lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000000000000d368dd05fb5dd7d3@google.com>
Date:   Wed, 10 May 2023 14:49:15 -0700
From:   syzbot <syzbot+00a3779539a23cbee38c@...kaller.appspotmail.com>
To:     glider@...gle.com, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, reiserfs-devel@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: [syzbot] [reiserfs?] KMSAN: uninit-value in reiserfs_security_init

Hello,

syzbot found the following issue on:

HEAD commit:    46e8b6e7cfeb string: use __builtin_memcpy() in strlcpy/str..
git tree:       https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=13ea03bc280000
kernel config:  https://syzkaller.appspot.com/x/.config?x=a7a1059074b7bdce
dashboard link: https://syzkaller.appspot.com/bug?extid=00a3779539a23cbee38c
compiler:       Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: i386

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ad7fff770529/disk-46e8b6e7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ca6a66fcd14c/vmlinux-46e8b6e7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9dc8f5fe8588/bzImage-46e8b6e7.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+00a3779539a23cbee38c@...kaller.appspotmail.com

REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop5): checking transaction log (loop5)
REISERFS (device loop5): Using r5 hash to sort names
reiserfs: enabling write barrier flush mode
=====================================================
BUG: KMSAN: uninit-value in reiserfs_security_init+0x663/0x750 fs/reiserfs/xattr_security.c:84
 reiserfs_security_init+0x663/0x750 fs/reiserfs/xattr_security.c:84
 reiserfs_mkdir+0x418/0xfc0 fs/reiserfs/namei.c:823
 xattr_mkdir fs/reiserfs/xattr.c:77 [inline]
 create_privroot fs/reiserfs/xattr.c:890 [inline]
 reiserfs_xattr_init+0x47e/0xc00 fs/reiserfs/xattr.c:1006
 reiserfs_remount+0xf9c/0x2390
 legacy_reconfigure+0x182/0x1d0 fs/fs_context.c:633
 reconfigure_super+0x346/0xdf0 fs/super.c:956
 do_remount fs/namespace.c:2701 [inline]
 path_mount+0x19c1/0x1ee0 fs/namespace.c:3361
 do_mount fs/namespace.c:3382 [inline]
 __do_sys_mount fs/namespace.c:3591 [inline]
 __se_sys_mount+0x725/0x810 fs/namespace.c:3568
 __ia32_sys_mount+0xe3/0x150 fs/namespace.c:3568
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

Local variable security created at:
 reiserfs_mkdir+0x5f/0xfc0 fs/reiserfs/namei.c:791
 xattr_mkdir fs/reiserfs/xattr.c:77 [inline]
 create_privroot fs/reiserfs/xattr.c:890 [inline]
 reiserfs_xattr_init+0x47e/0xc00 fs/reiserfs/xattr.c:1006

CPU: 1 PID: 7610 Comm: syz-executor.5 Not tainted 6.4.0-rc1-syzkaller-g46e8b6e7cfeb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
=====================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ