From: Andrew Morton akpm@linux-foundation.org
commit 3e35102666f873a135d31a726ac1ec8af4905206 upstream.
file_ra_state_init() assumes that the file_ra_state has been zeroed out. Fixes a KMSAN used-unintialized issue (at least).
Fixes: cf948cbc35e80 ("cramfs: read_mapping_page() is synchronous") Reported-by: syzbot syzbot+8ce7f8308d91e6b8bbe2@syzkaller.appspotmail.com Link: https://lkml.kernel.org/r/0000000000008f74e905f56df987@google.com Cc: Matthew Wilcox willy@infradead.org Cc: Nicolas Pitre nico@fluxnic.net Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/cramfs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/cramfs/inode.c +++ b/fs/cramfs/inode.c @@ -183,7 +183,7 @@ static void *cramfs_blkdev_read(struct s unsigned int len) { struct address_space *mapping = sb->s_bdev->bd_inode->i_mapping; - struct file_ra_state ra; + struct file_ra_state ra = {}; struct page *pages[BLKS_PER_BUF]; unsigned i, blocknr, buffer; unsigned long devsize;