syzbot


KMSAN: uninit-value in z_erofs_lz4_decompress

Status: auto-obsoleted due to no activity on 2023/11/03 19:44
Subsystems: erofs
[Documentation on labels]
First crash: 486d, last: 486d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in z_erofs_lz4_decompress (3) erofs C 16 300d 306d 0/28 closed as dup on 2024/03/19 10:34
upstream KMSAN: uninit-value in z_erofs_lz4_decompress (2) erofs C 33 310d 342d 25/28 fixed on 2024/01/30 15:47
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 648d 1001d 22/28 fixed on 2023/02/24 13:50
upstream KMSAN: kernel-infoleak in _copy_to_iter (8) mm C 21180 544d 639d 22/28 fixed on 2023/06/08 14:41

Sample crash report:
erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -23 in[52, 4044] out[4096]
=====================================================
BUG: KMSAN: uninit-value in hex_dump_to_buffer+0xae9/0x10f0 lib/hexdump.c:194
 hex_dump_to_buffer+0xae9/0x10f0 lib/hexdump.c:194
 print_hex_dump+0x13d/0x3e0 lib/hexdump.c:276
 z_erofs_lz4_decompress_mem fs/erofs/decompressor.c:253 [inline]
 z_erofs_lz4_decompress+0x2585/0x2a70 fs/erofs/decompressor.c:312
 z_erofs_decompress_pcluster fs/erofs/zdata.c:1328 [inline]
 z_erofs_decompress_queue+0x3367/0x5fb0 fs/erofs/zdata.c:1412
 z_erofs_decompressqueue_work+0x57/0x70 fs/erofs/zdata.c:1424
 process_one_work+0xbf6/0x17c0 kernel/workqueue.c:2597
 worker_thread+0x107e/0x1d60 kernel/workqueue.c:2748
 kthread+0x3e8/0x540 kernel/kthread.c:389
 ret_from_fork+0x57/0x80 arch/x86/kernel/process.c:145
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304

Uninit was created at:
 __alloc_pages+0x9a4/0xe00 mm/page_alloc.c:4500
 alloc_pages+0xd01/0x1040
 folio_alloc+0x42/0x120 mm/mempolicy.c:2302
 filemap_alloc_folio+0xa5/0x430 mm/filemap.c:979
 page_cache_ra_unbounded+0x2cc/0x960 mm/readahead.c:247
 do_page_cache_ra mm/readahead.c:299 [inline]
 page_cache_ra_order+0xfef/0x10a0 mm/readahead.c:559
 ondemand_readahead+0x1336/0x1720 mm/readahead.c:681
 page_cache_sync_ra+0x72b/0x760 mm/readahead.c:708
 page_cache_sync_readahead include/linux/pagemap.h:1213 [inline]
 filemap_get_pages+0x4c9/0x29b0 mm/filemap.c:2563
 filemap_read+0x54e/0x1470 mm/filemap.c:2658
 generic_file_read_iter+0x136/0xad0 mm/filemap.c:2837
 __kernel_read+0x3b8/0xaf0 fs/read_write.c:428
 integrity_kernel_read+0x77/0x90 security/integrity/iint.c:195
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:485 [inline]
 ima_calc_file_shash security/integrity/ima/ima_crypto.c:516 [inline]
 ima_calc_file_hash+0x18c0/0x3e30 security/integrity/ima/ima_crypto.c:573
 ima_collect_measurement+0x366/0x960 security/integrity/ima/ima_api.c:289
 process_measurement+0x20d5/0x36e0 security/integrity/ima/ima_main.c:345
 ima_file_check+0xb3/0x100 security/integrity/ima/ima_main.c:543
 do_open fs/namei.c:3638 [inline]
 path_openat+0x4c36/0x5a00 fs/namei.c:3793
 do_filp_open+0x20d/0x590 fs/namei.c:3820
 do_sys_openat2+0x1bf/0x2f0 fs/open.c:1407
 do_sys_open fs/open.c:1422 [inline]
 __do_compat_sys_openat fs/open.c:1482 [inline]
 __se_compat_sys_openat fs/open.c:1480 [inline]
 __ia32_compat_sys_openat+0x298/0x300 fs/open.c:1480
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

CPU: 1 PID: 4384 Comm: kworker/u5:1 Not tainted 6.5.0-rc4-syzkaller-00227-g024ff300db33 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
Workqueue: erofs_worker z_erofs_decompressqueue_work
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/08/05 19:34 upstream 024ff300db33 4ffcc9ef .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in z_erofs_lz4_decompress
* Struck through repros no longer work on HEAD.