From: syzbot <syzbot+0391d34e801643e2809b@syzkaller.appspotmail.com>
To: hch@infradead.org, linux-kernel@vger.kernel.org,
linux-xfs@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4)
Date: Mon, 19 Jan 2026 00:34:03 -0800 [thread overview]
Message-ID: <696dec7b.a70a0220.34546f.043a.GAE@google.com> (raw)
In-Reply-To: <aW3g7G_dWk4cbx0_@infradead.org>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: MAX_LOCKDEP_KEYS too low!
BUG: MAX_LOCKDEP_KEYS too low!
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 7123 Comm: syz-executor Not tainted syzkaller #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
__dump_stack+0x30/0x40 lib/dump_stack.c:94
dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
dump_stack+0x1c/0x28 lib/dump_stack.c:129
register_lock_class+0x310/0x348 kernel/locking/lockdep.c:1332
__lock_acquire+0xbc/0x30a4 kernel/locking/lockdep.c:5112
lock_acquire+0x140/0x2e0 kernel/locking/lockdep.c:5868
touch_wq_lockdep_map+0xa8/0x164 kernel/workqueue.c:3940
__flush_workqueue+0xfc/0x109c kernel/workqueue.c:3982
drain_workqueue+0xa4/0x310 kernel/workqueue.c:4146
destroy_workqueue+0xb4/0xd90 kernel/workqueue.c:5903
xfs_destroy_mount_workqueues+0xac/0xdc fs/xfs/xfs_super.c:649
xfs_fs_put_super+0x128/0x144 fs/xfs/xfs_super.c:1262
generic_shutdown_super+0x12c/0x2b8 fs/super.c:643
kill_block_super+0x44/0x90 fs/super.c:1722
xfs_kill_sb+0x20/0x58 fs/xfs/xfs_super.c:2297
deactivate_locked_super+0xc4/0x12c fs/super.c:474
deactivate_super+0xe0/0x100 fs/super.c:507
cleanup_mnt+0x31c/0x3ac fs/namespace.c:1318
__cleanup_mnt+0x20/0x30 fs/namespace.c:1325
task_work_run+0x1dc/0x260 kernel/task_work.c:233
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
__exit_to_user_mode_loop kernel/entry/common.c:44 [inline]
exit_to_user_mode_loop+0x10c/0x18c kernel/entry/common.c:75
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:242 [inline]
arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline]
el0_svc+0x17c/0x26c arch/arm64/kernel/entry-common.c:725
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
Tested on:
commit: 3e548540 increase LOCKDEP_CHAINS_BITS
git tree: git://git.infradead.org/users/hch/xfs.git xfs-buf-hash
console output: https://syzkaller.appspot.com/x/log.txt?x=101b0d22580000
kernel config: https://syzkaller.appspot.com/x/.config?x=6c6138f827b10ea4
dashboard link: https://syzkaller.appspot.com/bug?extid=0391d34e801643e2809b
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Note: no patches were applied.
next prev parent reply other threads:[~2026-01-19 8:34 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-29 9:50 [syzbot] Monthly xfs report (Oct 2025) syzbot
2025-10-30 7:11 ` Christoph Hellwig
2025-10-30 7:42 ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2025-10-30 8:01 ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2025-10-30 8:47 ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2026-01-19 6:06 ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2026-01-19 7:38 ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2026-01-19 7:44 ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2026-01-19 8:34 ` syzbot [this message]
2026-01-19 8:37 ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) Christoph Hellwig
2026-01-19 8:53 ` Aleksandr Nogikh
2026-01-19 9:03 ` Christoph Hellwig
2026-01-19 9:03 ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2026-01-19 9:29 ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
2026-01-19 14:45 ` [syzbot] Monthly xfs report (Oct 2025) Christoph Hellwig
2026-01-19 15:17 ` [syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4) syzbot
-- strict thread matches above, loose matches on Subject: below --
2025-09-02 11:40 syzbot
2025-09-03 1:05 ` Dave Chinner
2025-09-03 6:08 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=696dec7b.a70a0220.34546f.043a.GAE@google.com \
--to=syzbot+0391d34e801643e2809b@syzkaller.appspotmail.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.