From: syzbot <syzbot+b4a84825ea149bb99bfc@syzkaller.appspotmail.com>
To: cem@kernel.org, linux-kernel@vger.kernel.org,
linux-xfs@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: [syzbot] [xfs?] KMSAN: uninit-value in xfs_dialloc_ag_inobt
Date: Wed, 23 Apr 2025 19:02:26 -0700 [thread overview]
Message-ID: <68099bb2.050a0220.10d98e.0005.GAE@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 8560697b23dc Merge tag '6.15-rc2-smb3-client-fixes' of git..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11d3dfe4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a27b81e0cf56c60b
dashboard link: https://syzkaller.appspot.com/bug?extid=b4a84825ea149bb99bfc
compiler: Debian clang version 15.0.6, Debian LLD 15.0.6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/03806cf4a3af/disk-8560697b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6d86507d5b30/vmlinux-8560697b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f5f2020007a8/bzImage-8560697b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b4a84825ea149bb99bfc@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: uninit-value in xfs_dialloc_ag_inobt+0x99b/0x2550 fs/xfs/libxfs/xfs_ialloc.c:1173
xfs_dialloc_ag_inobt+0x99b/0x2550 fs/xfs/libxfs/xfs_ialloc.c:1173
xfs_dialloc_ag fs/xfs/libxfs/xfs_ialloc.c:1585 [inline]
xfs_dialloc_try_ag fs/xfs/libxfs/xfs_ialloc.c:1835 [inline]
xfs_dialloc+0x14c4/0x3470 fs/xfs/libxfs/xfs_ialloc.c:1945
xfs_create_tmpfile+0x496/0x12c0 fs/xfs/xfs_inode.c:827
xfs_generic_create+0x65c/0x1610 fs/xfs/xfs_iops.c:227
xfs_vn_tmpfile+0x6b/0x140 fs/xfs/xfs_iops.c:1194
vfs_tmpfile+0x5e4/0xe40 fs/namei.c:3896
do_tmpfile+0x19d/0x460 fs/namei.c:3961
path_openat+0x4837/0x6280 fs/namei.c:3995
do_filp_open+0x26b/0x610 fs/namei.c:4031
io_openat2+0x5d5/0xa50 io_uring/openclose.c:140
io_openat+0x35/0x40 io_uring/openclose.c:177
__io_issue_sqe io_uring/io_uring.c:1734 [inline]
io_issue_sqe+0x394/0x1de0 io_uring/io_uring.c:1753
io_wq_submit_work+0xaf8/0xde0 io_uring/io_uring.c:1868
io_worker_handle_work+0xc4d/0x2090 io_uring/io-wq.c:615
io_wq_worker+0x403/0x1470 io_uring/io-wq.c:669
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Uninit was stored to memory at:
xfs_dialloc_ag_inobt+0x1cc1/0x2550 fs/xfs/libxfs/xfs_ialloc.c:1227
xfs_dialloc_ag fs/xfs/libxfs/xfs_ialloc.c:1585 [inline]
xfs_dialloc_try_ag fs/xfs/libxfs/xfs_ialloc.c:1835 [inline]
xfs_dialloc+0x14c4/0x3470 fs/xfs/libxfs/xfs_ialloc.c:1945
xfs_create_tmpfile+0x496/0x12c0 fs/xfs/xfs_inode.c:827
xfs_generic_create+0x65c/0x1610 fs/xfs/xfs_iops.c:227
xfs_vn_tmpfile+0x6b/0x140 fs/xfs/xfs_iops.c:1194
vfs_tmpfile+0x5e4/0xe40 fs/namei.c:3896
do_tmpfile+0x19d/0x460 fs/namei.c:3961
path_openat+0x4837/0x6280 fs/namei.c:3995
do_filp_open+0x26b/0x610 fs/namei.c:4031
io_openat2+0x5d5/0xa50 io_uring/openclose.c:140
io_openat+0x35/0x40 io_uring/openclose.c:177
__io_issue_sqe io_uring/io_uring.c:1734 [inline]
io_issue_sqe+0x394/0x1de0 io_uring/io_uring.c:1753
io_wq_submit_work+0xaf8/0xde0 io_uring/io_uring.c:1868
io_worker_handle_work+0xc4d/0x2090 io_uring/io-wq.c:615
io_wq_worker+0x403/0x1470 io_uring/io-wq.c:669
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Local variable trec created at:
xfs_dialloc_ag_inobt+0x139/0x2550 fs/xfs/libxfs/xfs_ialloc.c:1101
xfs_dialloc_ag fs/xfs/libxfs/xfs_ialloc.c:1585 [inline]
xfs_dialloc_try_ag fs/xfs/libxfs/xfs_ialloc.c:1835 [inline]
xfs_dialloc+0x14c4/0x3470 fs/xfs/libxfs/xfs_ialloc.c:1945
CPU: 1 UID: 0 PID: 7854 Comm: iou-wrk-7829 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(undef)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
next reply other threads:[~2025-04-24 2:02 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-24 2:02 syzbot [this message]
2025-04-24 8:59 ` syztest Arnaud Lecomte
2025-04-24 8:59 ` syztest syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=68099bb2.050a0220.10d98e.0005.GAE@google.com \
--to=syzbot+b4a84825ea149bb99bfc@syzkaller.appspotmail.com \
--cc=cem@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.