syzbot

 sign-in | mailing list | source | docs
🐞 Open [1569]
Subsystems
🐞 Fixed [5936]
🐞 Invalid [14430]
Missing Backports [102]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in gfs2_quota_init (2)

Status: upstream: reported C repro on 2024/11/27 19:32
Subsystems: gfs2
[Documentation on labels]
Reported-by: syzbot+9fb37b567267511a9e11@syzkaller.appspotmail.com
First crash: 25d, last: 1d01h
Discussions (2)
Title Replies (including bot) Last reply
[PATCH 1/2] gfs2: throw -EIO when attempting to access beyond end of device 1 (1) 2024/11/29 09:03
[syzbot] [gfs2?] KMSAN: uninit-value in gfs2_quota_init (2) 0 (3) 2024/11/29 08:41
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in gfs2_quota_init gfs2 1 208d 204d 0/28 auto-obsoleted due to no activity on 2024/09/04 01:16
upstream KMSAN: kernel-infoleak in _copy_to_iter (8) mm C 21180 561d 656d 22/28 fixed on 2023/06/08 14:41
Last patch testing requests (5)
Created Duration User Patch Repo Result
2024/12/10 04:14 21m retest repro upstream report log
2024/12/10 04:14 21m retest repro upstream report log
2024/12/10 04:14 21m retest repro upstream report log
2024/11/29 08:41 28m dmantipov@yandex.ru patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 7af08b57bcb9ebf78675c50069c54125c0a8b795 OK log
2024/11/28 14:43 35m dmantipov@yandex.ru patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git b86545e02e8c22fb89218f29d381fa8e8b91d815 OK log

Sample crash report:
gfs2: fsid=syz:syz.0: first mount done, others may mount
syz-executor205: attempt to access beyond end of device
loop0: rw=12288, sector=2251799813685248, nr_sectors = 8 limit=32768
=====================================================
BUG: KMSAN: uninit-value in gfs2_metatype_check_i fs/gfs2/util.h:125 [inline]
BUG: KMSAN: uninit-value in gfs2_quota_init+0x22c4/0x2950 fs/gfs2/quota.c:1432
 gfs2_metatype_check_i fs/gfs2/util.h:125 [inline]
 gfs2_quota_init+0x22c4/0x2950 fs/gfs2/quota.c:1432
 gfs2_make_fs_rw+0x4cf/0x6a0 fs/gfs2/super.c:159
 gfs2_fill_super+0x43f5/0x45a0 fs/gfs2/ops_fstype.c:1274
 get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
 get_tree_bdev+0x37/0x50 fs/super.c:1659
 gfs2_get_tree+0x5c/0x340 fs/gfs2/ops_fstype.c:1330
 vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
 do_new_mount+0x71f/0x15e0 fs/namespace.c:3507
 path_mount+0x742/0x1f10 fs/namespace.c:3834
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4057 [inline]
 __se_sys_mount+0x722/0x810 fs/namespace.c:4034
 __x64_sys_mount+0xe4/0x150 fs/namespace.c:4034
 x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 __alloc_pages_noprof+0x9a7/0xe00 mm/page_alloc.c:4774
 alloc_pages_mpol_noprof+0x299/0x990 mm/mempolicy.c:2265
 alloc_pages_noprof mm/mempolicy.c:2344 [inline]
 folio_alloc_noprof+0x1db/0x310 mm/mempolicy.c:2351
 filemap_alloc_folio_noprof+0xa6/0x440 mm/filemap.c:1009
 __filemap_get_folio+0xac4/0x1550 mm/filemap.c:1951
 gfs2_getbuf+0x23f/0xcd0 fs/gfs2/meta_io.c:142
 gfs2_meta_ra+0x17f/0x7b0 fs/gfs2/meta_io.c:532
 gfs2_quota_init+0x78d/0x2950 fs/gfs2/quota.c:1429
 gfs2_make_fs_rw+0x4cf/0x6a0 fs/gfs2/super.c:159
 gfs2_fill_super+0x43f5/0x45a0 fs/gfs2/ops_fstype.c:1274
 get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
 get_tree_bdev+0x37/0x50 fs/super.c:1659
 gfs2_get_tree+0x5c/0x340 fs/gfs2/ops_fstype.c:1330
 vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
 do_new_mount+0x71f/0x15e0 fs/namespace.c:3507
 path_mount+0x742/0x1f10 fs/namespace.c:3834
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4057 [inline]
 __se_sys_mount+0x722/0x810 fs/namespace.c:4034
 __x64_sys_mount+0xe4/0x150 fs/namespace.c:4034
 x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 5797 Comm: syz-executor205 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
=====================================================

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/26 02:03 upstream 9f16d5e6f220 a84878fc .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kmsan-gce-root KMSAN: uninit-value in gfs2_quota_init
2024/11/26 01:14 upstream 9f16d5e6f220 a84878fc .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kmsan-gce-root KMSAN: uninit-value in gfs2_quota_init
2024/11/26 00:24 upstream 9f16d5e6f220 a84878fc .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kmsan-gce-root KMSAN: uninit-value in gfs2_quota_init
2024/12/20 12:33 upstream 8faabc041a00 1d58202c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in gfs2_quota_init
2024/11/25 23:36 upstream 9f16d5e6f220 a84878fc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in gfs2_quota_init
* Struck through repros no longer work on HEAD.