From: syzbot <syzbot+0391d34e801643e2809b@syzkaller.appspotmail.com>
To: hch@infradead.org, linux-kernel@vger.kernel.org,
linux-xfs@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4)
Date: Sun, 18 Jan 2026 23:38:02 -0800 [thread overview]
Message-ID: <696ddf5a.050a0220.3390f1.003b.GAE@google.com> (raw)
In-Reply-To: <aW3J5Cc3ezll_601@infradead.org>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: MAX_LOCKDEP_CHAINS too low!
BUG: MAX_LOCKDEP_CHAINS too low!
turning off the locking correctness validator.
CPU: 0 UID: 0 PID: 1610 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: xfs_iwalk-13497 xfs_pwork_work
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
__dump_stack+0x30/0x40 lib/dump_stack.c:94
dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
dump_stack+0x1c/0x28 lib/dump_stack.c:129
add_chain_cache kernel/locking/lockdep.c:-1 [inline]
lookup_chain_cache_add kernel/locking/lockdep.c:3855 [inline]
validate_chain kernel/locking/lockdep.c:3876 [inline]
__lock_acquire+0xf9c/0x30a4 kernel/locking/lockdep.c:5237
lock_acquire+0x140/0x2e0 kernel/locking/lockdep.c:5868
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x5c/0x7c kernel/locking/spinlock.c:162
debug_object_activate+0x7c/0x460 lib/debugobjects.c:818
debug_timer_activate kernel/time/timer.c:793 [inline]
__mod_timer+0x8c4/0xd00 kernel/time/timer.c:1124
add_timer_global+0x88/0xc0 kernel/time/timer.c:1283
__queue_delayed_work+0x218/0x2c8 kernel/workqueue.c:2520
queue_delayed_work_on+0xe4/0x194 kernel/workqueue.c:2555
queue_delayed_work include/linux/workqueue.h:684 [inline]
xfs_reclaim_work_queue+0x154/0x244 fs/xfs/xfs_icache.c:211
xfs_perag_set_inode_tag+0x19c/0x4bc fs/xfs/xfs_icache.c:263
xfs_inodegc_set_reclaimable+0x1e0/0x444 fs/xfs/xfs_icache.c:1917
xfs_inode_mark_reclaimable+0x2c8/0x10f8 fs/xfs/xfs_icache.c:2252
xfs_fs_destroy_inode+0x2fc/0x618 fs/xfs/xfs_super.c:712
destroy_inode fs/inode.c:396 [inline]
evict+0x7cc/0xa74 fs/inode.c:861
iput_final fs/inode.c:1954 [inline]
iput+0xc54/0xfdc fs/inode.c:2006
xfs_irele+0xd0/0x2ac fs/xfs/xfs_inode.c:2662
xfs_qm_dqusage_adjust+0x4f4/0x5b0 fs/xfs/xfs_qm.c:1411
xfs_iwalk_ag_recs+0x404/0x7c8 fs/xfs/xfs_iwalk.c:209
xfs_iwalk_run_callbacks+0x1c0/0x3e8 fs/xfs/xfs_iwalk.c:370
xfs_iwalk_ag+0x6ac/0x82c fs/xfs/xfs_iwalk.c:473
xfs_iwalk_ag_work+0xf8/0x1a0 fs/xfs/xfs_iwalk.c:620
xfs_pwork_work+0x80/0x1a4 fs/xfs/xfs_pwork.c:47
process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
process_scheduled_works kernel/workqueue.c:3340 [inline]
worker_thread+0x958/0xed8 kernel/workqueue.c:3421
kthread+0x5fc/0x75c kernel/kthread.c:463
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
Tested on:
commit: 855e81db xfs: switch (back) to a per-buftarg buffer hash
git tree: git://git.infradead.org/users/hch/xfs.git xfs-buf-hash
console output: https://syzkaller.appspot.com/x/log.txt?x=162bb63a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1707867b02964a26
dashboard link: https://syzkaller.appspot.com/bug?extid=0391d34e801643e2809b
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Note: no patches were applied.
next prev parent reply other threads:[~2026-01-19 7:38 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-29 9:50 [syzbot] Monthly xfs report (Oct 2025) syzbot
2025-10-30 7:11 ` Christoph Hellwig
2025-10-30 7:42 ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2025-10-30 8:01 ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2025-10-30 8:47 ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2026-01-19 6:06 ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2026-01-19 7:38 ` syzbot [this message]
2026-01-19 7:44 ` Christoph Hellwig
2026-01-19 8:34 ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2026-01-19 8:37 ` Christoph Hellwig
2026-01-19 8:53 ` Aleksandr Nogikh
2026-01-19 9:03 ` Christoph Hellwig
2026-01-19 9:03 ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2026-01-19 9:29 ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2026-01-19 14:45 ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2026-01-19 15:17 ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
-- strict thread matches above, loose matches on Subject: below --
2025-09-02 11:40 syzbot
2025-09-03 1:05 ` Dave Chinner
2025-09-03 6:08 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=696ddf5a.050a0220.3390f1.003b.GAE@google.com \
--to=syzbot+0391d34e801643e2809b@syzkaller.appspotmail.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.