[syzbot] [ntfs3?] KMSAN: uninit-value in longest_match_std (2)

[syzbot] [ntfs3?] KMSAN: uninit-value in longest_match_std (2)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    610a9b8f49fb Linux 6.7-rc8
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=11a0f711e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=e51fe20c3e51ba7f
dashboard link: https://syzkaller.appspot.com/bug?extid=08d8956768c96a2c52cf
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=141f845ee80000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1413cf11e80000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/28ecdd56de1e/disk-610a9b8f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3c5afc17c174/vmlinux-610a9b8f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/96ff79b2992d/bzImage-610a9b8f.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/689e00cd89ff/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+08d8956768c96a2c52cf@syzkaller.appspotmail.com

ntfs3: loop0: Failed to initialize $Extend/$ObjId.
=====================================================
BUG: KMSAN: uninit-value in longest_match_std+0x5d9/0xe00 fs/ntfs3/lznt.c:60
 longest_match_std+0x5d9/0xe00 fs/ntfs3/lznt.c:60
 compress_chunk fs/ntfs3/lznt.c:170 [inline]
 compress_lznt+0x41b/0xef0 fs/ntfs3/lznt.c:336
 ni_write_frame+0xf89/0x1c80 fs/ntfs3/frecord.c:2839
 ntfs_compress_write+0x2521/0x3b70 fs/ntfs3/file.c:995
 ntfs_file_write_iter+0x89b/0xd30 fs/ntfs3/file.c:1081
 call_write_iter include/linux/fs.h:2020 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x8ef/0x1490 fs/read_write.c:584
 ksys_write+0x20f/0x4c0 fs/read_write.c:637
 __do_sys_write fs/read_write.c:649 [inline]
 __se_sys_write fs/read_write.c:646 [inline]
 __x64_sys_write+0x93/0xd0 fs/read_write.c:646
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was created at:
 __alloc_pages+0x9a4/0xe00 mm/page_alloc.c:4591
 alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133
 alloc_pages mm/mempolicy.c:2204 [inline]
 folio_alloc+0x1da/0x380 mm/mempolicy.c:2211
 filemap_alloc_folio+0xa5/0x430 mm/filemap.c:974
 __filemap_get_folio+0xa5a/0x1760 mm/filemap.c:1918
 pagecache_get_page+0x4a/0x1a0 mm/folio-compat.c:99
 find_or_create_page include/linux/pagemap.h:740 [inline]
 ntfs_get_frame_pages+0xdc/0x9f0 fs/ntfs3/file.c:794
 ntfs_compress_write+0x1b0b/0x3b70 fs/ntfs3/file.c:944
 ntfs_file_write_iter+0x89b/0xd30 fs/ntfs3/file.c:1081
 call_write_iter include/linux/fs.h:2020 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x8ef/0x1490 fs/read_write.c:584
 ksys_write+0x20f/0x4c0 fs/read_write.c:637
 __do_sys_write fs/read_write.c:649 [inline]
 __se_sys_write fs/read_write.c:646 [inline]
 __x64_sys_write+0x93/0xd0 fs/read_write.c:646
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

CPU: 0 PID: 4999 Comm: syz-executor227 Not tainted 6.7.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
=====================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [PATCH] fs/ntfs3: Fix KMSAN warning in longest_match_std()

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: [PATCH] fs/ntfs3: Fix KMSAN warning in longest_match_std()
Author: gauthamgujjula@gmail.com

#syz test

Syzkaller reported uninitialized memory in longest_match_std(),
originating from ntfs_compress_write(). In the case where a frame's
pages are not up to date, but that frame is not read in due to the
overlapping bounds of the write, the end of the frame will remain
uninitialized if the user data copied in is not frame-aligned.

To init the memory without invoking ni_read_frame() in cases where the
data will be overwritten anyways, add an additional clause to zero out
the section of the frame from the end of the user's data to the end of
the frame.

Reported-by: syzbot+08d8956768c96a2c52cf@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=08d8956768c96a2c52cf
Signed-off-by: Gautham Gujjula <gauthamgujjula@gmail.com>
---
 fs/ntfs3/file.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index fad68ff0b6ed..6fc4f960f4d9 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -1122,6 +1122,13 @@ static ssize_t ntfs_compress_write(struct kiocb *iocb, struct iov_iter *from)
 					}
 					goto out;
 				}
+			} else if (to & (frame_size - 1)) {
+				for (ip = to >> PAGE_SHIFT, off = offset_in_page(to);
+				     ip < pages_per_frame;
+				     ip++, off = 0) {
+					zero_user_segment(pages[ip], off, PAGE_SIZE);
+					flush_dcache_page(pages[ip]);
+				}
 			}
 		}
 
-- 
2.45.3

Re: [syzbot] [ntfs3?] KMSAN: uninit-value in longest_match_std (2)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

fff888048f41a78 RSI: ffff88813fffab50 RDI: 00006c656e72656b
RBP: ffff88811a573880 R08: ffffea000000000f R09: ffffffff82d145f0
R10: 0000000000000002 R11: ffff888115eca0c0 R12: 0000000000000001
R13: 0000000000000000 R14: ffffffffffffffff R15: ffff888115ecac08
FS:  0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00006c656e72656b CR3: 0000000013118000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	41 54                	push   %r12
   2:	53                   	push   %rbx
   3:	48 89 fb             	mov    %rdi,%rbx
   6:	49 c7 c6 ff ff ff ff 	mov    $0xffffffffffffffff,%r14
   d:	e8 d0 68 5c f2       	call   0xf25c68e2
  12:	49 89 c7             	mov    %rax,%r15
  15:	41 b4 01             	mov    $0x1,%r12b
  18:	eb 0b                	jmp    0x25
  1a:	48 ff c3             	inc    %rbx
  1d:	49 ff c6             	inc    %r14
  20:	45 84 ed             	test   %r13b,%r13b
  23:	74 31                	je     0x56
  25:	45 84 e4             	test   %r12b,%r12b
  28:	74 23                	je     0x4d
* 2a:	44 0f b6 2b          	movzbl (%rbx),%r13d <-- trapping instruction
  2e:	48 89 df             	mov    %rbx,%rdi
  31:	e8 6c 5a 5c f2       	call   0xf25c5aa2
  36:	0f b6 00             	movzbl (%rax),%eax
  39:	84 c0                	test   %al,%al
  3b:	74 dd                	je     0x1a
  3d:	f6 d0                	not    %al
  3f:	44                   	rex.R


Warning: Permanently added '10.128.10.46' (ED25519) to the list of known hosts.
2025/01/29 11:35:41 ignoring optional flag "sandboxArg"="0"
2025/01/29 11:35:42 parsed 1 programs
[  210.397041][ T5771] cgroup: Unknown subsys name 'net'
[  210.541829][ T5771] cgroup: Unknown subsys name 'cpuset'
[  210.556943][ T5771] cgroup: Unknown subsys name 'rlimit'
[  219.249389][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[  219.256165][ T1270] ieee802154 phy1 wpan1: encryption failed: -22
[  255.518781][ T5771] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  259.778955][ T5786] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  260.392425][ T5792] chnl_net:caif_netlink_parms(): no params data found
[  260.684988][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state
[  260.692646][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.700323][ T5792] bridge_slave_0: entered allmulticast mode
[  260.708890][ T5792] bridge_slave_0: entered promiscuous mode
[  260.721122][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.728670][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.736414][ T5792] bridge_slave_1: entered allmulticast mode
[  260.744677][ T5792] bridge_slave_1: entered promiscuous mode
[  260.806288][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  260.822609][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  260.886475][ T5792] team0: Port device team_slave_0 added
[  260.899614][ T5792] team0: Port device team_slave_1 added
[  260.957752][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0
[  260.966228][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  260.992481][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  261.007468][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1
[  261.014991][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.042301][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  261.128176][ T5792] hsr_slave_0: entered promiscuous mode
[  261.136510][ T5792] hsr_slave_1: entered promiscuous mode
[  261.426933][ T5792] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  261.445515][ T5792] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  261.462326][ T5792] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  261.481632][ T5792] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  261.731046][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0
[  261.776448][ T5792] 8021q: adding VLAN 0 to HW filter on device team0
[  261.800359][  T752] bridge0: port 1(bridge_slave_0) entered blocking state
[  261.808231][  T752] bridge0: port 1(bridge_slave_0) entered forwarding state
[  261.840232][ T2898] bridge0: port 2(bridge_slave_1) entered blocking state
[  261.848032][ T2898] bridge0: port 2(bridge_slave_1) entered forwarding state
[  262.289321][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0
[  262.412526][ T5792] veth0_vlan: entered promiscuous mode
[  262.438440][ T5792] veth1_vlan: entered promiscuous mode
[  262.524326][ T5792] veth0_macvtap: entered promiscuous mode
[  262.542134][ T5792] veth1_macvtap: entered promiscuous mode
[  262.585637][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0
[  262.620516][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1
[  262.646314][ T5792] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  262.655388][ T5792] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  262.664545][ T5792] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  262.673774][ T5792] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  264.083640][ T4115] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.102207][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  264.114737][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  264.126829][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  264.139707][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  264.150659][ T5826] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  264.159895][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  265.251327][ T4115] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.639301][ T4115] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.778978][ T4115] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.192674][ T4115] bridge_slave_1: left allmulticast mode
[  266.198979][ T4115] bridge_slave_1: left promiscuous mode
[  266.206045][ T4115] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.258055][ T4115] bridge_slave_0: left allmulticast mode
[  266.264237][ T4115] bridge_slave_0: left promiscuous mode
[  266.270813][ T4115] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.749152][ T4115] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  266.778091][ T4115] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  266.798206][ T4115] bond0 (unregistering): Released all slaves
[  267.147046][ T4115] hsr_slave_0: left promiscuous mode
[  267.164800][ T4115] hsr_slave_1: left promiscuous mode
[  267.172592][ T4115] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  267.181346][ T4115] batman_adv: batadv0: Removing interface: batadv_slave_0
[  267.196520][ T4115] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  267.204271][ T4115] batman_adv: batadv0: Removing interface: batadv_slave_1
[  267.222196][ T4115] veth1_macvtap: left promiscuous mode
[  267.229027][ T4115] veth0_macvtap: left promiscuous mode
[  267.235333][ T4115] veth1_vlan: left promiscuous mode
[  267.241037][ T4115] veth0_vlan: left promiscuous mode
[  268.004819][ T4115] team0 (unregistering): Port device team_slave_1 removed
[  268.049156][ T4115] team0 (unregistering): Port device team_slave_0 removed
[  268.853984][ T5132] BUG: unable to handle page fault for address: 00006c656e72656b
[  268.861951][ T5132] #PF: supervisor read access in kernel mode
[  268.868136][ T5132] #PF: error_code(0x0000) - not-present page
[  268.874355][ T5132] PGD 0 P4D 0 
[  268.878050][ T5132] Oops: Oops: 0000 [#1] PREEMPT SMP PTI
[  268.883822][ T5132] CPU: 1 UID: 0 PID: 5132 Comm: kworker/1:2 Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf-dirty #0
[  268.895026][ T5132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  268.905340][ T5132] Workqueue: events free_ipc
[  268.910239][ T5132] RIP: 0010:strlen+0x38/0x90
[  268.915071][ T5132] Code: 41 54 53 48 89 fb 49 c7 c6 ff ff ff ff e8 d0 68 5c f2 49 89 c7 41 b4 01 eb 0b 48 ff c3 49 ff c6 45 84 ed 74 31 45 84 e4 74 23 <44> 0f b6 2b 48 89 df e8 6c 5a 5c f2 0f b6 00 84 c0 74 dd f6 d0 44
[  268.935282][ T5132] RSP: 0018:ffff88811a573858 EFLAGS: 00010202
[  268.941604][ T5132] RAX: ffff888115ecac08 RBX: 00006c656e72656b RCX: 0000000000000000
[  268.949959][ T5132] RDX: ffff888048f41a78 RSI: ffff88813fffab50 RDI: 00006c656e72656b
[  268.958234][ T5132] RBP: ffff88811a573880 R08: ffffea000000000f R09: ffffffff82d145f0
[  268.966405][ T5132] R10: 0000000000000002 R11: ffff888115eca0c0 R12: 0000000000000001
[  268.974569][ T5132] R13: 0000000000000000 R14: ffffffffffffffff R15: ffff888115ecac08
[  268.982734][ T5132] FS:  0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[  268.991891][ T5132] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  268.998659][ T5132] CR2: 00006c656e72656b CR3: 0000000013118000 CR4: 00000000003526f0
[  269.006820][ T5132] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  269.014985][ T5132] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  269.023149][ T5132] Call Trace:
[  269.026620][ T5132]  <TASK>
[  269.029703][ T5132]  ? show_trace_log_lvl+0x268/0x3d0
[  269.035297][ T5132]  ? put_links+0x226/0x9d0
[  269.039964][ T5132]  ? __die_body+0xce/0x1a0
[  269.044657][ T5132]  ? __die+0x22a/0x290
[  269.048985][ T5132]  ? page_fault_oops+0xe58/0xfb0
[  269.054212][ T5132]  ? exc_page_fault+0x56c/0x700
[  269.059363][ T5132]  ? asm_exc_page_fault+0x2b/0x30
[  269.064668][ T5132]  ? put_links+0x680/0x9d0
[  269.069315][ T5132]  ? strlen+0x38/0x90
[  269.073549][ T5132]  ? strlen+0x20/0x90
[  269.077738][ T5132]  put_links+0x226/0x9d0
[  269.082272][ T5132]  drop_sysctl_table+0x10d/0x4f0
[  269.087455][ T5132]  ? kvfree_call_rcu+0xcdc/0xea0
[  269.092610][ T5132]  ? rb_erase+0x20e/0x23b0
[  269.097297][ T5132]  drop_sysctl_table+0x4b6/0x4f0
[  269.102500][ T5132]  unregister_sysctl_table+0x48/0x70
[  269.108021][ T5132]  retire_ipc_sysctls+0x67/0xc0
[  269.113164][ T5132]  free_ipc+0x1d6/0x4c0
[  269.117549][ T5132]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  269.123729][ T5132]  ? __pfx_free_ipc+0x10/0x10
[  269.128640][ T5132]  process_scheduled_works+0xae0/0x1c40
[  269.134501][ T5132]  worker_thread+0xea7/0x14f0
[  269.139428][ T5132]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  269.145530][ T5132]  kthread+0x6b9/0xef0
[  269.149843][ T5132]  ? __pfx_worker_thread+0x10/0x10
[  269.155205][ T5132]  ? __pfx_kthread+0x10/0x10
[  269.160040][ T5132]  ret_from_fork+0x6d/0x90
[  269.164707][ T5132]  ? __pfx_kthread+0x10/0x10
[  269.169547][ T5132]  ret_from_fork_asm+0x1a/0x30
[  269.174561][ T5132]  </TASK>
[  269.177769][ T5132] Modules linked in:
[  269.181934][ T5132] CR2: 00006c656e72656b
[  269.186244][ T5132] ---[ end trace 0000000000000000 ]---
[  269.191949][ T5132] RIP: 0010:strlen+0x38/0x90
[  269.196815][ T5132] Code: 41 54 53 48 89 fb 49 c7 c6 ff ff ff ff e8 d0 68 5c f2 49 89 c7 41 b4 01 eb 0b 48 ff c3 49 ff c6 45 84 ed 74 31 45 84 e4 74 23 <44> 0f b6 2b 48 89 df e8 6c 5a 5c f2 0f b6 00 84 c0 74 dd f6 d0 44
[  269.216699][ T5132] RSP: 0018:ffff88811a573858 EFLAGS: 00010202
[  269.223017][ T5132] RAX: ffff888115ecac08 RBX: 00006c656e72656b RCX: 0000000000000000
[  269.231202][ T5132] RDX: ffff888048f41a78 RSI: ffff88813fffab50 RDI: 00006c656e72656b
[  269.239384][ T5132] RBP: ffff88811a573880 R08: ffffea000000000f R09: ffffffff82d145f0
[  269.247576][ T5132] R10: 0000000000000002 R11: ffff888115eca0c0 R12: 0000000000000001
[  269.255762][ T5132] R13: 0000000000000000 R14: ffffffffffffffff R15: ffff888115ecac08
[  269.263942][ T5132] FS:  0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[  269.273089][ T5132] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  269.279950][ T5132] CR2: 00006c656e72656b CR3: 0000000013118000 CR4: 00000000003526f0
[  269.288262][ T5132] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  269.296470][ T5132] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  269.304648][ T5132] Kernel panic - not syncing: Fatal exception
[  269.311344][ T5132] Kernel Offset: disabled
[  269.315801][ T5132] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build945646003=/tmp/go-build -gno-record-gcc-switches'

git status (err=<nil>)
HEAD detached at f3558dbf03
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=f3558dbf032eab2b77c1cb11b9ce2baffe7838d3 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250103-110009'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"f3558dbf032eab2b77c1cb11b9ce2baffe7838d3\"
/usr/bin/ld: /tmp/ccHWldzr.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=10991524580000


Tested on:

commit:         05dbaf8d Merge tag 'x86-urgent-2025-01-28' of git://gi..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=ccb9b8c423893ece
dashboard link: https://syzkaller.appspot.com/bug?extid=08d8956768c96a2c52cf
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1549a924580000

Re: [syzbot] [ntfs3?] KMSAN: uninit-value in longest_match_std (2)

[Gautham Gujjula]

#syz test

Hello,

I've been unable to reproduce the error from this patch test by running
ktest with my patch on top of 05dbaf8dd8bf ("Merge tag 'x86-urgent-2025-01-28'
of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") and 2014c95afece
("Linux 6.14-rc1"). Since the error appears in the boot sequence before
the actual reproducer executes, I don't believe this patch is the
suspect. I'll resubmit the patch for testing, and take a deeper look if
the problem reappears.

Thanks,
Gautham Gujjula

diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index fad68ff0b6ed..6fc4f960f4d9 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -1122,6 +1122,13 @@ static ssize_t ntfs_compress_write(struct kiocb *iocb, struct iov_iter *from)
 					}
 					goto out;
 				}
+			} else if (to & (frame_size - 1)) {
+				for (ip = to >> PAGE_SHIFT, off = offset_in_page(to);
+				     ip < pages_per_frame;
+				     ip++, off = 0) {
+					zero_user_segment(pages[ip], off, PAGE_SIZE);
+					flush_dcache_page(pages[ip]);
+				}
 			}
 		}
 

Re: [syzbot] [ntfs3?] KMSAN: uninit-value in longest_match_std (2)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

no output from test machine



Warning: Permanently added '10.128.0.13' (ED25519) to the list of known hosts.
2025/02/03 08:08:22 ignoring optional flag "sandboxArg"="0"
2025/02/03 08:08:24 parsed 1 programs
[  208.007169][ T5774] cgroup: Unknown subsys name 'net'
[  208.124779][ T5774] cgroup: Unknown subsys name 'cpuset'
[  208.138415][ T5774] cgroup: Unknown subsys name 'rlimit'
[  224.374733][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  224.381757][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  252.636791][ T5774] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  256.615109][ T5788] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  259.280546][   T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.289550][   T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.306947][   T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.314983][   T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.809674][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  285.816368][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  347.249425][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  347.256185][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  408.689264][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  408.696057][ T1279] ieee802154 phy1 wpan1: encryption failed: -22


syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build569088624=/tmp/go-build -gno-record-gcc-switches'

git status (err=<nil>)
HEAD detached at f3558dbf03
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=f3558dbf032eab2b77c1cb11b9ce2baffe7838d3 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250103-110009'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"f3558dbf032eab2b77c1cb11b9ce2baffe7838d3\"
/usr/bin/ld: /tmp/ccVC8SPt.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking



Tested on:

commit:         2014c95a Linux 6.14-rc1
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=facc04d1f62a4ae1
dashboard link: https://syzkaller.appspot.com/bug?extid=08d8956768c96a2c52cf
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=15911764580000

Forwarded: Re: KMSAN: uninit-value in longest_match_std (2)

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Re: KMSAN: uninit-value in longest_match_std (2)
Author: kubik.bartlomiej@gmail.com

#syz test

Re: [syzbot] [ntfs3?] KMSAN: uninit-value in longest_match_std (2)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+08d8956768c96a2c52cf@syzkaller.appspotmail.com
Tested-by: syzbot+08d8956768c96a2c52cf@syzkaller.appspotmail.com

Tested on:

commit:         8b690556 Merge tag 'for-linus' of git://git.kernel.org..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=110c1692580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=aa2dcb05f1d74c8e
dashboard link: https://syzkaller.appspot.com/bug?extid=08d8956768c96a2c52cf
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1484ce0a580000

Note: testing is done by a robot and is best-effort only.