[adding the kfence maintainers] On Tue, Oct 08, 2024 at 04:43:23PM -0700, syzbot wrote: > dashboard link: https://syzkaller.appspot.com/bug?extid=8a8170685a482c92e86a [...] > XFS (loop2): Quotacheck: Done. > ================================================================== > BUG: KFENCE: memory corruption in krealloc_noprof+0x160/0x2e0 > > Corrupted memory at 0xffff88823bedafeb [ 0x03 0x00 0xd8 0x62 0x75 0x73 0x01 0x00 0x00 0x11 0x4c 0x00 0x00 0x00 0x00 0x00 ] (in kfence-#108): > krealloc_noprof+0x160/0x2e0 > xfs_idata_realloc+0x116/0x1b0 fs/xfs/libxfs/xfs_inode_fork.c:523 I've tried to make sense of this report and failed. Documentation/dev-tools/kfence.rst explains these messages as: KFENCE also uses pattern-based redzones on the other side of an object's guard page, to detect out-of-bounds writes on the unprotected side of the object. These are reported on frees:: But doesn't explain what "the other side of an object's guard page" is. Either way this is in the common krealloc code, which is a bit special as it uses ksize to figure out what the actual underlying allocation size of an object is to make use of that. Without understanding the actual error I wonder if that's something kfence can't cope with?
