KMSAN: uninit-value in z_erofs_lz4

Kernel	Title	Repro	Count	Last	Reported	Patched	Status
upstream	KMSAN: uninit-value in z_erofs_lz4_decompress (3) erofs	C	16	477d	483d	0/28	closed as dup on 2024/03/19 10:34
upstream	KMSAN: uninit-value in z_erofs_lz4_decompress (2) erofs	C	33	486d	519d	25/28	fixed on 2024/01/30 15:47
upstream	KMSAN: kernel-infoleak in _copy_to_iter (7) net	C	138977	825d	1177d	22/28	fixed on 2023/02/24 13:50
upstream	KMSAN: kernel-infoleak in _copy_to_iter (8) mm	C	21180	721d	815d	22/28	fixed on 2023/06/08 14:41
linux-5.15	KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress origin:lts-only	C	339	18h05m	93d	0/3	upstream: reported C repro on 2025/02/25 19:01

erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -23 in[52, 4044] out[4096] ===================================================== BUG: KMSAN: uninit-value in hex_dump_to_buffer+0xae9/0x10f0 lib/hexdump.c:194 hex_dump_to_buffer+0xae9/0x10f0 lib/hexdump.c:194 print_hex_dump+0x13d/0x3e0 lib/hexdump.c:276 z_erofs_lz4_decompress_mem fs/erofs/decompressor.c:253 [inline] z_erofs_lz4_decompress+0x2585/0x2a70 fs/erofs/decompressor.c:312 z_erofs_decompress_pcluster fs/erofs/zdata.c:1328 [inline] z_erofs_decompress_queue+0x3367/0x5fb0 fs/erofs/zdata.c:1412 z_erofs_decompressqueue_work+0x57/0x70 fs/erofs/zdata.c:1424 process_one_work+0xbf6/0x17c0 kernel/workqueue.c:2597 worker_thread+0x107e/0x1d60 kernel/workqueue.c:2748 kthread+0x3e8/0x540 kernel/kthread.c:389 ret_from_fork+0x57/0x80 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 Uninit was created at: __alloc_pages+0x9a4/0xe00 mm/page_alloc.c:4500 alloc_pages+0xd01/0x1040 folio_alloc+0x42/0x120 mm/mempolicy.c:2302 filemap_alloc_folio+0xa5/0x430 mm/filemap.c:979 page_cache_ra_unbounded+0x2cc/0x960 mm/readahead.c:247 do_page_cache_ra mm/readahead.c:299 [inline] page_cache_ra_order+0xfef/0x10a0 mm/readahead.c:559 ondemand_readahead+0x1336/0x1720 mm/readahead.c:681 page_cache_sync_ra+0x72b/0x760 mm/readahead.c:708 page_cache_sync_readahead include/linux/pagemap.h:1213 [inline] filemap_get_pages+0x4c9/0x29b0 mm/filemap.c:2563 filemap_read+0x54e/0x1470 mm/filemap.c:2658 generic_file_read_iter+0x136/0xad0 mm/filemap.c:2837 __kernel_read+0x3b8/0xaf0 fs/read_write.c:428 integrity_kernel_read+0x77/0x90 security/integrity/iint.c:195 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:485 [inline] ima_calc_file_shash security/integrity/ima/ima_crypto.c:516 [inline] ima_calc_file_hash+0x18c0/0x3e30 security/integrity/ima/ima_crypto.c:573 ima_collect_measurement+0x366/0x960 security/integrity/ima/ima_api.c:289 process_measurement+0x20d5/0x36e0 security/integrity/ima/ima_main.c:345 ima_file_check+0xb3/0x100 security/integrity/ima/ima_main.c:543 do_open fs/namei.c:3638 [inline] path_openat+0x4c36/0x5a00 fs/namei.c:3793 do_filp_open+0x20d/0x590 fs/namei.c:3820 do_sys_openat2+0x1bf/0x2f0 fs/open.c:1407 do_sys_open fs/open.c:1422 [inline] __do_compat_sys_openat fs/open.c:1482 [inline] __se_compat_sys_openat fs/open.c:1480 [inline] __ia32_compat_sys_openat+0x298/0x300 fs/open.c:1480 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 CPU: 1 PID: 4384 Comm: kworker/u5:1 Not tainted 6.5.0-rc4-syzkaller-00227-g024ff300db33 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 Workqueue: erofs_worker z_erofs_decompressqueue_work =====================================================