syzbot


BUG: unable to handle kernel NULL pointer dereference in xfs_alloc_read_agf

Status: auto-obsoleted due to no activity on 2023/05/07 14:26
Subsystems: xfs
[Documentation on labels]
Reported-by: syzbot+d29c4491d7df3307a7e4@syzkaller.appspotmail.com
First crash: 406d, last: 406d

Sample crash report:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005
  CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000015282c000
[0000000000000000] pgd=080000015d067003, p4d=080000015d067003, pud=0000000000000000
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 26979 Comm: kworker/u4:4 Not tainted 6.2.0-rc6-syzkaller-17549-gca72d58361ee #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Workqueue: xfs_iwalk-12762 xfs_pwork_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : xfs_alloc_read_agf+0x44/0x374 fs/xfs/libxfs/xfs_alloc.c:3090
lr : xfs_alloc_read_agf+0x44/0x374 fs/xfs/libxfs/xfs_alloc.c:3084
sp : ffff800020f73780
x29: ffff800020f737b0 x28: ffff80000c2b3928 x27: ffff0000c43f1550
x26: ffff0000c81a09e8 x25: 0000000000001fff x24: 000000000007ffff
x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000
x20: ffff00011d2ec658 x19: ffff800020f73818 x18: 00000000000000c0
x17: ffff80000df8d158 x16: ffff80000ddcb118 x15: ffff00011ca0ce00
x14: 0000000000000000 x13: 00000000ffffffff x12: ffff00011ca0ce00
x11: ff80800008dc0f4c x10: 0000000000000000 x9 : ffff800008dc0f4c
x8 : ffff00011ca0ce00 x7 : ffff800008dbe53c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800020f73818
x2 : 0000000000000000 x1 : ffff00011d2ec658 x0 : 0000000000000000
Call trace:
 xfs_alloc_read_agf+0x44/0x374 fs/xfs/libxfs/xfs_alloc.c:3084
 xfs_agfl_free_finish_item+0x94/0x188 fs/xfs/xfs_extfree_item.c:544
 xfs_defer_finish_one fs/xfs/libxfs/xfs_defer.c:479 [inline]
 xfs_defer_finish_noroll+0x480/0x6ec fs/xfs/libxfs/xfs_defer.c:563
 __xfs_trans_commit+0x1e0/0x498 fs/xfs/xfs_trans.c:970
 xfs_trans_commit+0x24/0x34 fs/xfs/xfs_trans.c:1049
 xfs_dquot_disk_alloc+0x330/0x37c fs/xfs/xfs_dquot.c:384
 xfs_qm_dqread+0x98/0x1bc fs/xfs/xfs_dquot.c:665
 xfs_qm_dqget+0x16c/0x2ac fs/xfs/xfs_dquot.c:870
 xfs_qm_quotacheck_dqadjust+0x68/0x178 fs/xfs/xfs_qm.c:1085
 xfs_qm_dqusage_adjust+0x1c0/0x2a4 fs/xfs/xfs_qm.c:1190
 xfs_iwalk_ag_recs+0x150/0x214 fs/xfs/xfs_iwalk.c:220
 xfs_iwalk_run_callbacks+0xc8/0x1c4 fs/xfs/xfs_iwalk.c:376
 xfs_iwalk_ag+0x308/0x3e8 fs/xfs/xfs_iwalk.c:482
 xfs_iwalk_ag_work+0xb4/0x104 fs/xfs/xfs_iwalk.c:624
 xfs_pwork_work+0x2c/0xf4 fs/xfs/xfs_pwork.c:47
 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
 worker_thread+0x340/0x610 kernel/workqueue.c:2436
 kthread+0x12c/0x158 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
Code: aa0103f4 aa0003f6 f81f83a8 97d3b22b (f94002c0) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	aa0103f4 	mov	x20, x1
   4:	aa0003f6 	mov	x22, x0
   8:	f81f83a8 	stur	x8, [x29, #-8]
   c:	97d3b22b 	bl	0xffffffffff4ec8b8
* 10:	f94002c0 	ldr	x0, [x22] <-- trapping instruction

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/02/06 14:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ca72d58361ee be607b78 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel NULL pointer dereference in xfs_alloc_read_agf
* Struck through repros no longer work on HEAD.