syzbot


WARNING in kvfree (2)

Status: fixed on 2023/07/01 16:05
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+64b645917ce07d89bde5@syzkaller.appspotmail.com
Fix commit: b87c7cdf2bed ext4: fix invalid free tracking in ext4_xattr_move_to_block()
First crash: 471d, last: 415d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] ext4: fix invalid free tracking in ext4_xattr_move_to_block() 4 (4) 2023/05/08 15:21
[syzbot] [ext4?] WARNING in kvfree (2) 0 (2) 2023/05/06 21:59
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in kvfree nfs 1 1362d 1361d 0/27 auto-closed as invalid on 2021/01/29 15:55
linux-6.1 WARNING in kvfree C done 3 414d 451d 3/3 fixed on 2023/06/07 17:22
Last patch testing requests (1)
Created Duration User Patch Repo Result
2023/05/07 03:37 22m tytso@mit.edu git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git tt/next OK log

Sample crash report:
EXT4-fs (loop0): 1 truncate cleaned up
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5931 at mm/slab_common.c:935 free_large_kmalloc+0x34/0x12c mm/slab_common.c:936
Modules linked in:
CPU: 1 PID: 5931 Comm: syz-executor235 Not tainted 6.3.0-rc7-syzkaller-g14f8db1c0f9a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : free_large_kmalloc+0x34/0x12c mm/slab_common.c:936
lr : kfree+0xf8/0x19c mm/slab_common.c:1013
sp : ffff80001e5a74e0
x29: ffff80001e5a74e0 x28: ffff0000deac34d8 x27: ffff0000e23195a4
x26: dfff800000000000 x25: 0000000000000020 x24: ffff0000c7a3ad00
x23: ffff0000c7a3a400 x22: 0000000000000000 x21: ffff800008809968
x20: ffff0000e23195a4 x19: fffffc000388c640 x18: ffff80001e5a6e80
x17: ffff800015d6d000 x16: ffff80001236e294 x15: ffff800008a6cf5c
x14: ffff800008a6cb2c x13: ffff800008062fb8 x12: 0000000000000003
x11: 0000000000000000 x10: 0000000000000000 x9 : 05ffc0000000202a
x8 : ffff800018986000 x7 : ffff800008063224 x6 : ffff800008063434
x5 : ffff0000d182bf38 x4 : ffff80001e5a72b0 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff0000e23195a4 x0 : fffffc000388c640
Call trace:
 free_large_kmalloc+0x34/0x12c mm/slab_common.c:936
 kfree+0xf8/0x19c mm/slab_common.c:1013
 kvfree+0x40/0x50 mm/util.c:649
 ext4_xattr_move_to_block fs/ext4/xattr.c:2680 [inline]
 ext4_xattr_make_inode_space fs/ext4/xattr.c:2743 [inline]
 ext4_expand_extra_isize_ea+0xcec/0x16b4 fs/ext4/xattr.c:2835
 __ext4_expand_extra_isize+0x290/0x348 fs/ext4/inode.c:5960
 ext4_try_to_expand_extra_isize fs/ext4/inode.c:6003 [inline]
 __ext4_mark_inode_dirty+0x448/0x848 fs/ext4/inode.c:6081
 __ext4_unlink+0x768/0x998 fs/ext4/namei.c:3255
 ext4_unlink+0x1b4/0x6a0 fs/ext4/namei.c:3298
 vfs_unlink+0x2f0/0x508 fs/namei.c:4250
 do_unlinkat+0x4c8/0x82c fs/namei.c:4316
 __do_sys_unlinkat fs/namei.c:4359 [inline]
 __se_sys_unlinkat fs/namei.c:4352 [inline]
 __arm64_sys_unlinkat+0xcc/0xfc fs/namei.c:4352
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
 el0_svc+0x4c/0x15c arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
irq event stamp: 16132
hardirqs last  enabled at (16131): [<ffff80000896749c>] kasan_quarantine_put+0x1a0/0x1c8 mm/kasan/quarantine.c:242
hardirqs last disabled at (16132): [<ffff800012369e90>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (15474): [<ffff800008033374>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (15472): [<ffff800008033340>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
object pointer: 0x000000001bcaf4ec
==================================================================
BUG: KASAN: invalid-free in kfree+0xf8/0x19c mm/slab_common.c:1013
Free of addr ffff0000e23195a4 by task syz-executor235/5931

CPU: 1 PID: 5931 Comm: syz-executor235 Tainted: G        W          6.3.0-rc7-syzkaller-g14f8db1c0f9a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
 show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:319 [inline]
 print_report+0x174/0x514 mm/kasan/report.c:430
 kasan_report_invalid_free+0xc4/0x114 mm/kasan/report.c:501
 __kasan_kfree_large+0xa4/0xc0 mm/kasan/common.c:272
 kasan_kfree_large include/linux/kasan.h:170 [inline]
 free_large_kmalloc+0x64/0x12c mm/slab_common.c:939
 kfree+0xf8/0x19c mm/slab_common.c:1013
 kvfree+0x40/0x50 mm/util.c:649
 ext4_xattr_move_to_block fs/ext4/xattr.c:2680 [inline]
 ext4_xattr_make_inode_space fs/ext4/xattr.c:2743 [inline]
 ext4_expand_extra_isize_ea+0xcec/0x16b4 fs/ext4/xattr.c:2835
 __ext4_expand_extra_isize+0x290/0x348 fs/ext4/inode.c:5960
 ext4_try_to_expand_extra_isize fs/ext4/inode.c:6003 [inline]
 __ext4_mark_inode_dirty+0x448/0x848 fs/ext4/inode.c:6081
 __ext4_unlink+0x768/0x998 fs/ext4/namei.c:3255
 ext4_unlink+0x1b4/0x6a0 fs/ext4/namei.c:3298
 vfs_unlink+0x2f0/0x508 fs/namei.c:4250
 do_unlinkat+0x4c8/0x82c fs/namei.c:4316
 __do_sys_unlinkat fs/namei.c:4359 [inline]
 __se_sys_unlinkat fs/namei.c:4352 [inline]
 __arm64_sys_unlinkat+0xcc/0xfc fs/namei.c:4352
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
 el0_svc+0x4c/0x15c arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591

The buggy address belongs to the physical page:
page:00000000c0a5c392 refcount:2 mapcount:0 mapping:0000000007c227a9 index:0x1 pfn:0x122319
memcg:ffff0000c1964000
aops:def_blk_aops ino:700000
flags: 0x5ffc0000002203e(referenced|uptodate|dirty|lru|active|private|mappedtodisk|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc0000002203e fffffc00061e7788 ffff0000c0036030 ffff0000c149ca10
raw: 0000000000000001 ffff0000e1554570 00000002ffffffff ffff0000c1964000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000e2319480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000e2319500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000e2319580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                               ^
 ffff0000e2319600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000e2319680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (47):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/06 21:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 90c93c40 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 WARNING in kvfree
2023/03/31 15:50 upstream 62bad54b26db f325deb0 .config console log report info ci-qemu-upstream WARNING in kvfree
2023/03/31 13:47 upstream 62bad54b26db f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in kvfree
2023/04/05 16:15 linux-next 8417c8f5007b 8b834965 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in kvfree
2023/03/31 13:46 linux-next 4b0f4525dc4f f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in kvfree
2023/05/06 21:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/05/03 12:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/26 09:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 7560799c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/25 13:02 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 65320f8e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/25 01:34 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a fdc18293 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/25 00:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a fdc18293 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/24 08:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/24 08:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/22 23:49 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/22 21:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/21 15:04 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/18 06:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 327bf9bb94cf 436577a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/17 05:01 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/17 03:01 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/16 10:27 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/16 09:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/16 05:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/14 22:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef 3cfcaa1b .config console log report info ci-upstream-gce-arm64 WARNING in kvfree
2023/04/14 21:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef 3cfcaa1b .config console log report info ci-upstream-gce-arm64 WARNING in kvfree
2023/04/14 11:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7920df21c1b7 3cfcaa1b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/14 02:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7920df21c1b7 3cfcaa1b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/11 14:35 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/11 02:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/10 17:14 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/10 16:14 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/10 13:52 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/10 06:35 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/07 12:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a f7ba566d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/06 03:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59caa87f9dfb 8b834965 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/05 05:13 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59caa87f9dfb 831373d3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/04 05:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59caa87f9dfb 7db618d0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/04/03 23:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59caa87f9dfb 7db618d0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/03/31 13:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59caa87f9dfb f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/03/27 05:57 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e8d018dd0257 fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/03/25 15:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e8d018dd0257 fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/03/16 04:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/03/16 01:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/03/15 10:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/03/13 13:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/03/11 18:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
2023/03/11 17:50 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in kvfree
* Struck through repros no longer work on HEAD.