syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in hfs_find_1st_rec_by_cnid

Status: upstream: reported C repro on 2024/03/21 09:11
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+65f53dd6a0f7ad64c0cb@syzkaller.appspotmail.com
First crash: 37d, last: 11d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] fs/hfsplus: fix uninit-value in hfs_find_1st_rec_by_cnid 1 (1) 2024/03/22 00:31
[syzbot] [hfs?] KMSAN: uninit-value in hfs_find_1st_rec_by_cnid 1 (3) 2024/03/21 15:40
Last patch testing requests (2)
Created Duration User Patch Repo Result
2024/04/07 03:44 27m retest repro upstream report log
2024/03/21 09:48 36m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK log

Sample crash report:
loop0: detected capacity change from 0 to 1024
=====================================================
BUG: KMSAN: uninit-value in hfs_find_1st_rec_by_cnid+0x27a/0x3f0 fs/hfsplus/bfind.c:78
 hfs_find_1st_rec_by_cnid+0x27a/0x3f0 fs/hfsplus/bfind.c:78
 __hfsplus_brec_find+0x26f/0x7b0 fs/hfsplus/bfind.c:135
 hfsplus_brec_find+0x445/0x970 fs/hfsplus/bfind.c:195
 hfsplus_find_attr+0x30c/0x390
 hfsplus_listxattr+0x586/0x1a60 fs/hfsplus/xattr.c:708
 vfs_listxattr fs/xattr.c:493 [inline]
 listxattr+0x1f3/0x6b0 fs/xattr.c:840
 path_listxattr fs/xattr.c:864 [inline]
 __do_sys_listxattr fs/xattr.c:876 [inline]
 __se_sys_listxattr fs/xattr.c:873 [inline]
 __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:3804 [inline]
 slab_alloc_node mm/slub.c:3845 [inline]
 __do_kmalloc_node mm/slub.c:3965 [inline]
 __kmalloc+0x6e4/0x1000 mm/slub.c:3979
 kmalloc include/linux/slab.h:632 [inline]
 hfsplus_find_init+0x91/0x250 fs/hfsplus/bfind.c:21
 hfsplus_listxattr+0x44a/0x1a60 fs/hfsplus/xattr.c:695
 vfs_listxattr fs/xattr.c:493 [inline]
 listxattr+0x1f3/0x6b0 fs/xattr.c:840
 path_listxattr fs/xattr.c:864 [inline]
 __do_sys_listxattr fs/xattr.c:876 [inline]
 __se_sys_listxattr fs/xattr.c:873 [inline]
 __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

CPU: 0 PID: 5013 Comm: syz-executor378 Not tainted 6.8.0-syzkaller-11743-ga4145ce1e7bc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
=====================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/21 08:29 upstream a4145ce1e7bc 5b7d42ae .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfs_find_1st_rec_by_cnid
2024/04/16 04:57 upstream 0bbac3facb5d 0d592ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfs_find_1st_rec_by_cnid
2024/03/21 07:46 upstream a4145ce1e7bc 5b7d42ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfs_find_1st_rec_by_cnid
* Struck through repros no longer work on HEAD.