From: syzbot <syzbot+c6d8e1bffb0970780d5c@syzkaller.appspotmail.com>
To: glider@google.com, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [hfs?] KMSAN: uninit-value in hfsplus_attr_bin_cmp_key
Date: Sun, 03 Mar 2024 07:51:14 -0800 [thread overview]
Message-ID: <00000000000037444e0612c39434@google.com> (raw)
In-Reply-To: <000000000000d60fa905ee84ff8d@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: 04b8076df253 Merge tag 'firewire-fixes-6.8-rc7' of git://g..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=175aa96a180000
kernel config: https://syzkaller.appspot.com/x/.config?x=80c7a82a572c0de3
dashboard link: https://syzkaller.appspot.com/bug?extid=c6d8e1bffb0970780d5c
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=173516ee180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12fd7bba180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a4610b1ff2a7/disk-04b8076d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/991e9d902d39/vmlinux-04b8076d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a5b8e8e98121/bzImage-04b8076d.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/111a30273774/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c6d8e1bffb0970780d5c@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 1024
=====================================================
BUG: KMSAN: uninit-value in hfsplus_attr_bin_cmp_key+0xf1/0x190 fs/hfsplus/attributes.c:42
hfsplus_attr_bin_cmp_key+0xf1/0x190 fs/hfsplus/attributes.c:42
hfs_find_rec_by_key+0xb0/0x240 fs/hfsplus/bfind.c:100
__hfsplus_brec_find+0x26b/0x7b0 fs/hfsplus/bfind.c:135
hfsplus_brec_find+0x445/0x970 fs/hfsplus/bfind.c:195
hfsplus_find_attr+0x30c/0x390
hfsplus_attr_exists+0x1c6/0x260 fs/hfsplus/attributes.c:182
__hfsplus_setxattr+0x510/0x3580 fs/hfsplus/xattr.c:336
hfsplus_setxattr+0x129/0x1e0 fs/hfsplus/xattr.c:434
hfsplus_trusted_setxattr+0x55/0x70 fs/hfsplus/xattr_trusted.c:30
__vfs_setxattr+0x7aa/0x8b0 fs/xattr.c:201
__vfs_setxattr_noperm+0x24f/0xa30 fs/xattr.c:235
__vfs_setxattr_locked+0x441/0x480 fs/xattr.c:296
vfs_setxattr+0x294/0x650 fs/xattr.c:322
do_setxattr fs/xattr.c:630 [inline]
setxattr+0x45f/0x540 fs/xattr.c:653
path_setxattr+0x1f5/0x3c0 fs/xattr.c:672
__do_sys_setxattr fs/xattr.c:688 [inline]
__se_sys_setxattr fs/xattr.c:684 [inline]
__x64_sys_setxattr+0xf7/0x180 fs/xattr.c:684
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3819 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
__do_kmalloc_node mm/slub.c:3980 [inline]
__kmalloc+0x919/0xf80 mm/slub.c:3994
kmalloc include/linux/slab.h:594 [inline]
hfsplus_find_init+0x91/0x250 fs/hfsplus/bfind.c:21
hfsplus_attr_exists+0xde/0x260 fs/hfsplus/attributes.c:178
__hfsplus_setxattr+0x510/0x3580 fs/hfsplus/xattr.c:336
hfsplus_setxattr+0x129/0x1e0 fs/hfsplus/xattr.c:434
hfsplus_trusted_setxattr+0x55/0x70 fs/hfsplus/xattr_trusted.c:30
__vfs_setxattr+0x7aa/0x8b0 fs/xattr.c:201
__vfs_setxattr_noperm+0x24f/0xa30 fs/xattr.c:235
__vfs_setxattr_locked+0x441/0x480 fs/xattr.c:296
vfs_setxattr+0x294/0x650 fs/xattr.c:322
do_setxattr fs/xattr.c:630 [inline]
setxattr+0x45f/0x540 fs/xattr.c:653
path_setxattr+0x1f5/0x3c0 fs/xattr.c:672
__do_sys_setxattr fs/xattr.c:688 [inline]
__se_sys_setxattr fs/xattr.c:684 [inline]
__x64_sys_setxattr+0xf7/0x180 fs/xattr.c:684
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
CPU: 0 PID: 5013 Comm: syz-executor247 Not tainted 6.8.0-rc6-syzkaller-00250-g04b8076df253 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
=====================================================
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
next prev parent reply other threads:[~2024-03-03 15:51 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-28 10:04 [syzbot] KMSAN: uninit-value in hfsplus_attr_bin_cmp_key syzbot
2024-03-03 15:51 ` syzbot [this message]
2024-03-04 5:33 ` [PATCH] hfsplus: fix " Edward Adam Davis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000037444e0612c39434@google.com \
--to=syzbot+c6d8e1bffb0970780d5c@syzkaller.appspotmail.com \
--cc=glider@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).