syzbot

 sign-in | mailing list | source | docs
🐞 Open [1458]
Subsystems
🐞 Fixed [6837]
🐞 Invalid [17724]
Missing Backports [227]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in afs_request_key

Status: fixed on 2026/01/07 12:29
Subsystems: afs
[Documentation on labels]
Reported-by: syzbot+41c68824eefb67cdf00c@syzkaller.appspotmail.com
Fix commit: d27c71257825 afs: Fix delayed allocation of a cell's anonymous key 19eef1d98eed afs: Fix uninit var in afs_alloc_anon_key()
First crash: 50d, last: 40d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 6.17 050/146] afs: Fix uninit var in afs_alloc_anon_key() 1 (1) 2025/12/03 15:27
[PATCH 6.17 042/146] afs: Fix delayed allocation of a cells anonymous key 1 (1) 2025/12/03 15:27
[PATCH] afs: Fix uninit var in afs_alloc_anon_key() 2 (2) 2025/11/29 00:49
[PATCH v3] afs: Fix delayed allocation of a cell's anonymous key 1 (1) 2025/11/28 10:19
[PATCH v2] afs: Fix delayed allocation of a cell's anonymous key 1 (1) 2025/11/28 09:52
[syzbot] [afs?] general protection fault in afs_request_key 0 (1) 2025/11/22 06:18

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000024: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127]
CPU: 0 UID: 0 PID: 13791 Comm: syz.0.1767 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:afs_request_key+0xba/0x190 fs/afs/security.c:30
Code: 48 c1 e9 03 80 3c 01 00 0f 85 ae 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 30 48 8d bd 20 01 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 75 7a 48 8b b5 20 01 00 00 31 c9 48 c7 c7 80 58 41 90
RSP: 0018:ffffc90017dffc88 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff888031d68800 RCX: 0000000000000024
RDX: ffff88803129a5c0 RSI: ffffffff83963714 RDI: 0000000000000120
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888031d68830
R13: ffff8880280f2c20 R14: ffffed100501e586 R15: ffffc90017dffea0
FS:  00007f0bf16a36c0(0000) GS:ffff888124a0d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31216ff8 CR3: 000000001292a000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 afs_validate_fc fs/afs/super.c:376 [inline]
 afs_get_tree+0x303/0x1380 fs/afs/super.c:555
 vfs_get_tree+0x8e/0x340 fs/super.c:1758
 fc_mount fs/namespace.c:1199 [inline]
 do_new_mount_fc fs/namespace.c:3642 [inline]
 do_new_mount fs/namespace.c:3718 [inline]
 path_mount+0x7b9/0x23a0 fs/namespace.c:4028
 do_mount fs/namespace.c:4041 [inline]
 __do_sys_mount fs/namespace.c:4229 [inline]
 __se_sys_mount fs/namespace.c:4206 [inline]
 __x64_sys_mount+0x293/0x310 fs/namespace.c:4206
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0bf078f7c9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0bf16a3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f0bf09e5fa0 RCX: 00007f0bf078f7c9
RDX: 00002000000001c0 RSI: 0000200000000180 RDI: 0000000000000000
RBP: 00007f0bf0813f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0bf09e6038 R14: 00007f0bf09e5fa0 R15: 00007ffe12e06f68
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:afs_request_key+0xba/0x190 fs/afs/security.c:30
Code: 48 c1 e9 03 80 3c 01 00 0f 85 ae 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 30 48 8d bd 20 01 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 75 7a 48 8b b5 20 01 00 00 31 c9 48 c7 c7 80 58 41 90
RSP: 0018:ffffc90017dffc88 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff888031d68800 RCX: 0000000000000024
RDX: ffff88803129a5c0 RSI: ffffffff83963714 RDI: 0000000000000120
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888031d68830
R13: ffff8880280f2c20 R14: ffffed100501e586 R15: ffffc90017dffea0
FS:  00007f0bf16a36c0(0000) GS:ffff888124a0d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b311c5ff8 CR3: 000000001292a000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	48 c1 e9 03          	shr    $0x3,%rcx
   4:	80 3c 01 00          	cmpb   $0x0,(%rcx,%rax,1)
   8:	0f 85 ae 00 00 00    	jne    0xbc
   e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  15:	fc ff df
  18:	48 8b 6b 30          	mov    0x30(%rbx),%rbp
  1c:	48 8d bd 20 01 00 00 	lea    0x120(%rbp),%rdi
  23:	48 89 f9             	mov    %rdi,%rcx
  26:	48 c1 e9 03          	shr    $0x3,%rcx
* 2a:	80 3c 01 00          	cmpb   $0x0,(%rcx,%rax,1) <-- trapping instruction
  2e:	75 7a                	jne    0xaa
  30:	48 8b b5 20 01 00 00 	mov    0x120(%rbp),%rsi
  37:	31 c9                	xor    %ecx,%ecx
  39:	48 c7 c7 80 58 41 90 	mov    $0xffffffff90415880,%rdi

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/27 23:37 upstream 765e56e41a5a e8331348 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/27 20:46 upstream 765e56e41a5a e8331348 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/27 18:48 upstream 765e56e41a5a e8331348 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/26 18:29 upstream 30f09200cc4a c116feb4 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/26 11:24 upstream 30f09200cc4a c116feb4 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/25 09:55 upstream ac3fd01e4c1e 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/23 04:48 upstream 89edd36fd801 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/22 02:15 upstream 2eba5e05d9bc 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/21 22:20 upstream 2eba5e05d9bc 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/20 05:54 upstream 23cb64fb7625 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/19 07:47 upstream 8b690556d8fe ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/18 19:44 upstream 5bebe8de1926 ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/18 09:40 upstream e7c375b18160 ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
2025/11/18 06:14 upstream e7c375b18160 ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in afs_request_key
* Struck through repros no longer work on HEAD.