Syzbot reported a KMSAN uninit-value issue in hfsplus_strcasecmp() during filesystem mount operations. The root cause is that hfsplus_find_cat() declares a local hfsplus_cat_entry variable without initialization before passing it to hfs_brec_read(). If hfs_brec_read() doesn't completely fill the entire structure (e.g., when the on-disk data is shorter than sizeof(hfsplus_cat_entry)), the padding bytes in tmp.thread.nodeName remain uninitialized. These uninitialized bytes are then copied by hfsplus_cat_build_key_uni() into the search key, and subsequently accessed by hfsplus_strcasecmp() during catalog lookups, triggering the KMSAN warning. Fix this by zeroing the tmp variable before use to ensure all padding bytes are initialized. Reported-by: syzbot+d80abb5b890d39261e72@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d80abb5b890d39261e72 Tested-by: syzbot+d80abb5b890d39261e72@syzkaller.appspotmail.com Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Deepanshu Kartikey --- fs/hfsplus/catalog.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c index 02c1eee4a4b8..9c75d1736427 100644 --- a/fs/hfsplus/catalog.c +++ b/fs/hfsplus/catalog.c @@ -199,6 +199,7 @@ int hfsplus_find_cat(struct super_block *sb, u32 cnid, u16 type; hfsplus_cat_build_key_with_cnid(sb, fd->search_key, cnid); + memset(&tmp, 0, sizeof(tmp)); err = hfs_brec_read(fd, &tmp, sizeof(hfsplus_cat_entry)); if (err) return err; -- 2.43.0