syzbot


general protection fault in hfs_find_init

Status: upstream: reported C repro on 2018/03/31 20:47
Labels: hfs (incorrect?)
Reported-by: syzbot+7ca256d0da4af073b2e2@syzkaller.appspotmail.com
First crash: 1893d, last: 4h14m

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: no output from test machine (log)
Repro: C syz .config

Fix bisection: failed (error log, bisect log)
Discussions (4)
Title Replies (including bot) Last reply
[syzbot] Monthly hfs report (Apr 2023) 0 (1) 2023/04/27 13:32
[Linux-kernel-mentees] [PATCH] hfs, hfsplus: Fix NULL pointer dereference in hfs_find_init() 9 (9) 2020/08/12 20:34
general protection fault in hfs_find_init 0 (1) 2018/03/31 20:47
general protection fault in hfs_find_init 0 (1) 2018/03/31 20:47
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 general protection fault in hfs_find_init hfs C 3 94d 185d 0/1 upstream: reported C repro on 2022/12/03 11:10
linux-5.15 BUG: unable to handle kernel paging request in hfs_find_init 6 45d 62d 0/3 upstream: reported on 2023/04/05 08:29
linux-4.19 general protection fault in hfs_find_init hfs C 12 96d 191d 0/1 upstream: reported C repro on 2022/11/26 21:41
linux-6.1 BUG: unable to handle kernel paging request in hfs_find_init 3 55d 85d 0/3 upstream: reported on 2023/03/13 10:13
Last patch testing requests (2)
Created Duration User Patch Repo Result
2022/09/27 04:30 10m retest repro upstream error
2020/08/12 05:02 15m yepeilin.cs@gmail.com patch upstream OK

Sample crash report:
memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4994 'syz-executor325'
loop0: detected capacity change from 0 to 64
general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
CPU: 0 PID: 4994 Comm: syz-executor325 Not tainted 6.4.0-rc4-syzkaller-00204-gc43a6ff9f93f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:hfs_find_init+0x72/0x1f0 fs/hfs/bfind.c:21
Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 74 0d 80 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 0c 01 00 00 41 8b 06 8d 7c 00 04 be c0
RSP: 0018:ffffc90003b0f300 EFLAGS: 00010202
RAX: 1ffff92000761e7f RBX: ffffc90003b0f3f8 RCX: ffff888028983b80
RDX: 0000000000000000 RSI: ffffc90003b0f3e0 RDI: ffffc90003b0f3f0
RBP: 0000000000000000 R08: ffffffff82647b7f R09: 0000000000000000
R10: ffffc90003b0f3e0 R11: dffffc0000000001 R12: ffffc90003b0f3e0
R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008
FS:  0000555555873300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdde473000 CR3: 0000000077303000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hfs_ext_read_extent fs/hfs/extent.c:200 [inline]
 hfs_get_block+0x4f4/0xb60 fs/hfs/extent.c:366
 block_read_full_folio+0x47b/0x1000 fs/buffer.c:2349
 filemap_read_folio+0x19d/0x7a0 mm/filemap.c:2421
 do_read_cache_folio+0x134/0x820 mm/filemap.c:3680
 do_read_cache_page+0x32/0x220 mm/filemap.c:3746
 read_mapping_page include/linux/pagemap.h:772 [inline]
 hfs_btree_open+0x50b/0xf20 fs/hfs/btree.c:78
 hfs_mdb_get+0x1443/0x21b0 fs/hfs/mdb.c:199
 hfs_fill_super+0x107d/0x1790 fs/hfs/super.c:406
 mount_bdev+0x2d0/0x3f0 fs/super.c:1380
 legacy_get_tree+0xef/0x190 fs/fs_context.c:610
 vfs_get_tree+0x8c/0x270 fs/super.c:1510
 do_new_mount+0x28f/0xae0 fs/namespace.c:3039
 do_mount fs/namespace.c:3382 [inline]
 __do_sys_mount fs/namespace.c:3591 [inline]
 __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3568
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f624c1dbafa
Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdde471fc8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f624c1dbafa
RDX: 0000000020000240 RSI: 0000000020000000 RDI: 00007ffdde471fe0
RBP: 00007ffdde471fe0 R08: 00007ffdde472020 R09: 0000000000000248
R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
R13: 00005555558732c0 R14: 0000000000000000 R15: 00007ffdde472020
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfs_find_init+0x72/0x1f0 fs/hfs/bfind.c:21
Code: d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 74 0d 80 ff 48 c7 03 00 00 00 00 48 89 2c 24 4c 8d 75 40 4d 89 f7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 0c 01 00 00 41 8b 06 8d 7c 00 04 be c0
RSP: 0018:ffffc90003b0f300 EFLAGS: 00010202
RAX: 1ffff92000761e7f RBX: ffffc90003b0f3f8 RCX: ffff888028983b80
RDX: 0000000000000000 RSI: ffffc90003b0f3e0 RDI: ffffc90003b0f3f0
RBP: 0000000000000000 R08: ffffffff82647b7f R09: 0000000000000000
R10: ffffc90003b0f3e0 R11: dffffc0000000001 R12: ffffc90003b0f3e0
R13: dffffc0000000000 R14: 0000000000000040 R15: 0000000000000008
FS:  0000555555873300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdde473000 CR3: 0000000077303000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	d8 48 c1             	fmuls  -0x3f(%rax)
   3:	e8 03 42 80 3c       	callq  0x3c80420b
   8:	28 00                	sub    %al,(%rax)
   a:	74 08                	je     0x14
   c:	48 89 df             	mov    %rbx,%rdi
   f:	e8 74 0d 80 ff       	callq  0xff800d88
  14:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  1b:	48 89 2c 24          	mov    %rbp,(%rsp)
  1f:	4c 8d 75 40          	lea    0x40(%rbp),%r14
  23:	4d 89 f7             	mov    %r14,%r15
  26:	49 c1 ef 03          	shr    $0x3,%r15
* 2a:	43 0f b6 04 2f       	movzbl (%r15,%r13,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	0f 85 0c 01 00 00    	jne    0x143
  37:	41 8b 06             	mov    (%r14),%eax
  3a:	8d 7c 00 04          	lea    0x4(%rax,%rax,1),%edi
  3e:	be                   	.byte 0xbe
  3f:	c0                   	.byte 0xc0

Crashes (244):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/06/03 00:42 upstream c43a6ff9f93f a4ae4f42 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root general protection fault in hfs_find_init
2022/12/17 21:25 upstream 77856d911a8c 05494336 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfs_find_init
2022/12/12 14:41 upstream 830b3c68c1fb 67be1ae7 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root general protection fault in hfs_find_init
2022/12/11 19:38 upstream 4cee37b3a4e6 67be1ae7 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root general protection fault in hfs_find_init
2022/11/26 20:23 upstream 644e9524388a f4470a7b .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfs_find_init
2022/11/26 07:17 upstream 08ad43d554ba f4470a7b .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in hfs_find_init
2018/03/31 19:49 upstream 10b84daddbec 0174c6c8 .config console log report syz C ci-upstream-kasan-gce-root
2022/12/18 00:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 05494336 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in hfs_find_init
2022/11/27 07:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6d464646530f 74a66371 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in hfs_find_init
2022/11/26 23:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6d464646530f 74a66371 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in hfs_find_init
2023/06/06 16:17 upstream a4d7d7011219 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/06/05 14:23 upstream 9561de3a55be a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/06/02 20:07 upstream c43a6ff9f93f a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/06/02 12:54 upstream 1874a42a7d74 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/06/01 09:39 upstream 48b1320a674e babc4389 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/31 12:28 upstream afead42fdfca 09898419 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/29 13:10 upstream e338142b39cf cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in hfs_find_init
2023/05/27 23:36 upstream 4e893b5aa4ac cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/27 13:04 upstream 49572d536129 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/27 08:46 upstream 91a304340a22 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hfs_find_init
2023/05/25 02:37 upstream 9d646009f65d 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/21 04:11 upstream 0dd2a6fb1e34 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/20 18:40 upstream d635f6cc934b 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/18 10:15 upstream 1b66c114d161 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/16 23:55 upstream f1fcbaa18b28 11c89444 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/16 11:22 upstream f1fcbaa18b28 71b00cfb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hfs_find_init
2023/05/09 23:38 upstream 1dc3731daf1f 30aa2a7e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/09 15:42 upstream ba0ad6ed89fd 30aa2a7e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/07 10:54 upstream fc4354c6e5c2 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/06 01:06 upstream 7163a2111f6c de870ca5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/05 08:31 upstream 78b421b6a7c6 518a39a6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/04 20:24 upstream 1a5304fecee5 3a560463 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in hfs_find_init
2023/05/04 10:24 upstream fa31fc82fb77 5b7ff9dd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/05/02 16:48 upstream 865fdb08197e 52d40fd2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/04/28 05:51 upstream 91ec4b0d11fe 70a605de .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/04/27 23:55 upstream 6e98b09da931 6f3d6fa7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/04/27 14:23 upstream 6e98b09da931 6f3d6fa7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/04/27 07:08 upstream 5c7ecada25d2 19a3dabe .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/04/27 03:53 upstream 5c7ecada25d2 19a3dabe .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/04/26 17:14 upstream 0cfd8703e7da 8d843721 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/04/26 06:18 upstream 0cfd8703e7da 65320f8e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/04/24 18:47 upstream 457391b03803 fdc18293 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in hfs_find_init
2023/04/22 16:43 upstream 8e41e0a57566 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hfs_find_init
2023/04/22 11:35 upstream 8e41e0a57566 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in hfs_find_init
2023/04/20 04:09 upstream 789b4a41c247 a219f34e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/04/18 00:06 upstream 6a8f57ae2eb0 436577a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/04/17 02:54 upstream 6a8f57ae2eb0 ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in hfs_find_init
2023/04/16 19:05 upstream 3e7bb4f24617 ec410564 .config console log report info ci-qemu-upstream general protection fault in hfs_find_init
2023/04/13 07:13 upstream 0bcc40255504 82d5e53e .config console log report info ci-qemu-upstream-386 general protection fault in hfs_find_init
2023/05/28 23:15 linux-next 715abedee4cd cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in hfs_find_init
2023/04/23 23:24 linux-next d3e1ee0e67e7 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in hfs_find_init
2023/04/23 16:24 linux-next d3e1ee0e67e7 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in hfs_find_init
2023/04/21 05:37 linux-next 44bf136283e5 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in hfs_find_init
2018/05/14 03:54 upstream 66e1c94db3cd 481f030c .config console log report ci-upstream-kasan-gce-root
2023/06/05 09:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/06/03 19:14 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/06/02 21:29 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/05/20 06:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 96689200 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/05/18 08:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/05/12 18:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a ecca8a24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/05/04 07:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/04/24 22:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a fdc18293 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/04/19 23:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 327bf9bb94cf a219f34e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/02/13 20:12 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2d3827b3f393 4d66ad72 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in hfs_find_init
* Struck through repros no longer work on HEAD.