syzbot

 sign-in | mailing list | source | docs
🐞 Open [1161] 🐞 Fixed [4314] 🐞 Invalid [9650] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in btrfs_clean_tree_block (2)

Status: upstream: reported on 2021/11/20 10:47
Reported-by: syzbot+fba8e2116a12609b6c59@syzkaller.appspotmail.com
Fix commit: cbddcc4fa344 btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 442d, last: 11h28m
similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in btrfs_clean_tree_block 18531 544d 865d 0/24 auto-closed as invalid on 2021/11/04 13:33
upstream KMSAN: uninit-value in aes_encrypt (4) C 6 69d 874d 0/24 upstream: reported C repro on 2020/09/10 14:09
upstream KMSAN: uninit-value in post_read_mst_fixup 199 366d 806d 0/24 auto-closed as invalid on 2022/05/31 07:12
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) btrfs ntfs3 erofs udf C 135779 1h11m 329d 23/24 internal: reported C repro on 2022/03/09 07:32
upstream KMSAN: uninit-value in __crc32c_le_base (2) C 3133 7h26m 1011d 0/24 upstream: reported C repro on 2020/04/26 06:08

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in btrfs_clean_tree_block+0x245/0x2d0 fs/btrfs/disk-io.c:959
 btrfs_clean_tree_block+0x245/0x2d0 fs/btrfs/disk-io.c:959
 btrfs_init_new_buffer fs/btrfs/extent-tree.c:4899 [inline]
 btrfs_alloc_tree_block+0x800/0x1ea0 fs/btrfs/extent-tree.c:4976
 __btrfs_cow_block+0x580/0x1cd0 fs/btrfs/ctree.c:417
 btrfs_cow_block+0x7ca/0x9d0 fs/btrfs/ctree.c:572
 commit_cowonly_roots+0x1b2/0x1110 fs/btrfs/transaction.c:1285
 btrfs_commit_transaction+0x2241/0x5980 fs/btrfs/transaction.c:2366
 btrfs_commit_super+0x138/0x180 fs/btrfs/disk-io.c:4426
 close_ctree+0x377/0x9f1 fs/btrfs/disk-io.c:4550
 btrfs_put_super+0x38/0x50 fs/btrfs/super.c:392
 generic_shutdown_super+0x184/0x570 fs/super.c:491
 kill_anon_super+0x39/0x70 fs/super.c:1085
 btrfs_kill_super+0x39/0x60 fs/btrfs/super.c:2440
 deactivate_locked_super+0xb1/0x120 fs/super.c:332
 deactivate_super+0x13a/0x150 fs/super.c:363
 cleanup_mnt+0x703/0x780 fs/namespace.c:1186
 __cleanup_mnt+0x1e/0x30 fs/namespace.c:1193
 task_work_run+0x13c/0x280 kernel/task_work.c:177
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0x2a9/0x320 kernel/entry/common.c:171
 exit_to_user_mode_prepare+0x16e/0x220 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x23/0x40 kernel/entry/common.c:296
 __do_fast_syscall_32+0xb1/0x100 arch/x86/entry/common.c:181
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

Uninit was created at:
 __alloc_pages+0x9f1/0xe80 mm/page_alloc.c:5556
 alloc_pages+0xaae/0xd80 mm/mempolicy.c:2270
 folio_alloc+0x3e/0x120 mm/mempolicy.c:2280
 filemap_alloc_folio mm/filemap.c:970 [inline]
 __filemap_get_folio+0xe59/0x1b00 mm/filemap.c:1970
 pagecache_get_page+0x4a/0x4d0 mm/folio-compat.c:104
 find_or_create_page include/linux/pagemap.h:613 [inline]
 alloc_extent_buffer+0x731/0x2770 fs/btrfs/extent_io.c:6207
 btrfs_find_create_tree_block+0x42/0x50 fs/btrfs/disk-io.c:920
 btrfs_init_new_buffer fs/btrfs/extent-tree.c:4860 [inline]
 btrfs_alloc_tree_block+0x36d/0x1ea0 fs/btrfs/extent-tree.c:4976
 __btrfs_cow_block+0x580/0x1cd0 fs/btrfs/ctree.c:417
 btrfs_cow_block+0x7ca/0x9d0 fs/btrfs/ctree.c:572
 commit_cowonly_roots+0x1b2/0x1110 fs/btrfs/transaction.c:1285
 btrfs_commit_transaction+0x2241/0x5980 fs/btrfs/transaction.c:2366
 btrfs_commit_super+0x138/0x180 fs/btrfs/disk-io.c:4426
 close_ctree+0x377/0x9f1 fs/btrfs/disk-io.c:4550
 btrfs_put_super+0x38/0x50 fs/btrfs/super.c:392
 generic_shutdown_super+0x184/0x570 fs/super.c:491
 kill_anon_super+0x39/0x70 fs/super.c:1085
 btrfs_kill_super+0x39/0x60 fs/btrfs/super.c:2440
 deactivate_locked_super+0xb1/0x120 fs/super.c:332
 deactivate_super+0x13a/0x150 fs/super.c:363
 cleanup_mnt+0x703/0x780 fs/namespace.c:1186
 __cleanup_mnt+0x1e/0x30 fs/namespace.c:1193
 task_work_run+0x13c/0x280 kernel/task_work.c:177
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0x2a9/0x320 kernel/entry/common.c:171
 exit_to_user_mode_prepare+0x16e/0x220 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x23/0x40 kernel/entry/common.c:296
 __do_fast_syscall_32+0xb1/0x100 arch/x86/entry/common.c:181
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

CPU: 0 PID: 3511 Comm: syz-executor.3 Not tainted 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
=====================================================

Crashes (15013):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kmsan-gce-386 2022/10/25 05:07 https://github.com/google/kmsan.git master 968c2729e576 ff2fe65d .config console log report info [disk image] [vmlinux] KMSAN: uninit-value in btrfs_clean_tree_block
ci-upstream-kmsan-gce-386 2021/11/20 06:45 https://github.com/google/kmsan.git master 412af9cd936d 3a9d0024 .config console log report info KMSAN: uninit-value in btrfs_clean_tree_block
ci-upstream-kmsan-gce-386 2021/11/16 10:38 https://github.com/google/kmsan.git master 386004877847 600426bd .config console log report info KMSAN: uninit-value in btrfs_clean_tree_block
ci-upstream-kmsan-gce-386 2021/11/16 10:28 https://github.com/google/kmsan.git master 386004877847 600426bd .config console log report info KMSAN: uninit-value in btrfs_clean_tree_block
ci-upstream-kmsan-gce-386 2023/02/01 04:31 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/02/01 02:44 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in post_read_mst_fixup
ci-upstream-kmsan-gce-386 2023/01/31 22:39 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/31 19:44 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/31 14:11 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/31 09:30 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/31 01:37 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/30 23:24 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/30 13:46 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/30 11:25 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/30 05:56 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/30 04:39 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/29 20:23 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/29 19:17 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/29 18:15 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 23:39 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 20:14 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 18:26 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 14:22 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 13:03 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 11:53 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 10:47 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 09:19 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 08:21 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 06:31 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 05:17 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 04:13 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/28 02:03 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 21:42 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 20:42 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 19:37 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 18:42 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 17:41 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 16:09 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 14:38 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in post_read_mst_fixup
ci-upstream-kmsan-gce-386 2023/01/27 11:44 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 08:21 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 07:00 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 06:38 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 05:27 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/27 02:24 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in post_read_mst_fixup
ci-upstream-kmsan-gce-386 2023/01/27 00:58 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/26 23:56 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/26 22:40 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in nilfs_add_checksums_on_logs
ci-upstream-kmsan-gce-386 2023/01/20 03:56 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in ima_add_template_entry
* Struck through repros no longer work on HEAD.