* [syzbot] KMSAN: uninit-value in reiserfs_new_inode (2)
@ 2022-11-24 6:39 syzbot
2023-12-25 17:30 ` [syzbot] [reiserfs?] " syzbot
0 siblings, 1 reply; 5+ messages in thread
From: syzbot @ 2022-11-24 6:39 UTC (permalink / raw)
To: brauner, damien.lemoal, edward.shishkin, glider, jack, jlayton,
linuszeng, linux-kernel, reiserfs-devel, syzkaller-bugs, willy
Hello,
syzbot found the following issue on:
HEAD commit: ddce02aa9c40 net: kmsan: check sk_buffs passed to __netdev..
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=1200559b880000
kernel config: https://syzkaller.appspot.com/x/.config?x=1429f86b132e6d40
dashboard link: https://syzkaller.appspot.com/bug?extid=6450929faa7a97cd42d1
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project.git 610139d2d9ce6746b3c617fb3e2f7886272d26ff), GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: i386
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/40435685a7d7/disk-ddce02aa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4960172e71de/vmlinux-ddce02aa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5d91bc515d95/bzImage-ddce02aa.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6450929faa7a97cd42d1@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: uninit-value in reiserfs_new_inode+0x193a/0x24e0 fs/reiserfs/inode.c:2050
reiserfs_new_inode+0x193a/0x24e0 fs/reiserfs/inode.c:2050
reiserfs_create+0x738/0xe60 fs/reiserfs/namei.c:668
lookup_open fs/namei.c:3413 [inline]
open_last_lookups fs/namei.c:3481 [inline]
path_openat+0x28e9/0x5600 fs/namei.c:3710
do_filp_open+0x249/0x660 fs/namei.c:3740
do_sys_openat2+0x1f0/0x910 fs/open.c:1310
do_sys_open fs/open.c:1326 [inline]
__do_sys_creat fs/open.c:1402 [inline]
__se_sys_creat fs/open.c:1396 [inline]
__ia32_sys_creat+0xed/0x160 fs/open.c:1396
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
entry_SYSENTER_compat_after_hwframe+0x70/0x82
Uninit was created at:
__alloc_pages+0x9f1/0xe80 mm/page_alloc.c:5578
alloc_pages+0xaae/0xd80 mm/mempolicy.c:2285
alloc_slab_page mm/slub.c:1794 [inline]
allocate_slab+0x1b5/0x1010 mm/slub.c:1939
new_slab mm/slub.c:1992 [inline]
___slab_alloc+0x10c3/0x2d60 mm/slub.c:3180
__slab_alloc mm/slub.c:3279 [inline]
slab_alloc_node mm/slub.c:3364 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc_lru+0x6f3/0xb30 mm/slub.c:3429
alloc_inode_sb include/linux/fs.h:3117 [inline]
reiserfs_alloc_inode+0x5e/0x140 fs/reiserfs/super.c:642
alloc_inode+0x83/0x440 fs/inode.c:259
iget5_locked+0xa5/0x200 fs/inode.c:1241
reiserfs_fill_super+0x212b/0x3a00 fs/reiserfs/super.c:2053
mount_bdev+0x508/0x840 fs/super.c:1401
get_super_block+0x49/0x60 fs/reiserfs/super.c:2601
legacy_get_tree+0x10c/0x280 fs/fs_context.c:610
vfs_get_tree+0xa1/0x500 fs/super.c:1531
do_new_mount+0x694/0x1580 fs/namespace.c:3040
path_mount+0x71a/0x1eb0 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount+0x734/0x840 fs/namespace.c:3568
__ia32_sys_mount+0xdf/0x140 fs/namespace.c:3568
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
entry_SYSENTER_compat_after_hwframe+0x70/0x82
CPU: 0 PID: 3857 Comm: syz-executor.2 Not tainted 6.1.0-rc6-syzkaller-63553-gddce02aa9c40 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [syzbot] [reiserfs?] KMSAN: uninit-value in reiserfs_new_inode (2)
2022-11-24 6:39 [syzbot] KMSAN: uninit-value in reiserfs_new_inode (2) syzbot
@ 2023-12-25 17:30 ` syzbot
2023-12-31 0:24 ` Edward Adam Davis
2023-12-31 1:04 ` [PATCH] reiserfs: fix uninit-value in reiserfs_new_inode Edward Adam Davis
0 siblings, 2 replies; 5+ messages in thread
From: syzbot @ 2023-12-25 17:30 UTC (permalink / raw)
To: brauner, damien.lemoal, edward.shishkin, glider, jack, jlayton,
linuszeng, linux-fsdevel, linux-kernel, reiserfs-devel,
syzkaller-bugs, willy
syzbot has found a reproducer for the following issue on:
HEAD commit: 861deac3b092 Linux 6.7-rc7
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=12057ecee80000
kernel config: https://syzkaller.appspot.com/x/.config?x=e0c7078a6b901aa3
dashboard link: https://syzkaller.appspot.com/bug?extid=6450929faa7a97cd42d1
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14836ca1e80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=159e1e16e80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0ea60ee8ed32/disk-861deac3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6d69fdc33021/vmlinux-861deac3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f0158750d452/bzImage-861deac3.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/dcd887118b46/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6450929faa7a97cd42d1@syzkaller.appspotmail.com
REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
=====================================================
BUG: KMSAN: uninit-value in reiserfs_new_inode+0x16cd/0x20f0 fs/reiserfs/inode.c:2044
reiserfs_new_inode+0x16cd/0x20f0 fs/reiserfs/inode.c:2044
reiserfs_create+0x674/0xcb0 fs/reiserfs/namei.c:666
xattr_create fs/reiserfs/xattr.c:70 [inline]
xattr_lookup+0x3ee/0x5e0 fs/reiserfs/xattr.c:413
reiserfs_xattr_set_handle+0xe7/0x21b0 fs/reiserfs/xattr.c:535
reiserfs_xattr_set+0x670/0x7f0 fs/reiserfs/xattr.c:635
trusted_set+0x112/0x190 fs/reiserfs/xattr_trusted.c:31
__vfs_setxattr+0x7aa/0x8b0 fs/xattr.c:201
__vfs_setxattr_noperm+0x24f/0xa30 fs/xattr.c:235
__vfs_setxattr_locked+0x441/0x480 fs/xattr.c:296
vfs_setxattr+0x294/0x650 fs/xattr.c:322
do_setxattr fs/xattr.c:630 [inline]
setxattr+0x45f/0x540 fs/xattr.c:653
path_setxattr+0x1f5/0x3c0 fs/xattr.c:672
__do_sys_setxattr fs/xattr.c:688 [inline]
__se_sys_setxattr fs/xattr.c:684 [inline]
__x64_sys_setxattr+0xf7/0x180 fs/xattr.c:684
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
__alloc_pages+0x9a4/0xe00 mm/page_alloc.c:4591
alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133
alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204
alloc_slab_page mm/slub.c:1870 [inline]
allocate_slab mm/slub.c:2017 [inline]
new_slab+0x421/0x1570 mm/slub.c:2070
___slab_alloc+0x13db/0x33d0 mm/slub.c:3223
__slab_alloc mm/slub.c:3322 [inline]
__slab_alloc_node mm/slub.c:3375 [inline]
slab_alloc_node mm/slub.c:3468 [inline]
slab_alloc mm/slub.c:3486 [inline]
__kmem_cache_alloc_lru mm/slub.c:3493 [inline]
kmem_cache_alloc_lru+0x552/0x970 mm/slub.c:3509
alloc_inode_sb include/linux/fs.h:2937 [inline]
reiserfs_alloc_inode+0x62/0x150 fs/reiserfs/super.c:642
alloc_inode+0x83/0x440 fs/inode.c:261
iget5_locked+0xa9/0x210 fs/inode.c:1271
reiserfs_fill_super+0x2109/0x39d0 fs/reiserfs/super.c:2053
mount_bdev+0x3d7/0x560 fs/super.c:1650
get_super_block+0x4d/0x60 fs/reiserfs/super.c:2601
legacy_get_tree+0x110/0x290 fs/fs_context.c:662
vfs_get_tree+0xa5/0x520 fs/super.c:1771
do_new_mount+0x68d/0x1550 fs/namespace.c:3337
path_mount+0x73d/0x1f20 fs/namespace.c:3664
do_mount fs/namespace.c:3677 [inline]
__do_sys_mount fs/namespace.c:3886 [inline]
__se_sys_mount+0x725/0x810 fs/namespace.c:3863
__x64_sys_mount+0xe4/0x140 fs/namespace.c:3863
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
CPU: 1 PID: 5006 Comm: syz-executor185 Not tainted 6.7.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
=====================================================
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [syzbot] [reiserfs?] KMSAN: uninit-value in reiserfs_new_inode (2)
2023-12-25 17:30 ` [syzbot] [reiserfs?] " syzbot
@ 2023-12-31 0:24 ` Edward Adam Davis
2023-12-31 0:51 ` syzbot
2023-12-31 1:04 ` [PATCH] reiserfs: fix uninit-value in reiserfs_new_inode Edward Adam Davis
1 sibling, 1 reply; 5+ messages in thread
From: Edward Adam Davis @ 2023-12-31 0:24 UTC (permalink / raw)
To: syzbot+6450929faa7a97cd42d1; +Cc: linux-kernel, syzkaller-bugs
please test uninit-value in reiserfs_new_inode
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 861deac3b092
diff --git a/fs/reiserfs/namei.c b/fs/reiserfs/namei.c
index 994d6e6995ab..3a824fb170d5 100644
--- a/fs/reiserfs/namei.c
+++ b/fs/reiserfs/namei.c
@@ -638,6 +638,10 @@ static int reiserfs_create(struct mnt_idmap *idmap, struct inode *dir,
if (retval)
return retval;
+#ifdef DISPLACE_NEW_PACKING_LOCALITIES
+ REISERFS_I(dir)->new_packing_locality = 0;
+#endif
+
if (!(inode = new_inode(dir->i_sb))) {
return -ENOMEM;
}
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH] reiserfs: fix uninit-value in reiserfs_new_inode
2023-12-25 17:30 ` [syzbot] [reiserfs?] " syzbot
2023-12-31 0:24 ` Edward Adam Davis
@ 2023-12-31 1:04 ` Edward Adam Davis
1 sibling, 0 replies; 5+ messages in thread
From: Edward Adam Davis @ 2023-12-31 1:04 UTC (permalink / raw)
To: syzbot+6450929faa7a97cd42d1
Cc: brauner, damien.lemoal, edward.shishkin, glider, jack, jlayton,
linuszeng, linux-fsdevel, linux-kernel, reiserfs-devel,
syzkaller-bugs, willy
Before creating a new inode, it is necessary to initialize the "new packing
locality" tag of the dir.
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
---
fs/reiserfs/namei.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/reiserfs/namei.c b/fs/reiserfs/namei.c
index 994d6e6995ab..3a824fb170d5 100644
--- a/fs/reiserfs/namei.c
+++ b/fs/reiserfs/namei.c
@@ -638,6 +638,10 @@ static int reiserfs_create(struct mnt_idmap *idmap, struct inode *dir,
if (retval)
return retval;
+#ifdef DISPLACE_NEW_PACKING_LOCALITIES
+ REISERFS_I(dir)->new_packing_locality = 0;
+#endif
+
if (!(inode = new_inode(dir->i_sb))) {
return -ENOMEM;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-12-31 1:10 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-24 6:39 [syzbot] KMSAN: uninit-value in reiserfs_new_inode (2) syzbot
2023-12-25 17:30 ` [syzbot] [reiserfs?] " syzbot
2023-12-31 0:24 ` Edward Adam Davis
2023-12-31 0:51 ` syzbot
2023-12-31 1:04 ` [PATCH] reiserfs: fix uninit-value in reiserfs_new_inode Edward Adam Davis
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.