syzbot


general protection fault in __xfs_free_extent

Status: fixed on 2023/06/08 14:41
Subsystems: xfs
[Documentation on labels]
Reported-by: syzbot+bfbc1eecdfb9b10e5792@syzkaller.appspotmail.com
Fix commit: b2ccab3199aa xfs: pass per-ag references to xfs_free_extent
First crash: 461d, last: 338d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit b2ccab3199aa7cea9154d80ea2585312c5f6eba0
Author: Darrick J. Wong <djwong@kernel.org>
Date: Wed Apr 12 01:59:53 2023 +0000

  xfs: pass per-ag references to xfs_free_extent

  
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] general protection fault in __xfs_free_extent 1 (3) 2023/05/30 09:58
[syzbot] Monthly xfs report 3 (4) 2023/04/12 21:54
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: unable to handle kernel paging request in __xfs_free_extent origin:lts-only C error 26 25d 296d 0/3 upstream: reported C repro on 2023/05/28 08:56
linux-6.1 general protection fault in __xfs_free_extent origin:lts-only C done 21 25d 296d 0/3 upstream: reported C repro on 2023/05/28 08:42
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2023/05/25 00:48 10h33m (2) bisect fix upstream job log (1)
2023/02/08 14:33 54m bisect fix upstream job log (0) log

Sample crash report:
loop0: detected capacity change from 0 to 32768
XFS (loop0): Mounting V5 Filesystem
XFS (loop0): Ending clean mount
XFS (loop0): Quotacheck needed: Please wait.
XFS (loop0): Quotacheck: Done.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000109fa7000
[0000000000000008] pgd=080000010b97c003, p4d=080000010b97c003, pud=080000010b335003, pmd=0000000000000000
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3073 Comm: syz-executor418 Not tainted 6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : xfs_free_extent_fix_freelist fs/xfs/libxfs/xfs_alloc.c:3358 [inline]
pc : __xfs_free_extent+0x88/0x274 fs/xfs/libxfs/xfs_alloc.c:3407
lr : __xfs_free_extent+0x60/0x274 fs/xfs/libxfs/xfs_alloc.c:3406
sp : ffff80000fee39d0
x29: ffff80000fee3a70 x28: 0000000000002000 x27: 0000000000000001
x26: ffff0000c9e44000 x25: ffff80000c1ff898 x24: 000000000000000d
x23: ffff0000ca430200 x22: ffff0000c9e44000 x21: 0000000000000000
x20: ffff0000c9f46000 x19: ffff0000cb210800 x18: 00000000000000c0
x17: ffff80000dda8198 x16: ffff80000dbe6158 x15: ffff0000c66ab480
x14: 0000000000000000 x13: 00000000ffffffff x12: ffff0000c66ab480
x11: ff80800008daa450 x10: 0000000000000000 x9 : ffff800008daa450
x8 : ffff0000c9e44000 x7 : ffff800008dacf34 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800008db2880
x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
 xfs_free_extent_fix_freelist fs/xfs/libxfs/xfs_alloc.c:3357 [inline]
 __xfs_free_extent+0x88/0x274 fs/xfs/libxfs/xfs_alloc.c:3407
 xfs_free_extent fs/xfs/libxfs/xfs_alloc.h:147 [inline]
 xfs_ag_extend_space+0x168/0x220 fs/xfs/libxfs/xfs_ag.c:985
 xfs_resizefs_init_new_ags+0x160/0x1a0 fs/xfs/xfs_fsops.c:77
 xfs_growfs_data_private+0x2c0/0x514 fs/xfs/xfs_fsops.c:151
 xfs_growfs_data+0xf0/0x244 fs/xfs/xfs_fsops.c:294
 xfs_file_ioctl+0x1108/0x17bc fs/xfs/xfs_ioctl.c:2068
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __arm64_sys_ioctl+0xd0/0x140 fs/ioctl.c:856
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Code: a903ffff a902ffff a901ffff a900a3f4 (b940081a) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	a903ffff 	stp	xzr, xzr, [sp, #56]
   4:	a902ffff 	stp	xzr, xzr, [sp, #40]
   8:	a901ffff 	stp	xzr, xzr, [sp, #24]
   c:	a900a3f4 	stp	x20, x8, [sp, #8]
* 10:	b940081a 	ldr	w26, [x0, #8] <-- trapping instruction

Crashes (17):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/12/14 08:02 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 e660de91 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in __xfs_free_extent
2022/12/14 06:14 upstream 02bf43c7b7f7 f6511626 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs general protection fault in __xfs_free_extent
2023/04/16 01:33 upstream a7a55e27ad72 ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __xfs_free_extent
2023/04/13 22:59 upstream de4664485abb 3cfcaa1b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __xfs_free_extent
2023/04/11 21:17 upstream e62252bc55b6 49faf98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __xfs_free_extent
2023/03/19 14:00 upstream a3671bd86a97 7939252e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in __xfs_free_extent
2023/03/01 11:13 upstream c0927a7a5391 ef65e6cb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __xfs_free_extent
2023/02/16 06:08 upstream 033c40a89f55 6be0f1f5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __xfs_free_extent
2023/01/09 08:00 upstream 1fe4fd6f5cad 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __xfs_free_extent
2023/01/01 15:31 upstream e4cf7c25bae5 ab32d508 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __xfs_free_extent
2022/12/27 17:51 upstream 1b929c02afd3 44712fbc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __xfs_free_extent
2022/12/23 21:53 upstream 8395ae05cb5a 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __xfs_free_extent
2022/12/14 09:32 upstream 02bf43c7b7f7 f6511626 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __xfs_free_extent
2022/12/14 05:59 upstream 02bf43c7b7f7 f6511626 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __xfs_free_extent
2023/04/05 12:50 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59caa87f9dfb 831373d3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in __xfs_free_extent
2023/03/16 17:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in __xfs_free_extent
2023/03/09 17:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in __xfs_free_extent
* Struck through repros no longer work on HEAD.