lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAOQ4uxh1Qc66R8N57SOb5_Lp28AyOiMCVfoGZXd-bCtM9-Da6w@mail.gmail.com>
Date: Wed, 11 Feb 2026 09:59:56 +0100
From: Amir Goldstein <amir73il@...il.com>
To: syzbot <syzbot+fa79520cb6cf363d660d@...kaller.appspotmail.com>
Cc: linux-kernel@...r.kernel.org, linux-unionfs@...r.kernel.org, 
	miklos@...redi.hu, syzkaller-bugs@...glegroups.com, 
	Andrey Albershteyn <aalbersh@...nel.org>, Christian Brauner <brauner@...nel.org>, 
	Edward Adam Davis <eadavis@...com>
Subject: Re: [syzbot] [overlayfs?] KMSAN: uninit-value in ovl_fileattr_get

On Tue, Feb 10, 2026 at 8:05 AM syzbot
<syzbot+fa79520cb6cf363d660d@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    8fdb05de0e2d Merge tag 'net-6.19-rc9' of git://git.kernel...
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=13d888aa580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=9682a42d8ec8b05c
> dashboard link: https://syzkaller.appspot.com/bug?extid=fa79520cb6cf363d660d
> compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1233cb22580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1035878a580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/25d060d68c51/disk-8fdb05de.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/f033f4d0ec73/vmlinux-8fdb05de.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/942ea5e5d5f5/bzImage-8fdb05de.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+fa79520cb6cf363d660d@...kaller.appspotmail.com
>
> =====================================================
> BUG: KMSAN: uninit-value in ovl_security_fileattr fs/overlayfs/inode.c:617 [inline]
> BUG: KMSAN: uninit-value in ovl_real_fileattr_get fs/overlayfs/inode.c:701 [inline]
> BUG: KMSAN: uninit-value in ovl_fileattr_get+0x5cd/0x650 fs/overlayfs/inode.c:720
>  ovl_security_fileattr fs/overlayfs/inode.c:617 [inline]
>  ovl_real_fileattr_get fs/overlayfs/inode.c:701 [inline]
>  ovl_fileattr_get+0x5cd/0x650 fs/overlayfs/inode.c:720
>  vfs_fileattr_get fs/file_attr.c:94 [inline]
>  __do_sys_file_getattr fs/file_attr.c:416 [inline]
>  __se_sys_file_getattr+0x6cb/0xbd0 fs/file_attr.c:372
>  __x64_sys_file_getattr+0xe4/0x150 fs/file_attr.c:372
>  x64_sys_call+0x17cd/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:469
>  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
>  do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> Uninit was stored to memory at:
>  ovl_security_fileattr fs/overlayfs/inode.c:612 [inline]
>  ovl_real_fileattr_get fs/overlayfs/inode.c:701 [inline]
>  ovl_fileattr_get+0x5c6/0x650 fs/overlayfs/inode.c:720
>  vfs_fileattr_get fs/file_attr.c:94 [inline]
>  __do_sys_file_getattr fs/file_attr.c:416 [inline]
>  __se_sys_file_getattr+0x6cb/0xbd0 fs/file_attr.c:372
>  __x64_sys_file_getattr+0xe4/0x150 fs/file_attr.c:372
>  x64_sys_call+0x17cd/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:469
>  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
>  do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> Local variable fa.i created at:
>  __do_sys_file_getattr fs/file_attr.c:380 [inline]
>  __se_sys_file_getattr+0x8c/0xbd0 fs/file_attr.c:372
>  __x64_sys_file_getattr+0xe4/0x150 fs/file_attr.c:372
>
> CPU: 0 UID: 0 PID: 6044 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(voluntary)
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
> =====================================================
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>

#syz dup: KMSAN: uninit-value in fuse_fileattr_get

Thanks,
Amir.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ