syzbot


KFENCE: memory corruption in xfs_iext_destroy

Status: closed as invalid on 2024/10/30 12:14
Subsystems: xfs
[Documentation on labels]
First crash: 133d, last: 133d

Sample crash report:
==================================================================
BUG: KFENCE: memory corruption in xfs_iext_destroy+0x66/0x100 fs/xfs/libxfs/xfs_iext_tree.c:1062

Corrupted memory at 0xffff88823beeafd0 [ 0xbc 0x00 0x00 0x00 0x00 0x00 0x00 0xb9 0x55 0x00 0x20 0x00 0x00 0x00 0x00 0x00 ] (in kfence-#116):
 xfs_iext_destroy+0x66/0x100 fs/xfs/libxfs/xfs_iext_tree.c:1062
 xfs_inode_free_callback+0x91/0x1d0 fs/xfs/xfs_icache.c:145
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823
 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
 run_ksoftirqd+0xca/0x130 kernel/softirq.c:927
 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

kfence-#116: 0xffff88823beeaf00-0xffff88823beeafcf, size=208, cache=kmalloc-256

allocated by task 6256 on cpu 1 at 122.782473s (1.154676s ago):
 __do_krealloc mm/slub.c:4784 [inline]
 krealloc_noprof+0xd6/0x2e0 mm/slub.c:4838
 xfs_iext_realloc_root fs/xfs/libxfs/xfs_iext_tree.c:613 [inline]
 xfs_iext_insert_raw+0x14d/0x23d0 fs/xfs/libxfs/xfs_iext_tree.c:647
 xfs_iext_insert+0x38/0x250 fs/xfs/libxfs/xfs_iext_tree.c:684
 xfs_bmap_add_extent_hole_delay+0x50f/0xb30 fs/xfs/libxfs/xfs_bmap.c:2677
 xfs_bmapi_reserve_delalloc+0x1134/0x1250 fs/xfs/libxfs/xfs_bmap.c:4145
 xfs_buffered_write_iomap_begin+0x122e/0x1a30 fs/xfs/xfs_iomap.c:1165
 iomap_iter+0x691/0xf60 fs/iomap/iter.c:91
 iomap_page_mkwrite+0x501/0xd20 fs/iomap/buffered-io.c:1517
 xfs_write_fault fs/xfs/xfs_file.c:1463 [inline]
 __xfs_filemap_fault+0x5e1/0xbc0 fs/xfs/xfs_file.c:1491
 do_page_mkwrite+0x198/0x480 mm/memory.c:3170
 do_shared_fault mm/memory.c:5375 [inline]
 do_fault mm/memory.c:5437 [inline]
 do_pte_missing mm/memory.c:3973 [inline]
 handle_pte_fault+0x1235/0x6830 mm/memory.c:5778
 __handle_mm_fault mm/memory.c:5921 [inline]
 handle_mm_fault+0x1106/0x1bb0 mm/memory.c:6089
 do_user_addr_fault arch/x86/mm/fault.c:1389 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x2b9/0x8c0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623

freed by task 24 on cpu 1 at 123.867150s (0.184625s ago):
 xfs_iext_destroy+0x66/0x100 fs/xfs/libxfs/xfs_iext_tree.c:1062
 xfs_inode_free_callback+0x91/0x1d0 fs/xfs/xfs_icache.c:145
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823
 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
 run_ksoftirqd+0xca/0x130 kernel/softirq.c:927
 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.12.0-rc1-next-20241003-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/07 23:44 linux-next c02d24a5af66 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KFENCE: memory corruption in xfs_iext_destroy
* Struck through repros no longer work on HEAD.