syzbot


KMSAN: uninit-value in hfs_cat_keycmp (2)

Status: upstream: reported C repro on 2024/01/10 10:16
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+04486d87f6240a004c85@syzkaller.appspotmail.com
First crash: 109d, last: 34d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] hfs: fix uninit-value in hfs_cat_keycmp 1 (1) 2024/03/03 04:14
[syzbot] [hfs?] KMSAN: uninit-value in hfs_cat_keycmp (2) 1 (4) 2024/03/03 03:58
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in hfs_cat_keycmp hfs 5 182d 279d 0/26 closed as invalid on 2023/12/22 16:00
upstream KASAN: slab-out-of-bounds Read in hfs_cat_keycmp hfs C error done 2 425d 490d 22/26 fixed on 2023/02/24 13:50
linux-4.19 KASAN: slab-out-of-bounds Read in hfs_cat_keycmp C error 1 506d 506d 0/1 upstream: reported C repro on 2022/12/02 03:19
Last patch testing requests (2)
Created Duration User Patch Repo Result
2024/03/17 10:30 20m retest repro upstream report log
2024/03/03 03:09 26m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK log

Sample crash report:
loop0: detected capacity change from 0 to 64
hfs: filesystem is marked locked, mounting read-only.
=====================================================
BUG: KMSAN: uninit-value in hfs_cat_keycmp+0x154/0x210 fs/hfs/catalog.c:178
 hfs_cat_keycmp+0x154/0x210 fs/hfs/catalog.c:178
 __hfs_brec_find+0x250/0x820 fs/hfs/bfind.c:75
 hfs_brec_find+0x436/0x970 fs/hfs/bfind.c:138
 hfs_brec_read+0x3f/0x1a0 fs/hfs/bfind.c:165
 hfs_cat_find_brec+0xe6/0x400 fs/hfs/catalog.c:194
 hfs_fill_super+0x1f27/0x23c0 fs/hfs/super.c:419
 mount_bdev+0x38f/0x510 fs/super.c:1658
 hfs_mount+0x4d/0x60 fs/hfs/super.c:456
 legacy_get_tree+0x110/0x290 fs/fs_context.c:662
 vfs_get_tree+0xa5/0x560 fs/super.c:1779
 do_new_mount+0x71f/0x15e0 fs/namespace.c:3352
 path_mount+0x73d/0x1f20 fs/namespace.c:3679
 do_mount fs/namespace.c:3692 [inline]
 __do_sys_mount fs/namespace.c:3898 [inline]
 __se_sys_mount+0x725/0x810 fs/namespace.c:3875
 __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:3819 [inline]
 slab_alloc_node mm/slub.c:3860 [inline]
 __do_kmalloc_node mm/slub.c:3980 [inline]
 __kmalloc+0x919/0xf80 mm/slub.c:3994
 kmalloc include/linux/slab.h:594 [inline]
 hfs_find_init+0x91/0x250 fs/hfs/bfind.c:21
 hfs_fill_super+0x1eb9/0x23c0 fs/hfs/super.c:416
 mount_bdev+0x38f/0x510 fs/super.c:1658
 hfs_mount+0x4d/0x60 fs/hfs/super.c:456
 legacy_get_tree+0x110/0x290 fs/fs_context.c:662
 vfs_get_tree+0xa5/0x560 fs/super.c:1779
 do_new_mount+0x71f/0x15e0 fs/namespace.c:3352
 path_mount+0x73d/0x1f20 fs/namespace.c:3679
 do_mount fs/namespace.c:3692 [inline]
 __do_sys_mount fs/namespace.c:3898 [inline]
 __se_sys_mount+0x725/0x810 fs/namespace.c:3875
 __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

CPU: 1 PID: 5019 Comm: syz-executor380 Not tainted 6.8.0-rc6-syzkaller-00238-g5ad3cb0ed525 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
=====================================================

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/02 23:33 upstream 5ad3cb0ed525 25905f5d .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfs_cat_keycmp
2024/01/30 23:15 upstream 9f8413c4a66f 7f400fcb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfs_cat_keycmp
2024/01/03 03:43 upstream 610a9b8f49fb fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfs_cat_keycmp
2024/01/03 03:17 upstream 610a9b8f49fb fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfs_cat_keycmp
* Struck through repros no longer work on HEAD.