syzbot

 sign-in | mailing list | source | docs
🐞 Open [1006] Subsystems 🐞 Fixed [5246] 🐞 Invalid [12543] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KFENCE: memory corruption in do_handle_open

Status: upstream: reported on 2024/04/08 08:31
Subsystems: nfs
[Documentation on labels]
Reported-by: syzbot+454fe737909d37a0e5fe@syzkaller.appspotmail.com
First crash: 27d, last: 26d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [nfs?] KFENCE: memory corruption in do_handle_open 0 (1) 2024/04/08 08:31

Sample crash report:
==================================================================
BUG: KFENCE: memory corruption in handle_to_path fs/fhandle.c:213 [inline]
BUG: KFENCE: memory corruption in do_handle_open+0x4be/0x660 fs/fhandle.c:226

Corrupted memory at 0xffff88823bdccff8 [ 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ] (in kfence-#229):
 handle_to_path fs/fhandle.c:213 [inline]
 do_handle_open+0x4be/0x660 fs/fhandle.c:226
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x72/0x7a

kfence-#229: 0xffff88823bdccfe0-0xffff88823bdccff7, size=24, cache=kmalloc-32

allocated by task 5382 on cpu 1 at 75.554801s:
 kmalloc_noprof include/linux/slab.h:664 [inline]
 handle_to_path fs/fhandle.c:195 [inline]
 do_handle_open+0x162/0x660 fs/fhandle.c:226
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x72/0x7a

freed by task 5382 on cpu 1 at 75.554827s:
 handle_to_path fs/fhandle.c:213 [inline]
 do_handle_open+0x4be/0x660 fs/fhandle.c:226
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x72/0x7a

CPU: 1 PID: 5382 Comm: syz-executor.0 Not tainted 6.9.0-rc2-next-20240403-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/03 23:20 linux-next 727900b675b7 fed899ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KFENCE: memory corruption in do_handle_open
2024/04/03 17:55 linux-next 727900b675b7 fed899ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KFENCE: memory corruption in do_handle_open
2024/04/03 11:54 linux-next c0b832517f62 7925100d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KFENCE: memory corruption in do_handle_open
2024/04/02 17:54 linux-next c0b832517f62 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KFENCE: memory corruption in do_handle_open
* Struck through repros no longer work on HEAD.