[syzbot] [hfs?] KMSAN: uninit-value in __hfs_ext_cache_extent (2)

[syzbot] [hfs?] KMSAN: uninit-value in __hfs_ext_cache_extent (2)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    ad46e8f95e93 Merge tag 'pm-6.12-rc1-2' of git://git.kernel..
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=11b9be27980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=85d8f50d88ddf2a
dashboard link: https://syzkaller.appspot.com/bug?extid=d395b0c369e492a17530
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15b9be27980000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10ddd507980000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/265feec46ffa/disk-ad46e8f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d0f41ea693d3/vmlinux-ad46e8f9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/45082d33d192/bzImage-ad46e8f9.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/c19549ac916f/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d395b0c369e492a17530@syzkaller.appspotmail.com

loop0: detected capacity change from 0 to 64
=====================================================
BUG: KMSAN: uninit-value in __hfs_ext_read_extent fs/hfs/extent.c:160 [inline]
BUG: KMSAN: uninit-value in __hfs_ext_cache_extent+0x69f/0x7e0 fs/hfs/extent.c:179
 __hfs_ext_read_extent fs/hfs/extent.c:160 [inline]
 __hfs_ext_cache_extent+0x69f/0x7e0 fs/hfs/extent.c:179
 hfs_ext_read_extent fs/hfs/extent.c:202 [inline]
 hfs_get_block+0x733/0xf50 fs/hfs/extent.c:366
 __block_write_begin_int+0xa6b/0x2f80 fs/buffer.c:2121
 block_write_begin fs/buffer.c:2231 [inline]
 cont_write_begin+0xf82/0x1940 fs/buffer.c:2582
 hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
 cont_expand_zero fs/buffer.c:2509 [inline]
 cont_write_begin+0x32f/0x1940 fs/buffer.c:2572
 hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
 hfs_file_truncate+0x1a5/0xd30 fs/hfs/extent.c:494
 hfs_inode_setattr+0x998/0xab0 fs/hfs/inode.c:654
 notify_change+0x1a8e/0x1b80 fs/attr.c:503
 do_truncate+0x22a/0x2b0 fs/open.c:65
 vfs_truncate+0x5d4/0x680 fs/open.c:111
 do_sys_truncate+0x104/0x240 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __x64_sys_truncate+0x6c/0xa0 fs/open.c:144
 x64_sys_call+0x2ce3/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:77
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4092 [inline]
 slab_alloc_node mm/slub.c:4135 [inline]
 __do_kmalloc_node mm/slub.c:4264 [inline]
 __kmalloc_noprof+0x661/0xf30 mm/slub.c:4277
 kmalloc_noprof include/linux/slab.h:882 [inline]
 hfs_find_init+0x91/0x250 fs/hfs/bfind.c:21
 hfs_ext_read_extent fs/hfs/extent.c:200 [inline]
 hfs_get_block+0x68d/0xf50 fs/hfs/extent.c:366
 __block_write_begin_int+0xa6b/0x2f80 fs/buffer.c:2121
 block_write_begin fs/buffer.c:2231 [inline]
 cont_write_begin+0xf82/0x1940 fs/buffer.c:2582
 hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
 cont_expand_zero fs/buffer.c:2509 [inline]
 cont_write_begin+0x32f/0x1940 fs/buffer.c:2572
 hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
 hfs_file_truncate+0x1a5/0xd30 fs/hfs/extent.c:494
 hfs_inode_setattr+0x998/0xab0 fs/hfs/inode.c:654
 notify_change+0x1a8e/0x1b80 fs/attr.c:503
 do_truncate+0x22a/0x2b0 fs/open.c:65
 vfs_truncate+0x5d4/0x680 fs/open.c:111
 do_sys_truncate+0x104/0x240 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __x64_sys_truncate+0x6c/0xa0 fs/open.c:144
 x64_sys_call+0x2ce3/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:77
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 5188 Comm: syz-executor246 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
=====================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] Re: [syzbot] [hfs?] KMSAN: uninit-value in __hfs_ext_cache_extent (2)

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Re: [syzbot] [hfs?] KMSAN: uninit-value in __hfs_ext_cache_extent (2)
Author: surajsonawane0215@gmail.com

This change ensures that the extent and cached_extents structures are fully
initialized before use.
By adding memset, it prevents uninitialized memory issues reported by
KMSAN, avoiding undefined
behavior and possible crashes during extent handling.

#syz test

Signed-off-by: SurajSonawane2415 <surajsonawane0215@gmail.com>
---
 fs/hfs/extent.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/hfs/extent.c b/fs/hfs/extent.c
index 4a0ce131e..cee1b4504 100644
--- a/fs/hfs/extent.c
+++ b/fs/hfs/extent.c
@@ -154,6 +154,7 @@ static inline int __hfs_ext_read_extent(struct
hfs_find_data *fd, struct hfs_ext

  hfs_ext_build_key(fd->search_key, cnid, block, type);
  fd->key->ext.FNum = 0;
+ memset(extent, 0, sizeof(struct hfs_extent));
  res = hfs_brec_find(fd);
  if (res && res != -ENOENT)
  return res;
@@ -176,6 +177,7 @@ static inline int __hfs_ext_cache_extent(struct
hfs_find_data *fd, struct inode
  return res;
  }

+ memset(HFS_I(inode)->cached_extents, 0,
sizeof(HFS_I(inode)->cached_extents));
  res = __hfs_ext_read_extent(fd, HFS_I(inode)->cached_extents,
inode->i_ino,
     block, HFS_IS_RSRC(inode) ? HFS_FK_RSRC : HFS_FK_DATA);
  if (!res) {
-- 
2.34.1

On Tue, Oct 1, 2024 at 2:57 PM syzbot <
syzbot+d395b0c369e492a17530@syzkaller.appspotmail.com> wrote:

> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    ad46e8f95e93 Merge tag 'pm-6.12-rc1-2' of
> git://git.kernel..
> git tree:       upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=11b9be27980000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=85d8f50d88ddf2a
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=d395b0c369e492a17530
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for
> Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15b9be27980000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10ddd507980000
>
> Downloadable assets:
> disk image:
> https://storage.googleapis.com/syzbot-assets/265feec46ffa/disk-ad46e8f9.raw.xz
> vmlinux:
> https://storage.googleapis.com/syzbot-assets/d0f41ea693d3/vmlinux-ad46e8f9.xz
> kernel image:
> https://storage.googleapis.com/syzbot-assets/45082d33d192/bzImage-ad46e8f9.xz
> mounted in repro:
> https://storage.googleapis.com/syzbot-assets/c19549ac916f/mount_0.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit:
> Reported-by: syzbot+d395b0c369e492a17530@syzkaller.appspotmail.com
>
> loop0: detected capacity change from 0 to 64
> =====================================================
> BUG: KMSAN: uninit-value in __hfs_ext_read_extent fs/hfs/extent.c:160
> [inline]
> BUG: KMSAN: uninit-value in __hfs_ext_cache_extent+0x69f/0x7e0
> fs/hfs/extent.c:179
>  __hfs_ext_read_extent fs/hfs/extent.c:160 [inline]
>  __hfs_ext_cache_extent+0x69f/0x7e0 fs/hfs/extent.c:179
>  hfs_ext_read_extent fs/hfs/extent.c:202 [inline]
>  hfs_get_block+0x733/0xf50 fs/hfs/extent.c:366
>  __block_write_begin_int+0xa6b/0x2f80 fs/buffer.c:2121
>  block_write_begin fs/buffer.c:2231 [inline]
>  cont_write_begin+0xf82/0x1940 fs/buffer.c:2582
>  hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
>  cont_expand_zero fs/buffer.c:2509 [inline]
>  cont_write_begin+0x32f/0x1940 fs/buffer.c:2572
>  hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
>  hfs_file_truncate+0x1a5/0xd30 fs/hfs/extent.c:494
>  hfs_inode_setattr+0x998/0xab0 fs/hfs/inode.c:654
>  notify_change+0x1a8e/0x1b80 fs/attr.c:503
>  do_truncate+0x22a/0x2b0 fs/open.c:65
>  vfs_truncate+0x5d4/0x680 fs/open.c:111
>  do_sys_truncate+0x104/0x240 fs/open.c:134
>  __do_sys_truncate fs/open.c:146 [inline]
>  __se_sys_truncate fs/open.c:144 [inline]
>  __x64_sys_truncate+0x6c/0xa0 fs/open.c:144
>  x64_sys_call+0x2ce3/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:77
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> Uninit was created at:
>  slab_post_alloc_hook mm/slub.c:4092 [inline]
>  slab_alloc_node mm/slub.c:4135 [inline]
>  __do_kmalloc_node mm/slub.c:4264 [inline]
>  __kmalloc_noprof+0x661/0xf30 mm/slub.c:4277
>  kmalloc_noprof include/linux/slab.h:882 [inline]
>  hfs_find_init+0x91/0x250 fs/hfs/bfind.c:21
>  hfs_ext_read_extent fs/hfs/extent.c:200 [inline]
>  hfs_get_block+0x68d/0xf50 fs/hfs/extent.c:366
>  __block_write_begin_int+0xa6b/0x2f80 fs/buffer.c:2121
>  block_write_begin fs/buffer.c:2231 [inline]
>  cont_write_begin+0xf82/0x1940 fs/buffer.c:2582
>  hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
>  cont_expand_zero fs/buffer.c:2509 [inline]
>  cont_write_begin+0x32f/0x1940 fs/buffer.c:2572
>  hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
>  hfs_file_truncate+0x1a5/0xd30 fs/hfs/extent.c:494
>  hfs_inode_setattr+0x998/0xab0 fs/hfs/inode.c:654
>  notify_change+0x1a8e/0x1b80 fs/attr.c:503
>  do_truncate+0x22a/0x2b0 fs/open.c:65
>  vfs_truncate+0x5d4/0x680 fs/open.c:111
>  do_sys_truncate+0x104/0x240 fs/open.c:134
>  __do_sys_truncate fs/open.c:146 [inline]
>  __se_sys_truncate fs/open.c:144 [inline]
>  __x64_sys_truncate+0x6c/0xa0 fs/open.c:144
>  x64_sys_call+0x2ce3/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:77
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> CPU: 0 UID: 0 PID: 5188 Comm: syz-executor246 Not tainted
> 6.11.0-syzkaller-11728-gad46e8f95e93 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> =====================================================
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/66fbc081.050a0220.6bad9.0056.GAE%40google.com
> .
>

Re: [syzbot] Re: [syzbot] [hfs?] KMSAN: uninit-value in __hfs_ext_cache_extent (2)

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Re: [syzbot] [hfs?] KMSAN: uninit-value in __hfs_ext_cache_extent (2)
Author: surajsonawane0215@gmail.com

#syz test

On Tue, Oct 1, 2024 at 2:57 PM syzbot <
syzbot+d395b0c369e492a17530@syzkaller.appspotmail.com> wrote:

> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    ad46e8f95e93 Merge tag 'pm-6.12-rc1-2' of
> git://git.kernel..
> git tree:       upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=11b9be27980000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=85d8f50d88ddf2a
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=d395b0c369e492a17530
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for
> Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15b9be27980000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10ddd507980000
>
> Downloadable assets:
> disk image:
> https://storage.googleapis.com/syzbot-assets/265feec46ffa/disk-ad46e8f9.raw.xz
> vmlinux:
> https://storage.googleapis.com/syzbot-assets/d0f41ea693d3/vmlinux-ad46e8f9.xz
> kernel image:
> https://storage.googleapis.com/syzbot-assets/45082d33d192/bzImage-ad46e8f9.xz
> mounted in repro:
> https://storage.googleapis.com/syzbot-assets/c19549ac916f/mount_0.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit:
> Reported-by: syzbot+d395b0c369e492a17530@syzkaller.appspotmail.com
>
> loop0: detected capacity change from 0 to 64
> =====================================================
> BUG: KMSAN: uninit-value in __hfs_ext_read_extent fs/hfs/extent.c:160
> [inline]
> BUG: KMSAN: uninit-value in __hfs_ext_cache_extent+0x69f/0x7e0
> fs/hfs/extent.c:179
>  __hfs_ext_read_extent fs/hfs/extent.c:160 [inline]
>  __hfs_ext_cache_extent+0x69f/0x7e0 fs/hfs/extent.c:179
>  hfs_ext_read_extent fs/hfs/extent.c:202 [inline]
>  hfs_get_block+0x733/0xf50 fs/hfs/extent.c:366
>  __block_write_begin_int+0xa6b/0x2f80 fs/buffer.c:2121
>  block_write_begin fs/buffer.c:2231 [inline]
>  cont_write_begin+0xf82/0x1940 fs/buffer.c:2582
>  hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
>  cont_expand_zero fs/buffer.c:2509 [inline]
>  cont_write_begin+0x32f/0x1940 fs/buffer.c:2572
>  hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
>  hfs_file_truncate+0x1a5/0xd30 fs/hfs/extent.c:494
>  hfs_inode_setattr+0x998/0xab0 fs/hfs/inode.c:654
>  notify_change+0x1a8e/0x1b80 fs/attr.c:503
>  do_truncate+0x22a/0x2b0 fs/open.c:65
>  vfs_truncate+0x5d4/0x680 fs/open.c:111
>  do_sys_truncate+0x104/0x240 fs/open.c:134
>  __do_sys_truncate fs/open.c:146 [inline]
>  __se_sys_truncate fs/open.c:144 [inline]
>  __x64_sys_truncate+0x6c/0xa0 fs/open.c:144
>  x64_sys_call+0x2ce3/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:77
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> Uninit was created at:
>  slab_post_alloc_hook mm/slub.c:4092 [inline]
>  slab_alloc_node mm/slub.c:4135 [inline]
>  __do_kmalloc_node mm/slub.c:4264 [inline]
>  __kmalloc_noprof+0x661/0xf30 mm/slub.c:4277
>  kmalloc_noprof include/linux/slab.h:882 [inline]
>  hfs_find_init+0x91/0x250 fs/hfs/bfind.c:21
>  hfs_ext_read_extent fs/hfs/extent.c:200 [inline]
>  hfs_get_block+0x68d/0xf50 fs/hfs/extent.c:366
>  __block_write_begin_int+0xa6b/0x2f80 fs/buffer.c:2121
>  block_write_begin fs/buffer.c:2231 [inline]
>  cont_write_begin+0xf82/0x1940 fs/buffer.c:2582
>  hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
>  cont_expand_zero fs/buffer.c:2509 [inline]
>  cont_write_begin+0x32f/0x1940 fs/buffer.c:2572
>  hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
>  hfs_file_truncate+0x1a5/0xd30 fs/hfs/extent.c:494
>  hfs_inode_setattr+0x998/0xab0 fs/hfs/inode.c:654
>  notify_change+0x1a8e/0x1b80 fs/attr.c:503
>  do_truncate+0x22a/0x2b0 fs/open.c:65
>  vfs_truncate+0x5d4/0x680 fs/open.c:111
>  do_sys_truncate+0x104/0x240 fs/open.c:134
>  __do_sys_truncate fs/open.c:146 [inline]
>  __se_sys_truncate fs/open.c:144 [inline]
>  __x64_sys_truncate+0x6c/0xa0 fs/open.c:144
>  x64_sys_call+0x2ce3/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:77
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> CPU: 0 UID: 0 PID: 5188 Comm: syz-executor246 Not tainted
> 6.11.0-syzkaller-11728-gad46e8f95e93 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> =====================================================
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/66fbc081.050a0220.6bad9.0056.GAE%40google.com
> .
>

Re: [syzbot] [hfs?] KMSAN: uninit-value in __hfs_ext_cache_extent (2)

[Qianqiang Liu]

#syz test

diff --git a/fs/hfs/bfind.c b/fs/hfs/bfind.c
index ef9498a6e88a..e66cb6e9f1fa 100644
--- a/fs/hfs/bfind.c
+++ b/fs/hfs/bfind.c
@@ -18,7 +18,7 @@ int hfs_find_init(struct hfs_btree *tree, struct hfs_find_data *fd)
 
 	fd->tree = tree;
 	fd->bnode = NULL;
-	ptr = kmalloc(tree->max_key_len * 2 + 4, GFP_KERNEL);
+	ptr = kcalloc(tree->max_key_len * 2 + 4, 1, GFP_KERNEL);
 	if (!ptr)
 		return -ENOMEM;
 	fd->search_key = ptr;

-- 
Best,
Qianqiang Liu

Re: [syzbot] [hfs?] KMSAN: uninit-value in __hfs_ext_cache_extent (2)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in __hfs_ext_cache_extent

loop0: detected capacity change from 0 to 64
=====================================================
BUG: KMSAN: uninit-value in __hfs_ext_read_extent fs/hfs/extent.c:163 [inline]
BUG: KMSAN: uninit-value in __hfs_ext_cache_extent+0x779/0x7e0 fs/hfs/extent.c:179
 __hfs_ext_read_extent fs/hfs/extent.c:163 [inline]
 __hfs_ext_cache_extent+0x779/0x7e0 fs/hfs/extent.c:179
 hfs_ext_read_extent fs/hfs/extent.c:202 [inline]
 hfs_get_block+0x733/0xf50 fs/hfs/extent.c:366
 __block_write_begin_int+0xa6b/0x2f80 fs/buffer.c:2121
 block_write_begin fs/buffer.c:2231 [inline]
 cont_write_begin+0xf82/0x1940 fs/buffer.c:2582
 hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
 cont_expand_zero fs/buffer.c:2509 [inline]
 cont_write_begin+0x32f/0x1940 fs/buffer.c:2572
 hfs_write_begin+0x85/0x120 fs/hfs/inode.c:52
 hfs_file_truncate+0x1a5/0xd30 fs/hfs/extent.c:494
 hfs_inode_setattr+0x998/0xab0 fs/hfs/inode.c:654
 notify_change+0x1a8e/0x1b80 fs/attr.c:503
 do_truncate+0x22a/0x2b0 fs/open.c:65
 vfs_truncate+0x5d4/0x680 fs/open.c:111
 do_sys_truncate+0x104/0x240 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __x64_sys_truncate+0x6c/0xa0 fs/open.c:144
 x64_sys_call+0x2ce3/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:77
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable fd.i created at:
 hfs_ext_read_extent fs/hfs/extent.c:193 [inline]
 hfs_get_block+0x295/0xf50 fs/hfs/extent.c:366
 __block_write_begin_int+0xa6b/0x2f80 fs/buffer.c:2121

CPU: 1 UID: 0 PID: 5954 Comm: syz.0.15 Not tainted 6.12.0-rc2-syzkaller-00074-gd3d1556696c1-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
=====================================================


Tested on:

commit:         d3d15566 Merge tag 'mm-hotfixes-stable-2024-10-09-15-4..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17aecb27980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=981fe2ff8a1e457a
dashboard link: https://syzkaller.appspot.com/bug?extid=d395b0c369e492a17530
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1777005f980000

Re: [syzbot] KMSAN: uninit-value in __hfs_ext_cache_extent (2)

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: KMSAN: uninit-value in __hfs_ext_cache_extent (2)
Author: gianf.trad@gmail.com

#syz test

Re: [syzbot] KMSAN: uninit-value in __hfs_ext_cache_extent (2)

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: KMSAN: uninit-value in __hfs_ext_cache_extent (2)
Author: sarvesh20123@gmail.com

#syz test

Re: [syzbot] KMSAN: uninit-value in __hfs_ext_cache_extent (2) Inbox

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: KMSAN: uninit-value in __hfs_ext_cache_extent (2) Inbox
Author: sarvesh20123@gmail.com

#syz test

Re: [syzbot] KMSAN: uninit-value in __hfs_ext_cache_extent (2)

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: KMSAN: uninit-value in __hfs_ext_cache_extent (2)
Author: sarvesh20123@gmail.com

#syz test

Re: [syzbot] KMSAN: uninit-value in __hfs_ext_cache_extent (2) Inbox

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: KMSAN: uninit-value in __hfs_ext_cache_extent (2) Inbox
Author: sarvesh20123@gmail.com

#syz test

Re: [syzbot] KMSAN: uninit-value in __hfs_ext_cache_extent (2)

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: KMSAN: uninit-value in __hfs_ext_cache_extent (2)
Author: gianf.trad@gmail.com

#syz test

Re: [syzbot] KMSAN: uninit-value in __hfs_ext_cache_extent (2)

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: KMSAN: uninit-value in __hfs_ext_cache_extent (2)
Author: gianf.trad@gmail.com

#syz test