Hello,
syzbot found the following issue on:
HEAD commit: ca72d58361ee Merge branch 'for-next/core' into for-kernelci
git tree: git://
git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output:
https://syzkaller.appspot.com/x/log.txt?x=1148ebbd480000
kernel config:
https://syzkaller.appspot.com/x/.config?x=c393c46b4d99bd44
dashboard link:
https://syzkaller.appspot.com/bug?extid=d29c4491d7df3307a7e4
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
CC: [
dchi...@redhat.com djw...@kernel.org linux-...@vger.kernel.org linu...@vger.kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/c61dbbcb24f1/disk-ca72d583.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/e8bbfee7730b/vmlinux-ca72d583.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/d63117edadbc/Image-ca72d583.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+d29c44...@syzkaller.appspotmail.com
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
ESR = 0x0000000096000005
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x05: level 1 translation fault
Data abort info:
ISV = 0, ISS = 0x00000005
CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000015282c000
[0000000000000000] pgd=080000015d067003, p4d=080000015d067003, pud=0000000000000000
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 26979 Comm: kworker/u4:4 Not tainted 6.2.0-rc6-syzkaller-17549-gca72d58361ee #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Workqueue: xfs_iwalk-12762 xfs_pwork_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : xfs_alloc_read_agf+0x44/0x374 fs/xfs/libxfs/xfs_alloc.c:3090
lr : xfs_alloc_read_agf+0x44/0x374 fs/xfs/libxfs/xfs_alloc.c:3084
sp : ffff800020f73780
x29: ffff800020f737b0 x28: ffff80000c2b3928 x27: ffff0000c43f1550
x26: ffff0000c81a09e8 x25: 0000000000001fff x24: 000000000007ffff
x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000
x20: ffff00011d2ec658 x19: ffff800020f73818 x18: 00000000000000c0
x17: ffff80000df8d158 x16: ffff80000ddcb118 x15: ffff00011ca0ce00
x14: 0000000000000000 x13: 00000000ffffffff x12: ffff00011ca0ce00
x11: ff80800008dc0f4c x10: 0000000000000000 x9 : ffff800008dc0f4c
x8 : ffff00011ca0ce00 x7 : ffff800008dbe53c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800020f73818
x2 : 0000000000000000 x1 : ffff00011d2ec658 x0 : 0000000000000000
Call trace:
xfs_alloc_read_agf+0x44/0x374 fs/xfs/libxfs/xfs_alloc.c:3084
xfs_agfl_free_finish_item+0x94/0x188 fs/xfs/xfs_extfree_item.c:544
xfs_defer_finish_one fs/xfs/libxfs/xfs_defer.c:479 [inline]
xfs_defer_finish_noroll+0x480/0x6ec fs/xfs/libxfs/xfs_defer.c:563
__xfs_trans_commit+0x1e0/0x498 fs/xfs/xfs_trans.c:970
xfs_trans_commit+0x24/0x34 fs/xfs/xfs_trans.c:1049
xfs_dquot_disk_alloc+0x330/0x37c fs/xfs/xfs_dquot.c:384
xfs_qm_dqread+0x98/0x1bc fs/xfs/xfs_dquot.c:665
xfs_qm_dqget+0x16c/0x2ac fs/xfs/xfs_dquot.c:870
xfs_qm_quotacheck_dqadjust+0x68/0x178 fs/xfs/xfs_qm.c:1085
xfs_qm_dqusage_adjust+0x1c0/0x2a4 fs/xfs/xfs_qm.c:1190
xfs_iwalk_ag_recs+0x150/0x214 fs/xfs/xfs_iwalk.c:220
xfs_iwalk_run_callbacks+0xc8/0x1c4 fs/xfs/xfs_iwalk.c:376
xfs_iwalk_ag+0x308/0x3e8 fs/xfs/xfs_iwalk.c:482
xfs_iwalk_ag_work+0xb4/0x104 fs/xfs/xfs_iwalk.c:624
xfs_pwork_work+0x2c/0xf4 fs/xfs/xfs_pwork.c:47
process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
worker_thread+0x340/0x610 kernel/workqueue.c:2436
kthread+0x12c/0x158 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
Code: aa0103f4 aa0003f6 f81f83a8 97d3b22b (f94002c0)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: aa0103f4 mov x20, x1
4: aa0003f6 mov x22, x0
8: f81f83a8 stur x8, [x29, #-8]
c: 97d3b22b bl 0xffffffffff4ec8b8
* 10: f94002c0 ldr x0, [x22] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.