[Syzbot Reported] ===================================================== BUG: KMSAN: uninit-value in hfs_cat_keycmp+0x154/0x210 fs/hfs/catalog.c:178 hfs_cat_keycmp+0x154/0x210 fs/hfs/catalog.c:178 __hfs_brec_find+0x250/0x820 fs/hfs/bfind.c:75 hfs_brec_find+0x436/0x970 fs/hfs/bfind.c:138 hfs_brec_read+0x3f/0x1a0 fs/hfs/bfind.c:165 hfs_cat_find_brec+0xe6/0x400 fs/hfs/catalog.c:194 hfs_fill_super+0x1f27/0x23c0 fs/hfs/super.c:419 mount_bdev+0x38f/0x510 fs/super.c:1658 hfs_mount+0x4d/0x60 fs/hfs/super.c:456 legacy_get_tree+0x110/0x290 fs/fs_context.c:662 vfs_get_tree+0xa5/0x560 fs/super.c:1779 do_new_mount+0x71f/0x15e0 fs/namespace.c:3352 path_mount+0x73d/0x1f20 fs/namespace.c:3679 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x725/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook mm/slub.c:3819 [inline] slab_alloc_node mm/slub.c:3860 [inline] __do_kmalloc_node mm/slub.c:3980 [inline] __kmalloc+0x919/0xf80 mm/slub.c:3994 kmalloc include/linux/slab.h:594 [inline] hfs_find_init+0x91/0x250 fs/hfs/bfind.c:21 hfs_fill_super+0x1eb9/0x23c0 fs/hfs/super.c:416 mount_bdev+0x38f/0x510 fs/super.c:1658 hfs_mount+0x4d/0x60 fs/hfs/super.c:456 legacy_get_tree+0x110/0x290 fs/fs_context.c:662 vfs_get_tree+0xa5/0x560 fs/super.c:1779 do_new_mount+0x71f/0x15e0 fs/namespace.c:3352 path_mount+0x73d/0x1f20 fs/namespace.c:3679 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x725/0x810 fs/namespace.c:3875 __x64_sys_mount+0xe4/0x140 fs/namespace.c:3875 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b [Fix] Let's clear all search_key fields at alloc time. Reported-and-tested-by: syzbot+04486d87f6240a004c85@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: Edward Adam Davis <eadavis@xxxxxx> --- fs/hfs/bfind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/hfs/bfind.c b/fs/hfs/bfind.c index ef9498a6e88a..c74d864bc29e 100644 --- a/fs/hfs/bfind.c +++ b/fs/hfs/bfind.c @@ -18,7 +18,7 @@ int hfs_find_init(struct hfs_btree *tree, struct hfs_find_data *fd) fd->tree = tree; fd->bnode = NULL; - ptr = kmalloc(tree->max_key_len * 2 + 4, GFP_KERNEL); + ptr = kzalloc(tree->max_key_len * 2 + 4, GFP_KERNEL); if (!ptr) return -ENOMEM; fd->search_key = ptr; -- 2.43.0
