[v5.15] KASAN: null-ptr-deref Write in xlog_cil_commit
0 views
Skip to first unread message
syzbot
Mar 9, 2023, 8:55:48 PM3/9/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11d79862c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link: https://syzkaller.appspot.com/bug?extid=798d81a034a88c5e8aad
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+798d81...@syzkaller.appspotmail.com
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
==================================================================
BUG: KASAN: null-ptr-deref in xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:225 [inline]
BUG: KASAN: null-ptr-deref in xlog_cil_commit+0x2f4/0x23f4 fs/xfs/xfs_log_cil.c:1264
Write of size 88 at addr 0000000000000000 by task syz-executor.3/11372
CPU: 1 PID: 11372 Comm: syz-executor.3 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
__kasan_report mm/kasan/report.c:438 [inline]
kasan_report+0x168/0x1e4 mm/kasan/report.c:451
kasan_check_range+0x274/0x2b4 mm/kasan/generic.c:189
memset+0x58/0x88 mm/kasan/shadow.c:44
xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:225 [inline]
xlog_cil_commit+0x2f4/0x23f4 fs/xfs/xfs_log_cil.c:1264
__xfs_trans_commit+0x834/0x1018 fs/xfs/xfs_trans.c:881
xfs_trans_commit+0x24/0x34 fs/xfs/xfs_trans.c:925
xfs_fileattr_set+0xe0c/0x15b8 fs/xfs/xfs_ioctl.c:1478
vfs_fileattr_set+0x708/0xad0 fs/ioctl.c:700
do_vfs_ioctl+0x1634/0x2a38
__do_sys_ioctl fs/ioctl.c:872 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__arm64_sys_ioctl+0xe4/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
==================================================================
Unable to handle kernel paging request at virtual address dfff800000000003
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000003] address between user and kernel address ranges
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 11372 Comm: syz-executor.3 Tainted: G B 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:227 [inline]
pc : xlog_cil_commit+0x304/0x23f4 fs/xfs/xfs_log_cil.c:1264
lr : xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:225 [inline]
lr : xlog_cil_commit+0x2f4/0x23f4 fs/xfs/xfs_log_cil.c:1264
sp : ffff8000269f74e0
x29: ffff8000269f7600 x28: ffff0001061a6140 x27: 1ffff00004d3eeb8
x26: dfff800000000000 x25: 0000000000000000 x24: ffff0001061a6150
x23: 0000000000000150 x22: 1fffe00020c34c38 x21: ffff0001061a61c0
x20: 0000000000000002 x19: dfff800000000000 x18: 1fffe0003690238e
x17: 1fffe0003690238e x16: ffff800011979fe4 x15: ffff8000149cf960
x14: ffff0001b4811c80 x13: ffffffffffffffff x12: 0000000000040000
x11: 000000000003ffff x10: ffff80001fe8b000 x9 : 0000000000000000
x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff80000826bc28
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000819ea18
x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000018
Call trace:
xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:227 [inline]
xlog_cil_commit+0x304/0x23f4 fs/xfs/xfs_log_cil.c:1264
__xfs_trans_commit+0x834/0x1018 fs/xfs/xfs_trans.c:881
xfs_trans_commit+0x24/0x34 fs/xfs/xfs_trans.c:925
xfs_fileattr_set+0xe0c/0x15b8 fs/xfs/xfs_ioctl.c:1478
vfs_fileattr_set+0x708/0xad0 fs/ioctl.c:700
do_vfs_ioctl+0x1634/0x2a38
__do_sys_ioctl fs/ioctl.c:872 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__arm64_sys_ioctl+0xe4/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
Code: 91006320 d2d0001a d343fc08 f2fbfffa (38736908)
---[ end trace 60d3f6a2ce4d24fd ]---
----------------
Code disassembly (best guess):
0: 91006320 add x0, x25, #0x18
4: d2d0001a mov x26, #0x800000000000 // #140737488355328
8: d343fc08 lsr x8, x0, #3
c: f2fbfffa movk x26, #0xdfff, lsl #48
* 10: 38736908 ldrb w8, [x8, x19] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11d79862c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link: https://syzkaller.appspot.com/bug?extid=798d81a034a88c5e8aad
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+798d81...@syzkaller.appspotmail.com
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
==================================================================
BUG: KASAN: null-ptr-deref in xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:225 [inline]
BUG: KASAN: null-ptr-deref in xlog_cil_commit+0x2f4/0x23f4 fs/xfs/xfs_log_cil.c:1264
Write of size 88 at addr 0000000000000000 by task syz-executor.3/11372
CPU: 1 PID: 11372 Comm: syz-executor.3 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
__kasan_report mm/kasan/report.c:438 [inline]
kasan_report+0x168/0x1e4 mm/kasan/report.c:451
kasan_check_range+0x274/0x2b4 mm/kasan/generic.c:189
memset+0x58/0x88 mm/kasan/shadow.c:44
xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:225 [inline]
xlog_cil_commit+0x2f4/0x23f4 fs/xfs/xfs_log_cil.c:1264
__xfs_trans_commit+0x834/0x1018 fs/xfs/xfs_trans.c:881
xfs_trans_commit+0x24/0x34 fs/xfs/xfs_trans.c:925
xfs_fileattr_set+0xe0c/0x15b8 fs/xfs/xfs_ioctl.c:1478
vfs_fileattr_set+0x708/0xad0 fs/ioctl.c:700
do_vfs_ioctl+0x1634/0x2a38
__do_sys_ioctl fs/ioctl.c:872 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__arm64_sys_ioctl+0xe4/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
==================================================================
Unable to handle kernel paging request at virtual address dfff800000000003
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000003] address between user and kernel address ranges
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 11372 Comm: syz-executor.3 Tainted: G B 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:227 [inline]
pc : xlog_cil_commit+0x304/0x23f4 fs/xfs/xfs_log_cil.c:1264
lr : xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:225 [inline]
lr : xlog_cil_commit+0x2f4/0x23f4 fs/xfs/xfs_log_cil.c:1264
sp : ffff8000269f74e0
x29: ffff8000269f7600 x28: ffff0001061a6140 x27: 1ffff00004d3eeb8
x26: dfff800000000000 x25: 0000000000000000 x24: ffff0001061a6150
x23: 0000000000000150 x22: 1fffe00020c34c38 x21: ffff0001061a61c0
x20: 0000000000000002 x19: dfff800000000000 x18: 1fffe0003690238e
x17: 1fffe0003690238e x16: ffff800011979fe4 x15: ffff8000149cf960
x14: ffff0001b4811c80 x13: ffffffffffffffff x12: 0000000000040000
x11: 000000000003ffff x10: ffff80001fe8b000 x9 : 0000000000000000
x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff80000826bc28
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000819ea18
x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000018
Call trace:
xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:227 [inline]
xlog_cil_commit+0x304/0x23f4 fs/xfs/xfs_log_cil.c:1264
__xfs_trans_commit+0x834/0x1018 fs/xfs/xfs_trans.c:881
xfs_trans_commit+0x24/0x34 fs/xfs/xfs_trans.c:925
xfs_fileattr_set+0xe0c/0x15b8 fs/xfs/xfs_ioctl.c:1478
vfs_fileattr_set+0x708/0xad0 fs/ioctl.c:700
do_vfs_ioctl+0x1634/0x2a38
__do_sys_ioctl fs/ioctl.c:872 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__arm64_sys_ioctl+0xe4/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
Code: 91006320 d2d0001a d343fc08 f2fbfffa (38736908)
---[ end trace 60d3f6a2ce4d24fd ]---
----------------
Code disassembly (best guess):
0: 91006320 add x0, x25, #0x18
4: d2d0001a mov x26, #0x800000000000 // #140737488355328
8: d343fc08 lsr x8, x0, #3
c: f2fbfffa movk x26, #0xdfff, lsl #48
* 10: 38736908 ldrb w8, [x8, x19] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 9, 2023, 9:13:47 PM3/9/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1439c798c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=137ca67cc80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/0b1b73ea8b8e/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+798d81...@syzkaller.appspotmail.com
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
==================================================================
BUG: KASAN: null-ptr-deref in xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:225 [inline]
BUG: KASAN: null-ptr-deref in xlog_cil_commit+0x2f4/0x23f4 fs/xfs/xfs_log_cil.c:1264
Write of size 88 at addr 0000000000000000 by task syz-executor590/4052
CPU: 0 PID: 4052 Comm: syz-executor590 Not tainted 5.15.98-syzkaller #0
CPU: 0 PID: 4052 Comm: syz-executor590 Tainted: G B 5.15.98-syzkaller #0
x29: ffff80001afa7600 x28: ffff0000dbdef000 x27: 1ffff000035f4eb8
x26: dfff800000000000 x25: 0000000000000000 x24: ffff0000dbdef010
x23: 0000000000000150 x22: 1fffe0001b7bde10 x21: ffff0000dbdef080
x20: 0000000000000002 x19: dfff800000000000 x18: 1fffe000368fe38e
x17: 1fffe000368fe38e x16: ffff800011979fe4 x15: ffff8000149cf960
x14: ffff0001b47f1c80 x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000819ea4c x10: 0000000000000000 x9 : 0000000000000000
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link: https://syzkaller.appspot.com/bug?extid=798d81a034a88c5e8aad
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1474ef04c80000
dashboard link: https://syzkaller.appspot.com/bug?extid=798d81a034a88c5e8aad
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=137ca67cc80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+798d81...@syzkaller.appspotmail.com
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
==================================================================
BUG: KASAN: null-ptr-deref in xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:225 [inline]
BUG: KASAN: null-ptr-deref in xlog_cil_commit+0x2f4/0x23f4 fs/xfs/xfs_log_cil.c:1264
CPU: 0 PID: 4052 Comm: syz-executor590 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:227 [inline]
pc : xlog_cil_commit+0x304/0x23f4 fs/xfs/xfs_log_cil.c:1264
lr : xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:225 [inline]
lr : xlog_cil_commit+0x2f4/0x23f4 fs/xfs/xfs_log_cil.c:1264
sp : ffff80001afa74e0
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:227 [inline]
pc : xlog_cil_commit+0x304/0x23f4 fs/xfs/xfs_log_cil.c:1264
lr : xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:225 [inline]
lr : xlog_cil_commit+0x2f4/0x23f4 fs/xfs/xfs_log_cil.c:1264
x29: ffff80001afa7600 x28: ffff0000dbdef000 x27: 1ffff000035f4eb8
x26: dfff800000000000 x25: 0000000000000000 x24: ffff0000dbdef010
x23: 0000000000000150 x22: 1fffe0001b7bde10 x21: ffff0000dbdef080
x20: 0000000000000002 x19: dfff800000000000 x18: 1fffe000368fe38e
x17: 1fffe000368fe38e x16: ffff800011979fe4 x15: ffff8000149cf960
x14: ffff0001b47f1c80 x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000819ea4c x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff80000826bc28
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000819ea18
x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000018
Call trace:
xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:227 [inline]
xlog_cil_commit+0x304/0x23f4 fs/xfs/xfs_log_cil.c:1264
__xfs_trans_commit+0x834/0x1018 fs/xfs/xfs_trans.c:881
xfs_trans_commit+0x24/0x34 fs/xfs/xfs_trans.c:925
xfs_fileattr_set+0xe0c/0x15b8 fs/xfs/xfs_ioctl.c:1478
vfs_fileattr_set+0x708/0xad0 fs/ioctl.c:700
do_vfs_ioctl+0x1634/0x2a38
__do_sys_ioctl fs/ioctl.c:872 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__arm64_sys_ioctl+0xe4/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
Code: 91006320 d2d0001a d343fc08 f2fbfffa (38736908)
---[ end trace 74bcdfbab03f3b82 ]---
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000819ea18
x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000018
Call trace:
xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:227 [inline]
xlog_cil_commit+0x304/0x23f4 fs/xfs/xfs_log_cil.c:1264
__xfs_trans_commit+0x834/0x1018 fs/xfs/xfs_trans.c:881
xfs_trans_commit+0x24/0x34 fs/xfs/xfs_trans.c:925
xfs_fileattr_set+0xe0c/0x15b8 fs/xfs/xfs_ioctl.c:1478
vfs_fileattr_set+0x708/0xad0 fs/ioctl.c:700
do_vfs_ioctl+0x1634/0x2a38
__do_sys_ioctl fs/ioctl.c:872 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__arm64_sys_ioctl+0xe4/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
Code: 91006320 d2d0001a d343fc08 f2fbfffa (38736908)
syzbot
Oct 24, 2023, 1:18:42 AM10/24/23
to syzkaller...@googlegroups.com
syzbot suspects this issue could be fixed by backporting the following commit:
commit 8dc9384b7d75012856b02ff44c37566a55fc2abf
git tree: upstream
Author: Dave Chinner <dchi...@redhat.com>
Date: Wed Jan 5 01:22:18 2022 +0000
xfs: reduce kvmalloc overhead for CIL shadow buffers
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11b79135680000
kernel config: https://syzkaller.appspot.com/x/.config?x=d4215fb4040f8f8d
dashboard link: https://syzkaller.appspot.com/bug?extid=798d81a034a88c5e8aad
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12b74802c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11c03481c80000
Please keep in mind that other backports might be required as well.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 8dc9384b7d75012856b02ff44c37566a55fc2abf
git tree: upstream
Author: Dave Chinner <dchi...@redhat.com>
Date: Wed Jan 5 01:22:18 2022 +0000
xfs: reduce kvmalloc overhead for CIL shadow buffers
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11b79135680000
kernel config: https://syzkaller.appspot.com/x/.config?x=d4215fb4040f8f8d
dashboard link: https://syzkaller.appspot.com/bug?extid=798d81a034a88c5e8aad
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12b74802c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11c03481c80000
Please keep in mind that other backports might be required as well.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages