On Sun, Sep 22, 2024 at 03:18:01PM GMT, Piotr Zalewski wrote: > Zero-initialize part of allocated bounce buffer which wasn't touched by > subsequent bch2_key_sort_fix_overlapping to mitigate later uinit-value > use KMSAN bug[1]. > > After applying the patch reproducer still triggers stack overflow[2] but > it seems unrelated to the uninit-value use warning. After further > investigation it was found that stack overflow occurs because KMSAN adds > too many function calls[3]. Backtrace of where the stack magic number gets > smashed was added as a reply to syzkaller thread[3]. > > It was confirmed that task's stack magic number gets smashed after the code > path where KSMAN detects uninit-value use is executed, so it can be assumed > that it doesn't contribute in any way to uninit-value use detection. > > [1] https://syzkaller.appspot.com/bug?extid=6f655a60d3244d0c6718 > [2] https://lore.kernel.org/lkml/[email protected] > [3] > https://lore.kernel.org/all/rVaWgPULej8K7HqMPNIu8kVNyXNjjCiTB-QBtItLFBmk0alH6fV2tk4joVPk97Evnuv4ZRDd8HB5uDCkiFG6u81xKdzDj-KrtIMJSlF6Kt8=@proton.me > > Reported-by: [email protected] > Closes: https://syzkaller.appspot.com/bug?extid=6f655a60d3244d0c6718 > Fixes: ec4edd7b9d20 ("bcachefs: Prep work for variable size btree node > buffers") > Suggested-by: Kent Overstreet <[email protected]> > Signed-off-by: Piotr Zalewski <[email protected]>
Thanks! Applied.
