Received: by 2002:ab2:687:0:b0:1f4:6588:b3a7 with SMTP id s7csp253371lqe;
        Wed, 10 Apr 2024 00:31:46 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXRq/Gxjbt7s/CrujGNldM0NkBXfmaRBw37XCVkBEWgQK/0VKPWhkMD21RSwOFMkzgTPGzXcp03VIW5iWhguRBr0EBzPtL1AoGKTwbwvw==
X-Google-Smtp-Source: AGHT+IHsXUs/DxIOgOHK8xY6YarCPrqExv8v7B5HJd0iXQpv/REUsXi1nLIvstAH+kZMYbMt0GL9
X-Received: by 2002:a05:6a00:2d0f:b0:6ed:4a97:5dec with SMTP id fa15-20020a056a002d0f00b006ed4a975decmr2073673pfb.20.1712734305787;
        Wed, 10 Apr 2024 00:31:45 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1712734305; cv=pass;
        d=google.com; s=arc-20160816;
        b=f/PZJmyNzuHIK83U7barVjqUO4AhFkZ9llg8kcVtdtT0a2Khd7RvfRBYEBxBdhShcy
         Orq+2bUVzqQS6rhFIx47p22BPmas2TarAOgHQVhWDw/Lr9x55Xwb9DcFJ1m19NlTPetl
         h+h1CeY2yU/7OIgqrpg9UOlcXXX2RV8j5bqyisSBN9LaPDT8u1Fl//7YJZkMMYm50yUh
         kGktah+KCPWzCrgw8XafT+26fHAR6+GFKv7BcrqFLla9MUjrh/nv+Sp0hoxf6jCCF12b
         VeFF11QlZQ8kfHDirfYfBbRbHjciNPONu0mShU6hdwLxb8BZhOLFtgb/lHFGScaoxUbx
         PI7Q==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:date
         :subject:cc:to:from:message-id:dkim-signature;
        bh=ywal0kjEywMRpEv8bhSwZ1X9+BZ/7cgHpt4FFL9X9lo=;
        fh=TnKaK99s2LtdeZyOl5tiYqcI1Pzi2HpY04yjlaBS86Q=;
        b=m22CrbCjssMyJlhN5NLgARm6cluMT0BCSEDvxMQL8QLpO/S1mLC1ZgncpbafYn43Fu
         lX34f8z9kEi80BeFyA+4qhy4VVW+6KNizJvq+TcbAPB60/hjWZpFNGpgMy1z2zEFIItg
         5rD2c24QkqhT3NvbFX1eT6jdBXv+kzWXYKpRcEzMbsYS4ScEw3vLoIXUyHEmVr+uLubG
         y9FSbqwRGjNG657/wnTqYHO4V8FYUu+VwCKb+cvRJWeH2DBRn0ynrkL9TqfHPNaBD278
         ZK8zf5T3hXkJR0KHOdk9hsn6Elhph8LQ6HO5Urd9FZtErlJXSiYjjLUyn2rwmpAiEzED
         FPGA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=Ic42icFt;
       arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com);
       spf=pass (google.com: domain of linux-kernel+bounces-138071-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-138071-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Return-Path: <linux-kernel+bounces-138071-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id r23-20020aa78b97000000b006ecfb3b54e7si10021238pfd.229.2024.04.10.00.31.45
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 10 Apr 2024 00:31:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-138071-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=Ic42icFt;
       arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com);
       spf=pass (google.com: domain of linux-kernel+bounces-138071-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-138071-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 82AABB23545
	for <linux.lists.archive@gmail.com>; Wed, 10 Apr 2024 07:24:18 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 7C30A13CAAD;
	Wed, 10 Apr 2024 07:24:10 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="Ic42icFt"
Received: from out162-62-57-210.mail.qq.com (out162-62-57-210.mail.qq.com [162.62.57.210])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E8D413CFA5;
	Wed, 10 Apr 2024 07:24:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=162.62.57.210
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1712733849; cv=none; b=VPkB34bmjg0aEfgvx1bPuEutkWApbrG39vHYpMFnOsET/TUwN+H63rlHC7J14AIgs+xGzeWqdzRfzNO1b4fU4WBYI8qyCBuAgzyJKBXEp+W83+JLlfZQ0E+tIoItZIZr8TAIjbz7roOICqoPXwXmon1PBnUKuX2glh2WYhQkYkY=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1712733849; c=relaxed/simple;
	bh=plKIsQqad7OUKBDvXgrgFhGbOn+DnejZorpcSCoN6rw=;
	h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References:
	 MIME-Version; b=Gb+Fw1wGXogQEvIjEFRyuY/DSib++LJ5NMImfuS52JG6yIgFhLQniP39p37tsikRyyl3tMFB6B3JPN0K4PfCwadIJmWpATba/FxAsXFH5jq3qz7kWSl4sYNu23k1qc/lwtW9ooVhJofXHGJR1qSWWGYQxGY+mt8VMwSfunopoSI=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=Ic42icFt; arc=none smtp.client-ip=162.62.57.210
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512;
	t=1712733842; bh=ywal0kjEywMRpEv8bhSwZ1X9+BZ/7cgHpt4FFL9X9lo=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=Ic42icFtf62/8/91p3JiPpSy4ZPTXVOe6HfWYJMIZRDbnRj74/6FnRrDwqjCVNlj/
	 j6PaKJdI5ektrWltMSUyvaBy+xkx05RfZEFCE16GqcjjZ5TkgdgQ7Gnqz28OXSo0j4
	 dltNBoAAfNfpJhrJoU61/Q/cF0N0ZI6I5BVF4Q9I=
Received: from pek-lxu-l1.wrs.com ([111.198.228.153])
	by newxmesmtplogicsvrszc19-0.qq.com (NewEsmtp) with SMTP
	id 600B4EB7; Wed, 10 Apr 2024 15:24:00 +0800
X-QQ-mid: xmsmtpt1712733840tvm5kf4hx
Message-ID: <tencent_616C382D056E049418E83AEE9ACCBC79060A@qq.com>
X-QQ-XMAILINFO: OKkKo7I1HxIebw1DV93UFccpJjp+ZYS3u5weSNv9lcVPAQfvNGW/2pa9u+c2+K
	 R9Dn+8gPk/+hP1tMlUUKAiSPBbfFwKwSJNuR+w1Yu+rKbB3kMCPJxMq3cYVBRY+YrDDwC39I4bJr
	 4MTNHkaRfVzBfo3WMjUtH2dn7oxfrFlMC9xkgVFz5/1k1akRBFIvb/8jh3wtThKJw2yECfkk5Q0G
	 9e4aAB+7rKgohPBUgYdgLQsnoLEx3qH4ndh+KzWKDKm3wufFLnHFVMzEW4g5Q3neGJifEbGrc+fS
	 ZtwPD0H4nx9b+dRfDzmzX8KPeSzGq3zywBHPnlIR73fnA2bD1bMvo46Mnd3LtlGN0F6fV8AZaVjU
	 /SwvrN97w9Zzt5LPhdNHoHVfF1HCEOUaKVWnpKOLNo3ElTGO58dwpIsjq7XvhRzI3/gX3qzhSpoM
	 tkGCTfiA+2dQhIw7BJDiDJxCH9/6rvXPyJnxd0SuprTulIv+atbZR0YxoDH+RdMNDY6lj4F6sB9k
	 kEj308Nb/Migro3KF2TgtKernyHWE7YNWMOwc5SZdtM8Q9CBzmlFLXcKtB80Jw9G8PoOxiwWTX+J
	 0yFEObHNN7RrruRAb0hgr0iccS/5csM5+OcN69gVxCsJfVmO8gZZ+2iLglsJc5o0Q2kFJvfLnRVY
	 D1X+aIfetgwovww66/vUrYt2Sk0SOL55Sl5M32KIWYWz8wqAqfKfRd6HIZj4cH9sYFGyBAqgWgDH
	 IoTjwRSYuiY9WjhSfKOuvzhwcKgXkA4sCnj4fOSAlR0Kn4I6+MaMtU048mZVb+tnRC9IvKreWayS
	 NLH4wJguAMBwwWcNixyUUVaPrJPV2g0KIRO2UftAfe6fhQuc1CT5JRHaxiaZdI01KlkCS/7ywxxh
	 +VdSIflU1Gqizd4wvdYz9KPAu8bv2gEyP8UO8aEw6RWcaDL2qM7mh89OACPGLaZ/hjmC+aOvTL
X-QQ-XMRINFO: NI4Ajvh11aEj8Xl/2s1/T8w=
From: Edward Adam Davis <eadavis@qq.com>
To: syzbot+01ade747b16e9c8030e0@syzkaller.appspotmail.com
Cc: linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: [PATCH] hfsplus: fix uninit-value in hfsplus_listxattr
Date: Wed, 10 Apr 2024 15:24:01 +0800
X-OQ-MSGID: <20240410072400.750441-2-eadavis@qq.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <000000000000fefd040615a5bef6@google.com>
References: <000000000000fefd040615a5bef6@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

[syzbot reported]
BUG: KMSAN: uninit-value in strncmp+0x11e/0x180 lib/string.c:291
 strncmp+0x11e/0x180 lib/string.c:291
 hfsplus_listxattr+0x97d/0x1a60
 vfs_listxattr fs/xattr.c:493 [inline]
 listxattr+0x1f3/0x6b0 fs/xattr.c:840
 path_listxattr fs/xattr.c:864 [inline]
 __do_sys_listxattr fs/xattr.c:876 [inline]
 __se_sys_listxattr fs/xattr.c:873 [inline]
 __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x72/0x7a

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:3804 [inline]
 slab_alloc_node mm/slub.c:3845 [inline]
 kmalloc_trace+0x578/0xba0 mm/slub.c:3992
 kmalloc include/linux/slab.h:628 [inline]
 hfsplus_listxattr+0x4cc/0x1a60 fs/hfsplus/xattr.c:701
 vfs_listxattr fs/xattr.c:493 [inline]
 listxattr+0x1f3/0x6b0 fs/xattr.c:840
 path_listxattr fs/xattr.c:864 [inline]
 __do_sys_listxattr fs/xattr.c:876 [inline]
 __se_sys_listxattr fs/xattr.c:873 [inline]
 __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x72/0x7a
[Fix]
When allocating memory to strbuf, initialize memory to 0.

Reported-and-tested-by: syzbot+01ade747b16e9c8030e0@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
---
 fs/hfsplus/xattr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/hfsplus/xattr.c b/fs/hfsplus/xattr.c
index 9c9ff6b8c6f7..858029b1c173 100644
--- a/fs/hfsplus/xattr.c
+++ b/fs/hfsplus/xattr.c
@@ -698,7 +698,7 @@ ssize_t hfsplus_listxattr(struct dentry *dentry, char *buffer, size_t size)
 		return err;
 	}
 
-	strbuf = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN +
+	strbuf = kzalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN +
 			XATTR_MAC_OSX_PREFIX_LEN + 1, GFP_KERNEL);
 	if (!strbuf) {
 		res = -ENOMEM;
-- 
2.43.0