* [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
@ 2024-11-09 2:42 syzbot
2024-11-09 11:39 ` [syzbot] " syzbot
` (8 more replies)
0 siblings, 9 replies; 19+ messages in thread
From: syzbot @ 2024-11-09 2:42 UTC (permalink / raw)
To: kent.overstreet, linux-bcachefs, linux-kernel, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: 2e1b3cc9d7f7 Merge tag 'arm-fixes-6.12-2' of git://git.ker..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=11361d5f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=6fdf74cce377223b
dashboard link: https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12348f40580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11e7b587980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/08456e37db58/disk-2e1b3cc9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cc957f7ba80b/vmlinux-2e1b3cc9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7579fe72ed89/bzImage-2e1b3cc9.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/5903d7d7fe58/mount_4.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
BUG: KMSAN: uninit-value in bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
BUG: KMSAN: uninit-value in bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:607 [inline]
rhashtable_lookup include/linux/rhashtable.h:646 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Local variable b205.i created at:
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x15b3/0x58f0 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
=====================================================
Kernel panic - not syncing: kmsan.panic set ...
CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Tainted: G B 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120
dump_stack+0x1e/0x30 lib/dump_stack.c:129
panic+0x4e2/0xcf0 kernel/panic.c:354
kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218
__msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:607 [inline]
rhashtable_lookup include/linux/rhashtable.h:646 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
2024-11-09 2:42 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc syzbot
@ 2024-11-09 11:39 ` syzbot
2024-11-09 14:31 ` Suraj Sonawane
` (7 subsequent siblings)
8 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-09 11:39 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject: Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
Author: surajsonawane0215@gmail.com
#syz test
On Sat, Nov 9, 2024 at 8:12 AM syzbot <
syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 2e1b3cc9d7f7 Merge tag 'arm-fixes-6.12-2' of
> git://git.ker..
> git tree: upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=11361d5f980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=6fdf74cce377223b
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for
> Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12348f40580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11e7b587980000
>
> Downloadable assets:
> disk image:
> https://storage.googleapis.com/syzbot-assets/08456e37db58/disk-2e1b3cc9.raw.xz
> vmlinux:
> https://storage.googleapis.com/syzbot-assets/cc957f7ba80b/vmlinux-2e1b3cc9.xz
> kernel image:
> https://storage.googleapis.com/syzbot-assets/7579fe72ed89/bzImage-2e1b3cc9.xz
> mounted in repro:
> https://storage.googleapis.com/syzbot-assets/5903d7d7fe58/mount_4.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit:
> Reported-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
>
> =====================================================
> BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376
> [inline]
> BUG: KMSAN: uninit-value in __rhashtable_lookup
> include/linux/rhashtable.h:607 [inline]
> BUG: KMSAN: uninit-value in rhashtable_lookup
> include/linux/rhashtable.h:646 [inline]
> BUG: KMSAN: uninit-value in rhashtable_lookup_fast
> include/linux/rhashtable.h:672 [inline]
> BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:144
> [inline]
> BUG: KMSAN: uninit-value in bch2_copygc_get_buckets
> fs/bcachefs/movinggc.c:170 [inline]
> BUG: KMSAN: uninit-value in bch2_copygc+0x1d3f/0x58f0
> fs/bcachefs/movinggc.c:221
> rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
> __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
> rhashtable_lookup include/linux/rhashtable.h:646 [inline]
> rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
> bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
> kthread+0x3e2/0x540 kernel/kthread.c:389
> ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
>
> Local variable b205.i created at:
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x15b3/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
>
> CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Not tainted
> 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> =====================================================
> Kernel panic - not syncing: kmsan.panic set ...
> CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Tainted: G B
> 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
> Tainted: [B]=BAD_PAGE
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:94 [inline]
> dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120
> dump_stack+0x1e/0x30 lib/dump_stack.c:129
> panic+0x4e2/0xcf0 kernel/panic.c:354
> kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218
> __msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318
> rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
> __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
> rhashtable_lookup include/linux/rhashtable.h:646 [inline]
> rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
> bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
> kthread+0x3e2/0x540 kernel/kthread.c:389
> ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
> </TASK>
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/syzkaller-bugs/672ecc13.050a0220.138bd5.0038.GAE%40google.com
> .
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
[not found] <CAHiZj8jg7wD9ppGg8yT_XPY3+SRo6ibbHEwvpoQUvNPaJONQiQ@mail.gmail.com>
@ 2024-11-09 12:18 ` syzbot
0 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-09 12:18 UTC (permalink / raw)
To: linux-kernel, surajsonawane0215, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in bch2_copygc
=====================================================
BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:612 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:651 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:677 [inline]
BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
BUG: KMSAN: uninit-value in bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
BUG: KMSAN: uninit-value in bch2_copygc+0x1d5d/0x5940 fs/bcachefs/movinggc.c:221
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:612 [inline]
rhashtable_lookup include/linux/rhashtable.h:651 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:677 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x1d5d/0x5940 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Local variable b205.i created at:
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x15b3/0x5940 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
CPU: 0 UID: 0 PID: 6565 Comm: bch-copygc/loop Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
=====================================================
Kernel panic - not syncing: kmsan.panic set ...
CPU: 0 UID: 0 PID: 6565 Comm: bch-copygc/loop Tainted: G B 6.12.0-rc6-syzkaller-00272-gda4373fbcf00-dirty #0
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120
dump_stack+0x1e/0x30 lib/dump_stack.c:129
panic+0x4e2/0xcf0 kernel/panic.c:354
kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218
__msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:612 [inline]
rhashtable_lookup include/linux/rhashtable.h:651 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:677 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x1d5d/0x5940 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: da4373fb Merge tag 'thermal-6.12-rc7' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1497c35f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=e4580d62ee1893a5
dashboard link: https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1329b9f7980000
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
2024-11-09 2:42 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc syzbot
2024-11-09 11:39 ` [syzbot] " syzbot
@ 2024-11-09 14:31 ` Suraj Sonawane
2024-11-09 15:38 ` syzbot
2024-11-10 5:47 ` Suraj Sonawane
` (6 subsequent siblings)
8 siblings, 1 reply; 19+ messages in thread
From: Suraj Sonawane @ 2024-11-09 14:31 UTC (permalink / raw)
To: syzbot; +Cc: kent.overstreet, linux-bcachefs, linux-kernel, syzkaller-bugs
[-- Attachment #1.1: Type: text/plain, Size: 5848 bytes --]
#syz test
On Sat, Nov 9, 2024 at 8:12 AM syzbot <
syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 2e1b3cc9d7f7 Merge tag 'arm-fixes-6.12-2' of
> git://git.ker..
> git tree: upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=11361d5f980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=6fdf74cce377223b
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for
> Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12348f40580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11e7b587980000
>
> Downloadable assets:
> disk image:
> https://storage.googleapis.com/syzbot-assets/08456e37db58/disk-2e1b3cc9.raw.xz
> vmlinux:
> https://storage.googleapis.com/syzbot-assets/cc957f7ba80b/vmlinux-2e1b3cc9.xz
> kernel image:
> https://storage.googleapis.com/syzbot-assets/7579fe72ed89/bzImage-2e1b3cc9.xz
> mounted in repro:
> https://storage.googleapis.com/syzbot-assets/5903d7d7fe58/mount_4.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit:
> Reported-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
>
> =====================================================
> BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376
> [inline]
> BUG: KMSAN: uninit-value in __rhashtable_lookup
> include/linux/rhashtable.h:607 [inline]
> BUG: KMSAN: uninit-value in rhashtable_lookup
> include/linux/rhashtable.h:646 [inline]
> BUG: KMSAN: uninit-value in rhashtable_lookup_fast
> include/linux/rhashtable.h:672 [inline]
> BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:144
> [inline]
> BUG: KMSAN: uninit-value in bch2_copygc_get_buckets
> fs/bcachefs/movinggc.c:170 [inline]
> BUG: KMSAN: uninit-value in bch2_copygc+0x1d3f/0x58f0
> fs/bcachefs/movinggc.c:221
> rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
> __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
> rhashtable_lookup include/linux/rhashtable.h:646 [inline]
> rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
> bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
> kthread+0x3e2/0x540 kernel/kthread.c:389
> ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
>
> Local variable b205.i created at:
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x15b3/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
>
> CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Not tainted
> 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> =====================================================
> Kernel panic - not syncing: kmsan.panic set ...
> CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Tainted: G B
> 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
> Tainted: [B]=BAD_PAGE
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:94 [inline]
> dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120
> dump_stack+0x1e/0x30 lib/dump_stack.c:129
> panic+0x4e2/0xcf0 kernel/panic.c:354
> kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218
> __msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318
> rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
> __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
> rhashtable_lookup include/linux/rhashtable.h:646 [inline]
> rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
> bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
> kthread+0x3e2/0x540 kernel/kthread.c:389
> ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
> </TASK>
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/syzkaller-bugs/672ecc13.050a0220.138bd5.0038.GAE%40google.com
> .
>
[-- Attachment #1.2: Type: text/html, Size: 7972 bytes --]
[-- Attachment #2: 0001-v3KMSAN-fix-uninit-value-in-bch2_copygc.patch --]
[-- Type: text/x-patch, Size: 936 bytes --]
From 8c8be7e80dba8ddbe69e9eea6c19e9be85b32a06 Mon Sep 17 00:00:00 2001
From: Suraj Sonawane <surajsonawane0215@gmail.com>
Date: Sat, 9 Nov 2024 19:58:28 +0530
Subject: [PATCH v2] KMSAN: fix uninit-value in bch2_copygc
syz test
Signed-off-by: Suraj Sonawane <surajsonawane0215@gmail.com>
---
include/linux/rhashtable.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/linux/rhashtable.h b/include/linux/rhashtable.h
index 9cc18d304..cb85ffe7b 100644
--- a/include/linux/rhashtable.h
+++ b/include/linux/rhashtable.h
@@ -373,7 +373,11 @@ static inline struct rhash_head *__rht_ptr(
static inline struct rhash_head *rht_ptr_rcu(
struct rhash_lock_head __rcu *const *bkt)
{
- return __rht_ptr(rcu_dereference(*bkt), bkt);
+ struct rhash_lock_head *ptr = rcu_dereference(*bkt);
+ if (!ptr) {
+ return NULL;
+ }
+ return __rht_ptr(ptr, bkt);
}
static inline struct rhash_head *rht_ptr(
--
2.34.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
2024-11-09 14:31 ` Suraj Sonawane
@ 2024-11-09 15:38 ` syzbot
0 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-09 15:38 UTC (permalink / raw)
To: kent.overstreet, linux-bcachefs, linux-kernel, surajsonawane0215,
syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
50.774453][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 50.781444][ T1] Bluetooth: HIDP socket layer initialized
[ 50.797785][ T1] NET: Registered PF_RXRPC protocol family
[ 50.804021][ T1] Key type rxrpc registered
[ 50.819166][ T1] Key type rxrpc_s registered
[ 50.826057][ T1] NET: Registered PF_KCM protocol family
[ 50.846625][ T1] lec:lane_module_init: lec.c: initialized
[ 50.853444][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 50.859905][ T1] l2tp_core: L2TP core driver, V2.0
[ 50.865318][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 50.871283][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 50.878166][ T1] l2tp_netlink: L2TP netlink interface
[ 50.885393][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 50.892494][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 50.900671][ T1] NET: Registered PF_PHONET protocol family
[ 50.907360][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 51.102849][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 51.108517][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 51.116104][ T1] DCCP is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 51.128488][ T1] sctp: Hash tables configured (bind 256/256)
[ 51.138259][ T1] NET: Registered PF_RDS protocol family
[ 51.145646][ T1] Registered RDS/infiniband transport
[ 51.152112][ T1] Registered RDS/tcp transport
[ 51.157009][ T1] tipc: Activated (version 2.0.0)
[ 51.162932][ T1] NET: Registered PF_TIPC protocol family
[ 51.172284][ T1] tipc: Started in single node mode
[ 51.181079][ T1] NET: Registered PF_SMC protocol family
[ 51.188572][ T1] 9pnet: Installing 9P2000 support
[ 51.194814][ T1] NET: Registered PF_CAIF protocol family
[ 51.210492][ T1] NET: Registered PF_IEEE802154 protocol family
[ 51.217577][ T1] Key type dns_resolver registered
[ 51.223062][ T1] Key type ceph registered
[ 51.229158][ T1] libceph: loaded (mon/osd proto 15/24)
[ 51.239598][ T1] batman_adv: B.A.T.M.A.N. advanced 2024.2 (compatibility version 15) loaded
[ 51.250892][ T1] openvswitch: Open vSwitch switching datapath
[ 51.264974][ T1] NET: Registered PF_VSOCK protocol family
[ 51.272186][ T1] mpls_gso: MPLS GSO support
[ 51.450427][ T1] IPI shorthand broadcast: enabled
[ 52.943974][ T1] sched_clock: Marking stable (52920073484, 17910237)->(52943420691, -5436970)
[ 53.846634][ T1] registered taskstats version 1
[ 54.206864][ T1] Loading compiled-in X.509 certificates
[ 54.419109][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 3afbfeee723402980abb37b86a2db814127d2bc0'
[ 54.616601][ T1] zswap: loaded using pool 842/z3fold
[ 54.626356][ T1] Demotion targets for Node 0: null
[ 54.631798][ T1] Demotion targets for Node 1: null
[ 54.638926][ T1] Key type .fscrypt registered
[ 54.643798][ T1] Key type fscrypt-provisioning registered
[ 54.650935][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 54.681984][ T1] Btrfs loaded, assert=on, ref-verify=on, zoned=yes, fsverity=yes
[ 54.709423][ T1] Key type encrypted registered
[ 54.714433][ T1] AppArmor: AppArmor sha256 policy hashing enabled
[ 54.721401][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 54.728680][ T1] Loading compiled-in module X.509 certificates
[ 54.941142][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 3afbfeee723402980abb37b86a2db814127d2bc0'
[ 54.952371][ T1] ima: Allocated hash algorithm: sha256
[ 54.958585][ T1] ima: No architecture policies found
[ 54.964951][ T1] evm: Initialising EVM extended attributes:
[ 54.971215][ T1] evm: security.selinux (disabled)
[ 54.976617][ T1] evm: security.SMACK64 (disabled)
[ 54.981894][ T1] evm: security.SMACK64EXEC (disabled)
[ 54.987418][ T1] evm: security.SMACK64TRANSMUTE (disabled)
[ 54.993607][ T1] evm: security.SMACK64MMAP (disabled)
[ 54.999295][ T1] evm: security.apparmor
[ 55.003593][ T1] evm: security.ima
[ 55.007621][ T1] evm: security.capability
[ 55.012225][ T1] evm: HMAC attrs: 0x1
[ 55.021328][ T1] PM: Magic number: 0:225:487
[ 55.029686][ T1] printk: legacy console [netcon0] enabled
[ 55.035666][ T1] netconsole: network logging started
[ 55.042737][ T1] gtp: GTP module loaded (pdp ctx size 128 bytes)
[ 55.058912][ T1] rdma_rxe: loaded
[ 55.064750][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 55.085688][ T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 55.106043][ T1] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
[ 55.114756][ T1] clk: Disabling unused clocks
[ 55.120039][ T1] ALSA device list:
[ 55.123967][ T1] #0: Dummy 1
[ 55.127679][ T1] #1: Loopback 1
[ 55.131629][ T1] #2: Virtual MIDI Card 1
[ 55.142147][ T10] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 55.152179][ T10] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 55.162763][ T1] md: Waiting for all devices to be available before autodetect
[ 55.170980][ T1] md: If you don't use raid, use raid=noautodetect
[ 55.177606][ T1] md: Autodetecting RAID arrays.
[ 55.182740][ T1] md: autorun ...
[ 55.186465][ T1] md: ... autorun DONE.
[ 55.280324][ T1] EXT4-fs (sda1): mounted filesystem b4773fba-1738-4da0-8a90-0fe043d0a496 ro with ordered data mode. Quota mode: none.
[ 55.293956][ T1] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[ 55.306041][ T1] devtmpfs: mounted
[ 55.569063][ T1] Freeing unused kernel image (initmem) memory: 37960K
[ 55.582373][ T1] Write protecting the kernel read-only data: 268288k
[ 55.618434][ T1] Freeing unused kernel image (rodata/data gap) memory: 880K
[ 57.283297][ T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 57.293937][ T1] x86/mm: Checking user space page tables
[ 58.776653][ T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 58.785687][ T1] Failed to set sysctl parameter 'kernel.hung_task_all_cpu_backtrace=1': parameter not found
[ 58.806387][ T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[ 58.817807][ T1] Run /sbin/init as init process
[ 60.404661][ T5117] mount (5117) used greatest stack depth: 8200 bytes left
[ 60.474634][ T5118] EXT4-fs (sda1): re-mounted b4773fba-1738-4da0-8a90-0fe043d0a496 r/w. Quota mode: none.
mount: mounting devtmpfs on /dev failed: Device or resource busy
mount: mounting smackfs on /sys/fs/smackfs failed: No such file or directory
mount: mounting selinuxfs on /sys/fs/selinux failed: No such file or directory
[ 60.878171][ T5122] mount (5122) used greatest stack depth: 5464 bytes left
Starting syslogd: OK
Starting acpid: OK
[ 62.117568][ T5138] BUG: unable to handle page fault for address: fffffffffffffee8
[ 62.126177][ T5138] #PF: supervisor read access in kernel mode
[ 62.132457][ T5138] #PF: error_code(0x0000) - not-present page
[ 62.139539][ T5138] PGD 11676067 P4D 11676067 PUD 11678067 PMD 0
[ 62.147018][ T5138] Oops: Oops: 0000 [#1] PREEMPT SMP PTI
[ 62.155203][ T5138] CPU: 0 UID: 0 PID: 5138 Comm: acpid Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00-dirty #0
[ 62.168682][ T5138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[ 62.181817][ T5138] RIP: 0010:__netlink_lookup+0x45f/0x7f0
[ 62.189763][ T5138] Code: 45 7d 94 4c 89 6d c8 49 09 c5 4c 89 ad 78 ff ff ff 0f 85 e9 00 00 00 44 89 7d 9c 4d 89 f4 48 8b 45 c0 49 8d bc 06 18 03 00 00 <8b> 1f e8 1a 0e 1d f5 44 8b 38 44 8b 32 48 8b 45 a8 44 89 38 44 89
[ 62.212248][ T5138] RSP: 0018:ffff8881177e3b68 EFLAGS: 00010246
[ 62.219552][ T5138] RAX: fffffffffffffbd0 RBX: 0000000000000000 RCX: 00000001173e3bf0
[ 62.228167][ T5138] RDX: ffff8881173e3bf0 RSI: ffff88813ffface0 RDI: fffffffffffffee8
[ 62.237084][ T5138] RBP: ffff8881177e3c38 R08: ffffea000000000f R09: 0000000000000000
[ 62.246984][ T5138] R10: ffff888116fe3bf0 R11: ffffffff8d30e8f8 R12: 0000000000000000
[ 62.258393][ T5138] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 62.267127][ T5138] FS: 00007f4626133740(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
[ 62.277002][ T5138] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 62.284814][ T5138] CR2: fffffffffffffee8 CR3: 000000011b32c000 CR4: 00000000003526f0
[ 62.294468][ T5138] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 62.303762][ T5138] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 62.314028][ T5138] Call Trace:
[ 62.318350][ T5138] <TASK>
[ 62.321703][ T5138] ? show_trace_log_lvl+0x268/0x3d0
[ 62.327988][ T5138] ? netlink_autobind+0x168/0x460
[ 62.333412][ T5138] ? __die_body+0xce/0x1a0
[ 62.338610][ T5138] ? __die+0x22a/0x290
[ 62.343875][ T5138] ? page_fault_oops+0xe58/0xfb0
[ 62.350270][ T5138] ? kernelmode_fixup_or_oops+0x1b5/0x1d0
[ 62.356542][ T5138] ? __bad_area_nosemaphore+0x17b/0x960
[ 62.362639][ T5138] ? kmsan_internal_poison_memory+0x7d/0x90
[ 62.368997][ T5138] ? kmsan_get_metadata+0x13e/0x1c0
[ 62.375189][ T5138] ? kmsan_internal_poison_memory+0x49/0x90
[ 62.381820][ T5138] ? kmem_cache_alloc_lru_noprof+0x641/0xb30
[ 62.389135][ T5138] ? __d_alloc+0x69/0x9c0
[ 62.394040][ T5138] ? spurious_kernel_fault+0xef/0xbe0
[ 62.400816][ T5138] ? bad_area_nosemaphore+0x32/0x40
[ 62.406710][ T5138] ? do_kern_addr_fault+0xe0/0x110
[ 62.412293][ T5138] ? exc_page_fault+0x549/0x700
[ 62.417483][ T5138] ? _raw_spin_unlock_irqrestore+0x3f/0x60
[ 62.423634][ T5138] ? asm_exc_page_fault+0x2b/0x30
[ 62.429062][ T5138] ? netlink_autobind+0x168/0x460
[ 62.434374][ T5138] ? __netlink_lookup+0x45f/0x7f0
[ 62.439692][ T5138] ? __netlink_lookup+0x413/0x7f0
[ 62.445057][ T5138] netlink_autobind+0x168/0x460
[ 62.450229][ T5138] netlink_bind+0x1085/0x1a60
[ 62.455315][ T5138] ? __pfx_netlink_bind+0x10/0x10
[ 62.460698][ T5138] __sys_bind+0x4de/0x690
[ 62.465334][ T5138] ? __sys_setsockopt+0x388/0x4c0
[ 62.470687][ T5138] ? kmsan_get_metadata+0x13e/0x1c0
[ 62.476710][ T5138] __x64_sys_bind+0x91/0xe0
[ 62.481631][ T5138] x64_sys_call+0x252d/0x3ba0
[ 62.487065][ T5138] do_syscall_64+0xcd/0x1e0
[ 62.492096][ T5138] ? clear_bhb_loop+0x25/0x80
[ 62.497910][ T5138] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.506339][ T5138] RIP: 0033:0x7f462620b677
[ 62.511199][ T5138] Code: 48 89 44 24 08 e8 f8 59 f9 ff 48 8b 44 24 08 48 83 c4 28 c3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 c7 0c 00 f7 d8 64 89 01 48
[ 62.531331][ T5138] RSP: 002b:00007ffe1da730b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 62.540116][ T5138] RAX: ffffffffffffffda RBX: 00007ffe1da7310c RCX: 00007f462620b677
[ 62.548639][ T5138] RDX: 000000000000000c RSI: 00007ffe1da73110 RDI: 0000000000000008
[ 62.557293][ T5138] RBP: 0000000000000000 R08: 0000000000000004 R09: 00007ffe1da73990
[ 62.565706][ T5138] R10: 00007ffe1da730d4 R11: 0000000000000246 R12: 00007ffe1da73110
[ 62.574240][ T5138] R13: 00007ffe1da74a58 R14: 0000000000000003 R15: 00007f462631da80
[ 62.582590][ T5138] </TASK>
[ 62.585834][ T5138] Modules linked in:
[ 62.590235][ T5138] CR2: fffffffffffffee8
[ 62.594613][ T5138] ---[ end trace 0000000000000000 ]---
[ 62.600280][ T5138] RIP: 0010:__netlink_lookup+0x45f/0x7f0
[ 62.606314][ T5138] Code: 45 7d 94 4c 89 6d c8 49 09 c5 4c 89 ad 78 ff ff ff 0f 85 e9 00 00 00 44 89 7d 9c 4d 89 f4 48 8b 45 c0 49 8d bc 06 18 03 00 00 <8b> 1f e8 1a 0e 1d f5 44 8b 38 44 8b 32 48 8b 45 a8 44 89 38 44 89
[ 62.626677][ T5138] RSP: 0018:ffff8881177e3b68 EFLAGS: 00010246
[ 62.633183][ T5138] RAX: fffffffffffffbd0 RBX: 0000000000000000 RCX: 00000001173e3bf0
[ 62.641683][ T5138] RDX: ffff8881173e3bf0 RSI: ffff88813ffface0 RDI: fffffffffffffee8
[ 62.649931][ T5138] RBP: ffff8881177e3c38 R08: ffffea000000000f R09: 0000000000000000
[ 62.658181][ T5138] R10: ffff888116fe3bf0 R11: ffffffff8d30e8f8 R12: 0000000000000000
[ 62.666416][ T5138] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 62.674647][ T5138] FS: 00007f4626133740(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
[ 62.684043][ T5138] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 62.690922][ T5138] CR2: fffffffffffffee8 CR3: 000000011b32c000 CR4: 00000000003526f0
[ 62.699183][ T5138] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 62.707402][ T5138] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 62.715718][ T5138] Kernel panic - not syncing: Fatal exception
[ 62.722556][ T5138] Kernel Offset: disabled
[ 62.727049][ T5138] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3559642725=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at 509da42949
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=509da42949c4013fb236ebf6e25d3562d110198c -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241104-133744'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"509da42949c4013fb236ebf6e25d3562d110198c\"
/usr/bin/ld: /tmp/ccDyOSX3.o: in function `test_cover_filter()':
executor.cc:(.text+0x1426b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/ccDyOSX3.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1342235f980000
Tested on:
commit: da4373fb Merge tag 'thermal-6.12-rc7' of git://git.ker..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=e4580d62ee1893a5
dashboard link: https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1160fd87980000
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
2024-11-09 2:42 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc syzbot
2024-11-09 11:39 ` [syzbot] " syzbot
2024-11-09 14:31 ` Suraj Sonawane
@ 2024-11-10 5:47 ` Suraj Sonawane
2024-11-10 6:18 ` syzbot
2024-11-10 10:06 ` Suraj Sonawane
` (5 subsequent siblings)
8 siblings, 1 reply; 19+ messages in thread
From: Suraj Sonawane @ 2024-11-10 5:47 UTC (permalink / raw)
To: syzbot; +Cc: kent.overstreet, linux-bcachefs, linux-kernel, syzkaller-bugs
[-- Attachment #1.1: Type: text/plain, Size: 5848 bytes --]
#syz test
On Sat, Nov 9, 2024 at 8:12 AM syzbot <
syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 2e1b3cc9d7f7 Merge tag 'arm-fixes-6.12-2' of
> git://git.ker..
> git tree: upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=11361d5f980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=6fdf74cce377223b
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for
> Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12348f40580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11e7b587980000
>
> Downloadable assets:
> disk image:
> https://storage.googleapis.com/syzbot-assets/08456e37db58/disk-2e1b3cc9.raw.xz
> vmlinux:
> https://storage.googleapis.com/syzbot-assets/cc957f7ba80b/vmlinux-2e1b3cc9.xz
> kernel image:
> https://storage.googleapis.com/syzbot-assets/7579fe72ed89/bzImage-2e1b3cc9.xz
> mounted in repro:
> https://storage.googleapis.com/syzbot-assets/5903d7d7fe58/mount_4.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit:
> Reported-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
>
> =====================================================
> BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376
> [inline]
> BUG: KMSAN: uninit-value in __rhashtable_lookup
> include/linux/rhashtable.h:607 [inline]
> BUG: KMSAN: uninit-value in rhashtable_lookup
> include/linux/rhashtable.h:646 [inline]
> BUG: KMSAN: uninit-value in rhashtable_lookup_fast
> include/linux/rhashtable.h:672 [inline]
> BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:144
> [inline]
> BUG: KMSAN: uninit-value in bch2_copygc_get_buckets
> fs/bcachefs/movinggc.c:170 [inline]
> BUG: KMSAN: uninit-value in bch2_copygc+0x1d3f/0x58f0
> fs/bcachefs/movinggc.c:221
> rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
> __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
> rhashtable_lookup include/linux/rhashtable.h:646 [inline]
> rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
> bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
> kthread+0x3e2/0x540 kernel/kthread.c:389
> ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
>
> Local variable b205.i created at:
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x15b3/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
>
> CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Not tainted
> 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> =====================================================
> Kernel panic - not syncing: kmsan.panic set ...
> CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Tainted: G B
> 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
> Tainted: [B]=BAD_PAGE
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:94 [inline]
> dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120
> dump_stack+0x1e/0x30 lib/dump_stack.c:129
> panic+0x4e2/0xcf0 kernel/panic.c:354
> kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218
> __msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318
> rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
> __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
> rhashtable_lookup include/linux/rhashtable.h:646 [inline]
> rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
> bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
> kthread+0x3e2/0x540 kernel/kthread.c:389
> ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
> </TASK>
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/syzkaller-bugs/672ecc13.050a0220.138bd5.0038.GAE%40google.com
> .
>
[-- Attachment #1.2: Type: text/html, Size: 7972 bytes --]
[-- Attachment #2: 0001-v4KMSAN-fix-uninit-value-in-bch2_copygc.patch --]
[-- Type: text/x-patch, Size: 939 bytes --]
From 7370257aa9f1ca21cc0219e10cd6884f8475357c Mon Sep 17 00:00:00 2001
From: Suraj Sonawane <surajsonawane0215@gmail.com>
Date: Sun, 10 Nov 2024 11:15:14 +0530
Subject: [PATCH v4] KMSAN: fix uninit-value in bch2_copygc
syz test
Signed-off-by: Suraj Sonawane <surajsonawane0215@gmail.com>
---
include/linux/rhashtable.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/linux/rhashtable.h b/include/linux/rhashtable.h
index 8463a128e..0414a856f 100644
--- a/include/linux/rhashtable.h
+++ b/include/linux/rhashtable.h
@@ -373,7 +373,13 @@ static inline struct rhash_head *__rht_ptr(
static inline struct rhash_head *rht_ptr_rcu(
struct rhash_lock_head __rcu *const *bkt)
{
- return __rht_ptr(rcu_dereference(*bkt), bkt);
+ struct rhash_lock_head *ptr = rcu_dereference(*bkt);
+
+ if (!ptr) {
+ ptr = 0;
+ }
+
+ return __rht_ptr(ptr, bkt);
}
static inline struct rhash_head *rht_ptr(
--
2.34.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
2024-11-10 5:47 ` Suraj Sonawane
@ 2024-11-10 6:18 ` syzbot
0 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-10 6:18 UTC (permalink / raw)
To: kent.overstreet, linux-bcachefs, linux-kernel, surajsonawane0215,
syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in bch2_copygc
=====================================================
BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:613 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:652 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:678 [inline]
BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
BUG: KMSAN: uninit-value in bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
BUG: KMSAN: uninit-value in bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:613 [inline]
rhashtable_lookup include/linux/rhashtable.h:652 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:678 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Local variable b205.i created at:
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x15b3/0x58f0 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
CPU: 1 UID: 0 PID: 6677 Comm: bch-copygc/loop Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
=====================================================
Kernel panic - not syncing: kmsan.panic set ...
CPU: 1 UID: 0 PID: 6677 Comm: bch-copygc/loop Tainted: G B 6.12.0-rc6-syzkaller-00279-gde2f378f2b77-dirty #0
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120
dump_stack+0x1e/0x30 lib/dump_stack.c:129
panic+0x4e2/0xcf0 kernel/panic.c:354
kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218
__msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:613 [inline]
rhashtable_lookup include/linux/rhashtable.h:652 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:678 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: de2f378f Merge tag 'nfsd-6.12-4' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1302635f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=e4580d62ee1893a5
dashboard link: https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=14131ea7980000
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
2024-11-09 2:42 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc syzbot
` (2 preceding siblings ...)
2024-11-10 5:47 ` Suraj Sonawane
@ 2024-11-10 10:06 ` Suraj Sonawane
2024-11-10 10:29 ` syzbot
2024-11-11 0:31 ` [syzbot] " syzbot
` (4 subsequent siblings)
8 siblings, 1 reply; 19+ messages in thread
From: Suraj Sonawane @ 2024-11-10 10:06 UTC (permalink / raw)
To: syzbot; +Cc: kent.overstreet, linux-bcachefs, linux-kernel, syzkaller-bugs
[-- Attachment #1.1: Type: text/plain, Size: 5848 bytes --]
#syz test
On Sat, Nov 9, 2024 at 8:12 AM syzbot <
syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 2e1b3cc9d7f7 Merge tag 'arm-fixes-6.12-2' of
> git://git.ker..
> git tree: upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=11361d5f980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=6fdf74cce377223b
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for
> Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12348f40580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11e7b587980000
>
> Downloadable assets:
> disk image:
> https://storage.googleapis.com/syzbot-assets/08456e37db58/disk-2e1b3cc9.raw.xz
> vmlinux:
> https://storage.googleapis.com/syzbot-assets/cc957f7ba80b/vmlinux-2e1b3cc9.xz
> kernel image:
> https://storage.googleapis.com/syzbot-assets/7579fe72ed89/bzImage-2e1b3cc9.xz
> mounted in repro:
> https://storage.googleapis.com/syzbot-assets/5903d7d7fe58/mount_4.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit:
> Reported-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
>
> =====================================================
> BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376
> [inline]
> BUG: KMSAN: uninit-value in __rhashtable_lookup
> include/linux/rhashtable.h:607 [inline]
> BUG: KMSAN: uninit-value in rhashtable_lookup
> include/linux/rhashtable.h:646 [inline]
> BUG: KMSAN: uninit-value in rhashtable_lookup_fast
> include/linux/rhashtable.h:672 [inline]
> BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:144
> [inline]
> BUG: KMSAN: uninit-value in bch2_copygc_get_buckets
> fs/bcachefs/movinggc.c:170 [inline]
> BUG: KMSAN: uninit-value in bch2_copygc+0x1d3f/0x58f0
> fs/bcachefs/movinggc.c:221
> rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
> __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
> rhashtable_lookup include/linux/rhashtable.h:646 [inline]
> rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
> bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
> kthread+0x3e2/0x540 kernel/kthread.c:389
> ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
>
> Local variable b205.i created at:
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x15b3/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
>
> CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Not tainted
> 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> =====================================================
> Kernel panic - not syncing: kmsan.panic set ...
> CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Tainted: G B
> 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
> Tainted: [B]=BAD_PAGE
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:94 [inline]
> dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120
> dump_stack+0x1e/0x30 lib/dump_stack.c:129
> panic+0x4e2/0xcf0 kernel/panic.c:354
> kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218
> __msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318
> rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
> __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
> rhashtable_lookup include/linux/rhashtable.h:646 [inline]
> rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
> bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
> kthread+0x3e2/0x540 kernel/kthread.c:389
> ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
> </TASK>
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/syzkaller-bugs/672ecc13.050a0220.138bd5.0038.GAE%40google.com
> .
>
[-- Attachment #1.2: Type: text/html, Size: 7972 bytes --]
[-- Attachment #2: 0001-v5KMSAN-fix-uninit-value-in-bch2_copygc.patch --]
[-- Type: text/x-patch, Size: 1177 bytes --]
From 37b09cf2aacc884a88e86c833334eb0f92983f7e Mon Sep 17 00:00:00 2001
From: Suraj Sonawane <surajsonawane0215@gmail.com>
Date: Sun, 10 Nov 2024 15:32:19 +0530
Subject: [PATCH] v5KMSAN: fix uninit-value in bch2_copygc
fix
Signed-off-by: Suraj Sonawane <surajsonawane0215@gmail.com>
---
fs/bcachefs/movinggc.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/fs/bcachefs/movinggc.c b/fs/bcachefs/movinggc.c
index d658be90f..2f43d9ec7 100644
--- a/fs/bcachefs/movinggc.c
+++ b/fs/bcachefs/movinggc.c
@@ -158,6 +158,20 @@ static int bch2_copygc_get_buckets(struct moving_context *ctxt,
move_buckets_wait(ctxt, buckets_in_flight, false);
+ if (!buckets_in_flight || !buckets_in_flight->nr) {
+ // Initialize the structure
+ buckets_in_flight->nr = 0;
+ buckets_in_flight->sectors = 0;
+ buckets_in_flight->first = NULL;
+ buckets_in_flight->last = NULL;
+
+ // Explicitly initialize the hash table instead of memset
+ ret = rhashtable_init(&buckets_in_flight->table, &bch_move_bucket_params);
+ if (ret) {
+ return ret;
+ }
+ }
+
ret = bch2_btree_write_buffer_tryflush(trans);
if (bch2_err_matches(ret, EROFS))
return ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
2024-11-10 10:06 ` Suraj Sonawane
@ 2024-11-10 10:29 ` syzbot
0 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-10 10:29 UTC (permalink / raw)
To: kent.overstreet, linux-bcachefs, linux-kernel, surajsonawane0215,
syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in bch2_copygc
=====================================================
BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
BUG: KMSAN: uninit-value in bch2_copygc_get_buckets fs/bcachefs/movinggc.c:184 [inline]
BUG: KMSAN: uninit-value in bch2_copygc+0x20b9/0x5970 fs/bcachefs/movinggc.c:235
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:607 [inline]
rhashtable_lookup include/linux/rhashtable.h:646 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:184 [inline]
bch2_copygc+0x20b9/0x5970 fs/bcachefs/movinggc.c:235
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:395
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Local variable b232.i created at:
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:184 [inline]
bch2_copygc+0x1925/0x5970 fs/bcachefs/movinggc.c:235
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:395
CPU: 0 UID: 0 PID: 6614 Comm: bch-copygc/loop Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
=====================================================
Kernel panic - not syncing: kmsan.panic set ...
CPU: 0 UID: 0 PID: 6614 Comm: bch-copygc/loop Tainted: G B 6.12.0-rc6-syzkaller-00279-gde2f378f2b77-dirty #0
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120
dump_stack+0x1e/0x30 lib/dump_stack.c:129
panic+0x4e2/0xcf0 kernel/panic.c:354
kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218
__msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:607 [inline]
rhashtable_lookup include/linux/rhashtable.h:646 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:184 [inline]
bch2_copygc+0x20b9/0x5970 fs/bcachefs/movinggc.c:235
bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:395
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: de2f378f Merge tag 'nfsd-6.12-4' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16a994e8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e4580d62ee1893a5
dashboard link: https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1715635f980000
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] KMSAN: uninit-value in bch2_copygc
2024-11-09 2:42 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc syzbot
` (3 preceding siblings ...)
2024-11-10 10:06 ` Suraj Sonawane
@ 2024-11-11 0:31 ` syzbot
2024-11-11 14:01 ` syzbot
` (3 subsequent siblings)
8 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-11 0:31 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: KMSAN: uninit-value in bch2_copygc
Author: gianf.trad@gmail.com
#syz test
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
[not found] <2a46b846-9279-4cde-91c9-b01fc77e9052@gmail.com>
@ 2024-11-11 0:54 ` syzbot
0 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-11 0:54 UTC (permalink / raw)
To: gianf.trad, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in bch2_copygc
=====================================================
BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:145 [inline]
BUG: KMSAN: uninit-value in bch2_copygc_get_buckets fs/bcachefs/movinggc.c:171 [inline]
BUG: KMSAN: uninit-value in bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:222
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:607 [inline]
rhashtable_lookup include/linux/rhashtable.h:646 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:145 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:171 [inline]
bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:222
bch2_copygc_thread+0x83a/0xff0 fs/bcachefs/movinggc.c:383
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Local variable b205.i created at:
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:171 [inline]
bch2_copygc+0x15b3/0x58f0 fs/bcachefs/movinggc.c:222
bch2_copygc_thread+0x83a/0xff0 fs/bcachefs/movinggc.c:383
CPU: 1 UID: 0 PID: 6672 Comm: bch-copygc/loop Not tainted 6.12.0-rc7-syzkaller-g2d5404caa8c7-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
=====================================================
Kernel panic - not syncing: kmsan.panic set ...
CPU: 1 UID: 0 PID: 6672 Comm: bch-copygc/loop Tainted: G B 6.12.0-rc7-syzkaller-g2d5404caa8c7-dirty #0
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120
dump_stack+0x1e/0x30 lib/dump_stack.c:129
panic+0x4e2/0xcf0 kernel/panic.c:354
kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218
__msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:607 [inline]
rhashtable_lookup include/linux/rhashtable.h:646 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:145 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:171 [inline]
bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:222
bch2_copygc_thread+0x83a/0xff0 fs/bcachefs/movinggc.c:383
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: 2d5404ca Linux 6.12-rc7
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=115e135f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=dcca673786a14715
dashboard link: https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=168608c0580000
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] KMSAN: uninit-value in bch2_copygc
2024-11-09 2:42 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc syzbot
` (4 preceding siblings ...)
2024-11-11 0:31 ` [syzbot] " syzbot
@ 2024-11-11 14:01 ` syzbot
2024-11-11 14:25 ` [syzbot] [bcachefs?] " Suraj Sonawane
` (2 subsequent siblings)
8 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-11 14:01 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: KMSAN: uninit-value in bch2_copygc
Author: gianf.trad@gmail.com
#syz test
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
2024-11-09 2:42 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc syzbot
` (5 preceding siblings ...)
2024-11-11 14:01 ` syzbot
@ 2024-11-11 14:25 ` Suraj Sonawane
2024-11-11 14:55 ` syzbot
2024-11-11 23:24 ` [syzbot] " syzbot
2024-11-14 21:56 ` syzbot
8 siblings, 1 reply; 19+ messages in thread
From: Suraj Sonawane @ 2024-11-11 14:25 UTC (permalink / raw)
To: syzbot; +Cc: kent.overstreet, linux-bcachefs, linux-kernel, syzkaller-bugs
[-- Attachment #1.1: Type: text/plain, Size: 5848 bytes --]
#syz test
On Sat, Nov 9, 2024 at 8:12 AM syzbot <
syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 2e1b3cc9d7f7 Merge tag 'arm-fixes-6.12-2' of
> git://git.ker..
> git tree: upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=11361d5f980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=6fdf74cce377223b
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for
> Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12348f40580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11e7b587980000
>
> Downloadable assets:
> disk image:
> https://storage.googleapis.com/syzbot-assets/08456e37db58/disk-2e1b3cc9.raw.xz
> vmlinux:
> https://storage.googleapis.com/syzbot-assets/cc957f7ba80b/vmlinux-2e1b3cc9.xz
> kernel image:
> https://storage.googleapis.com/syzbot-assets/7579fe72ed89/bzImage-2e1b3cc9.xz
> mounted in repro:
> https://storage.googleapis.com/syzbot-assets/5903d7d7fe58/mount_4.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit:
> Reported-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
>
> =====================================================
> BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376
> [inline]
> BUG: KMSAN: uninit-value in __rhashtable_lookup
> include/linux/rhashtable.h:607 [inline]
> BUG: KMSAN: uninit-value in rhashtable_lookup
> include/linux/rhashtable.h:646 [inline]
> BUG: KMSAN: uninit-value in rhashtable_lookup_fast
> include/linux/rhashtable.h:672 [inline]
> BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:144
> [inline]
> BUG: KMSAN: uninit-value in bch2_copygc_get_buckets
> fs/bcachefs/movinggc.c:170 [inline]
> BUG: KMSAN: uninit-value in bch2_copygc+0x1d3f/0x58f0
> fs/bcachefs/movinggc.c:221
> rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
> __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
> rhashtable_lookup include/linux/rhashtable.h:646 [inline]
> rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
> bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
> kthread+0x3e2/0x540 kernel/kthread.c:389
> ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
>
> Local variable b205.i created at:
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x15b3/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
>
> CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Not tainted
> 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> =====================================================
> Kernel panic - not syncing: kmsan.panic set ...
> CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Tainted: G B
> 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
> Tainted: [B]=BAD_PAGE
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 09/13/2024
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:94 [inline]
> dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120
> dump_stack+0x1e/0x30 lib/dump_stack.c:129
> panic+0x4e2/0xcf0 kernel/panic.c:354
> kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218
> __msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318
> rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
> __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
> rhashtable_lookup include/linux/rhashtable.h:646 [inline]
> rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
> bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
> bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
> bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
> bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381
> kthread+0x3e2/0x540 kernel/kthread.c:389
> ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
> </TASK>
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/syzkaller-bugs/672ecc13.050a0220.138bd5.0038.GAE%40google.com
> .
>
[-- Attachment #1.2: Type: text/html, Size: 7972 bytes --]
[-- Attachment #2: 0001-v6KMSAN-fix-uninit-value-in-bch2_copygc.patch --]
[-- Type: text/x-patch, Size: 758 bytes --]
From 970bac035d08329e406901405fe635c7b666f385 Mon Sep 17 00:00:00 2001
From: Suraj Sonawane <surajsonawane0215@gmail.com>
Date: Mon, 11 Nov 2024 19:49:05 +0530
Subject: [PATCH v6] KMSAN: fix uninit-value in bch2_copygc
syz test
Signed-off-by: Suraj Sonawane <surajsonawane0215@gmail.com>
---
fs/bcachefs/movinggc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/bcachefs/movinggc.c b/fs/bcachefs/movinggc.c
index d658be90f..8a6568dc5 100644
--- a/fs/bcachefs/movinggc.c
+++ b/fs/bcachefs/movinggc.c
@@ -327,6 +327,8 @@ static int bch2_copygc_thread(void *arg)
u64 last, wait;
int ret = 0;
+ memset(&ctxt, 0, sizeof(ctxt));
+
buckets = kzalloc(sizeof(struct buckets_in_flight), GFP_KERNEL);
if (!buckets)
return -ENOMEM;
--
2.34.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
[not found] <dd56ff53-672b-47c6-b831-78f1c4b22e17@gmail.com>
@ 2024-11-11 14:34 ` syzbot
0 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-11 14:34 UTC (permalink / raw)
To: gianf.trad, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
Tested-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
Tested on:
commit: 2d5404ca Linux 6.12-rc7
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1724b4e8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=dcca673786a14715
dashboard link: https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=131d3ea7980000
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
2024-11-11 14:25 ` [syzbot] [bcachefs?] " Suraj Sonawane
@ 2024-11-11 14:55 ` syzbot
0 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-11 14:55 UTC (permalink / raw)
To: kent.overstreet, linux-bcachefs, linux-kernel, surajsonawane0215,
syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in bch2_copygc
=====================================================
BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
BUG: KMSAN: uninit-value in bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
BUG: KMSAN: uninit-value in bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:607 [inline]
rhashtable_lookup include/linux/rhashtable.h:646 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x835/0xfe0 fs/bcachefs/movinggc.c:383
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Local variable b205.i created at:
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x15b3/0x58f0 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x835/0xfe0 fs/bcachefs/movinggc.c:383
CPU: 0 UID: 0 PID: 6674 Comm: bch-copygc/loop Not tainted 6.12.0-rc7-syzkaller-g2d5404caa8c7-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
=====================================================
Kernel panic - not syncing: kmsan.panic set ...
CPU: 0 UID: 0 PID: 6674 Comm: bch-copygc/loop Tainted: G B 6.12.0-rc7-syzkaller-g2d5404caa8c7-dirty #0
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120
dump_stack+0x1e/0x30 lib/dump_stack.c:129
panic+0x4e2/0xcf0 kernel/panic.c:354
kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218
__msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318
rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
__rhashtable_lookup include/linux/rhashtable.h:607 [inline]
rhashtable_lookup include/linux/rhashtable.h:646 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
bucket_in_flight fs/bcachefs/movinggc.c:144 [inline]
bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline]
bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221
bch2_copygc_thread+0x835/0xfe0 fs/bcachefs/movinggc.c:383
kthread+0x3e2/0x540 kernel/kthread.c:389
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Kernel Offset: disabled
Tested on:
commit: 2d5404ca Linux 6.12-rc7
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13f8535f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=dcca673786a14715
dashboard link: https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1008535f980000
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] KMSAN: uninit-value in bch2_copygc
2024-11-09 2:42 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc syzbot
` (6 preceding siblings ...)
2024-11-11 14:25 ` [syzbot] [bcachefs?] " Suraj Sonawane
@ 2024-11-11 23:24 ` syzbot
2024-11-14 21:56 ` syzbot
8 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-11 23:24 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: KMSAN: uninit-value in bch2_copygc
Author: gianf.trad@gmail.com
#syz test
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
[not found] <cdcb0458-9e94-44c6-9864-ce6de521b32c@gmail.com>
@ 2024-11-12 4:19 ` syzbot
0 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-12 4:19 UTC (permalink / raw)
To: gianf.trad, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
Tested-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
Tested on:
commit: 2d5404ca Linux 6.12-rc7
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1733b8c0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=dcca673786a14715
dashboard link: https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=11ae74e8580000
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] KMSAN: uninit-value in bch2_copygc
2024-11-09 2:42 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc syzbot
` (7 preceding siblings ...)
2024-11-11 23:24 ` [syzbot] " syzbot
@ 2024-11-14 21:56 ` syzbot
8 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-14 21:56 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: KMSAN: uninit-value in bch2_copygc
Author: gianf.trad@gmail.com
#syz test
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc
[not found] <55018f1d-5871-4f13-aa03-bd06bda0f90f@gmail.com>
@ 2024-11-14 22:27 ` syzbot
0 siblings, 0 replies; 19+ messages in thread
From: syzbot @ 2024-11-14 22:27 UTC (permalink / raw)
To: gianf.trad, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
Tested-by: syzbot+8689d10f1894eedf774d@syzkaller.appspotmail.com
Tested on:
commit: cfaaa7d0 Merge tag 'net-6.12-rc8' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16552b5f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=dcca673786a14715
dashboard link: https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1337e130580000
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2024-11-14 22:27 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-09 2:42 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_copygc syzbot
2024-11-09 11:39 ` [syzbot] " syzbot
2024-11-09 14:31 ` Suraj Sonawane
2024-11-09 15:38 ` syzbot
2024-11-10 5:47 ` Suraj Sonawane
2024-11-10 6:18 ` syzbot
2024-11-10 10:06 ` Suraj Sonawane
2024-11-10 10:29 ` syzbot
2024-11-11 0:31 ` [syzbot] " syzbot
2024-11-11 14:01 ` syzbot
2024-11-11 14:25 ` [syzbot] [bcachefs?] " Suraj Sonawane
2024-11-11 14:55 ` syzbot
2024-11-11 23:24 ` [syzbot] " syzbot
2024-11-14 21:56 ` syzbot
[not found] <CAHiZj8jg7wD9ppGg8yT_XPY3+SRo6ibbHEwvpoQUvNPaJONQiQ@mail.gmail.com>
2024-11-09 12:18 ` [syzbot] [bcachefs?] " syzbot
[not found] <2a46b846-9279-4cde-91c9-b01fc77e9052@gmail.com>
2024-11-11 0:54 ` syzbot
[not found] <dd56ff53-672b-47c6-b831-78f1c4b22e17@gmail.com>
2024-11-11 14:34 ` syzbot
[not found] <cdcb0458-9e94-44c6-9864-ce6de521b32c@gmail.com>
2024-11-12 4:19 ` syzbot
[not found] <55018f1d-5871-4f13-aa03-bd06bda0f90f@gmail.com>
2024-11-14 22:27 ` syzbot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox