syzbot


KMSAN: uninit-value in hfsplus_rename_cat

Status: upstream: reported C repro on 2023/10/11 11:48
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+93f4402297a457fc6895@syzkaller.appspotmail.com
First crash: 174d, last: 5d08h
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: BUG: unable to handle kernel NULL pointer dereference in hfsplus_rename_cat (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [hfs?] KMSAN: uninit-value in hfsplus_rename_cat 0 (1) 2023/10/11 11:48
Last patch testing requests (3)
Created Duration User Patch Repo Result
2024/02/13 14:10 16m retest repro upstream report log
2024/02/13 03:30 19m retest repro upstream OK log
2023/10/24 00:56 21m retest repro upstream report log

Sample crash report:
         option from the mount to silence this warning.
=======================================================
general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
CPU: 0 PID: 5063 Comm: syz-executor106 Not tainted 6.7.0-syzkaller-11091-g296455ade1fd #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:hfsplus_rename_cat+0x55f/0x1230 fs/hfsplus/catalog.c:480
Code: 84 24 60 01 00 00 66 89 44 24 42 48 8b 44 24 60 48 83 c0 40 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 e4 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b
RSP: 0018:ffffc9000393f858 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: 00000000fffffffb RCX: ffffffff825c70ba
RDX: 0000000000000008 RSI: ffffffff825bfb23 RDI: 0000000000000005
RBP: ffffc9000393fc90 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: d5c1cfe1d5c1cfe1 R12: ffff888022cc9cb0
R13: ffffc9000393f8f8 R14: ffff888023146000 R15: 1ffff92000727f19
FS:  0000555556a69380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff06475000 CR3: 000000007e5a3000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 hfsplus_unlink+0x48e/0x7f0 fs/hfsplus/dir.c:376
 vfs_unlink+0x2f1/0x900 fs/namei.c:4334
 do_unlinkat+0x5bc/0x740 fs/namei.c:4398
 __do_sys_unlink fs/namei.c:4446 [inline]
 __se_sys_unlink fs/namei.c:4444 [inline]
 __x64_sys_unlink+0xc8/0x110 fs/namei.c:4444
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f675e55bc39
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff06474188 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 00007f675e5a404b RCX: 00007f675e55bc39
RDX: 00007f675e55bc39 RSI: 00007f675e55afb7 RDI: 00000000200000c0
RBP: 00007f675e5a4055 R08: 0000000020000000 R09: 0000000020000000
R10: 0000000000000073 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff06474368 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfsplus_rename_cat+0x55f/0x1230 fs/hfsplus/catalog.c:480
Code: 84 24 60 01 00 00 66 89 44 24 42 48 8b 44 24 60 48 83 c0 40 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 e4 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b
RSP: 0018:ffffc9000393f858 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: 00000000fffffffb RCX: ffffffff825c70ba
RDX: 0000000000000008 RSI: ffffffff825bfb23 RDI: 0000000000000005
RBP: ffffc9000393fc90 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: d5c1cfe1d5c1cfe1 R12: ffff888022cc9cb0
R13: ffffc9000393f8f8 R14: ffff888023146000 R15: 1ffff92000727f19
FS:  0000555556a69380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff06475000 CR3: 000000007e5a3000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	84 24 60             	test   %ah,(%rax,%riz,2)
   3:	01 00                	add    %eax,(%rax)
   5:	00 66 89             	add    %ah,-0x77(%rsi)
   8:	44 24 42             	rex.R and $0x42,%al
   b:	48 8b 44 24 60       	mov    0x60(%rsp),%rax
  10:	48 83 c0 40          	add    $0x40,%rax
  14:	48 89 c2             	mov    %rax,%rdx
  17:	48 89 44 24 10       	mov    %rax,0x10(%rsp)
  1c:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  23:	fc ff df
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 e4 0a 00 00    	jne    0xb18
  34:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
  3b:	fc ff df
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b

Crashes (61):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/01/19 06:06 upstream 296455ade1fd 239abf84 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-badwrites-root general protection fault in hfsplus_rename_cat
2023/10/07 12:34 upstream 82714078aee4 5e837c76 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/02/17 17:10 upstream c1ca10ceffbb 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/02/17 05:11 upstream 0f1dd5e91e2b 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/30 01:59 upstream 9f8413c4a66f 991a98f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/25 07:38 upstream 9f8413c4a66f 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/24 14:42 upstream 9f8413c4a66f 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/22 23:08 upstream 9f8413c4a66f 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/19 22:41 upstream 9f8413c4a66f 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/13 20:08 upstream 9f8413c4a66f 551587c1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/13 17:45 upstream 9f8413c4a66f 551587c1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/06 21:36 upstream 95c8a35f1c01 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/06 21:17 upstream 95c8a35f1c01 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/06 21:10 upstream 95c8a35f1c01 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/06 21:10 upstream 95c8a35f1c01 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/06 21:10 upstream 95c8a35f1c01 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/06 20:59 upstream 95c8a35f1c01 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2023/12/24 21:14 upstream 861deac3b092 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2023/12/21 11:07 upstream 1a44b0073b92 4f9530a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2023/12/21 10:58 upstream 1a44b0073b92 4f9530a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/13 02:20 upstream 9f8413c4a66f dda5a988 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/07 05:30 upstream 52b1853b080a d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/06 21:14 upstream 95c8a35f1c01 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/06 21:10 upstream 95c8a35f1c01 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/06 20:59 upstream 95c8a35f1c01 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2023/12/25 19:49 upstream 861deac3b092 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2023/12/24 21:24 upstream 861deac3b092 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2023/12/21 11:06 upstream 1a44b0073b92 4f9530a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2023/12/12 12:03 upstream 26aff849438c 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/12/12 11:43 upstream 26aff849438c 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/11/21 19:34 upstream 98b1cc82c4af cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/11/13 06:24 upstream b57b17e88bf5 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/11/11 22:57 upstream 3ca112b71f35 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/10/30 13:43 upstream ffc253263a13 3c418d72 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/27 01:53 upstream 50768a425b46 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/26 19:40 upstream 50768a425b46 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/16 20:56 upstream 57d88e8a5974 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/16 20:56 upstream 57d88e8a5974 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/12 01:41 upstream 0bb80ecc33a8 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/10 02:24 upstream a3c57ab79a06 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/04 08:03 upstream 708283abf896 696ea0d2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/03 22:41 upstream 6e32dfcccfcc 696ea0d2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/03 19:12 upstream 6e32dfcccfcc 696ea0d2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/03 14:45 upstream 92901222f83d 696ea0d2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/03 08:11 upstream 92901222f83d 696ea0d2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/03 07:59 upstream 92901222f83d 696ea0d2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/01 13:34 upstream 99d99825fc07 696ea0d2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/01 09:57 upstream 99d99825fc07 696ea0d2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2024/01/04 06:41 upstream ac865f00af29 28c42cff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2023/11/15 22:12 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2023/10/10 00:52 upstream 94f6f0550c62 3c53c7d9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2023/10/07 11:28 upstream 82714078aee4 5e837c76 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfsplus_rename_cat
* Struck through repros no longer work on HEAD.