syzbot

 sign-in | mailing list | source | docs
🐞 Open [1033] Subsystems 🐞 Fixed [5263] 🐞 Invalid [12580] Missing Backports [85] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in hfsplus_rename_cat

Status: upstream: reported C repro on 2023/10/11 11:48
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+93f4402297a457fc6895@syzkaller.appspotmail.com
First crash: 248d, last: 5h54m
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: BUG: unable to handle kernel NULL pointer dereference in hfsplus_rename_cat (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [hfs?] KMSAN: uninit-value in hfsplus_rename_cat 0 (1) 2023/10/11 11:48
Last patch testing requests (3)
Created Duration User Patch Repo Result
2024/02/13 14:10 16m retest repro upstream report log
2024/02/13 03:30 19m retest repro upstream OK log
2023/10/24 00:56 21m retest repro upstream report log

Sample crash report:
         and is ignored by this kernel. Remove the mand
         option from the mount to silence this warning.
=======================================================
general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
CPU: 0 PID: 5076 Comm: syz-executor820 Not tainted 6.9.0-rc6-syzkaller-00046-g18daea77cca6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:hfsplus_rename_cat+0x4b3/0x1050 fs/hfsplus/catalog.c:480
Code: 60 42 80 3c 20 00 48 8b 5c 24 20 74 05 e8 d5 42 7b ff 48 8b 94 24 20 01 00 00 48 83 c3 40 48 89 d8 48 c1 e8 03 48 89 44 24 68 <42> 80 3c 20 00 48 89 54 24 08 74 0d 48 89 df e8 a9 42 7b ff 48 8b
RSP: 0018:ffffc90003ce7760 EFLAGS: 00010202
RAX: 0000000000000008 RBX: 0000000000000040 RCX: ffff88807b659e00
RDX: ffff88807b643000 RSI: 0000000000000000 RDI: ffffc90003ce7880
RBP: ffffc90003ce7bd0 R08: ffffffff827c9404 R09: 285d58e219000000
R10: 285d58e219000000 R11: 285d58e2285d58e2 R12: dffffc0000000000
R13: ffffc90003ce784c R14: ffffc90003ce78e0 R15: 1ffff9200079cf00
FS:  00005555660b9380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000066c7e0 CR3: 0000000024722000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hfsplus_unlink+0x308/0x790 fs/hfsplus/dir.c:376
 vfs_unlink+0x365/0x600 fs/namei.c:4335
 do_unlinkat+0x4ae/0x830 fs/namei.c:4399
 __do_sys_unlink fs/namei.c:4447 [inline]
 __se_sys_unlink fs/namei.c:4445 [inline]
 __x64_sys_unlink+0x49/0x60 fs/namei.c:4445
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f673225ac39
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdaf32faf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 00007f67322a304b RCX: 00007f673225ac39
RDX: 00007f673225ac39 RSI: 00007f6732259fb7 RDI: 00000000200000c0
RBP: 00007f67322a3055 R08: 0000000020000000 R09: 0000000020000000
R10: 0000000000000073 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffdaf32fcd8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfsplus_rename_cat+0x4b3/0x1050 fs/hfsplus/catalog.c:480
Code: 60 42 80 3c 20 00 48 8b 5c 24 20 74 05 e8 d5 42 7b ff 48 8b 94 24 20 01 00 00 48 83 c3 40 48 89 d8 48 c1 e8 03 48 89 44 24 68 <42> 80 3c 20 00 48 89 54 24 08 74 0d 48 89 df e8 a9 42 7b ff 48 8b
RSP: 0018:ffffc90003ce7760 EFLAGS: 00010202
RAX: 0000000000000008 RBX: 0000000000000040 RCX: ffff88807b659e00
RDX: ffff88807b643000 RSI: 0000000000000000 RDI: ffffc90003ce7880
RBP: ffffc90003ce7bd0 R08: ffffffff827c9404 R09: 285d58e219000000
R10: 285d58e219000000 R11: 285d58e2285d58e2 R12: dffffc0000000000
R13: ffffc90003ce784c R14: ffffc90003ce78e0 R15: 1ffff9200079cf00
FS:  00005555660b9380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000066c7e0 CR3: 0000000024722000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
   5:	48 8b 5c 24 20       	mov    0x20(%rsp),%rbx
   a:	74 05                	je     0x11
   c:	e8 d5 42 7b ff       	call   0xff7b42e6
  11:	48 8b 94 24 20 01 00 	mov    0x120(%rsp),%rdx
  18:	00
  19:	48 83 c3 40          	add    $0x40,%rbx
  1d:	48 89 d8             	mov    %rbx,%rax
  20:	48 c1 e8 03          	shr    $0x3,%rax
  24:	48 89 44 24 68       	mov    %rax,0x68(%rsp)
* 29:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2e:	48 89 54 24 08       	mov    %rdx,0x8(%rsp)
  33:	74 0d                	je     0x42
  35:	48 89 df             	mov    %rbx,%rdi
  38:	e8 a9 42 7b ff       	call   0xff7b42e6
  3d:	48                   	rex.W
  3e:	8b                   	.byte 0x8b

Crashes (162):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/01 20:57 upstream 18daea77cca6 3ba885bc .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root general protection fault in hfsplus_rename_cat
2024/04/14 17:56 upstream fe46a7dd189e c8349e48 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/01/19 06:06 upstream 296455ade1fd 239abf84 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-badwrites-root general protection fault in hfsplus_rename_cat
2023/10/07 12:34 upstream 82714078aee4 5e837c76 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/05/06 05:11 upstream b9158815de52 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/06 02:56 upstream b9158815de52 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/04 07:53 upstream 3d25a941ea50 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/03 14:05 upstream f03359bca01b 375d4445 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/03 02:32 upstream 49a73b1652c5 ddfc15a1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/02 07:49 upstream 0106679839f7 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/02 06:18 upstream 0106679839f7 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/30 13:34 upstream 98369dccd2f8 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/30 06:00 upstream b947cc5bf6d7 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/30 02:09 upstream b947cc5bf6d7 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/30 00:18 upstream b947cc5bf6d7 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/29 15:45 upstream e67572cd2204 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/29 13:54 upstream e67572cd2204 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/29 11:59 upstream e67572cd2204 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/28 18:52 upstream 2c8159388952 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/28 17:09 upstream 2c8159388952 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/28 01:23 upstream 5d12ed4bea43 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/27 23:49 upstream 5d12ed4bea43 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/27 12:40 upstream 5eb4573ea63d 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/27 12:40 upstream 5eb4573ea63d 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/27 08:14 upstream 5eb4573ea63d 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/27 07:10 upstream 5eb4573ea63d 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/26 08:38 upstream e33c4963bf53 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/26 04:03 upstream e33c4963bf53 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/25 03:11 upstream e88c4cfcb7b8 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/23 20:57 upstream 71b1543c83d6 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/23 08:14 upstream 4d2008430ce8 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/22 15:19 upstream ed30a4a51bb1 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/21 23:38 upstream 3b68086599f8 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/21 15:32 upstream 977b1ef51866 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/05 07:06 upstream 7367539ad4b0 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/05 05:43 upstream 7367539ad4b0 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/05 01:21 upstream 7367539ad4b0 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/04 09:50 upstream 3d25a941ea50 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/01 15:04 upstream 18daea77cca6 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/01 13:01 upstream 18daea77cca6 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/01 05:02 upstream 50dffbf77180 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/30 11:15 upstream 98369dccd2f8 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/28 19:58 upstream 2c8159388952 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/25 17:34 upstream e88c4cfcb7b8 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/24 03:20 upstream 71b1543c83d6 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/23 19:49 upstream 71b1543c83d6 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/23 13:42 upstream 4d2008430ce8 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2023/12/12 12:03 upstream 26aff849438c 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/27 01:53 upstream 50768a425b46 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2024/05/01 07:42 upstream 50dffbf77180 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in hfsplus_rename_cat
2024/04/21 17:24 upstream 977b1ef51866 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in hfsplus_rename_cat
2024/04/21 13:32 upstream 977b1ef51866 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hfsplus_rename_cat
* Struck through repros no longer work on HEAD.