Re: [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in validate_bset_keys
From: syzbot
Date: Thu Mar 06 2025 - 12:48:08 EST
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in __bch2_btree_node_write
bucket 0:127 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
done
bcachefs (loop0): going read-write
bcachefs (loop0): journal_replay...
------------[ cut here ]------------
kernel BUG at fs/bcachefs/btree_io.c:2079!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 UID: 0 PID: 8204 Comm: syz.0.85 Not tainted 6.14.0-rc5-syzkaller-g14d05f12084d-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __bch2_btree_node_write+0x3514/0x3660 fs/bcachefs/btree_io.c:2079
lr : __bch2_btree_node_write+0x3514/0x3660 fs/bcachefs/btree_io.c:2079
sp : ffff80009bd66420
x29: ffff80009bd666f0 x28: dfff800000000000 x27: 0000000000000003
x26: ffff80009bd66540 x25: 0000000000007c00 x24: 0000000000000863
x23: ffff0000d5a930b8 x22: ffff0000d5a930b8 x21: ffff0000eb480000
x20: 0000000000000001 x19: 0000000000000001 x18: 0000000000000000
x17: 0000000000000000 x16: ffff80008b729288 x15: 0000000000000001
x14: 1ffff000137accd2 x13: 0000000000000000 x12: 0000000000000000
x11: ffff7000137accd3 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000da4f9e80 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000829b0b3c
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
__bch2_btree_node_write+0x3514/0x3660 fs/bcachefs/btree_io.c:2079 (P)
bch2_btree_node_write_trans+0x9c/0x650 fs/bcachefs/btree_io.c:2360
btree_node_write_if_need fs/bcachefs/btree_io.h:153 [inline]
__btree_node_flush+0x254/0x2e8 fs/bcachefs/btree_trans_commit.c:252
bch2_btree_node_flush0+0x38/0x50 fs/bcachefs/btree_trans_commit.c:261
journal_flush_pins+0x6f4/0xc98 fs/bcachefs/journal_reclaim.c:589
journal_flush_pins_or_still_flushing fs/bcachefs/journal_reclaim.c:861 [inline]
journal_flush_done+0xe8/0x6ac fs/bcachefs/journal_reclaim.c:879
bch2_journal_flush_pins+0xf4/0x348 fs/bcachefs/journal_reclaim.c:911
bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline]
bch2_journal_replay+0x1c28/0x1f64 fs/bcachefs/recovery.c:442
bch2_run_recovery_pass+0xe4/0x1d4 fs/bcachefs/recovery_passes.c:226
bch2_run_recovery_passes+0x260/0x92c fs/bcachefs/recovery_passes.c:291
bch2_fs_recovery+0x20e0/0x32ec fs/bcachefs/recovery.c:936
bch2_fs_start+0x32c/0x570 fs/bcachefs/super.c:1041
bch2_fs_get_tree+0xa50/0x11d4 fs/bcachefs/fs.c:2203
vfs_get_tree+0x90/0x28c fs/super.c:1814
do_new_mount+0x278/0x900 fs/namespace.c:3560
path_mount+0x590/0xe04 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount fs/namespace.c:4088 [inline]
__arm64_sys_mount+0x4f4/0x5d0 fs/namespace.c:4088
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
Code: d4210000 9773b6fe d4210000 9773b6fc (d4210000)
---[ end trace 0000000000000000 ]---
Tested on:
commit: 14d05f12 Merge remote-tracking branch 'will/for-next/p..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=12e78a64580000
kernel config: https://syzkaller.appspot.com/x/.config?x=afb3000d0159783f
dashboard link: https://syzkaller.appspot.com/bug?extid=3cb3d9e8c3f197754825
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch: https://syzkaller.appspot.com/x/patch.diff?x=1236ca54580000