Unverified Commit 5f33da04 authored Oct 07, 2025 by Nirbhay Sharma Committed by Konstantin Komarov Nov 10, 2025

fs/ntfs3: fix KMSAN uninit-value in ni_create_attr_list

The call to kmalloc() to allocate the attribute list buffer is given a
size of al_aligned(rs). This size can be larger than the data
subsequently copied into the buffer, leaving trailing bytes uninitialized.

This can trigger a KMSAN "uninit-value" warning if that memory is
later accessed.

Fix this by using kzalloc() instead, which ensures the entire
allocated buffer is zero-initialized, preventing the warning.

Reported-by: <syzbot+83c9dd5c0dcf6184fdbf@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=83c9dd5c0dcf6184fdbf

Signed-off-by: Nirbhay Sharma <nirbhay.lkd@gmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>

parent be99c62a

fs/ntfs3/frecord.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -767,7 +767,7 @@ int ni_create_attr_list(struct ntfs_inode *ni)
		* Skip estimating exact memory requirement.
		* Looks like one record_size is always enough.
		*/
		le = kmalloc(al_aligned(rs), GFP_NOFS);
		le = kzalloc(al_aligned(rs), GFP_NOFS);
		if (!le)
		return -ENOMEM;