syzbot

 sign-in | mailing list | source | docs
🐞 Open [1163] 🐞 Fixed [4320] 🐞 Invalid [9666] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

general protection fault in hfs_find_init

Status: upstream: reported C repro on 2018/03/31 20:47
Reported-by: syzbot+7ca256d0da4af073b2e2@syzkaller.appspotmail.com
First crash: 1772d, last: 4d03h

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: no output from test machine (log)
Repro: C syz .config

Fix bisection: failed (bisect log)
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 general protection fault in hfs_find_init hfs C 3 4d07h 64d 0/1 upstream: reported C repro on 2022/12/03 11:10
linux-4.19 general protection fault in hfs_find_init hfs C 6 3d16h 71d 0/1 upstream: reported C repro on 2022/11/26 21:41
Last patch testing requests:
Created Duration User Patch Repo Result
2022/09/27 04:30 10m retest repro upstream error
2020/08/12 05:02 15m yepeilin.cs@gmail.com patch upstream OK

Sample crash report:
loop0: detected capacity change from 0 to 64
general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
CPU: 0 PID: 5067 Comm: syz-executor265 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:hfs_find_init+0x6e/0x1e0 fs/hfs/bfind.c:21
Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f8 b6 7f ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 8a 04 2f 84 c0 0f 85 0a 01 00 00 41 8b 06 8d 7c 00 04 be c0 0c
RSP: 0018:ffffc90003caf2e0 EFLAGS: 00010202
RAX: 1ffff92000795e7f RBX: ffffc90003caf3f8 RCX: ffff8880795d0000
RDX: 0000000000000000 RSI: ffffc90003caf3e0 RDI: ffffc90003caf3f0
RBP: 0000000000000000 R08: ffffffff8262ead7 R09: fffffbfff1d2c9e6
R10: fffffbfff1d2c9e6 R11: 1ffffffff1d2c9e5 R12: ffffc90003caf3e0
R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008
FS:  0000555557423300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000005fdeb8 CR3: 00000000721f3000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hfs_ext_read_extent fs/hfs/extent.c:200 [inline]
 hfs_get_block+0x519/0xbb0 fs/hfs/extent.c:366
 block_read_full_folio+0x3b3/0xfa0 fs/buffer.c:2271
 filemap_read_folio+0x187/0x7d0 mm/filemap.c:2426
 do_read_cache_folio+0x2d3/0x790 mm/filemap.c:3553
 do_read_cache_page mm/filemap.c:3595 [inline]
 read_cache_page+0x56/0x270 mm/filemap.c:3604
 read_mapping_page include/linux/pagemap.h:755 [inline]
 hfs_btree_open+0x50c/0xf20 fs/hfs/btree.c:78
 hfs_mdb_get+0x1404/0x21a0 fs/hfs/mdb.c:199
 hfs_fill_super+0xfc7/0x1690 fs/hfs/super.c:406
 mount_bdev+0x26c/0x3a0 fs/super.c:1359
 legacy_get_tree+0xea/0x180 fs/fs_context.c:610
 vfs_get_tree+0x88/0x270 fs/super.c:1489
 do_new_mount+0x289/0xad0 fs/namespace.c:3145
 do_mount fs/namespace.c:3488 [inline]
 __do_sys_mount fs/namespace.c:3697 [inline]
 __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7efef4f81ada
Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffee28090a8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007efef4f81ada
RDX: 0000000020000240 RSI: 0000000020000000 RDI: 00007ffee28090c0
RBP: 00007ffee28090c0 R08: 00007ffee2809100 R09: 0000000000000248
R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
R13: 00005555574232c0 R14: 0000000000000000 R15: 00007ffee2809100
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfs_find_init+0x6e/0x1e0 fs/hfs/bfind.c:21
Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 f8 b6 7f ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 8a 04 2f 84 c0 0f 85 0a 01 00 00 41 8b 06 8d 7c 00 04 be c0 0c
RSP: 0018:ffffc90003caf2e0 EFLAGS: 00010202
RAX: 1ffff92000795e7f RBX: ffffc90003caf3f8 RCX: ffff8880795d0000
RDX: 0000000000000000 RSI: ffffc90003caf3e0 RDI: ffffc90003caf3f0
RBP: 0000000000000000 R08: ffffffff8262ead7 R09: fffffbfff1d2c9e6
R10: fffffbfff1d2c9e6 R11: 1ffffffff1d2c9e5 R12: ffffc90003caf3e0
R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008
FS:  0000555557423300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000005fdeb8 CR3: 00000000721f3000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	d8 48 c1             	fmuls  -0x3f(%rax)
   3:	e8 03 42 80 3c       	callq  0x3c80420b
   8:	28 00                	sub    %al,(%rax)
   a:	74 08                	je     0x14
   c:	48 89 df             	mov    %rbx,%rdi
   f:	e8 f8 b6 7f ff       	callq  0xff7fb70c
  14:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  1b:	48 89 2c 24          	mov    %rbp,(%rsp)
  1f:	4c 8d 75 40          	lea    0x40(%rbp),%r14
  23:	4d 89 f7             	mov    %r14,%r15
  26:	49 c1 ef 03          	shr    $0x3,%r15
* 2a:	43 8a 04 2f          	mov    (%r15,%r13,1),%al <-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	0f 85 0a 01 00 00    	jne    0x140
  36:	41 8b 06             	mov    (%r14),%eax
  39:	8d 7c 00 04          	lea    0x4(%rax,%rax,1),%edi
  3d:	be                   	.byte 0xbe
  3e:	c0                   	.byte 0xc0
  3f:	0c                   	.byte 0xc

Crashes (87):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci2-upstream-fs 2022/12/17 21:25 upstream 77856d911a8c 05494336 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] general protection fault in hfs_find_init
ci-upstream-kasan-gce-root 2022/12/12 14:41 upstream 830b3c68c1fb 67be1ae7 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] general protection fault in hfs_find_init
ci-upstream-kasan-gce-root 2022/12/11 19:38 upstream 4cee37b3a4e6 67be1ae7 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] general protection fault in hfs_find_init
ci2-upstream-fs 2022/11/26 20:23 upstream 644e9524388a f4470a7b .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] general protection fault in hfs_find_init
ci2-upstream-fs 2022/11/26 07:17 upstream 08ad43d554ba f4470a7b .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] general protection fault in hfs_find_init
ci-upstream-kasan-gce-root 2018/03/31 19:49 upstream 10b84daddbec 0174c6c8 .config console log report syz C
ci-upstream-gce-arm64 2022/12/18 00:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 05494336 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] BUG: unable to handle kernel NULL pointer dereference in hfs_find_init
ci-upstream-gce-arm64 2022/11/27 07:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6d464646530f 74a66371 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] BUG: unable to handle kernel NULL pointer dereference in hfs_find_init
ci-upstream-gce-arm64 2022/11/26 23:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6d464646530f 74a66371 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] BUG: unable to handle kernel NULL pointer dereference in hfs_find_init
ci-upstream-kasan-gce-root 2023/01/31 15:47 upstream 22b8077d0fce 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-root 2023/01/30 10:34 upstream ab072681eabe 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/29 21:58 upstream ab072681eabe 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/29 18:39 upstream c96618275234 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/28 23:22 upstream 5af6ce704936 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/25 17:24 upstream 948ef7bb70c4 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-selinux-root 2023/01/25 13:19 upstream fb6e71db53f3 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/25 06:45 upstream fb6e71db53f3 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/25 00:02 upstream fb6e71db53f3 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-smack-root 2023/01/24 21:01 upstream 7bf70dbb1882 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/24 00:28 upstream 7bf70dbb1882 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-smack-root 2023/01/23 04:42 upstream 2241ab53cbb5 559a440a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/23 01:24 upstream 2475bf0250de cc0f9968 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/22 00:04 upstream f883675bf652 cc0f9968 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/21 04:05 upstream edc00350d205 cc0f9968 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-selinux-root 2023/01/20 17:02 upstream d368967cb103 559a440a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/19 08:26 upstream 7287904c8771 66fca3ae .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/19 04:51 upstream c1649ec55708 4620c2d9 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/18 02:53 upstream 6e50979a9c87 42660d9e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/16 16:22 upstream 5dc4c995db9e a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-smack-root 2023/01/16 16:08 upstream 5dc4c995db9e a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-smack-root 2023/01/16 08:24 upstream 5dc4c995db9e a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-smack-root 2023/01/15 01:33 upstream 97ec4d559d93 a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-smack-root 2023/01/14 22:10 upstream 97ec4d559d93 a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/14 00:04 upstream d9fc1511728c 529798b0 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/09 08:26 upstream 1fe4fd6f5cad 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/09 07:06 upstream 1fe4fd6f5cad 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/08 13:27 upstream 9b43a525db12 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2023/01/04 06:42 upstream 69b41ac87e4a f0036e18 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-selinux-root 2023/01/01 21:36 upstream e4cf7c25bae5 ab32d508 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2022/12/30 16:57 upstream 2258c2dc850b 44712fbc .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2022/12/29 21:41 upstream 1b929c02afd3 44712fbc .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-smack-root 2022/12/27 06:32 upstream 1b929c02afd3 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-root 2022/12/25 16:37 upstream 72a85e2b0a1e 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2022/12/25 13:15 upstream 72a85e2b0a1e 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-root 2022/12/23 08:19 upstream 8395ae05cb5a 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-root 2022/12/21 14:18 upstream b6bb9676f216 4067838e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2022/12/19 11:31 upstream f9ff5644bcc0 05494336 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-root 2022/12/14 05:26 upstream 764822972d64 e660de91 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-root 2022/12/10 02:05 upstream 0d1409e4ff08 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2022/12/08 06:43 upstream 479174d402bc d88f3abb .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2022/12/06 23:29 upstream 8ed710da2873 d88f3abb .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci2-upstream-fs 2022/12/05 18:04 upstream 76dcd734eca2 045cbb84 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-selinux-root 2022/12/05 07:39 upstream c2bf05db6c78 e080de16 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-linux-next-kasan-gce-root 2023/02/01 20:58 linux-next 66eee64b2354 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-linux-next-kasan-gce-root 2023/01/30 01:12 linux-next e2f86c02fdc9 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-linux-next-kasan-gce-root 2023/01/28 23:33 linux-next e2f86c02fdc9 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-linux-next-kasan-gce-root 2023/01/20 19:52 linux-next d514392f17fd 559a440a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-linux-next-kasan-gce-root 2023/01/08 19:53 linux-next cc3c08b41a9c 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-linux-next-kasan-gce-root 2023/01/01 20:01 linux-next c76083fac3ba ab32d508 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-linux-next-kasan-gce-root 2022/12/12 20:11 linux-next 591cd61541b9 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hfs_find_init
ci-upstream-kasan-gce-root 2018/05/14 03:54 upstream 66e1c94db3cd 481f030c .config console log report
ci-upstream-gce-arm64 2023/01/03 15:35 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 ab32d508 .config console log report info [disk image] [vmlinux] [kernel image] BUG: unable to handle kernel NULL pointer dereference in hfs_find_init
ci-upstream-gce-arm64 2022/12/25 14:35 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] BUG: unable to handle kernel NULL pointer dereference in hfs_find_init
ci-upstream-gce-arm64 2022/12/23 07:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] BUG: unable to handle kernel NULL pointer dereference in hfs_find_init
* Struck through repros no longer work on HEAD.