Re: [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+0391d34e801643e2809b@syzkaller.appspotmail.com>
To: hch@infradead.org, linux-kernel@vger.kernel.org,
	linux-xfs@vger.kernel.org,  syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4)
Date: Thu, 30 Oct 2025 01:47:03 -0700	[thread overview]
Message-ID: <69032607.050a0220.3344a1.043e.GAE@google.com> (raw)
In-Reply-To: <aQMbZoAAVWxxx6wc@infradead.org>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: MAX_LOCKDEP_CHAINS too low!

BUG: MAX_LOCKDEP_CHAINS too low!
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 2577 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
Workqueue: xfs-cil/loop0 xlog_cil_push_work
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 dump_stack+0x1c/0x28 lib/dump_stack.c:129
 add_chain_cache kernel/locking/lockdep.c:-1 [inline]
 lookup_chain_cache_add kernel/locking/lockdep.c:3855 [inline]
 validate_chain kernel/locking/lockdep.c:3876 [inline]
 __lock_acquire+0xf9c/0x30a4 kernel/locking/lockdep.c:5237
 lock_acquire+0x14c/0x2e0 kernel/locking/lockdep.c:5868
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x5c/0x7c kernel/locking/spinlock.c:162
 __wake_up_common_lock kernel/sched/wait.c:124 [inline]
 __wake_up+0x40/0x1a8 kernel/sched/wait.c:146
 xlog_cil_set_ctx_write_state+0x2a8/0x310 fs/xfs/xfs_log_cil.c:997
 xlog_write+0x1fc/0xe94 fs/xfs/xfs_log.c:2252
 xlog_cil_write_commit_record fs/xfs/xfs_log_cil.c:1118 [inline]
 xlog_cil_push_work+0x19ec/0x1f74 fs/xfs/xfs_log_cil.c:1434
 process_one_work+0x7e8/0x155c kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3400
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844

Tested on:

commit:         af1722bb xfs: switch (back) to a per-buftarg buffer hash
git tree:       git://git.infradead.org/users/hch/misc.git xfs-buf-hash
console output: https://syzkaller.appspot.com/x/log.txt?x=1110bfe2580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=39f8a155475bc42d
dashboard link: https://syzkaller.appspot.com/bug?extid=0391d34e801643e2809b
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64

Note: no patches were applied.

next prev parent reply	other threads:[~2025-10-30  8:47 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-29  9:50 [syzbot] Monthly xfs report (Oct 2025) syzbot
2025-10-30  7:11 ` Christoph Hellwig
2025-10-30  7:42   ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2025-10-30  8:01   ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2025-10-30  8:47     ` syzbot [this message]
2026-01-19  6:06     ` Christoph Hellwig
2026-01-19  7:38       ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2026-01-19  7:44       ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2026-01-19  8:34         ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2026-01-19  8:37           ` Christoph Hellwig
2026-01-19  8:53             ` Aleksandr Nogikh
2026-01-19  9:03               ` Christoph Hellwig
2026-01-19  9:03         ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2026-01-19  9:29           ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2026-01-19 14:45           ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2026-01-19 15:17             ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
  -- strict thread matches above, loose matches on Subject: below --
2025-09-02 11:40 syzbot
2025-09-03  1:05 ` Dave Chinner
2025-09-03  6:08   ` Christoph Hellwig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69032607.050a0220.3344a1.043e.GAE@google.com \
    --to=syzbot+0391d34e801643e2809b@syzkaller.appspotmail.com \
    --cc=hch@infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.