syzbot

 sign-in | mailing list | source | docs
🐞 Open [1639]
Subsystems
🐞 Fixed [6010]
🐞 Invalid [14818]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KFENCE: memory corruption in hfs_find_exit

Status: moderation: reported on 2025/01/24 07:01
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+222cddcaf4e97a3f0854@syzkaller.appspotmail.com
First crash: 9d22h, last: 9d22h

Sample crash report:
==================================================================
BUG: KFENCE: memory corruption in hfs_find_exit+0x5b/0xb0 fs/hfs/bfind.c:47

Corrupted memory at 0xffff88823bf96fee [ 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x03 0x00 0x00 0x00 0x03 0x00 0x00 0x00 0x00 ] (in kfence-#202):
 hfs_find_exit+0x5b/0xb0 fs/hfs/bfind.c:47
 hfs_cat_create+0x6fe/0xa50
 hfs_create+0x66/0xe0 fs/hfs/dir.c:202
 lookup_open fs/namei.c:3649 [inline]
 open_last_lookups fs/namei.c:3748 [inline]
 path_openat+0x1c03/0x3590 fs/namei.c:3984
 do_filp_open+0x27f/0x4e0 fs/namei.c:4014
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

kfence-#202: 0xffff88823bf96fa0-0xffff88823bf96fed, size=78, cache=kmalloc-96

allocated by task 16858 on cpu 1 at 719.678526s (0.106502s ago):
 kmalloc_noprof include/linux/slab.h:905 [inline]
 hfs_find_init+0x90/0x1f0 fs/hfs/bfind.c:21
 hfs_cat_create+0x182/0xa50 fs/hfs/catalog.c:96
 hfs_create+0x66/0xe0 fs/hfs/dir.c:202
 lookup_open fs/namei.c:3649 [inline]
 open_last_lookups fs/namei.c:3748 [inline]
 path_openat+0x1c03/0x3590 fs/namei.c:3984
 do_filp_open+0x27f/0x4e0 fs/namei.c:4014
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

freed by task 16858 on cpu 1 at 719.678880s (0.158885s ago):
 hfs_find_exit+0x5b/0xb0 fs/hfs/bfind.c:47
 hfs_cat_create+0x6fe/0xa50
 hfs_create+0x66/0xe0 fs/hfs/dir.c:202
 lookup_open fs/namei.c:3649 [inline]
 open_last_lookups fs/namei.c:3748 [inline]
 path_openat+0x1c03/0x3590 fs/namei.c:3984
 do_filp_open+0x27f/0x4e0 fs/namei.c:4014
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 1 UID: 0 PID: 16858 Comm: syz.6.1152 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/01/20 06:49 upstream 9528d418de4d f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KFENCE: memory corruption in hfs_find_exit
* Struck through repros no longer work on HEAD.