee/0x870 ? sr_revalidate_disk+0x8e0/0x8e0 __blkdev_get+0x50e/0x12a0 ? kmsan_internal_set_origin+0x85/0xc0 ? kmsan_internal_unpoison_shadow+0x42/0x70 blkdev_get_by_dev+0x288/0xd40 ? kmsan_get_metadata+0x11d/0x180 blkdev_open+0x233/0x450 ? block_ioctl+0x1c0/0x1c0 do_dentry_open+0xf36/0x17b0 vfs_open+0xaf/0xe0 path_openat+0x4d57/0x5e10 ? kmsan_get_shadow_origin_ptr+0x84/0xb0 ? kmsan_get_shadow_origin_ptr+0x84/0xb0 ? __msan_metadata_ptr_for_load_4+0x10/0x20 ? slab_post_alloc_hook+0xdf/0xf90 ? kstrtoull+0x70e/0x7f0 ? kmsan_get_metadata+0x4f/0x180 do_filp_open+0x2b8/0x710 do_sys_openat2+0x222/0x770 ? kmsan_get_metadata+0x4f/0x180 ? kmsan_internal_set_origin+0x85/0xc0 ? kmsan_get_metadata+0x4f/0x180 __se_sys_openat+0x24c/0x2b0 __x64_sys_openat+0x56/0x70 do_syscall_64+0xa2/0x120 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x46a379 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd6dde46c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 000000000078c080 RCX: 000000000046a379 RDX: 0000000090000000 RSI: 0000000020000000 RDI: ffffffffffffff9c RBP: 00007fd6dde46c90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 R13: 0000000000000000 R14: 000000000078c080 R15: 00007ffdf27ef460 KMSAN REPORT: BUG: KMSAN: uninit-value in sr_get_events drivers/scsi/sr.c:210 [inline] BUG: KMSAN: uninit-value in sr_check_events+0x2cc/0x10b0 drivers/scsi/sr.c:246 CPU: 1 PID: 23380 Comm: syz-executor Not tainted 5.12.0-rc6+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x275 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:197 sr_get_events drivers/scsi/sr.c:210 [inline] sr_check_events+0x2cc/0x10b0 drivers/scsi/sr.c:246 cdrom_update_events drivers/cdrom/cdrom.c:1484 [inline] cdrom_check_events+0xb7/0x240 drivers/cdrom/cdrom.c:1494 sr_block_check_events+0x450/0x740 drivers/scsi/sr.c:652 disk_check_events+0x15b/0x860 block/genhd.c:1715 disk_clear_events block/genhd.c:1648 [inline] bdev_check_media_change+0x2f2/0x730 block/genhd.c:1679 sr_block_open+0x3ee/0x870 drivers/scsi/sr.c:528 __blkdev_get+0x50e/0x12a0 fs/block_dev.c:1306 blkdev_get_by_dev+0x288/0xd40 fs/block_dev.c:1458 blkdev_open+0x233/0x450 fs/block_dev.c:1555 do_dentry_open+0xf36/0x17b0 fs/open.c:826 vfs_open+0xaf/0xe0 fs/open.c:940 do_open fs/namei.c:3365 [inline] path_openat+0x4d57/0x5e10 fs/namei.c:3498 do_filp_open+0x2b8/0x710 fs/namei.c:3525 do_sys_openat2+0x222/0x770 fs/open.c:1187 do_sys_open fs/open.c:1203 [inline] __do_sys_openat fs/open.c:1219 [inline] __se_sys_openat+0x24c/0x2b0 fs/open.c:1214 __x64_sys_openat+0x56/0x70 fs/open.c:1214 do_syscall_64+0xa2/0x120 arch/x86/entry/common.c:48 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x46a379 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd6dde46c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 000000000078c080 RCX: 000000000046a379 RDX: 0000000090000000 RSI: 0000000020000000 RDI: ffffffffffffff9c RBP: 00007fd6dde46c90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 R13: 0000000000000000 R14: 000000000078c080 R15: 00007ffdf27ef460 Local variable ----sshdr.i@sr_check_events created at: sr_get_events drivers/scsi/sr.c:205 [inline] sr_check_events+0x153/0x10b0 drivers/scsi/sr.c:246 sr_get_events drivers/scsi/sr.c:205 [inline] sr_check_events+0x153/0x10b0 drivers/scsi/sr.c:246 The bug can be trigger by ONE SYSTEM CALL easily: # {Threaded:false Collide:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none Fault:true FaultCall:0 FaultNth:3 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:true USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true UseTmpDir:true HandleSegv:true Repro:false Trace:false} openat$sr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sr0\x00', 0x90000000, 0x0) Using syz-execprog to execute the reproduction program directly: ./syz-execprog -repeat 0 -procs 1 -slowdown 1 -fault_call 0 -fault_nth 3 -enable tun -enable netdev -enable resetnet -enable cgroups -enable binfmt-misc -enable close_fds -enable devlinkpci -enable usb -enable vhci -enable wifi -enable ieee802154 -enable sysctl repro.prog
[ 639.613279] FAULT_INJECTION: forcing a failure. [ 639.613279] name failslab, interval 1, probability 0, space 0, times 0 [ 639.614974] CPU: 1 PID: 23380 Comm: executor Not tainted 5.12.0-rc6+ #2 [ 639.615997] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 639.617625] Call Trace: [ 639.618007] dump_stack+0x1ff/0x275 [ 639.618596] should_fail+0x8b0/0x9d0 [ 639.619163] __should_failslab+0x1f4/0x290 [ 639.619807] should_failslab+0x29/0x70 [ 639.620407] __kmalloc+0xbc/0x560 [ 639.620947] ? bio_kmalloc+0xc4/0x310 [ 639.621570] ? kmsan_get_metadata+0x4f/0x180 [ 639.622236] bio_kmalloc+0xc4/0x310 [ 639.622787] ? kmsan_get_metadata+0x11d/0x180 [ 639.623460] blk_rq_map_kern+0xa05/0x1310 [ 639.624117] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 639.624882] ? kmsan_get_metadata+0x11d/0x180 [ 639.625554] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 639.626312] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 639.627128] ? scsi_initialize_rq+0x94/0xe0 [ 639.627821] __scsi_execute+0x307/0xb10 [ 639.628427] sr_check_events+0x1f4/0x10b0 [ 639.629052] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 639.629852] ? kmsan_get_metadata+0x11d/0x180 [ 639.630526] cdrom_check_events+0xb7/0x240 [ 639.631211] ? kmsan_get_metadata+0x11d/0x180 [ 639.631875] sr_block_check_events+0x450/0x740 [ 639.632539] ? sr_block_compat_ioctl+0x410/0x410 [ 639.633233] disk_check_events+0x15b/0x860 [ 639.633857] ? kmsan_get_metadata+0x11d/0x180 [ 639.634553] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 639.635331] bdev_check_media_change+0x2f2/0x730 [ 639.636059] sr_block_open+0x3ee/0x870 [ 639.636644] ? sr_revalidate_disk+0x8e0/0x8e0 [ 639.637291] __blkdev_get+0x50e/0x12a0 [ 639.637906] ? kmsan_internal_set_origin+0x85/0xc0 [ 639.638630] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 639.639403] blkdev_get_by_dev+0x288/0xd40 [ 639.640030] ? kmsan_get_metadata+0x11d/0x180 [ 639.640684] blkdev_open+0x233/0x450 [ 639.641240] ? block_ioctl+0x1c0/0x1c0 [ 639.641826] do_dentry_open+0xf36/0x17b0 [ 639.642431] vfs_open+0xaf/0xe0 [ 639.642921] path_openat+0x4d57/0x5e10 [ 639.643483] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 639.644219] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 639.644959] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 639.645723] ? slab_post_alloc_hook+0xdf/0xf90 [ 639.646395] ? kstrtoull+0x70e/0x7f0 [ 639.646947] ? kmsan_get_metadata+0x4f/0x180 [ 639.647599] do_filp_open+0x2b8/0x710 [ 639.648208] do_sys_openat2+0x222/0x770 [ 639.648795] ? kmsan_get_metadata+0x4f/0x180 [ 639.649452] ? kmsan_internal_set_origin+0x85/0xc0 [ 639.650208] ? kmsan_get_metadata+0x4f/0x180 [ 639.650882] __se_sys_openat+0x24c/0x2b0 [ 639.651574] __x64_sys_openat+0x56/0x70 [ 639.652181] do_syscall_64+0xa2/0x120 [ 639.652762] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 639.653529] RIP: 0033:0x46a379 [ 639.654011] Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 639.656634] RSP: 002b:00007fd6dde46c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 639.657748] RAX: ffffffffffffffda RBX: 000000000078c080 RCX: 000000000046a379 [ 639.658750] RDX: 0000000090000000 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 639.659761] RBP: 00007fd6dde46c90 R08: 0000000000000000 R09: 0000000000000000 [ 639.660765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 639.661773] R13: 0000000000000000 R14: 000000000078c080 R15: 00007ffdf27ef460 [ 639.663360] ===================================================== [ 639.664183] BUG: KMSAN: uninit-value in sr_check_events+0x2cc/0x10b0 [ 639.665039] CPU: 1 PID: 23380 Comm: executor Not tainted 5.12.0-rc6+ #2 [ 639.665960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 639.667459] Call Trace: [ 639.667798] dump_stack+0x1ff/0x275 [ 639.668315] kmsan_report+0xfb/0x1e0 [ 639.668810] __msan_warning+0x5c/0xa0 [ 639.669310] sr_check_events+0x2cc/0x10b0 [ 639.669856] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 639.670572] ? kmsan_get_metadata+0x11d/0x180 [ 639.671159] cdrom_check_events+0xb7/0x240 [ 639.671721] ? kmsan_get_metadata+0x11d/0x180 [ 639.672331] sr_block_check_events+0x450/0x740 [ 639.672949] ? sr_block_compat_ioctl+0x410/0x410 [ 639.673603] disk_check_events+0x15b/0x860 [ 639.674158] ? kmsan_get_metadata+0x11d/0x180 [ 639.674751] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 639.675417] bdev_check_media_change+0x2f2/0x730 [ 639.676040] sr_block_open+0x3ee/0x870 [ 639.676573] ? sr_revalidate_disk+0x8e0/0x8e0 [ 639.677184] __blkdev_get+0x50e/0x12a0 [ 639.677736] ? kmsan_internal_set_origin+0x85/0xc0 [ 639.678404] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 639.679123] blkdev_get_by_dev+0x288/0xd40 [ 639.679700] ? kmsan_get_metadata+0x11d/0x180 [ 639.680310] blkdev_open+0x233/0x450 [ 639.680819] ? block_ioctl+0x1c0/0x1c0 [ 639.681353] do_dentry_open+0xf36/0x17b0 [ 639.681920] vfs_open+0xaf/0xe0 [ 639.682354] path_openat+0x4d57/0x5e10 [ 639.682863] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 639.683525] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 639.684235] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 639.684965] ? slab_post_alloc_hook+0xdf/0xf90 [ 639.685585] ? kstrtoull+0x70e/0x7f0 [ 639.686092] ? kmsan_get_metadata+0x4f/0x180 [ 639.686718] do_filp_open+0x2b8/0x710 [ 639.687237] do_sys_openat2+0x222/0x770 [ 639.687776] ? kmsan_get_metadata+0x4f/0x180 [ 639.688394] ? kmsan_internal_set_origin+0x85/0xc0 [ 639.689062] ? kmsan_get_metadata+0x4f/0x180 [ 639.689686] __se_sys_openat+0x24c/0x2b0 [ 639.690238] __x64_sys_openat+0x56/0x70 [ 639.690778] do_syscall_64+0xa2/0x120 [ 639.691308] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 639.691998] RIP: 0033:0x46a379 [ 639.692433] Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 639.694984] RSP: 002b:00007fd6dde46c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 639.696015] RAX: ffffffffffffffda RBX: 000000000078c080 RCX: 000000000046a379 [ 639.696973] RDX: 0000000090000000 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 639.697931] RBP: 00007fd6dde46c90 R08: 0000000000000000 R09: 0000000000000000 [ 639.698903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 639.699864] R13: 0000000000000000 R14: 000000000078c080 R15: 00007ffdf27ef460 [ 639.700826] [ 639.701041] Local variable ----sshdr.i@sr_check_events created at: [ 639.701879] sr_check_events+0x153/0x10b0 [ 639.702454] sr_check_events+0x153/0x10b0 [ 639.703022] ===================================================== [ 639.703815] Disabling lock debugging due to kernel taint [ 639.704594] Kernel panic - not syncing: panic_on_warn set ... [ 639.705383] CPU: 1 PID: 23380 Comm: executor Tainted: G B 5.12.0-rc6+ #2 [ 639.706517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 639.708056] Call Trace: [ 639.708409] dump_stack+0x1ff/0x275 [ 639.708908] panic+0x3c0/0xbf5 [ 639.709346] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 639.710076] kmsan_report+0x1de/0x1e0 [ 639.710591] __msan_warning+0x5c/0xa0 [ 639.711106] sr_check_events+0x2cc/0x10b0 [ 639.711674] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 639.712419] ? kmsan_get_metadata+0x11d/0x180 [ 639.713008] cdrom_check_events+0xb7/0x240 [ 639.713578] ? kmsan_get_metadata+0x11d/0x180 [ 639.714198] sr_block_check_events+0x450/0x740 [ 639.714824] ? sr_block_compat_ioctl+0x410/0x410 [ 639.715465] disk_check_events+0x15b/0x860 [ 639.716039] ? kmsan_get_metadata+0x11d/0x180 [ 639.716647] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 639.717336] bdev_check_media_change+0x2f2/0x730 [ 639.717983] sr_block_open+0x3ee/0x870 [ 639.718527] ? sr_revalidate_disk+0x8e0/0x8e0 [ 639.719139] __blkdev_get+0x50e/0x12a0 [ 639.719674] ? kmsan_internal_set_origin+0x85/0xc0 [ 639.720344] ? kmsan_internal_unpoison_shadow+0x42/0x70 [ 639.721073] blkdev_get_by_dev+0x288/0xd40 [ 639.721671] ? kmsan_get_metadata+0x11d/0x180 [ 639.722284] blkdev_open+0x233/0x450 [ 639.722791] ? block_ioctl+0x1c0/0x1c0 [ 639.723320] do_dentry_open+0xf36/0x17b0 [ 639.723894] vfs_open+0xaf/0xe0 [ 639.724345] path_openat+0x4d57/0x5e10 [ 639.724891] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 639.725601] ? kmsan_get_shadow_origin_ptr+0x84/0xb0 [ 639.726284] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 639.726998] ? slab_post_alloc_hook+0xdf/0xf90 [ 639.727612] ? kstrtoull+0x70e/0x7f0 [ 639.728119] ? kmsan_get_metadata+0x4f/0x180 [ 639.728704] do_filp_open+0x2b8/0x710 [ 639.729208] do_sys_openat2+0x222/0x770 [ 639.729741] ? kmsan_get_metadata+0x4f/0x180 [ 639.730324] ? kmsan_internal_set_origin+0x85/0xc0 [ 639.730990] ? kmsan_get_metadata+0x4f/0x180 [ 639.731651] __se_sys_openat+0x24c/0x2b0 [ 639.732379] __x64_sys_openat+0x56/0x70 [ 639.733051] do_syscall_64+0xa2/0x120 [ 639.733576] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 639.734372] RIP: 0033:0x46a379 [ 639.734826] Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 639.737324] RSP: 002b:00007fd6dde46c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 639.738331] RAX: ffffffffffffffda RBX: 000000000078c080 RCX: 000000000046a379 [ 639.739269] RDX: 0000000090000000 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 639.740204] RBP: 00007fd6dde46c90 R08: 0000000000000000 R09: 0000000000000000 [ 639.741168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 639.742115] R13: 0000000000000000 R14: 000000000078c080 R15: 00007ffdf27ef460 [ 639.743294] Dumping ftrace buffer: [ 639.743778] (ftrace buffer empty) [ 639.744273] Kernel Offset: 0x1c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 639.745716] Rebooting in 1 seconds..
Attachment:
kmsan-config
Description: Binary data