syzbot

 sign-in | mailing list | source | docs
🐞 Open [1496]
Subsystems
🐞 Fixed [6604]
🐞 Invalid [16903]
Missing Backports [207]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in exfat_utf16_to_nls

Status: upstream: reported C repro on 2025/09/24 22:04
Subsystems: exfat
[Documentation on labels]
Reported-by: syzbot+3e9cb93e3c5f90d28e19@syzkaller.appspotmail.com
First crash: 17h19m, last: 8h08m
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [exfat?] general protection fault in exfat_utf16_to_nls 0 (2) 2025/09/25 04:12
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/09/25 04:12 23m ekffu200098@gmail.com patch linux-next error
Cause bisection attempts (1)
Created Duration User Patch Repo Result
2025/09/25 06:20 bisect linux-next running

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 0 UID: 0 PID: 5982 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:exfat_convert_ucs2_to_char fs/exfat/nls.c:441 [inline]
RIP: 0010:__exfat_utf16_to_nls fs/exfat/nls.c:554 [inline]
RIP: 0010:exfat_utf16_to_nls+0x21c/0x840 fs/exfat/nls.c:638
Code: 2e 29 ff 66 41 83 fc 7f 77 14 e8 7f 2a 29 ff e9 b6 00 00 00 e8 75 2a 29 ff e9 a9 00 00 00 48 8b 4c 24 40 48 89 c8 48 c1 e8 03 <42> 80 3c 38 00 74 0f 48 8b 7c 24 40 e8 d3 6b 8e ff 48 8b 4c 24 40
RSP: 0018:ffffc90003c9f760 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000004 RCX: 0000000000000010
RDX: ffff8880310f9e40 RSI: 00000000000000e1 RDI: 0000000000000080
RBP: ffffc90003c9f850 R08: 0000000000000005 R09: 0000000000000000
R10: ffffc90003c9f7e0 R11: fffff52000793efc R12: 00000000000000e1
R13: ffffc90003c9fa48 R14: 0000000000000000 R15: dffffc0000000000
FS:  000055556520c500(0000) GS:ffff888125a03000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556522f608 CR3: 0000000079d18000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 exfat_readdir fs/exfat/dir.c:143 [inline]
 exfat_iterate+0x19a7/0x2050 fs/exfat/dir.c:243
 wrap_directory_iterator+0x96/0xe0 fs/readdir.c:65
 iterate_dir+0x399/0x570 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:410 [inline]
 __se_sys_getdents64+0xe4/0x260 fs/readdir.c:396
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff17b9c1833
Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 32 3d f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
RSP: 002b:00007fff3d1c29f8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
RAX: ffffffffffffffda RBX: 0000555565227600 RCX: 00007ff17b9c1833
RDX: 0000000000008000 RSI: 0000555565227600 RDI: 0000000000000005
RBP: 00005555652275d4 R08: 0000000000028a41 R09: 0000000000000000
R10: 00007ff17bbb7cc0 R11: 0000000000000293 R12: ffffffffffffffa8
R13: 0000000000000010 R14: 00005555652275d0 R15: 00007fff3d1c4cb0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:exfat_convert_ucs2_to_char fs/exfat/nls.c:441 [inline]
RIP: 0010:__exfat_utf16_to_nls fs/exfat/nls.c:554 [inline]
RIP: 0010:exfat_utf16_to_nls+0x21c/0x840 fs/exfat/nls.c:638
Code: 2e 29 ff 66 41 83 fc 7f 77 14 e8 7f 2a 29 ff e9 b6 00 00 00 e8 75 2a 29 ff e9 a9 00 00 00 48 8b 4c 24 40 48 89 c8 48 c1 e8 03 <42> 80 3c 38 00 74 0f 48 8b 7c 24 40 e8 d3 6b 8e ff 48 8b 4c 24 40
RSP: 0018:ffffc90003c9f760 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000004 RCX: 0000000000000010
RDX: ffff8880310f9e40 RSI: 00000000000000e1 RDI: 0000000000000080
RBP: ffffc90003c9f850 R08: 0000000000000005 R09: 0000000000000000
R10: ffffc90003c9f7e0 R11: fffff52000793efc R12: 00000000000000e1
R13: ffffc90003c9fa48 R14: 0000000000000000 R15: dffffc0000000000
FS:  000055556520c500(0000) GS:ffff888125a03000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c007d08000 CR3: 0000000079d18000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	2e 29 ff             	cs sub %edi,%edi
   3:	66 41 83 fc 7f       	cmp    $0x7f,%r12w
   8:	77 14                	ja     0x1e
   a:	e8 7f 2a 29 ff       	call   0xff292a8e
   f:	e9 b6 00 00 00       	jmp    0xca
  14:	e8 75 2a 29 ff       	call   0xff292a8e
  19:	e9 a9 00 00 00       	jmp    0xc7
  1e:	48 8b 4c 24 40       	mov    0x40(%rsp),%rcx
  23:	48 89 c8             	mov    %rcx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	74 0f                	je     0x40
  31:	48 8b 7c 24 40       	mov    0x40(%rsp),%rdi
  36:	e8 d3 6b 8e ff       	call   0xff8e6c0e
  3b:	48 8b 4c 24 40       	mov    0x40(%rsp),%rcx

Crashes (11):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/25 04:46 linux-next b5a4da2c459f 0abd0691 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root general protection fault in exfat_utf16_to_nls
2025/09/25 03:29 linux-next b5a4da2c459f 0abd0691 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root general protection fault in exfat_utf16_to_nls
2025/09/25 01:16 linux-next b5a4da2c459f 0abd0691 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root general protection fault in exfat_utf16_to_nls
2025/09/24 23:06 linux-next b5a4da2c459f 0abd0691 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root general protection fault in exfat_utf16_to_nls
2025/09/24 21:04 linux-next b5a4da2c459f 0abd0691 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-upstream-linux-next-kasan-gce-root general protection fault in exfat_utf16_to_nls
2025/09/24 20:40 linux-next b5a4da2c459f 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in exfat_utf16_to_nls
2025/09/24 19:39 linux-next b5a4da2c459f 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in exfat_utf16_to_nls
2025/09/24 19:36 linux-next b5a4da2c459f 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in exfat_utf16_to_nls
2025/09/24 19:36 linux-next b5a4da2c459f 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in exfat_utf16_to_nls
2025/09/24 19:36 linux-next b5a4da2c459f 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in exfat_utf16_to_nls
2025/09/24 19:35 linux-next b5a4da2c459f 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in exfat_utf16_to_nls
* Struck through repros no longer work on HEAD.