#syz test On Sat, Nov 9, 2024 at 8:12 AM syzbot < syzbot+8689d10f1894eedf7...@syzkaller.appspotmail.com> wrote:
> Hello, > > syzbot found the following issue on: > > HEAD commit: 2e1b3cc9d7f7 Merge tag 'arm-fixes-6.12-2' of > git://git.ker.. > git tree: upstream > console+strace: https://syzkaller.appspot.com/x/log.txt?x=11361d5f980000 > kernel config: https://syzkaller.appspot.com/x/.config?x=6fdf74cce377223b > dashboard link: > https://syzkaller.appspot.com/bug?extid=8689d10f1894eedf774d > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for > Debian) 2.40 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12348f40580000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11e7b587980000 > > Downloadable assets: > disk image: > https://storage.googleapis.com/syzbot-assets/08456e37db58/disk-2e1b3cc9.raw.xz > vmlinux: > https://storage.googleapis.com/syzbot-assets/cc957f7ba80b/vmlinux-2e1b3cc9.xz > kernel image: > https://storage.googleapis.com/syzbot-assets/7579fe72ed89/bzImage-2e1b3cc9.xz > mounted in repro: > https://storage.googleapis.com/syzbot-assets/5903d7d7fe58/mount_4.gz > > IMPORTANT: if you fix the issue, please add the following tag to the > commit: > Reported-by: syzbot+8689d10f1894eedf7...@syzkaller.appspotmail.com > > ===================================================== > BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 > [inline] > BUG: KMSAN: uninit-value in __rhashtable_lookup > include/linux/rhashtable.h:607 [inline] > BUG: KMSAN: uninit-value in rhashtable_lookup > include/linux/rhashtable.h:646 [inline] > BUG: KMSAN: uninit-value in rhashtable_lookup_fast > include/linux/rhashtable.h:672 [inline] > BUG: KMSAN: uninit-value in bucket_in_flight fs/bcachefs/movinggc.c:144 > [inline] > BUG: KMSAN: uninit-value in bch2_copygc_get_buckets > fs/bcachefs/movinggc.c:170 [inline] > BUG: KMSAN: uninit-value in bch2_copygc+0x1d3f/0x58f0 > fs/bcachefs/movinggc.c:221 > rht_ptr_rcu include/linux/rhashtable.h:376 [inline] > __rhashtable_lookup include/linux/rhashtable.h:607 [inline] > rhashtable_lookup include/linux/rhashtable.h:646 [inline] > rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] > bucket_in_flight fs/bcachefs/movinggc.c:144 [inline] > bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline] > bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221 > bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381 > kthread+0x3e2/0x540 kernel/kthread.c:389 > ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147 > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > Local variable b205.i created at: > bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline] > bch2_copygc+0x15b3/0x58f0 fs/bcachefs/movinggc.c:221 > bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381 > > CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Not tainted > 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 09/13/2024 > ===================================================== > Kernel panic - not syncing: kmsan.panic set ... > CPU: 0 UID: 0 PID: 5796 Comm: bch-copygc/loop Tainted: G B > 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0 > Tainted: [B]=BAD_PAGE > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 09/13/2024 > Call Trace: > <TASK> > __dump_stack lib/dump_stack.c:94 [inline] > dump_stack_lvl+0x216/0x2d0 lib/dump_stack.c:120 > dump_stack+0x1e/0x30 lib/dump_stack.c:129 > panic+0x4e2/0xcf0 kernel/panic.c:354 > kmsan_report+0x2c7/0x2d0 mm/kmsan/report.c:218 > __msan_warning+0x95/0x120 mm/kmsan/instrumentation.c:318 > rht_ptr_rcu include/linux/rhashtable.h:376 [inline] > __rhashtable_lookup include/linux/rhashtable.h:607 [inline] > rhashtable_lookup include/linux/rhashtable.h:646 [inline] > rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] > bucket_in_flight fs/bcachefs/movinggc.c:144 [inline] > bch2_copygc_get_buckets fs/bcachefs/movinggc.c:170 [inline] > bch2_copygc+0x1d3f/0x58f0 fs/bcachefs/movinggc.c:221 > bch2_copygc_thread+0x7f7/0xfa0 fs/bcachefs/movinggc.c:381 > kthread+0x3e2/0x540 kernel/kthread.c:389 > ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147 > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > </TASK> > Kernel Offset: disabled > Rebooting in 86400 seconds.. > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkal...@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want syzbot to run the reproducer, reply with: > #syz test: git://repo/address.git branch-or-commit-hash > If you attach or paste a git patch, syzbot will apply it before testing. > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup > > -- > You received this message because you are subscribed to the Google Groups > "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to syzkaller-bugs+unsubscr...@googlegroups.com. > To view this discussion visit > https://groups.google.com/d/msgid/syzkaller-bugs/672ecc13.050a0220.138bd5.0038.GAE%40google.com > . >
From 970bac035d08329e406901405fe635c7b666f385 Mon Sep 17 00:00:00 2001 From: Suraj Sonawane <surajsonawane0...@gmail.com> Date: Mon, 11 Nov 2024 19:49:05 +0530 Subject: [PATCH v6] KMSAN: fix uninit-value in bch2_copygc syz test Signed-off-by: Suraj Sonawane <surajsonawane0...@gmail.com> --- fs/bcachefs/movinggc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/bcachefs/movinggc.c b/fs/bcachefs/movinggc.c index d658be90f..8a6568dc5 100644 --- a/fs/bcachefs/movinggc.c +++ b/fs/bcachefs/movinggc.c @@ -327,6 +327,8 @@ static int bch2_copygc_thread(void *arg) u64 last, wait; int ret = 0; + memset(&ctxt, 0, sizeof(ctxt)); + buckets = kzalloc(sizeof(struct buckets_in_flight), GFP_KERNEL); if (!buckets) return -ENOMEM; -- 2.34.1
