syzbot


KMSAN: uninit-value in hfsplus_rename_cat

Status: upstream: reported C repro on 2023/10/11 11:48
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+93f4402297a457fc6895@syzkaller.appspotmail.com
First crash: 315d, last: 5d04h
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: BUG: unable to handle kernel NULL pointer dereference in hfsplus_rename_cat (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [hfs?] KMSAN: uninit-value in hfsplus_rename_cat 0 (1) 2023/10/11 11:48
Last patch testing requests (3)
Created Duration User Patch Repo Result
2024/02/13 14:10 16m retest repro upstream report log
2024/02/13 03:30 19m retest repro upstream OK log
2023/10/24 00:56 21m retest repro upstream report log

Sample crash report:
loop0: detected capacity change from 0 to 1024
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
CPU: 0 PID: 5084 Comm: syz-executor328 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:hfsplus_rename_cat+0x4b3/0x1050 fs/hfsplus/catalog.c:480
Code: 60 42 80 3c 20 00 48 8b 5c 24 20 74 05 e8 e5 41 7b ff 48 8b 94 24 20 01 00 00 48 83 c3 40 48 89 d8 48 c1 e8 03 48 89 44 24 68 <42> 80 3c 20 00 48 89 54 24 08 74 0d 48 89 df e8 b9 41 7b ff 48 8b
RSP: 0018:ffffc9000341f4a0 EFLAGS: 00010202
RAX: 0000000000000008 RBX: 0000000000000040 RCX: ffff888019f60000
RDX: ffff88802351f000 RSI: 0000000000000000 RDI: ffffc9000341f5c0
RBP: ffffc9000341f910 R08: ffffffff827dc634 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffc9000341f58c R14: ffffc9000341f620 R15: 1ffff92000683ea8
FS:  0000555576712380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6f45d95ed8 CR3: 0000000015f14000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hfsplus_unlink+0x308/0x790 fs/hfsplus/dir.c:376
 hfsplus_rename+0xc8/0x1c0 fs/hfsplus/dir.c:547
 vfs_rename+0xbdb/0xf00 fs/namei.c:4893
 do_renameat2+0xd94/0x13f0 fs/namei.c:5050
 __do_sys_rename fs/namei.c:5097 [inline]
 __se_sys_rename fs/namei.c:5095 [inline]
 __x64_sys_rename+0x86/0xa0 fs/namei.c:5095
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4c38defaa9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffcc5bfed8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f4c38defaa9
RDX: 00007f4c38defaa9 RSI: 00000000200001c0 RDI: 0000000020000180
RBP: 00007f4c38e635f0 R08: 00005555767134c0 R09: 00005555767134c0
R10: 00005555767134c0 R11: 0000000000000246 R12: 00007fffcc5bff00
R13: 00007fffcc5c0128 R14: 431bde82d7b634db R15: 00007f4c38e3803b
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfsplus_rename_cat+0x4b3/0x1050 fs/hfsplus/catalog.c:480
Code: 60 42 80 3c 20 00 48 8b 5c 24 20 74 05 e8 e5 41 7b ff 48 8b 94 24 20 01 00 00 48 83 c3 40 48 89 d8 48 c1 e8 03 48 89 44 24 68 <42> 80 3c 20 00 48 89 54 24 08 74 0d 48 89 df e8 b9 41 7b ff 48 8b
RSP: 0018:ffffc9000341f4a0 EFLAGS: 00010202
RAX: 0000000000000008 RBX: 0000000000000040 RCX: ffff888019f60000
RDX: ffff88802351f000 RSI: 0000000000000000 RDI: ffffc9000341f5c0
RBP: ffffc9000341f910 R08: ffffffff827dc634 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffc9000341f58c R14: ffffc9000341f620 R15: 1ffff92000683ea8
FS:  0000555576712380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561252451e10 CR3: 0000000015f14000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
   5:	48 8b 5c 24 20       	mov    0x20(%rsp),%rbx
   a:	74 05                	je     0x11
   c:	e8 e5 41 7b ff       	call   0xff7b41f6
  11:	48 8b 94 24 20 01 00 	mov    0x120(%rsp),%rdx
  18:	00
  19:	48 83 c3 40          	add    $0x40,%rbx
  1d:	48 89 d8             	mov    %rbx,%rax
  20:	48 c1 e8 03          	shr    $0x3,%rax
  24:	48 89 44 24 68       	mov    %rax,0x68(%rsp)
* 29:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2e:	48 89 54 24 08       	mov    %rdx,0x8(%rsp)
  33:	74 0d                	je     0x42
  35:	48 89 df             	mov    %rbx,%rdi
  38:	e8 b9 41 7b ff       	call   0xff7b41f6
  3d:	48                   	rex.W
  3e:	8b                   	.byte 0x8b

Crashes (297):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/07 23:57 upstream c6653f49e4fd 2a40360c .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/05/01 20:57 upstream 18daea77cca6 3ba885bc .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root general protection fault in hfsplus_rename_cat
2024/04/14 17:56 upstream fe46a7dd189e c8349e48 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/01/19 06:06 upstream 296455ade1fd 239abf84 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-badwrites-root general protection fault in hfsplus_rename_cat
2024/05/14 20:07 linux-next 26dd54d03cd9 fdb4c10c .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root general protection fault in hfsplus_rename_cat
2023/10/07 12:34 upstream 82714078aee4 5e837c76 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/06/10 13:59 upstream 614da38e2f7a 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/09 13:34 upstream 614da38e2f7a 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/09 02:23 upstream 614da38e2f7a 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/08 01:08 upstream 614da38e2f7a 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/08 01:07 upstream 614da38e2f7a 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/07 10:50 upstream 614da38e2f7a 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/07 03:25 upstream 614da38e2f7a 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/06 15:56 upstream 614da38e2f7a 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/06 04:30 upstream 614da38e2f7a 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/04 22:02 upstream 614da38e2f7a a1feae05 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/03 06:19 upstream 614da38e2f7a 3113787f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/01 16:25 upstream 614da38e2f7a 3113787f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/01 03:49 upstream 614da38e2f7a 3113787f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/31 15:01 upstream 614da38e2f7a 34889ee3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/29 13:59 upstream 614da38e2f7a 34889ee3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/28 22:51 upstream 614da38e2f7a 34889ee3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/28 21:37 upstream 614da38e2f7a 34889ee3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/25 15:09 upstream 614da38e2f7a a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/25 05:42 upstream 614da38e2f7a a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/25 02:34 upstream 614da38e2f7a a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/24 20:45 upstream 614da38e2f7a 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/24 14:24 upstream 614da38e2f7a 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/23 19:31 upstream 614da38e2f7a 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/23 12:51 upstream 614da38e2f7a 4d098039 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/23 07:00 upstream 614da38e2f7a 4d098039 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/21 21:31 upstream 614da38e2f7a 1014eca7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/21 17:41 upstream 614da38e2f7a 1014eca7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/21 09:15 upstream 614da38e2f7a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/21 06:45 upstream 614da38e2f7a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/21 05:12 upstream 614da38e2f7a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/20 20:24 upstream 614da38e2f7a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/20 03:19 upstream 614da38e2f7a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/18 05:03 upstream 614da38e2f7a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/17 18:47 upstream 614da38e2f7a a12e99e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/08 03:59 upstream 101b7a97143a 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/06 18:11 upstream 101b7a97143a 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/06 10:07 upstream 101b7a97143a 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/06/06 09:48 upstream 101b7a97143a 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/29 03:44 upstream 101b7a97143a 34889ee3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/25 20:50 upstream 101b7a97143a a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/25 19:40 upstream 101b7a97143a a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/21 10:43 upstream 101b7a97143a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/20 05:20 upstream 101b7a97143a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2024/05/17 23:27 upstream 101b7a97143a a12e99e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_rename_cat
2023/12/12 12:03 upstream 26aff849438c 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2023/09/27 01:53 upstream 50768a425b46 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in hfsplus_rename_cat
2024/07/04 18:09 upstream 795c58e4c7fc 3f2748a3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/06/22 03:40 upstream 66cc544fd75c edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/06/12 04:45 upstream 2ef5971ff345 4d75f4f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/05/19 07:54 upstream 0450d2083be6 c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfsplus_rename_cat
2024/05/01 07:42 upstream 50dffbf77180 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in hfsplus_rename_cat
2024/04/21 13:32 upstream 977b1ef51866 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hfsplus_rename_cat
* Struck through repros no longer work on HEAD.