syzbot

 sign-in | mailing list | source | docs
🐞 Open [1413]
Subsystems
🐞 Fixed [5827]
🐞 Invalid [14217]
Missing Backports [92]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in hfsplus_rename_cat

Status: upstream: reported C repro on 2023/10/11 11:48
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+93f4402297a457fc6895@syzkaller.appspotmail.com
First crash: 446d, last: 4h49m
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: BUG: unable to handle kernel NULL pointer dereference in hfsplus_rename_cat (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [hfs?] KMSAN: uninit-value in hfsplus_rename_cat 0 (1) 2023/10/11 11:48
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 BUG: unable to handle kernel paging request in hfsplus_rename_cat origin:upstream C 6 11d 11d 0/3 upstream: reported C repro on 2024/11/09 17:58
Last patch testing requests (3)
Created Duration User Patch Repo Result
2024/02/13 14:10 16m retest repro upstream report log
2024/02/13 03:30 19m retest repro upstream OK log
2023/10/24 00:56 21m retest repro upstream report log

Sample crash report:
WARNING: The mand mount option has been deprecated and
         and is ignored by this kernel. Remove the mand
         option from the mount to silence this warning.
=======================================================
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
CPU: 0 UID: 0 PID: 5828 Comm: syz-executor246 Not tainted 6.12.0-rc6-syzkaller-00099-g7758b206117d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:hfsplus_rename_cat+0x4b3/0x1090 fs/hfsplus/catalog.c:480
Code: 60 42 80 3c 20 00 48 8b 5c 24 20 74 05 e8 25 99 78 ff 48 8b 94 24 20 01 00 00 48 83 c3 40 48 89 d8 48 c1 e8 03 48 89 44 24 68 <42> 80 3c 20 00 48 89 54 24 08 74 0d 48 89 df e8 f9 98 78 ff 48 8b
RSP: 0018:ffffc90003d27760 EFLAGS: 00010202
RAX: 0000000000000008 RBX: 0000000000000040 RCX: ffff88807eb58000
RDX: ffff88814b008000 RSI: 0000000000000000 RDI: ffffc90003d27880
RBP: ffffc90003d27bd0 R08: ffffffff82835934 R09: 97b251e31a000000
R10: 97b251e31a000000 R11: 97b251e397b251e3 R12: dffffc0000000000
R13: ffffc90003d2784c R14: ffffc90003d278e0 R15: 1ffff920007a4f00
FS:  00005555918fd380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564b8c005670 CR3: 0000000072b00000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hfsplus_unlink+0x308/0x790 fs/hfsplus/dir.c:376
 vfs_unlink+0x365/0x650 fs/namei.c:4469
 do_unlinkat+0x4ae/0x830 fs/namei.c:4533
 __do_sys_unlink fs/namei.c:4581 [inline]
 __se_sys_unlink fs/namei.c:4579 [inline]
 __x64_sys_unlink+0x47/0x50 fs/namei.c:4579
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5f858d97b9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff7fe9bdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f5f858d97b9
RDX: 00007f5f858d97b9 RSI: 0000000000000000 RDI: 00000000200001c0
RBP: 00007f5f8594c610 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff7fe9bf88 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfsplus_rename_cat+0x4b3/0x1090 fs/hfsplus/catalog.c:480
Code: 60 42 80 3c 20 00 48 8b 5c 24 20 74 05 e8 25 99 78 ff 48 8b 94 24 20 01 00 00 48 83 c3 40 48 89 d8 48 c1 e8 03 48 89 44 24 68 <42> 80 3c 20 00 48 89 54 24 08 74 0d 48 89 df e8 f9 98 78 ff 48 8b
RSP: 0018:ffffc90003d27760 EFLAGS: 00010202
RAX: 0000000000000008 RBX: 0000000000000040 RCX: ffff88807eb58000
RDX: ffff88814b008000 RSI: 0000000000000000 RDI: ffffc90003d27880
RBP: ffffc90003d27bd0 R08: ffffffff82835934 R09: 97b251e31a000000
R10: 97b251e31a000000 R11: 97b251e397b251e3 R12: dffffc0000000000
R13: ffffc90003d2784c R14: ffffc90003d278e0 R15: 1ffff920007a4f00
FS:  00005555918fd380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000066c7e0 CR3: 0000000072b00000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
   5:	48 8b 5c 24 20       	mov    0x20(%rsp),%rbx
   a:	74 05                	je     0x11
   c:	e8 25 99 78 ff       	call   0xff789936
  11:	48 8b 94 24 20 01 00 	mov    0x120(%rsp),%rdx
  18:	00
  19:	48 83 c3 40          	add    $0x40,%rbx
  1d:	48 89 d8             	mov    %rbx,%rax
  20:	48 c1 e8 03          	shr    $0x3,%rax
  24:	48 89 44 24 68       	mov    %rax,0x68(%rsp)
* 29:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2e:	48 89 54 24 08       	mov    %rdx,0x8(%rsp)
  33:	74 0d                	je     0x42
  35:	48 89 df             	mov    %rbx,%rdi
  38:	e8 f9 98 78 ff       	call   0xff789936
  3d:	48                   	rex.W
  3e:	8b                   	.byte 0x8b

Crashes (561):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/06 23:56 upstream 7758b206117d df3dc63b .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/10/16 06:18 upstream 2f87d0916ce0 bde2d81c .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/07/07 23:57 upstream c6653f49e4fd 2a40360c .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/05/01 20:57 upstream 18daea77cca6 3ba885bc .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root general protection fault in hfsplus_rename_cat
2024/04/14 17:56 upstream fe46a7dd189e c8349e48 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/01/19 06:06 upstream 296455ade1fd 239abf84 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-badwrites-root general protection fault in hfsplus_rename_cat
2024/05/14 20:07 linux-next 26dd54d03cd9 fdb4c10c .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root general protection fault in hfsplus_rename_cat
2023/10/07 12:34 upstream 82714078aee4 5e837c76 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/11/21 02:07 upstream bf9aa14fc523 4fca1650 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/21 01:52 upstream bf9aa14fc523 4fca1650 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/20 09:56 upstream a5c93bfec0be 7d02db5a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/19 23:13 upstream 158f238aa69d 571351cb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/19 06:01 upstream c6d64479d609 571351cb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/18 16:29 upstream adc218676eef 571351cb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/18 00:46 upstream f66d6acccbc0 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/17 09:47 upstream 4a5df3796467 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/17 00:43 upstream e8bdb3c8be08 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/16 05:37 upstream f868cd251776 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/15 10:09 upstream cfaaa7d010d1 f6ede3a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/14 21:28 upstream 0a9b9d17f3a7 77f3eeb7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/14 03:45 upstream f1b785f4c787 a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/14 00:30 upstream f1b785f4c787 a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/13 10:23 upstream 3022e9d00ebe 62026c85 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/13 04:20 upstream 3022e9d00ebe 62026c85 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/12 17:08 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/12 09:02 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/11 09:26 upstream a9cda7c0ffed 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/11 00:38 upstream a9cda7c0ffed 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/10 19:29 upstream de2f378f2b77 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/10 09:00 upstream de2f378f2b77 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/09 08:58 upstream 50643bbc9eb6 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/08 18:28 upstream 906bd684e4b1 179b040e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/08 03:25 upstream ff7afaeca1a1 c069283c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/08 02:10 upstream ff7afaeca1a1 c069283c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/07 07:29 upstream 7758b206117d df3dc63b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/07 05:00 upstream 7758b206117d df3dc63b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/18 22:20 upstream adc218676eef 571351cb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/18 20:44 upstream adc218676eef 571351cb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/18 04:02 upstream f66d6acccbc0 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/17 14:25 upstream 4a5df3796467 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/16 11:38 upstream f868cd251776 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/15 16:13 upstream cfaaa7d010d1 f6ede3a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/14 07:14 upstream f1b785f4c787 a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/14 02:20 upstream f1b785f4c787 a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/14 00:50 upstream f1b785f4c787 a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/12 19:29 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/11 17:47 upstream 2d5404caa8c7 97fe5517 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/11 04:46 upstream a9cda7c0ffed 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/10 13:18 upstream de2f378f2b77 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/09 11:41 upstream 50643bbc9eb6 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/11/07 10:51 upstream 7758b206117d df3dc63b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2023/12/12 12:03 upstream 26aff849438c 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/27 01:53 upstream 50768a425b46 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2024/11/16 22:06 upstream e8bdb3c8be08 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hfsplus_rename_cat
2024/11/15 06:09 upstream cfaaa7d010d1 f6ede3a3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/10/30 11:48 upstream c1e939a21eb1 f3a00767 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in hfsplus_rename_cat
* Struck through repros no longer work on HEAD.