syzbot

 sign-in | mailing list | source | docs
🐞 Open [1222]
Subsystems
🐞 Fixed [5630]
🐞 Invalid [13644]
Missing Backports [100]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in pick_link

Status: upstream: reported C repro on 2024/07/31 08:12
Subsystems: squashfs
[Documentation on labels]
Reported-by: syzbot+24ac24ff58dc5b0d26b9@syzkaller.appspotmail.com
Fix commit: 810ee43d9cd2 Squashfs: sanity check symbolic link size
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 49d, last: 41d
Discussions (11)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 4.19 5/6] Squashfs: sanity check symbolic link size 1 (1) 2024/08/23 14:06
[PATCH AUTOSEL 5.4 5/7] Squashfs: sanity check symbolic link size 1 (1) 2024/08/23 14:06
[PATCH AUTOSEL 5.10 6/9] Squashfs: sanity check symbolic link size 1 (1) 2024/08/23 14:05
[PATCH AUTOSEL 5.15 6/9] Squashfs: sanity check symbolic link size 1 (1) 2024/08/23 14:04
[PATCH AUTOSEL 6.1 10/13] Squashfs: sanity check symbolic link size 1 (1) 2024/08/23 14:03
[PATCH AUTOSEL 6.6 16/20] Squashfs: sanity check symbolic link size 1 (1) 2024/08/23 14:02
[PATCH AUTOSEL 6.10 17/24] Squashfs: sanity check symbolic link size 1 (1) 2024/08/23 14:00
[PATCH V2] Squashfs: sanity check symbolic link size 2 (2) 2024/08/13 11:57
[PATCH] Squashfs: sanity check symbolic link size 1 (1) 2024/08/11 20:13
[PATCH] filemap: Init the newly allocated folio memory to 0 for the filemap 30 (30) 2024/08/06 06:58
[syzbot] [squashfs?] KMSAN: uninit-value in pick_link 0 (12) 2024/08/03 03:13
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in _copy_to_iter (8) mm C 21180 464d 558d 22/28 fixed on 2023/06/08 14:41
Last patch testing requests (11)
Created Duration User Patch Repo Result
2024/08/03 03:13 27m lizhi.xu@windriver.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2f8c4f506285 OK log
2024/08/03 03:04 27m lizhi.xu@windriver.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2f8c4f506285 OK log
2024/08/02 02:00 27m lizhi.xu@windriver.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2f8c4f506285 OK log
2024/08/02 01:02 29m lizhi.xu@windriver.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2f8c4f506285 OK log
2024/08/01 14:39 30m lizhi.xu@windriver.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2f8c4f506285 OK log
2024/08/01 14:08 22m lizhi.xu@windriver.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2f8c4f506285 report log
2024/08/01 13:06 31m lizhi.xu@windriver.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2f8c4f506285 report log
2024/08/01 12:08 14m lizhi.xu@windriver.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2f8c4f506285 error
2024/08/01 09:27 23m lizhi.xu@windriver.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2f8c4f506285 report log
2024/08/01 09:07 26m lizhi.xu@windriver.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2f8c4f506285 report log
2024/08/01 01:23 30m lizhi.xu@windriver.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2f8c4f506285 OK log

Sample crash report:
loop0: detected capacity change from 0 to 8
=====================================================
BUG: KMSAN: uninit-value in pick_link+0xd8c/0x1690 fs/namei.c:1850
 pick_link+0xd8c/0x1690 fs/namei.c:1850
 step_into+0x156f/0x1640 fs/namei.c:1909
 open_last_lookups fs/namei.c:3674 [inline]
 path_openat+0x39da/0x6100 fs/namei.c:3883
 do_filp_open+0x20e/0x590 fs/namei.c:3913
 do_sys_openat2+0x1bf/0x2f0 fs/open.c:1416
 do_sys_open fs/open.c:1431 [inline]
 __do_sys_openat fs/open.c:1447 [inline]
 __se_sys_openat fs/open.c:1442 [inline]
 __x64_sys_openat+0x2a1/0x310 fs/open.c:1442
 x64_sys_call+0x1fe/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:258
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 __alloc_pages_noprof+0x9d6/0xe70 mm/page_alloc.c:4719
 alloc_pages_mpol_noprof+0x299/0x990 mm/mempolicy.c:2263
 alloc_pages_noprof mm/mempolicy.c:2343 [inline]
 folio_alloc_noprof+0x1db/0x310 mm/mempolicy.c:2350
 filemap_alloc_folio_noprof+0xa6/0x440 mm/filemap.c:1008
 do_read_cache_folio+0x12a/0xfd0 mm/filemap.c:3753
 do_read_cache_page mm/filemap.c:3855 [inline]
 read_cache_page+0x63/0x1d0 mm/filemap.c:3864
 read_mapping_page include/linux/pagemap.h:907 [inline]
 page_get_link+0x73/0xab0 fs/namei.c:5272
 pick_link+0xd6c/0x1690
 step_into+0x156f/0x1640 fs/namei.c:1909
 open_last_lookups fs/namei.c:3674 [inline]
 path_openat+0x39da/0x6100 fs/namei.c:3883
 do_filp_open+0x20e/0x590 fs/namei.c:3913
 do_sys_openat2+0x1bf/0x2f0 fs/open.c:1416
 do_sys_open fs/open.c:1431 [inline]
 __do_sys_openat fs/open.c:1447 [inline]
 __se_sys_openat fs/open.c:1442 [inline]
 __x64_sys_openat+0x2a1/0x310 fs/open.c:1442
 x64_sys_call+0x1fe/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:258
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 5191 Comm: syz-executor190 Not tainted 6.10.0-syzkaller-12708-g2f8c4f506285 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
=====================================================

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/27 11:54 upstream 2f8c4f506285 46eb10b7 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pick_link
2024/07/27 10:02 upstream 2f8c4f506285 46eb10b7 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pick_link
2024/08/04 07:43 upstream defaf1a2113a 1786a2a8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pick_link
2024/08/04 07:43 upstream defaf1a2113a 1786a2a8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pick_link
2024/07/27 08:02 upstream 2f8c4f506285 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pick_link
2024/07/27 08:02 upstream 2f8c4f506285 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pick_link
2024/08/04 13:25 upstream defaf1a2113a 1786a2a8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pick_link
2024/08/04 13:24 upstream defaf1a2113a 1786a2a8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pick_link
2024/07/28 21:11 upstream 5437f30d3458 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in pick_link
* Struck through repros no longer work on HEAD.