On Wed, 18 May 2022 at 02:08, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote: > > On Mon, 16 May 2022 17:47:26 +0800 Wang Cheng <wanngchenng@xxxxxxxxx> wrote: > > > > > ... > > > > This patch seems to fix below bug too. > > KMSAN: uninit-value in mpol_rebind_mm (2) > > https://syzkaller.appspot.com/bug?id=f2fecd0d7013f54ec4162f60743a2b28df40926b > > > > The uninit-value is pol->w.cpuset_mems_allowed in mpol_rebind_policy(). > > When syzkaller reproducer runs to the beginning of mpol_new(), > > > > mpol_new() mm/mempolicy.c > > do_mbind() mm/mempolicy.c > > kernel_mbind() mm/mempolicy.c > > > > `mode` is 1(MPOL_PREFERRED), nodes_empty(*nodes) is `true` and `flags` > > is 0. Then > > > > mode = MPOL_LOCAL; > > ... > > policy->mode = mode; > > policy->flags = flags; > > > > will be executed. So in mpol_set_nodemask(), > > > > mpol_set_nodemask() mm/mempolicy.c > > do_mbind() > > kernel_mbind() > > > > pol->mode is 4(MPOL_LOCAL), that `nodemask` in `pol` is not initialized, > > which will be accessed in mpol_rebind_policy(). > > Thanks, I added the above to the changelog and I plan to import the > result into mm-stable later this week. > > > IIUC, "#syz fix: mm/mempolicy: fix uninit-value in mpol_rebind_policy()" > > could be sent to syzbot+ad1b8c404f0959c4bfcc@xxxxxxxxxxxxxxxxxxxxxxxxx > > to attach the fixing commit to the bug. WDYT? > > Could be. The "syz fix" isn't a thing I've paid much attention to. > I'll start doing so ;) Yes, we can send: #syz fix: mm/mempolicy: fix uninit-value in mpol_rebind_policy() to syzbot+ad1b8c404f0959c4bfcc@xxxxxxxxxxxxxxxxxxxxxxxxx and now it should be reflected at: https://syzkaller.appspot.com/bug?extid=ad1b8c404f0959c4bfcc and the bug will be closed when the fix is merged everywhere.
