Re: [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in bch2_btree_node_read_done

Next message: Nathan Chancellor: "[GIT PULL] Kbuild updates for 6.18"
Previous message: Koralahalli Channabasappa, Smita: "Re: [RFC PATCH 6/6] cxl/region, dax/hmem: Guard CXL DAX region creation and tighten HMEM deps"
In reply to: syzbot: "Re: [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in bch2_btree_node_read_done"
Next in thread: syzbot: "Re: [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in bch2_btree_node_read_done"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Edward Adam Davis

Date: Tue Sep 30 2025 - 00:09:19 EST

#syz test: upstream 083fc6d7fa0d

diff --git a/fs/bcachefs/btree_io.c b/fs/bcachefs/btree_io.c
index 590cd29f3e86..ab14fff1452f 100644
--- a/fs/bcachefs/btree_io.c
+++ b/fs/bcachefs/btree_io.c
@@ -1087,6 +1087,13 @@ int bch2_btree_node_read_done(struct bch_fs *c, struct bch_dev *ca,
"bad magic: want %llx, got %llx",
bset_magic(c), le64_to_cpu(b->data->magic));

+ btree_err_on(ptr_written >= btree_sectors(c),
+ -BCH_ERR_btree_node_read_err_must_retry,
+ c, ca, b, NULL, NULL,
+ btree_node_bad_magic,
+ "wrong written %u, btree sectors is %lu",
+ ptr_written, btree_sectors(c));
+
if (b->key.k.type == KEY_TYPE_btree_ptr_v2) {
struct bch_btree_ptr_v2 *bp =
&bkey_i_to_btree_ptr_v2(&b->key)->v;