syzbot

 sign-in | mailing list | source | docs
🐞 Open [1564]
Subsystems
🐞 Fixed [6187]
🐞 Invalid [15516]
Missing Backports [178]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KFENCE: memory corruption in hfs_find_exit

Status: moderation: reported on 2025/01/24 07:01
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+222cddcaf4e97a3f0854@syzkaller.appspotmail.com
First crash: 85d, last: 44d

Sample crash report:
loop3: detected capacity change from 0 to 64
==================================================================
BUG: KFENCE: memory corruption in hfs_find_exit+0x5b/0xb0 fs/hfs/bfind.c:47

Corrupted memory at 0xffff88823befefee [ 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x03 0x00 0x00 0x00 0x03 0x00 0x00 0x00 0x00 ] (in kfence-#126):
 hfs_find_exit+0x5b/0xb0 fs/hfs/bfind.c:47
 hfs_cat_create+0x41b/0x760
 hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232
 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4313
 do_mkdirat+0x264/0x3a0 fs/namei.c:4336
 __do_sys_mkdirat fs/namei.c:4351 [inline]
 __se_sys_mkdirat fs/namei.c:4349 [inline]
 __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4349
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

kfence-#126: 0xffff88823befefa0-0xffff88823befefed, size=78, cache=kmalloc-96

allocated by task 6498 on cpu 1 at 105.445558s (0.083696s ago):
 kmalloc_noprof include/linux/slab.h:905 [inline]
 hfs_find_init+0x90/0x1f0 fs/hfs/bfind.c:21
 hfs_cat_create+0x17f/0x760 fs/hfs/catalog.c:96
 hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232
 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4313
 do_mkdirat+0x264/0x3a0 fs/namei.c:4336
 __do_sys_mkdirat fs/namei.c:4351 [inline]
 __se_sys_mkdirat fs/namei.c:4349 [inline]
 __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4349
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

freed by task 6498 on cpu 1 at 105.446412s (0.130041s ago):
 hfs_find_exit+0x5b/0xb0 fs/hfs/bfind.c:47
 hfs_cat_create+0x41b/0x760
 hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232
 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4313
 do_mkdirat+0x264/0x3a0 fs/namei.c:4336
 __do_sys_mkdirat fs/namei.c:4351 [inline]
 __se_sys_mkdirat fs/namei.c:4349 [inline]
 __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4349
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 1 UID: 0 PID: 6498 Comm: syz.3.70 Not tainted 6.14.0-rc4-syzkaller-00248-g03d38806a902 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/02 04:13 upstream 03d38806a902 c3901742 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KFENCE: memory corruption in hfs_find_exit
2025/01/20 06:49 upstream 9528d418de4d f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KFENCE: memory corruption in hfs_find_exit
2025/02/10 02:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2014c95afece ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KFENCE: memory corruption in hfs_find_exit
* Struck through repros no longer work on HEAD.