syzbot

 sign-in | mailing list | source | docs
🐞 Open [1488]
Subsystems
🐞 Fixed [6578]
🐞 Invalid [16818]
Missing Backports [204]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in __bch2_read_endio

Status: upstream: reported on 2025/09/15 01:48
Subsystems: bcachefs
[Documentation on labels]
Reported-by: syzbot+7fb23a5461e8c9d38a3e@syzkaller.appspotmail.com
First crash: 4d02h, last: 4d01h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [bcachefs?] KMSAN: uninit-value in __bch2_read_endio 0 (1) 2025/09/15 01:48

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in __bch2_read_endio+0xb2a/0x2240 fs/bcachefs/io_read.c:832
 __bch2_read_endio+0xb2a/0x2240 fs/bcachefs/io_read.c:832
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xb8e/0x1d80 kernel/workqueue.c:3319
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3400
 kthread+0xd59/0xf00 kernel/kthread.c:463
 ret_from_fork+0x1e3/0x310 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Uninit was stored to memory at:
 __bch2_checksum_bio+0x1097/0x1130 fs/bcachefs/checksum.c:239
 bch2_checksum_bio+0xc5/0x110 fs/bcachefs/checksum.c:252
 __bch2_read_endio+0x8e3/0x2240 fs/bcachefs/io_read.c:831
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xb8e/0x1d80 kernel/workqueue.c:3319
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3400
 kthread+0xd59/0xf00 kernel/kthread.c:463
 ret_from_fork+0x1e3/0x310 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Uninit was stored to memory at:
 put_unaligned_le64 include/linux/unaligned.h:43 [inline]
 poly1305_core_emit+0x46a/0x480 lib/crypto/poly1305-donna64.c:183
 poly1305_emit_generic include/crypto/internal/poly1305.h:55 [inline]
 poly1305_final+0x88/0x150 lib/crypto/poly1305.c:68
 __bch2_checksum_bio+0x1048/0x1130 fs/bcachefs/checksum.c:237
 bch2_checksum_bio+0xc5/0x110 fs/bcachefs/checksum.c:252
 __bch2_read_endio+0x8e3/0x2240 fs/bcachefs/io_read.c:831
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xb8e/0x1d80 kernel/workqueue.c:3319
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3400
 kthread+0xd59/0xf00 kernel/kthread.c:463
 ret_from_fork+0x1e3/0x310 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Uninit was stored to memory at:
 poly1305_core_blocks+0x65c/0x670 lib/crypto/poly1305-donna64.c:108
 poly1305_blocks_generic include/crypto/internal/poly1305.h:44 [inline]
 poly1305_blocks lib/crypto/poly1305.c:39 [inline]
 poly1305_update+0x158/0x380 lib/crypto/poly1305.c:45
 __bch2_checksum_bio+0x429/0x1130 fs/bcachefs/checksum.c:233
 bch2_checksum_bio+0xc5/0x110 fs/bcachefs/checksum.c:252
 __bch2_read_endio+0x8e3/0x2240 fs/bcachefs/io_read.c:831
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xb8e/0x1d80 kernel/workqueue.c:3319
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3400
 kthread+0xd59/0xf00 kernel/kthread.c:463
 ret_from_fork+0x1e3/0x310 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Uninit was created at:
 __alloc_frozen_pages_noprof+0x689/0xf00 mm/page_alloc.c:5171
 alloc_pages_mpol+0x328/0x860 mm/mempolicy.c:2416
 alloc_frozen_pages_noprof mm/mempolicy.c:2487 [inline]
 alloc_pages_noprof mm/mempolicy.c:2507 [inline]
 folio_alloc_noprof+0x109/0x360 mm/mempolicy.c:2517
 filemap_alloc_folio_noprof+0x9d/0x420 mm/filemap.c:1007
 ractl_alloc_folio mm/readahead.c:186 [inline]
 ra_alloc_folio mm/readahead.c:441 [inline]
 page_cache_ra_order+0x83c/0x13f0 mm/readahead.c:506
 page_cache_sync_ra+0x10ac/0x1410 mm/readahead.c:619
 filemap_get_pages+0xfb3/0x3a60 mm/filemap.c:2603
 filemap_read+0x5d2/0x2300 mm/filemap.c:2712
 bch2_read_iter+0x559/0x21b0 fs/bcachefs/fs-io-direct.c:222
 __kernel_read+0x7de/0xe20 fs/read_write.c:530
 integrity_kernel_read+0x77/0x90 security/integrity/iint.c:28
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:480 [inline]
 ima_calc_file_shash security/integrity/ima/ima_crypto.c:511 [inline]
 ima_calc_file_hash+0x17cb/0x4050 security/integrity/ima/ima_crypto.c:568
 ima_collect_measurement+0x45d/0xe50 security/integrity/ima/ima_api.c:293
 process_measurement+0x2d1a/0x40e0 security/integrity/ima/ima_main.c:405
 ima_file_check+0x8e/0xd0 security/integrity/ima/ima_main.c:633
 security_file_post_open+0xbf/0x530 security/security.c:3160
 do_open fs/namei.c:3889 [inline]
 path_openat+0x5ac3/0x6760 fs/namei.c:4046
 do_filp_open+0x280/0x660 fs/namei.c:4073
 do_sys_openat2+0x1bb/0x2f0 fs/open.c:1435
 do_sys_open fs/open.c:1450 [inline]
 __do_sys_openat fs/open.c:1466 [inline]
 __se_sys_openat fs/open.c:1461 [inline]
 __x64_sys_openat+0x240/0x300 fs/open.c:1461
 x64_sys_call+0x3bcc/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:258
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 3593 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: events_unbound __bch2_read_endio
=====================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/11 02:45 upstream 7aac71907bde fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __bch2_read_endio
2025/09/11 01:46 upstream 7aac71907bde fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __bch2_read_endio
* Struck through repros no longer work on HEAD.