syzbot


KMSAN: uninit-value in udf_name_from_CS0

Status: fixed on 2023/10/12 12:48
Subsystems: udf
[Documentation on labels]
Reported-by: syzbot+cd311b1e43cc25f90d18@syzkaller.appspotmail.com
Fix commit: 028f6055c912 udf: Fix uninitialized array access for some pathnames
First crash: 471d, last: 471d
Discussions (5)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 5.15 18/23] udf: Fix uninitialized array access for some pathnames 1 (1) 2023/07/24 01:23
[PATCH AUTOSEL 6.1 36/41] udf: Fix uninitialized array access for some pathnames 1 (1) 2023/07/24 01:21
[PATCH AUTOSEL 6.4 53/58] udf: Fix uninitialized array access for some pathnames 1 (1) 2023/07/24 01:13
[PATCH] udf: Fix uninitialized array access for some pathnames 1 (1) 2023/06/21 09:52
[syzbot] [udf?] KMSAN: uninit-value in udf_name_from_CS0 0 (1) 2023/06/21 06:21
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 588d 940d 22/28 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in __crc32c_le_base (2) crypto C 6207 550d 1622d 0/28 closed as invalid on 2023/04/06 23:31
upstream KMSAN: kernel-infoleak in _copy_to_iter (8) mm C 21180 484d 578d 22/28 fixed on 2023/06/08 14:41

Sample crash report:
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
=====================================================
BUG: KMSAN: uninit-value in udf_name_from_CS0+0x1581/0x1a40 fs/udf/unicode.c:250
 udf_name_from_CS0+0x1581/0x1a40 fs/udf/unicode.c:250
 udf_get_filename+0xa4/0x150 fs/udf/unicode.c:390
 udf_fiiter_find_entry+0x77b/0xa60 fs/udf/namei.c:90
 udf_unlink+0x80/0x920 fs/udf/namei.c:547
 vfs_unlink+0x66f/0xa20 fs/namei.c:4327
 do_unlinkat+0x3fa/0xed0 fs/namei.c:4393
 __do_sys_unlink fs/namei.c:4441 [inline]
 __se_sys_unlink fs/namei.c:4439 [inline]
 __ia32_sys_unlink+0x77/0xa0 fs/namei.c:4439
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

Uninit was created at:
 slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:716
 slab_alloc_node mm/slub.c:3451 [inline]
 __kmem_cache_alloc_node+0x4ff/0x8b0 mm/slub.c:3490
 kmalloc_trace+0x51/0x200 mm/slab_common.c:1057
 kmalloc include/linux/slab.h:559 [inline]
 udf_fiiter_find_entry+0x213/0xa60 fs/udf/namei.c:66
 udf_unlink+0x80/0x920 fs/udf/namei.c:547
 vfs_unlink+0x66f/0xa20 fs/namei.c:4327
 do_unlinkat+0x3fa/0xed0 fs/namei.c:4393
 __do_sys_unlink fs/namei.c:4441 [inline]
 __se_sys_unlink fs/namei.c:4439 [inline]
 __ia32_sys_unlink+0x77/0xa0 fs/namei.c:4439
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

CPU: 1 PID: 5699 Comm: syz-executor.2 Not tainted 6.4.0-rc7-syzkaller-ge6bc8833d80f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/06/21 05:36 https://github.com/google/kmsan.git master e6bc8833d80f 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in udf_name_from_CS0
* Struck through repros no longer work on HEAD.