syzbot


KMSAN: uninit-value in hfsplus_attr_bin_cmp_key

Status: upstream: reported on 2022/11/28 10:04
Reported-by: syzbot+c6d8e1bffb0970780d5c@syzkaller.appspotmail.com
First crash: 70d, last: 21d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: slab-out-of-bounds Read in hfsplus_uni2asc hfsplus C error 36 2d10h 70d 0/24 upstream: reported C repro on 2022/11/28 10:02

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in hfsplus_attr_bin_cmp_key+0xed/0x180 fs/hfsplus/attributes.c:42
 hfsplus_attr_bin_cmp_key+0xed/0x180 fs/hfsplus/attributes.c:42
 hfs_find_rec_by_key+0xac/0x240 fs/hfsplus/bfind.c:100
 __hfsplus_brec_find+0x27a/0x7d0 fs/hfsplus/bfind.c:135
 hfsplus_brec_find+0x46a/0x9d0 fs/hfsplus/bfind.c:195
 hfsplus_find_attr+0x308/0x380
 __hfsplus_getxattr+0x380/0xe50 fs/hfsplus/xattr.c:522
 hfsplus_getxattr+0x11f/0x1d0 fs/hfsplus/xattr.c:590
 hfsplus_security_getxattr+0x4f/0x60 fs/hfsplus/xattr_security.c:20
 __vfs_getxattr+0x7af/0x800 fs/xattr.c:425
 cap_inode_need_killpriv+0x52/0xb0 security/commoncap.c:301
 security_inode_need_killpriv+0x8f/0x140 security/security.c:1492
 dentry_needs_remove_privs+0xf7/0x220 fs/inode.c:1967
 do_truncate+0x123/0x2d0 fs/open.c:57
 handle_truncate fs/namei.c:3216 [inline]
 do_open fs/namei.c:3561 [inline]
 path_openat+0x4d7f/0x5710 fs/namei.c:3714
 do_filp_open+0x249/0x660 fs/namei.c:3741
 do_sys_openat2+0x1f0/0x910 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_compat_sys_openat fs/open.c:1386 [inline]
 __se_compat_sys_openat fs/open.c:1384 [inline]
 __ia32_compat_sys_openat+0x2a7/0x330 fs/open.c:1384
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:766 [inline]
 slab_alloc_node mm/slub.c:3452 [inline]
 __kmem_cache_alloc_node+0x71f/0xce0 mm/slub.c:3491
 __do_kmalloc_node mm/slab_common.c:967 [inline]
 __kmalloc+0x11d/0x3b0 mm/slab_common.c:981
 kmalloc include/linux/slab.h:584 [inline]
 hfsplus_find_init+0x8d/0x250 fs/hfsplus/bfind.c:21
 __hfsplus_getxattr+0x2d1/0xe50 fs/hfsplus/xattr.c:516
 hfsplus_getxattr+0x11f/0x1d0 fs/hfsplus/xattr.c:590
 hfsplus_security_getxattr+0x4f/0x60 fs/hfsplus/xattr_security.c:20
 __vfs_getxattr+0x7af/0x800 fs/xattr.c:425
 cap_inode_need_killpriv+0x52/0xb0 security/commoncap.c:301
 security_inode_need_killpriv+0x8f/0x140 security/security.c:1492
 dentry_needs_remove_privs+0xf7/0x220 fs/inode.c:1967
 do_truncate+0x123/0x2d0 fs/open.c:57
 handle_truncate fs/namei.c:3216 [inline]
 do_open fs/namei.c:3561 [inline]
 path_openat+0x4d7f/0x5710 fs/namei.c:3714
 do_filp_open+0x249/0x660 fs/namei.c:3741
 do_sys_openat2+0x1f0/0x910 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_compat_sys_openat fs/open.c:1386 [inline]
 __se_compat_sys_openat fs/open.c:1384 [inline]
 __ia32_compat_sys_openat+0x2a7/0x330 fs/open.c:1384
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

CPU: 1 PID: 17977 Comm: syz-executor.1 Not tainted 6.2.0-rc3-syzkaller-79343-ge919e2b1bc1c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
=====================================================

Crashes (5):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kmsan-gce-386 2023/01/16 02:02 https://github.com/google/kmsan.git master e919e2b1bc1c a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in hfsplus_attr_bin_cmp_key
ci-upstream-kmsan-gce-386 2023/01/08 01:11 https://github.com/google/kmsan.git master 5c6259d6d19f 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in hfsplus_attr_bin_cmp_key
ci-upstream-kmsan-gce-386 2023/01/08 01:11 https://github.com/google/kmsan.git master 5c6259d6d19f 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in hfsplus_attr_bin_cmp_key
ci-upstream-kmsan-gce-386 2022/12/03 14:59 https://github.com/google/kmsan.git master 49a9a20768f5 e080de16 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in hfsplus_attr_bin_cmp_key
ci-upstream-kmsan-gce-386 2022/11/28 01:00 https://github.com/google/kmsan.git master a472f15b3d1e 74a66371 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in hfsplus_attr_bin_cmp_key
* Struck through repros no longer work on HEAD.