syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12516] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in hfsplus_rename_cat

Status: upstream: reported C repro on 2023/10/11 11:48
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+93f4402297a457fc6895@syzkaller.appspotmail.com
First crash: 239d, last: 2h48m
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: BUG: unable to handle kernel NULL pointer dereference in hfsplus_rename_cat (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [hfs?] KMSAN: uninit-value in hfsplus_rename_cat 0 (1) 2023/10/11 11:48
Last patch testing requests (3)
Created Duration User Patch Repo Result
2024/02/13 14:10 16m retest repro upstream report log
2024/02/13 03:30 19m retest repro upstream OK log
2023/10/24 00:56 21m retest repro upstream report log

Sample crash report:
loop0: detected capacity change from 0 to 1024
general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
CPU: 0 PID: 5057 Comm: syz-executor122 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:hfsplus_rename_cat+0x4b3/0x1050 fs/hfsplus/catalog.c:480
Code: 60 42 80 3c 20 00 48 8b 5c 24 20 74 05 e8 65 5e 7b ff 48 8b 94 24 20 01 00 00 48 83 c3 40 48 89 d8 48 c1 e8 03 48 89 44 24 68 <42> 80 3c 20 00 48 89 54 24 08 74 0d 48 89 df e8 39 5e 7b ff 48 8b
RSP: 0018:ffffc90004017740 EFLAGS: 00010202
RAX: 0000000000000008 RBX: 0000000000000040 RCX: ffff88801eccbc00
RDX: ffff8880792e5000 RSI: 0000000000000000 RDI: ffffc90004017860
RBP: ffffc90004017bb0 R08: ffffffff827a0ca4 R09: 6d33a5df14000000
R10: 6d33a5df14000000 R11: 0000a5df6d33a5df R12: dffffc0000000000
R13: ffffc9000401782c R14: ffffc900040178c0 R15: 1ffff92000802efc
FS:  00005555835c5380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc6b929000 CR3: 000000007b13e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hfsplus_unlink+0x308/0x790 fs/hfsplus/dir.c:376
 vfs_unlink+0x365/0x600 fs/namei.c:4338
 do_unlinkat+0x4ae/0x830 fs/namei.c:4402
 __do_sys_unlinkat fs/namei.c:4445 [inline]
 __se_sys_unlinkat fs/namei.c:4438 [inline]
 __x64_sys_unlinkat+0xce/0xf0 fs/namei.c:4438
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f1bca3ef789
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc6b928828 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f1bca3ef789
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
RBP: 00007f1bca462610 R08: 0000000000000000 R09: 00007ffc6b9289f8
R10: 00007ffc6b9286f0 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffc6b9289e8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfsplus_rename_cat+0x4b3/0x1050 fs/hfsplus/catalog.c:480
Code: 60 42 80 3c 20 00 48 8b 5c 24 20 74 05 e8 65 5e 7b ff 48 8b 94 24 20 01 00 00 48 83 c3 40 48 89 d8 48 c1 e8 03 48 89 44 24 68 <42> 80 3c 20 00 48 89 54 24 08 74 0d 48 89 df e8 39 5e 7b ff 48 8b
RSP: 0018:ffffc90004017740 EFLAGS: 00010202
RAX: 0000000000000008 RBX: 0000000000000040 RCX: ffff88801eccbc00
RDX: ffff8880792e5000 RSI: 0000000000000000 RDI: ffffc90004017860
RBP: ffffc90004017bb0 R08: ffffffff827a0ca4 R09: 6d33a5df14000000
R10: 6d33a5df14000000 R11: 0000a5df6d33a5df R12: dffffc0000000000
R13: ffffc9000401782c R14: ffffc900040178c0 R15: 1ffff92000802efc
FS:  00005555835c5380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc6b929000 CR3: 000000007b13e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
   5:	48 8b 5c 24 20       	mov    0x20(%rsp),%rbx
   a:	74 05                	je     0x11
   c:	e8 65 5e 7b ff       	call   0xff7b5e76
  11:	48 8b 94 24 20 01 00 	mov    0x120(%rsp),%rdx
  18:	00
  19:	48 83 c3 40          	add    $0x40,%rbx
  1d:	48 89 d8             	mov    %rbx,%rax
  20:	48 c1 e8 03          	shr    $0x3,%rax
  24:	48 89 44 24 68       	mov    %rax,0x68(%rsp)
* 29:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2e:	48 89 54 24 08       	mov    %rdx,0x8(%rsp)
  33:	74 0d                	je     0x42
  35:	48 89 df             	mov    %rbx,%rdi
  38:	e8 39 5e 7b ff       	call   0xff7b5e76
  3d:	48                   	rex.W
  3e:	8b                   	.byte 0x8b

Crashes (119):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/14 17:56 upstream fe46a7dd189e c8349e48 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/01/19 06:06 upstream 296455ade1fd 239abf84 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-badwrites-root general protection fault in hfsplus_rename_cat
2023/10/07 12:34 upstream 82714078aee4 5e837c76 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/04/27 08:14 upstream 5eb4573ea63d 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/27 07:10 upstream 5eb4573ea63d 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/26 08:38 upstream e33c4963bf53 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/26 04:03 upstream e33c4963bf53 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/25 03:11 upstream e88c4cfcb7b8 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/23 20:57 upstream 71b1543c83d6 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/23 08:14 upstream 4d2008430ce8 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/22 15:19 upstream ed30a4a51bb1 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/21 23:38 upstream 3b68086599f8 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/21 15:32 upstream 977b1ef51866 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/19 23:19 upstream 3cdb45594619 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/17 21:15 upstream 96fca68c4fbf bd38b692 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/17 13:38 upstream 96fca68c4fbf 18f6e127 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/15 04:00 upstream 7efd0a74039f c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/14 03:44 upstream fa4022cb7361 c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/13 17:46 upstream 8f2c057754b2 c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/13 14:42 upstream 8f2c057754b2 c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/11 20:48 upstream e8c39d0f57f3 478efa7f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/08 20:04 upstream fec50db7033e 53df08b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/08 02:36 upstream 9fe30842a90b ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/06 20:09 upstream e8b0ccb2a787 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/06 10:25 upstream e8b0ccb2a787 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/02 06:26 upstream 026e680b0a08 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/03/29 12:56 upstream 317c7bc0ef03 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/03/25 05:37 upstream 5e74df2f8f15 0ea90952 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/03/19 02:42 upstream 0a7b0acecea2 baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/03/17 20:09 upstream 741e9d668aa5 d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/03/14 10:35 upstream 61387b8dcf1d f919f202 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/02/17 17:10 upstream c1ca10ceffbb 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/02/17 05:11 upstream 0f1dd5e91e2b 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/30 01:59 upstream 9f8413c4a66f 991a98f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/25 07:38 upstream 9f8413c4a66f 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/24 14:42 upstream 9f8413c4a66f 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/22 23:08 upstream 9f8413c4a66f 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/01/19 22:41 upstream 9f8413c4a66f 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/25 17:34 upstream e88c4cfcb7b8 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/24 03:20 upstream 71b1543c83d6 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/23 19:49 upstream 71b1543c83d6 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/23 13:42 upstream 4d2008430ce8 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/19 15:16 upstream 2668e3ae2ef3 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/17 05:26 upstream 96fca68c4fbf 18f6e127 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/15 12:32 upstream 0bbac3facb5d c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/14 08:50 upstream fa4022cb7361 c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/08 21:41 upstream fec50db7033e 53df08b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/06 22:28 upstream e8b0ccb2a787 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/06 14:58 upstream e8b0ccb2a787 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/06 13:49 upstream e8b0ccb2a787 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/04/06 04:09 upstream 8cb4a9a82b21 18ea8213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2023/12/12 12:03 upstream 26aff849438c 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/27 01:53 upstream 50768a425b46 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2024/04/21 17:24 upstream 977b1ef51866 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in hfsplus_rename_cat
2024/04/21 13:32 upstream 977b1ef51866 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hfsplus_rename_cat
2024/01/04 06:41 upstream ac865f00af29 28c42cff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfsplus_rename_cat
* Struck through repros no longer work on HEAD.