Re: [syzbot] [hfs?] KMSAN: uninit-value in hfsplus_strcasecmp (2)

[syzbot <syzbot+d80abb5b890d39261e72@syzkaller.appspotmail.com>]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in hfsplus_strcasecmp

HFSPLUS_BREC_READ: rec_len=520, fd->entrylength=26
HFSPLUS_BREC_READ: WARNING - entrylength (26) < rec_len (520) - PARTIAL READ!
HFSPLUS_BREC_READ: Successfully read 26 bytes (expected 520)
=====================================================
BUG: KMSAN: uninit-value in case_fold fs/hfsplus/unicode.c:26 [inline]
BUG: KMSAN: uninit-value in hfsplus_strcasecmp+0x62a/0x970 fs/hfsplus/unicode.c:67
 case_fold fs/hfsplus/unicode.c:26 [inline]
 hfsplus_strcasecmp+0x62a/0x970 fs/hfsplus/unicode.c:67
 hfsplus_cat_case_cmp_key+0xb9/0x190 fs/hfsplus/catalog.c:26
 hfs_find_rec_by_key+0xae/0x250 fs/hfsplus/bfind.c:89
 __hfsplus_brec_find+0x274/0x850 fs/hfsplus/bfind.c:124
 hfsplus_brec_find+0x4ec/0xa10 fs/hfsplus/bfind.c:190
 hfsplus_find_cat+0x3b0/0x4f0 fs/hfsplus/catalog.c:220
 hfsplus_iget+0x815/0xc30 fs/hfsplus/super.c:96
 hfsplus_fill_super+0x1550/0x2580 fs/hfsplus/super.c:548
 get_tree_bdev_flags+0x6e6/0x920 fs/super.c:1691
 get_tree_bdev+0x38/0x50 fs/super.c:1714
 hfsplus_get_tree+0x35/0x40 fs/hfsplus/super.c:680
 vfs_get_tree+0xb3/0x5c0 fs/super.c:1751
 fc_mount fs/namespace.c:1199 [inline]
 do_new_mount_fc fs/namespace.c:3636 [inline]
 do_new_mount+0x879/0x1700 fs/namespace.c:3712
 path_mount+0x777/0x1fe0 fs/namespace.c:4022
 do_mount fs/namespace.c:4035 [inline]
 __do_sys_mount fs/namespace.c:4224 [inline]
 __se_sys_mount+0x6f7/0x7e0 fs/namespace.c:4201
 __x64_sys_mount+0xe4/0x150 fs/namespace.c:4201
 x64_sys_call+0x38cb/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 hfsplus_cat_build_key_uni fs/hfsplus/catalog.c:77 [inline]
 hfsplus_find_cat+0x356/0x4f0 fs/hfsplus/catalog.c:217
 hfsplus_iget+0x815/0xc30 fs/hfsplus/super.c:96
 hfsplus_fill_super+0x1550/0x2580 fs/hfsplus/super.c:548
 get_tree_bdev_flags+0x6e6/0x920 fs/super.c:1691
 get_tree_bdev+0x38/0x50 fs/super.c:1714
 hfsplus_get_tree+0x35/0x40 fs/hfsplus/super.c:680
 vfs_get_tree+0xb3/0x5c0 fs/super.c:1751
 fc_mount fs/namespace.c:1199 [inline]
 do_new_mount_fc fs/namespace.c:3636 [inline]
 do_new_mount+0x879/0x1700 fs/namespace.c:3712
 path_mount+0x777/0x1fe0 fs/namespace.c:4022
 do_mount fs/namespace.c:4035 [inline]
 __do_sys_mount fs/namespace.c:4224 [inline]
 __se_sys_mount+0x6f7/0x7e0 fs/namespace.c:4201
 __x64_sys_mount+0xe4/0x150 fs/namespace.c:4201
 x64_sys_call+0x38cb/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable tmp created at:
 hfsplus_find_cat+0x43/0x4f0 fs/hfsplus/catalog.c:197
 hfsplus_iget+0x815/0xc30 fs/hfsplus/super.c:96

CPU: 1 UID: 0 PID: 6576 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
=====================================================


Tested on:

commit:         a66191c5 Merge tag 'hyperv-fixes-signed-20260121' of g..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12e48452580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=62c21fde37118981
dashboard link: https://syzkaller.appspot.com/bug?extid=d80abb5b890d39261e72
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=14150bfa580000