Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10CFAC636D3 for ; Sun, 12 Feb 2023 07:39:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229611AbjBLHjx (ORCPT ); Sun, 12 Feb 2023 02:39:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45848 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229481AbjBLHjv (ORCPT ); Sun, 12 Feb 2023 02:39:51 -0500 Received: from mail-oa1-x35.google.com (mail-oa1-x35.google.com [IPv6:2001:4860:4864:20::35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41C2DE076; Sat, 11 Feb 2023 23:39:50 -0800 (PST) Received: by mail-oa1-x35.google.com with SMTP id 586e51a60fabf-16a7f5b6882so11839259fac.10; Sat, 11 Feb 2023 23:39:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=AbdTGX2HfdPDPJ5urJzs6BFMyz88+QI/M5bZN4yo268=; b=HHShUb01K1C3wH8rCZMLSk25JDHUY8dv19q69YXCCy00eXVA/RigwMEv2KtuU6kXG5 4bjbbUre0OIAnFJR/bs206vITa7MeCyXv+RSb3F3hG3M8DQ6S+MvQtQcsfUpdFzBCmfr CZz+AGNTQjYQBeOcibmXPt4ksTOraFpv+neRdFMmJOeLHZ8uTHMkNDIrbekyfEkXO0LY i/8kMMWNWNiTn4Utg0GFZVljCinERYs/8DqYdjrXaO0+eyXzdI3pww03RH4VAdiOgShV d9sO2hF7qLNWV2cvcehV8c7OccotsHKkLrvxrxoUR2Uy0EG+ul0jEqHhJFHNjTEME2ws veHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=AbdTGX2HfdPDPJ5urJzs6BFMyz88+QI/M5bZN4yo268=; b=hzmdP6cV5AsTaN0zFtyEVKZ0Z83u5ZyqyHrTv5UNyF8jKIP2YQpjfrO6eVlegbkvle /uWG285QPxrX5/ozknkDBAb09+rv9Ur7LuVd86jLRDVQljnm9vL9gt4/6pB2UIhICqjT NIrCdSx5JTN6igMNBMg1wxcrUHBSOyg2RS/t7jeTCCmw9uCn9lS1WyOe2xM9Vb6nhHTi peCqUT1C0mOVSmw6xRtGG7bH+Mblqsgfyzo4pn4HJrfS6W/9gbxL144jJc/aO6afC3R0 ULK65lqbH5rBpJ6tHBzLz6W7gi3aBiDnVyCnfiS88TxXDEh5ahRmHjsji0WK3uFryGAH T7bw== X-Gm-Message-State: AO0yUKWFCQSr4hBROsoTN4daawEyjnQcd4riCFiI2qsvBCKF2ZuewD7F 3Ls0qftmWBbOJCXpf6A5rcqmAREE+C1eYJwt2NaSq5zNeRV2gQ== X-Google-Smtp-Source: AK7set8PiDRfaDZAwoFjZTFJCI3Zvd35wJ+a3wFejFKgpf+BOtKsENQ+wHjtZC8KITh+WZ0XE98H/Z1LaVMO3NKyxQM= X-Received: by 2002:a05:6870:d288:b0:163:83b6:d9e2 with SMTP id d8-20020a056870d28800b0016383b6d9e2mr3070927oae.90.1676187588418; Sat, 11 Feb 2023 23:39:48 -0800 (PST) MIME-Version: 1.0 From: Dipanjan Das Date: Sat, 11 Feb 2023 23:39:37 -0800 Message-ID: Subject: KMSAN: uninit-value in sr_check_events To: jejb@linux.ibm.com, martin.petersen@oracle.com, linux-scsi@vger.kernel.org, Linux Kernel Mailing List Cc: syzkaller , Marius Fleischer , Priyanka Bose Content-Type: multipart/mixed; boundary="000000000000c90e6005f47bd5b6" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --000000000000c90e6005f47bd5b6 Content-Type: text/plain; charset="UTF-8" Hi, We would like to report the following bug which has been found by our modified version of syzkaller. ====================================================== description: KMSAN: uninit-value in sr_check_events affected file: drivers/scsi/sr.c kernel version: 6.2.0-rc5 kernel commit: 41c66f47061608dc1fd493eebce198f0e74cc2d7 git tree: kmsan kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=a9a22da1efde3af6 crash reproducer: attached ====================================================== Crash log: ====================================================== BUG: KMSAN: uninit-value in sr_check_events+0x12d2/0x13c0 drivers/scsi/sr.c:269 sr_check_events+0x12d2/0x13c0 drivers/scsi/sr.c:269 cdrom_update_events drivers/cdrom/cdrom.c:1485 [inline] cdrom_check_events+0x61/0x170 drivers/cdrom/cdrom.c:1495 sr_block_check_events+0xf5/0x130 drivers/scsi/sr.c:559 disk_check_events+0xf1/0x950 block/disk-events.c:193 disk_clear_events block/disk-events.c:248 [inline] bdev_check_media_change+0x26a/0x7f0 block/disk-events.c:279 sr_block_open+0x159/0x340 drivers/scsi/sr.c:494 blkdev_get_whole+0xb4/0x700 block/bdev.c:672 blkdev_get_by_dev+0x4c9/0x1280 block/bdev.c:822 blkdev_open+0x216/0x440 block/fops.c:478 do_dentry_open+0xf85/0x1970 fs/open.c:882 vfs_open+0x75/0xa0 fs/open.c:1013 do_open fs/namei.c:3557 [inline] path_openat+0x4c4b/0x5a00 fs/namei.c:3714 do_filp_open+0x252/0x660 fs/namei.c:3741 do_sys_openat2+0x200/0x920 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_openat fs/open.c:1342 [inline] __se_sys_openat fs/open.c:1337 [inline] __x64_sys_openat+0x285/0x310 fs/open.c:1337 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: sr_check_events+0xb04/0x13c0 drivers/scsi/sr.c:216 cdrom_update_events drivers/cdrom/cdrom.c:1485 [inline] cdrom_check_events+0x61/0x170 drivers/cdrom/cdrom.c:1495 sr_block_check_events+0xf5/0x130 drivers/scsi/sr.c:559 disk_check_events+0xf1/0x950 block/disk-events.c:193 disk_clear_events block/disk-events.c:248 [inline] bdev_check_media_change+0x26a/0x7f0 block/disk-events.c:279 sr_block_open+0x159/0x340 drivers/scsi/sr.c:494 blkdev_get_whole+0xb4/0x700 block/bdev.c:672 blkdev_get_by_dev+0x4c9/0x1280 block/bdev.c:822 blkdev_open+0x216/0x440 block/fops.c:478 do_dentry_open+0xf85/0x1970 fs/open.c:882 vfs_open+0x75/0xa0 fs/open.c:1013 do_open fs/namei.c:3557 [inline] path_openat+0x4c4b/0x5a00 fs/namei.c:3714 do_filp_open+0x252/0x660 fs/namei.c:3741 do_sys_openat2+0x200/0x920 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_openat fs/open.c:1342 [inline] __se_sys_openat fs/open.c:1337 [inline] __x64_sys_openat+0x285/0x310 fs/open.c:1337 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Local variable sshdr.i created at: sr_get_events drivers/scsi/sr.c:172 [inline] sr_check_events+0x11f/0x13c0 drivers/scsi/sr.c:215 cdrom_update_events drivers/cdrom/cdrom.c:1485 [inline] cdrom_check_events+0x61/0x170 drivers/cdrom/cdrom.c:1495 CPU: 0 PID: 22994 Comm: syz-executor.1 Not tainted 6.2.0-rc5-00010-g41c66f470616 #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 -- Thanks and Regards, Dipanjan --000000000000c90e6005f47bd5b6 Content-Type: application/octet-stream; name="repro.syz" Content-Disposition: attachment; filename="repro.syz" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_le12o6xx2 b3BlbmF0JHNyKDB4ZmZmZmZmZmZmZmZmZmY5YywgJigweDdmMDAwMDAwMDA0MCksIDB4NDg4MDAs IDB4MCkgKGZhaWxfbnRoOiA3KQo= --000000000000c90e6005f47bd5b6 Content-Type: text/x-csrc; charset="US-ASCII"; name="repro.c" Content-Disposition: attachment; filename="repro.c" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_le12o6xp1 Ly8gYXV0b2dlbmVyYXRlZCBieSBzeXprYWxsZXIgKGh0dHBzOi8vZ2l0aHViLmNvbS9nb29nbGUv c3l6a2FsbGVyKQoKI2RlZmluZSBfR05VX1NPVVJDRSAKCiNpbmNsdWRlIDxkaXJlbnQuaD4KI2lu Y2x1ZGUgPGVuZGlhbi5oPgojaW5jbHVkZSA8ZXJybm8uaD4KI2luY2x1ZGUgPGZjbnRsLmg+CiNp bmNsdWRlIDxzaWduYWwuaD4KI2luY2x1ZGUgPHN0ZGFyZy5oPgojaW5jbHVkZSA8c3RkYm9vbC5o PgojaW5jbHVkZSA8c3RkaW50Lmg+CiNpbmNsdWRlIDxzdGRpby5oPgojaW5jbHVkZSA8c3RkbGli Lmg+CiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPHN5cy9wcmN0bC5oPgojaW5jbHVkZSA8 c3lzL3N0YXQuaD4KI2luY2x1ZGUgPHN5cy9zeXNjYWxsLmg+CiNpbmNsdWRlIDxzeXMvdHlwZXMu aD4KI2luY2x1ZGUgPHN5cy93YWl0Lmg+CiNpbmNsdWRlIDx0aW1lLmg+CiNpbmNsdWRlIDx1bmlz dGQuaD4KCnN0YXRpYyB2b2lkIHNsZWVwX21zKHVpbnQ2NF90IG1zKQp7Cgl1c2xlZXAobXMgKiAx MDAwKTsKfQoKc3RhdGljIHVpbnQ2NF90IGN1cnJlbnRfdGltZV9tcyh2b2lkKQp7CglzdHJ1Y3Qg dGltZXNwZWMgdHM7CglpZiAoY2xvY2tfZ2V0dGltZShDTE9DS19NT05PVE9OSUMsICZ0cykpCgll eGl0KDEpOwoJcmV0dXJuICh1aW50NjRfdCl0cy50dl9zZWMgKiAxMDAwICsgKHVpbnQ2NF90KXRz LnR2X25zZWMgLyAxMDAwMDAwOwp9CgpzdGF0aWMgYm9vbCB3cml0ZV9maWxlKGNvbnN0IGNoYXIq IGZpbGUsIGNvbnN0IGNoYXIqIHdoYXQsIC4uLikKewoJY2hhciBidWZbMTAyNF07Cgl2YV9saXN0 IGFyZ3M7Cgl2YV9zdGFydChhcmdzLCB3aGF0KTsKCXZzbnByaW50ZihidWYsIHNpemVvZihidWYp LCB3aGF0LCBhcmdzKTsKCXZhX2VuZChhcmdzKTsKCWJ1ZltzaXplb2YoYnVmKSAtIDFdID0gMDsK CWludCBsZW4gPSBzdHJsZW4oYnVmKTsKCWludCBmZCA9IG9wZW4oZmlsZSwgT19XUk9OTFkgfCBP X0NMT0VYRUMpOwoJaWYgKGZkID09IC0xKQoJCXJldHVybiBmYWxzZTsKCWlmICh3cml0ZShmZCwg YnVmLCBsZW4pICE9IGxlbikgewoJCWludCBlcnIgPSBlcnJubzsKCQljbG9zZShmZCk7CgkJZXJy bm8gPSBlcnI7CgkJcmV0dXJuIGZhbHNlOwoJfQoJY2xvc2UoZmQpOwoJcmV0dXJuIHRydWU7Cn0K CnN0YXRpYyBpbnQgaW5qZWN0X2ZhdWx0KGludCBudGgpCnsKCWludCBmZDsKCWZkID0gb3Blbigi L3Byb2MvdGhyZWFkLXNlbGYvZmFpbC1udGgiLCBPX1JEV1IpOwoJaWYgKGZkID09IC0xKQoJZXhp dCgxKTsKCWNoYXIgYnVmWzE2XTsKCXNwcmludGYoYnVmLCAiJWQiLCBudGgpOwoJaWYgKHdyaXRl KGZkLCBidWYsIHN0cmxlbihidWYpKSAhPSAoc3NpemVfdClzdHJsZW4oYnVmKSkKCWV4aXQoMSk7 CglyZXR1cm4gZmQ7Cn0KCnN0YXRpYyB2b2lkIGtpbGxfYW5kX3dhaXQoaW50IHBpZCwgaW50KiBz dGF0dXMpCnsKCWtpbGwoLXBpZCwgU0lHS0lMTCk7CglraWxsKHBpZCwgU0lHS0lMTCk7Cglmb3Ig KGludCBpID0gMDsgaSA8IDEwMDsgaSsrKSB7CgkJaWYgKHdhaXRwaWQoLTEsIHN0YXR1cywgV05P SEFORyB8IF9fV0FMTCkgPT0gcGlkKQoJCQlyZXR1cm47CgkJdXNsZWVwKDEwMDApOwoJfQoJRElS KiBkaXIgPSBvcGVuZGlyKCIvc3lzL2ZzL2Z1c2UvY29ubmVjdGlvbnMiKTsKCWlmIChkaXIpIHsK CQlmb3IgKDs7KSB7CgkJCXN0cnVjdCBkaXJlbnQqIGVudCA9IHJlYWRkaXIoZGlyKTsKCQkJaWYg KCFlbnQpCgkJCQlicmVhazsKCQkJaWYgKHN0cmNtcChlbnQtPmRfbmFtZSwgIi4iKSA9PSAwIHx8 IHN0cmNtcChlbnQtPmRfbmFtZSwgIi4uIikgPT0gMCkKCQkJCWNvbnRpbnVlOwoJCQljaGFyIGFi b3J0WzMwMF07CgkJCXNucHJpbnRmKGFib3J0LCBzaXplb2YoYWJvcnQpLCAiL3N5cy9mcy9mdXNl L2Nvbm5lY3Rpb25zLyVzL2Fib3J0IiwgZW50LT5kX25hbWUpOwoJCQlpbnQgZmQgPSBvcGVuKGFi b3J0LCBPX1dST05MWSk7CgkJCWlmIChmZCA9PSAtMSkgewoJCQkJY29udGludWU7CgkJCX0KCQkJ aWYgKHdyaXRlKGZkLCBhYm9ydCwgMSkgPCAwKSB7CgkJCX0KCQkJY2xvc2UoZmQpOwoJCX0KCQlj bG9zZWRpcihkaXIpOwoJfSBlbHNlIHsKCX0KCXdoaWxlICh3YWl0cGlkKC0xLCBzdGF0dXMsIF9f V0FMTCkgIT0gcGlkKSB7Cgl9Cn0KCnN0YXRpYyB2b2lkIHNldHVwX3Rlc3QoKQp7CglwcmN0bChQ Ul9TRVRfUERFQVRIU0lHLCBTSUdLSUxMLCAwLCAwLCAwKTsKCXNldHBncnAoKTsKCXdyaXRlX2Zp bGUoIi9wcm9jL3NlbGYvb29tX3Njb3JlX2FkaiIsICIxMDAwIik7Cn0KCnN0YXRpYyB2b2lkIHNl dHVwX2ZhdWx0KCkKewoJc3RhdGljIHN0cnVjdCB7CgkJY29uc3QgY2hhciogZmlsZTsKCQljb25z dCBjaGFyKiB2YWw7CgkJYm9vbCBmYXRhbDsKCX0gZmlsZXNbXSA9IHsKCSAgICB7Ii9zeXMva2Vy bmVsL2RlYnVnL2ZhaWxzbGFiL2lnbm9yZS1nZnAtd2FpdCIsICJOIiwgdHJ1ZX0sCgkgICAgeyIv c3lzL2tlcm5lbC9kZWJ1Zy9mYWlsX2Z1dGV4L2lnbm9yZS1wcml2YXRlIiwgIk4iLCBmYWxzZX0s CgkgICAgeyIvc3lzL2tlcm5lbC9kZWJ1Zy9mYWlsX3BhZ2VfYWxsb2MvaWdub3JlLWdmcC1oaWdo bWVtIiwgIk4iLCBmYWxzZX0sCgkgICAgeyIvc3lzL2tlcm5lbC9kZWJ1Zy9mYWlsX3BhZ2VfYWxs b2MvaWdub3JlLWdmcC13YWl0IiwgIk4iLCBmYWxzZX0sCgkgICAgeyIvc3lzL2tlcm5lbC9kZWJ1 Zy9mYWlsX3BhZ2VfYWxsb2MvbWluLW9yZGVyIiwgIjAiLCBmYWxzZX0sCgl9OwoJdW5zaWduZWQg aTsKCWZvciAoaSA9IDA7IGkgPCBzaXplb2YoZmlsZXMpIC8gc2l6ZW9mKGZpbGVzWzBdKTsgaSsr KSB7CgkJaWYgKCF3cml0ZV9maWxlKGZpbGVzW2ldLmZpbGUsIGZpbGVzW2ldLnZhbCkpIHsKCQkJ aWYgKGZpbGVzW2ldLmZhdGFsKQoJZXhpdCgxKTsKCQl9Cgl9Cn0KCnN0YXRpYyB2b2lkIGV4ZWN1 dGVfb25lKHZvaWQpOwoKI2RlZmluZSBXQUlUX0ZMQUdTIF9fV0FMTAoKc3RhdGljIHZvaWQgbG9v cCh2b2lkKQp7CglpbnQgaXRlciA9IDA7Cglmb3IgKDs7IGl0ZXIrKykgewoJCWludCBwaWQgPSBm b3JrKCk7CgkJaWYgKHBpZCA8IDApCglleGl0KDEpOwoJCWlmIChwaWQgPT0gMCkgewoJCQlzZXR1 cF90ZXN0KCk7CgkJCWV4ZWN1dGVfb25lKCk7CgkJCWV4aXQoMCk7CgkJfQoJCWludCBzdGF0dXMg PSAwOwoJCXVpbnQ2NF90IHN0YXJ0ID0gY3VycmVudF90aW1lX21zKCk7CgkJZm9yICg7OykgewoJ CQlpZiAod2FpdHBpZCgtMSwgJnN0YXR1cywgV05PSEFORyB8IFdBSVRfRkxBR1MpID09IHBpZCkK CQkJCWJyZWFrOwoJCQlzbGVlcF9tcygxKTsKCQkJaWYgKGN1cnJlbnRfdGltZV9tcygpIC0gc3Rh cnQgPCA1MDAwKQoJCQkJY29udGludWU7CgkJCWtpbGxfYW5kX3dhaXQocGlkLCAmc3RhdHVzKTsK CQkJYnJlYWs7CgkJfQoJfQp9Cgp2b2lkIGV4ZWN1dGVfb25lKHZvaWQpCnsKbWVtY3B5KCh2b2lk KikweDIwMDAwMDQwLCAiL2Rldi9zcjBcMDAwIiwgOSk7CglpbmplY3RfZmF1bHQoNyk7CglzeXNj YWxsKF9fTlJfb3BlbmF0LCAweGZmZmZmZmZmZmZmZmZmOWN1bCwgMHgyMDAwMDA0MHVsLCAweDQ4 ODAwdWwsIDB1bCk7Cgp9CmludCBtYWluKHZvaWQpCnsKCQlzeXNjYWxsKF9fTlJfbW1hcCwgMHgx ZmZmZjAwMHVsLCAweDEwMDB1bCwgMHVsLCAweDMydWwsIC0xLCAwdWwpOwoJc3lzY2FsbChfX05S X21tYXAsIDB4MjAwMDAwMDB1bCwgMHgxMDAwMDAwdWwsIDd1bCwgMHgzMnVsLCAtMSwgMHVsKTsK CXN5c2NhbGwoX19OUl9tbWFwLCAweDIxMDAwMDAwdWwsIDB4MTAwMHVsLCAwdWwsIDB4MzJ1bCwg LTEsIDB1bCk7CglzZXR1cF9mYXVsdCgpOwoJCQlsb29wKCk7CglyZXR1cm4gMDsKfQo= --000000000000c90e6005f47bd5b6--