* Re: [syzbot] [tomoyo?] KMSAN: uninit-value in tomoyo_path_chown (3) [not found] <6a325dbd.dc986f81.2c135.0008.GAE@google.com> @ 2026-06-27 5:43 ` Tetsuo Handa 2026-06-27 5:44 ` syzbot 0 siblings, 1 reply; 2+ messages in thread From: Tetsuo Handa @ 2026-06-27 5:43 UTC (permalink / raw) To: syzbot, syzkaller-bugs Cc: jmorris, linux-kernel, linux-security-module, paul, serge, takedakn, linux-fsdevel On 2026/06/17 17:41, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 2b414a95b8f7 Merge tag 's390-7.1-5' of git://git.kernel.or.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=12cff156580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=a0ca3b8cb3875012 > dashboard link: https://syzkaller.appspot.com/bug?extid=eaae8fa60ce81f1e4eeb > compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8 > > Unfortunately, I don't have any reproducer for this issue yet. > The AI's analysis In this case, `chown_common()` skips setting `newattrs.ia_vfsuid` and `newattrs.ia_vfsgid`. at https://syzkaller.appspot.com/ai_job?id=abea5dd9-2a6e-4669-a927-d87ef7833666 is wrong. We always set newattrs.ia_vfsuid and newattrs.ia_vfsgid before checking for -1. retry_deleg: newattrs.ia_vfsuid = INVALID_VFSUID; newattrs.ia_vfsgid = INVALID_VFSGID; newattrs.ia_valid = ATTR_CTIME; if ((user != (uid_t)-1) && !setattr_vfsuid(&newattrs, uid)) return -EINVAL; if ((group != (gid_t)-1) && !setattr_vfsgid(&newattrs, gid)) return -EINVAL; Therefore, unless VFS people find something that can cause this problem, this would be a random memory corruption which confused KMSAN. #syz set subsystems: unclassified #syz set no-reminders ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [syzbot] [tomoyo?] KMSAN: uninit-value in tomoyo_path_chown (3) 2026-06-27 5:43 ` [syzbot] [tomoyo?] KMSAN: uninit-value in tomoyo_path_chown (3) Tetsuo Handa @ 2026-06-27 5:44 ` syzbot 0 siblings, 0 replies; 2+ messages in thread From: syzbot @ 2026-06-27 5:44 UTC (permalink / raw) To: penguin-kernel Cc: jmorris, linux-fsdevel, linux-kernel, linux-security-module, paul, penguin-kernel, serge, syzkaller-bugs, takedakn > On 2026/06/17 17:41, syzbot wrote: >> Hello, >> >> syzbot found the following issue on: >> >> HEAD commit: 2b414a95b8f7 Merge tag 's390-7.1-5' of git://git.kernel.or.. >> git tree: upstream >> console output: https://syzkaller.appspot.com/x/log.txt?x=12cff156580000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=a0ca3b8cb3875012 >> dashboard link: https://syzkaller.appspot.com/bug?extid=eaae8fa60ce81f1e4eeb >> compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8 >> >> Unfortunately, I don't have any reproducer for this issue yet. >> > > The AI's analysis > > In this case, `chown_common()` skips setting `newattrs.ia_vfsuid` and `newattrs.ia_vfsgid`. > > at https://syzkaller.appspot.com/ai_job?id=abea5dd9-2a6e-4669-a927-d87ef7833666 is wrong. > We always set newattrs.ia_vfsuid and newattrs.ia_vfsgid before checking for -1. > > retry_deleg: > newattrs.ia_vfsuid = INVALID_VFSUID; > newattrs.ia_vfsgid = INVALID_VFSGID; > newattrs.ia_valid = ATTR_CTIME; > if ((user != (uid_t)-1) && !setattr_vfsuid(&newattrs, uid)) > return -EINVAL; > if ((group != (gid_t)-1) && !setattr_vfsgid(&newattrs, gid)) > return -EINVAL; > > Therefore, unless VFS people find something that can cause this problem, > this would be a random memory corruption which confused KMSAN. > > #syz set subsystems: unclassified > > #syz set no-reminders > Command #1: The specified label value is incorrect. "unclassified" is not among the allowed values. Please use one of the supported label values. The following labels are suported: actionable, missing-backport, no-reminders, prio: {low, normal, high}, subsystems: {.. see below ..} The list of subsystems: https://syzkaller.appspot.com/upstream/subsystems?all=true ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-06-27 5:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <6a325dbd.dc986f81.2c135.0008.GAE@google.com>
2026-06-27 5:43 ` [syzbot] [tomoyo?] KMSAN: uninit-value in tomoyo_path_chown (3) Tetsuo Handa
2026-06-27 5:44 ` syzbot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox