Re: [syzbot] [ocfs2?] KMSAN: uninit-value in _find_next_bit

From: syzbot
Date: Tue Mar 25 2025 - 21:59:30 EST

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

us 0000:00: resource 4 [io 0x0000-0x0cf7 window]
[ 6.611729][ T1] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
[ 6.614346][ T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[ 6.616924][ T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfefff window]
[ 6.624654][ T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 6.628537][ T1] PCI: CLS 0 bytes, default 64
[ 6.630437][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[ 6.632704][ T1] software IO TLB: mapped [mem 0x00000000bbffd000-0x00000000bfffd000] (64MB)
[ 6.635938][ T1] ACPI: bus type thunderbolt registered
[ 6.765209][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer
[ 6.850100][ T1] kvm_amd: CPU 1 isn't AMD or Hygon
[ 6.851373][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1fb6eddb419, max_idle_ns: 440795238405 ns
[ 6.857108][ T1] clocksource: Switched to clocksource tsc
[ 6.883495][ T65] kworker/u8:4 (65) used greatest stack depth: 11832 bytes left
[ 6.889522][ T66] kworker/u8:3 (66) used greatest stack depth: 10984 bytes left
[ 27.208530][ T1] Initialise system trusted keyrings
[ 27.218330][ T1] workingset: timestamp_bits=40 max_order=21 bucket_order=0
[ 27.231513][ T1] DLM installed
[ 27.247670][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 27.271132][ T1] NFS: Registering the id_resolver key type
[ 27.277462][ T1] Key type id_resolver registered
[ 27.282686][ T1] Key type id_legacy registered
[ 27.288363][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 27.296225][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 27.333103][ T1] Key type cifs.spnego registered
[ 27.339373][ T1] Key type cifs.idmap registered
[ 27.352720][ T1] ntfs3: Enabled Linux POSIX ACLs support
[ 27.358946][ T1] ntfs3: Read-only LZX/Xpress compression included
[ 27.366297][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[ 27.372753][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[ 27.379120][ T1] QNX4 filesystem 0.2.3 registered.
[ 27.384778][ T1] qnx6: QNX6 filesystem 1.0.0 registered.
[ 27.392301][ T1] fuse: init (API version 7.42)
[ 27.403332][ T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[ 27.412516][ T1] orangefs_init: module version upstream loaded
[ 27.420673][ T1] JFS: nTxBlock = 8192, nTxLock = 65536
[ 27.468138][ T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled
[ 27.496532][ T1] 9p: Installing v9fs 9p2000 file system support
[ 27.504768][ T1] NILFS version 2 loaded
[ 27.509106][ T1] befs: version: 0.9.3
[ 27.514617][ T1] ocfs2: Registered cluster interface o2cb
[ 27.521829][ T1] ocfs2: Registered cluster interface user
[ 27.531815][ T1] OCFS2 User DLM kernel interface loaded
[ 27.557799][ T1] gfs2: GFS2 installed
[ 27.602711][ T1] ceph: loaded (mds proto 32)
[ 31.788483][ T1] NET: Registered PF_ALG protocol family
[ 31.794660][ T1] xor: automatically using best checksumming function avx
[ 31.802658][ T1] async_tx: api initialized (async)
[ 31.808258][ T1] Key type asymmetric registered
[ 31.813372][ T1] Asymmetric key parser 'x509' registered
[ 31.819440][ T1] Asymmetric key parser 'pkcs8' registered
[ 31.825504][ T1] Key type pkcs7_test registered
[ 31.831461][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 238)
[ 31.842315][ T1] io scheduler mq-deadline registered
[ 31.848032][ T1] io scheduler kyber registered
[ 31.853733][ T1] io scheduler bfq registered
[ 31.872561][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 31.882251][ T127] kworker/u8:5 (127) used greatest stack depth: 10624 bytes left
[ 31.896988][ T1] ACPI: button: Power Button [PWRF]
[ 31.904914][ T1] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 31.915245][ T1] ACPI: button: Sleep Button [SLPF]
[ 31.950129][ T1] ioatdma: Intel(R) QuickData Technology Driver 5.00
[ 32.035057][ T1] ACPI: \_SB_.LNKC: Enabled at IRQ 11
[ 32.040824][ T1] virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
[ 32.114546][ T1] ACPI: \_SB_.LNKD: Enabled at IRQ 10
[ 32.120352][ T1] virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
[ 32.195707][ T1] ACPI: \_SB_.LNKB: Enabled at IRQ 10
[ 32.201394][ T1] virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
[ 32.258757][ T1] virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
[ 33.408986][ T1] N_HDLC line discipline registered with maxframe=4096
[ 33.416297][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 33.429926][ T1] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 33.462358][ T1] 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 33.491731][ T1] 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[ 33.524186][ T1] 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[ 33.577101][ T1] Non-volatile memory driver v1.3
[ 33.587337][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 33.594496][ T1] #PF: supervisor read access in kernel mode
[ 33.594496][ T1] #PF: error_code(0x0000) - not-present page
[ 33.594496][ T1] PGD 0 P4D 0
[ 33.594496][ T1] Oops: Oops: 0000 [#1] SMP PTI
[ 33.594496][ T1] CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-syzkaller-01979-g61af143fbea4-dirty #0 PREEMPT(undef)
[ 33.624396][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 33.634086][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 33.644292][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 b4 b2 ad fb 8b 18 44 8b 3a 41
[ 33.664287][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 33.664287][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 33.674041][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 33.684352][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 33.694105][ T1] R10: ffff8880bba43020 R11: ffffffff86cfbc29 R12: 0000000000000000
[ 33.694105][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 33.704327][ T1] FS: 0000000000000000(0000) GS:ffff8881ab2b0000(0000) knlGS:0000000000000000
[ 33.714083][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.724299][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 33.734034][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.734034][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.744273][ T1] Call Trace:
[ 33.754028][ T1] <TASK>
[ 33.754028][ T1] ? show_trace_log_lvl+0x268/0x3d0
[ 33.764298][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 33.764298][ T1] ? __die_body+0xce/0x1a0
[ 33.774026][ T1] ? __die+0x20f/0x270
[ 33.774026][ T1] ? page_fault_oops+0xe58/0xfb0
[ 33.774026][ T1] ? exc_page_fault+0x56c/0x700
[ 33.784287][ T1] ? asm_exc_page_fault+0x2b/0x30
[ 33.794040][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 33.794040][ T1] ? msix_capability_init+0x95c/0x18c0
[ 33.804364][ T1] __pci_enable_msix_range+0xad9/0xc40
[ 33.804364][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.814074][ T1] ? kmsan_internal_set_shadow_origin+0x6c/0x100
[ 33.814074][ T1] pci_alloc_irq_vectors_affinity+0x111/0x3a0
[ 33.824317][ T1] vp_find_vqs_msix+0x84d/0x1560
[ 33.834083][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 33.834083][ T1] vp_find_vqs+0x6c/0xa80
[ 33.844490][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.844490][ T1] ? __pfx_vp_find_vqs+0x10/0x10
[ 33.854046][ T1] probe_common+0x3b4/0x970
[ 33.854046][ T1] ? __pfx_random_recv_done+0x10/0x10
[ 33.864284][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.864284][ T1] virtrng_probe+0x2d/0x40
[ 33.874036][ T1] ? __pfx_virtrng_probe+0x10/0x10
[ 33.874036][ T1] virtio_dev_probe+0x1640/0x19a0
[ 33.884351][ T1] ? __pfx_virtio_dev_probe+0x10/0x10
[ 33.884351][ T1] really_probe+0x4dc/0xd90
[ 33.894100][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.894100][ T1] __driver_probe_device+0x2ab/0x5d0
[ 33.904311][ T1] driver_probe_device+0x72/0x890
[ 33.914058][ T1] __driver_attach+0x7ea/0xb50
[ 33.914058][ T1] bus_for_each_dev+0x350/0x540
[ 33.914058][ T1] ? __pfx___driver_attach+0x10/0x10
[ 33.924300][ T1] driver_attach+0x51/0x70
[ 33.934048][ T1] bus_add_driver+0x74c/0xdb0
[ 33.934048][ T1] driver_register+0x3fb/0x660
[ 33.934048][ T1] __register_virtio_driver+0xf1/0x120
[ 33.944314][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.954051][ T1] virtio_rng_driver_init+0x2e/0x40
[ 33.954051][ T1] do_one_initcall+0x228/0xbf0
[ 33.964344][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.964344][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 33.974071][ T1] ? irqentry_enter+0x37/0x60
[ 33.980235][ T1] ? sysvec_apic_timer_interrupt+0x52/0x90
[ 33.984318][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.994074][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.994074][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.004347][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.004347][ T1] ? parameq+0x43a/0x470
[ 34.014040][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.014040][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.024360][ T1] ? parse_args+0xfde/0x10a0
[ 34.024360][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.034052][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.034052][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.044310][ T1] do_initcall_level+0x140/0x350
[ 34.054046][ T1] do_initcalls+0x1a6/0x2f0
[ 34.054046][ T1] ? __pfx_native_smp_prepare_cpus+0x10/0x10
[ 34.054046][ T1] do_basic_setup+0x22/0x30
[ 34.066107][ T1] kernel_init_freeable+0x306/0x4c0
[ 34.074047][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.074047][ T1] kernel_init+0x2f/0x800
[ 34.084307][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.084307][ T1] ret_from_fork+0x6d/0x90
[ 34.094354][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.094354][ T1] ret_from_fork_asm+0x1a/0x30
[ 34.104353][ T1] RIP: 1f0f:0x0
[ 34.104353][ T1] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 34.114061][ T1] RSP: 0000:0000000000000000 EFLAGS: 841f0f2e66 ORIG_RAX: 1f0f2e6600000000
[ 34.124569][ T1] RAX: 0000000000000000 RBX: 1f0f2e6600000000 RCX: 2e66000000000084
[ 34.124569][ T1] RDX: 0000000000841f0f RSI: 000000841f0f2e66 RDI: 00841f0f2e660000
[ 34.134075][ T1] RBP: 00841f0f2e660000 R08: 00841f0f2e660000 R09: 000000841f0f2e66
[ 34.144315][ T1] R10: 0000000000841f0f R11: 2e66000000000084 R12: 000000841f0f2e66
[ 34.154402][ T1] R13: 0000000000841f0f R14: 2e66000000000084 R15: 1f0f2e6600000000
[ 34.164295][ T1] </TASK>
[ 34.164295][ T1] Modules linked in:
[ 34.164295][ T1] CR2: 0000000000000000
[ 34.174038][ T1] ---[ end trace 0000000000000000 ]---
[ 34.174038][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 34.184305][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 b4 b2 ad fb 8b 18 44 8b 3a 41
[ 34.204268][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 34.214047][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 34.214047][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 34.224282][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 34.234034][ T1] R10: ffff8880bba43020 R11: ffffffff86cfbc29 R12: 0000000000000000
[ 34.244291][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 34.254082][ T1] FS: 0000000000000000(0000) GS:ffff8881ab2b0000(0000) knlGS:0000000000000000
[ 34.264357][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.264357][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 34.274080][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.284395][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.294083][ T1] Kernel panic - not syncing: Fatal exception
[ 34.294083][ T1] Kernel Offset: disabled
[ 34.294083][ T1] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/toolchain@v0.0.1-go1.23.6.linux-amd64'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/toolchain@v0.0.1-go1.23.6.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.6'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build647643234=/tmp/go-build -gno-record-gcc-switches'

git status (err=<nil>)
HEAD detached at 22a6c2b175
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=22a6c2b1752ef57d8d612e233d35f6be8c3bf7df -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250318-101307'" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"22a6c2b1752ef57d8d612e233d35f6be8c3bf7df\"
/usr/bin/ld: /tmp/ccvpz9QI.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1584024c580000


Tested on:

commit: 61af143f Merge tag 'Smack-for-6.15' of https://github...
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=c96d28eebe225e12
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1058024c580000