Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1174402pxk; Fri, 25 Sep 2020 08:03:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwwbWryYokufMMvB/KL40mQjvnehnYHFW0Ql2Jt9/Ze411ZAZb/cfiVaGc8SSmECevJyCJR X-Received: by 2002:a17:906:d936:: with SMTP id rn22mr3219312ejb.4.1601046234158; Fri, 25 Sep 2020 08:03:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601046234; cv=none; d=google.com; s=arc-20160816; b=yLViGgE4BbI7VPWC8bCdHa8kZel2xWKspcUEkPm7KAP2SRDLg79zDveVR3W42xNsqs BYIsopSSLjklN8CV5dPOzzYUgAay77IMMf37MZjifxm0PWA11LZLIVvCsoiRY7qF1rHS RhWUE3CDTaftKZdNofGvQM1eKWteaX1bDfw1MHqPyvw8N0gKx+lXvb9Y/qtacnY0aHSD tyTT3aRqIMpoyey3eMuI8CIZZ/MMcuDxumrdiaHjo7b7yEZ3Kenj+1NHY8NA2PzaEIFJ cElK0Xz9fdW5KbgTq7DLEzIL4b5o2T6aKJBaZOBoLaaDJ76C4vSs/zCEROnkPyW7hiue 7TZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:cc:references:to :subject:dkim-signature; bh=BgRlW7xKt+zZtsbSllbd7U1mSS8m91RnlLQtBOs8JwI=; b=rzgsNZs6jTtDue+s8nmonxM54ig0JAmUlXK6NmhP995kj1znSeb/IqLvh7R2vwaFXj +3HxqDBGQrnGh6LIl88cfP7aB3d6sCnnq+WG4SEhwg8ig1d4vnRSbEOg5Fryh8yzzLgx MhQvrOU/NtYQU4ZrgJAYpzjTtAd32tukKF9hffZGyS5jxh+1nz126EXK032VXT/kmYyj 3qpf1UZRliN18UYtHcG2QYD8CFuUqjZIQNyXa43fP73WEMlVC7qGbx+GuGVGS9VbjBXD bOtR6IQ9g5UnfJnoXNs9GsiGwLA6u7how3/BIKwOPrPCHR5UXPshS2nPzuBTD5wivXMM AA3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="mtT/WbyI"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v2si2024332edx.402.2020.09.25.08.03.31; Fri, 25 Sep 2020 08:03:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="mtT/WbyI"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729420AbgIYPCG (ORCPT + 99 others); Fri, 25 Sep 2020 11:02:06 -0400 Received: from mail.kernel.org ([198.145.29.99]:44170 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729403AbgIYPCF (ORCPT ); Fri, 25 Sep 2020 11:02:05 -0400 Received: from [192.168.0.108] (unknown [49.65.245.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3144C20715; Fri, 25 Sep 2020 15:02:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1601046124; bh=9WgaLGTAfx9N0SLsi5CS0bjEUFlWHvpW0Sz8nLg7jis=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=mtT/WbyI46MM40nBYZjXtBkn8QJAxuMV+gtHdAFQQ0mM7mKT658kRZcddoD7/8hOf vuMPR0Db20xI8R17kxp5/vMXin1+t8fj4OdYg3sevEbq648BwFVCUgX9UUKlZpg7L7 qDQsxeoYIuyKGih53wpnxxZamdJoImDGjQF7Sum4= Subject: Re: [f2fs-dev] KMSAN: uninit-value in f2fs_lookup To: Dan Carpenter , Chao Yu References: <000000000000f9f80905b01c7185@google.com> <20200925105758.GN4282@kadam> Cc: syzbot , glider@google.com, jaegeuk@kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com From: Chao Yu Message-ID: <27500993-7fbd-bbe7-1d6e-83e0e12b4a3e@kernel.org> Date: Fri, 25 Sep 2020 23:01:55 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20200925105758.GN4282@kadam> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Dan, On 2020-9-25 18:57, Dan Carpenter wrote: > On Fri, Sep 25, 2020 at 05:06:33PM +0800, Chao Yu wrote: >> Hi, >> >> I don't see any problem here, thanks for your report. :) >> > > I bet the uninitialize value is because "max_depth" is zero. I agree with you, thanks for the hint. :) Thanks, > > > 352 struct f2fs_dir_entry *__f2fs_find_entry(struct inode *dir, > 353 const struct f2fs_filename *fname, > 354 struct page **res_page) > ^^^^^^^^ > The stack trace says this isn't initialized. > > 355 { > 356 unsigned long npages = dir_blocks(dir); > 357 struct f2fs_dir_entry *de = NULL; > 358 unsigned int max_depth; > 359 unsigned int level; > 360 > 361 if (f2fs_has_inline_dentry(dir)) { > 362 *res_page = NULL; > 363 de = f2fs_find_in_inline_dir(dir, fname, res_page); > 364 goto out; > 365 } > 366 > 367 if (npages == 0) { > 368 *res_page = NULL; > 369 goto out; > 370 } > 371 > 372 max_depth = F2FS_I(dir)->i_current_depth; > 373 if (unlikely(max_depth > MAX_DIR_HASH_DEPTH)) { > 374 f2fs_warn(F2FS_I_SB(dir), "Corrupted max_depth of %lu: %u", > 375 dir->i_ino, max_depth); > 376 max_depth = MAX_DIR_HASH_DEPTH; > 377 f2fs_i_depth_write(dir, max_depth); > 378 } > 379 > 380 for (level = 0; level < max_depth; level++) { > ^^^^^^^^^^^^^^^^^ > If "max_depth" is zero, then we never enter this loop. > > 381 *res_page = NULL; > 382 de = find_in_level(dir, level, fname, res_page); > 383 if (de || IS_ERR(*res_page)) > 384 break; > 385 } > 386 out: > 387 /* This is to increase the speed of f2fs_create */ > 388 if (!de) > 389 F2FS_I(dir)->task = current; > 390 return de; > > Which means that we return a NULL "de" and "*res_page" is uninitialized > and that matches what syzbot found throug runtime testing. > > 391 } > > regards, > dan carpenter >