syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1345]
Subsystems
🐞 Fixed [7064]
🐞 Invalid [18550]
Missing Backports [222]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in hfsplus_bnode_find

Status: upstream: reported C repro on 2026/04/14 23:20
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+217eb327242d08197efb@syzkaller.appspotmail.com
First crash: 7d13h, last: 7d04h
Discussions (4)
Title Replies (including bot) Last reply
[PATCH] hfsplus: zero-initialize buffer in hfs_bnode_read 1 (1) 2026/04/18 13:40
[syzbot] [hfs?] KMSAN: uninit-value in hfsplus_bnode_find 1 (6) 2026/04/18 13:39
[PATCH] hfsplus: zero-initialize data buffer in hfs_bnode_read_u16 and hfs_bnode_read_u8 2 (2) 2026/04/17 22:28
[PATCH] hfsplus: Add a sanity check for catalog btree node size 8 (8) 2026/04/16 23:52
Last patch testing requests (4)
Created Duration User Patch Repo Result
2026/04/18 13:39 32m tristmd@gmail.com patch upstream report log
2026/04/17 16:21 27m tristmd@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log
2026/04/17 10:12 35m tristmd@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master error
2026/04/15 00:52 38m eadavis@qq.com patch upstream report log

Sample crash report:
loop0: detected capacity change from 0 to 1024
hfsplus: requested invalid offset: NODE: id 0, type 0x1, height 0, node_size 1, offset 4294967295
=====================================================
BUG: KMSAN: uninit-value in hfsplus_bnode_find+0x141c/0x1600 fs/hfsplus/bnode.c:584
 hfsplus_bnode_find+0x141c/0x1600 fs/hfsplus/bnode.c:584
 hfsplus_btree_open+0x169a/0x1e40 fs/hfsplus/btree.c:382
 hfsplus_fill_super+0x111f/0x2770 fs/hfsplus/super.c:553
 get_tree_bdev_flags+0x6e6/0x920 fs/super.c:1694
 get_tree_bdev+0x38/0x50 fs/super.c:1717
 hfsplus_get_tree+0x35/0x40 fs/hfsplus/super.c:709
 vfs_get_tree+0xb3/0x5d0 fs/super.c:1754
 fc_mount fs/namespace.c:1193 [inline]
 do_new_mount_fc fs/namespace.c:3763 [inline]
 do_new_mount+0x885/0x1dd0 fs/namespace.c:3839
 path_mount+0x7a2/0x20b0 fs/namespace.c:4159
 do_mount fs/namespace.c:4172 [inline]
 __do_sys_mount fs/namespace.c:4361 [inline]
 __se_sys_mount+0x704/0x7f0 fs/namespace.c:4338
 __x64_sys_mount+0xe4/0x150 fs/namespace.c:4338
 x64_sys_call+0x39f0/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable data.i created at:
 hfsplus_bnode_read_u16 fs/hfsplus/bnode.c:58 [inline]
 hfsplus_bnode_find+0xd6f/0x1600 fs/hfsplus/bnode.c:583
 hfsplus_btree_open+0x169a/0x1e40 fs/hfsplus/btree.c:382

CPU: 0 UID: 0 PID: 6044 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
=====================================================

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/14 22:07 upstream d60bc1401583 362d1323 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_bnode_find
2026/04/14 16:13 upstream d60bc1401583 362d1323 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_bnode_find
2026/04/14 13:22 upstream d60bc1401583 362d1323 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_bnode_find
2026/04/14 13:22 upstream d60bc1401583 362d1323 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in hfsplus_bnode_find
2026/04/14 18:59 upstream d60bc1401583 362d1323 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_bnode_find
2026/04/14 18:13 upstream d60bc1401583 362d1323 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_bnode_find
2026/04/14 14:00 upstream d60bc1401583 362d1323 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_bnode_find
2026/04/14 14:00 upstream d60bc1401583 362d1323 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in hfsplus_bnode_find
* Struck through repros no longer work on HEAD.