From: syzbot <syzbot+3cb3d9e8c3f197754825@syzkaller.appspotmail.com>
To: kent.overstreet@linux.dev, linux-bcachefs@vger.kernel.org,
linux-kernel@vger.kernel.org, mmpgouride@gmail.com,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in validate_bset_keys
Date: Thu, 06 Mar 2025 09:48:02 -0800 [thread overview]
Message-ID: <67c9dfd2.050a0220.15b4b9.0042.GAE@google.com> (raw)
In-Reply-To: <1EE34FAC-7796-4D28-AA51-1A85E3489DDD@gmail.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in __bch2_btree_node_write
bucket 0:127 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
done
bcachefs (loop0): going read-write
bcachefs (loop0): journal_replay...
------------[ cut here ]------------
kernel BUG at fs/bcachefs/btree_io.c:2079!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 UID: 0 PID: 8204 Comm: syz.0.85 Not tainted 6.14.0-rc5-syzkaller-g14d05f12084d-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __bch2_btree_node_write+0x3514/0x3660 fs/bcachefs/btree_io.c:2079
lr : __bch2_btree_node_write+0x3514/0x3660 fs/bcachefs/btree_io.c:2079
sp : ffff80009bd66420
x29: ffff80009bd666f0 x28: dfff800000000000 x27: 0000000000000003
x26: ffff80009bd66540 x25: 0000000000007c00 x24: 0000000000000863
x23: ffff0000d5a930b8 x22: ffff0000d5a930b8 x21: ffff0000eb480000
x20: 0000000000000001 x19: 0000000000000001 x18: 0000000000000000
x17: 0000000000000000 x16: ffff80008b729288 x15: 0000000000000001
x14: 1ffff000137accd2 x13: 0000000000000000 x12: 0000000000000000
x11: ffff7000137accd3 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000da4f9e80 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000829b0b3c
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
__bch2_btree_node_write+0x3514/0x3660 fs/bcachefs/btree_io.c:2079 (P)
bch2_btree_node_write_trans+0x9c/0x650 fs/bcachefs/btree_io.c:2360
btree_node_write_if_need fs/bcachefs/btree_io.h:153 [inline]
__btree_node_flush+0x254/0x2e8 fs/bcachefs/btree_trans_commit.c:252
bch2_btree_node_flush0+0x38/0x50 fs/bcachefs/btree_trans_commit.c:261
journal_flush_pins+0x6f4/0xc98 fs/bcachefs/journal_reclaim.c:589
journal_flush_pins_or_still_flushing fs/bcachefs/journal_reclaim.c:861 [inline]
journal_flush_done+0xe8/0x6ac fs/bcachefs/journal_reclaim.c:879
bch2_journal_flush_pins+0xf4/0x348 fs/bcachefs/journal_reclaim.c:911
bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline]
bch2_journal_replay+0x1c28/0x1f64 fs/bcachefs/recovery.c:442
bch2_run_recovery_pass+0xe4/0x1d4 fs/bcachefs/recovery_passes.c:226
bch2_run_recovery_passes+0x260/0x92c fs/bcachefs/recovery_passes.c:291
bch2_fs_recovery+0x20e0/0x32ec fs/bcachefs/recovery.c:936
bch2_fs_start+0x32c/0x570 fs/bcachefs/super.c:1041
bch2_fs_get_tree+0xa50/0x11d4 fs/bcachefs/fs.c:2203
vfs_get_tree+0x90/0x28c fs/super.c:1814
do_new_mount+0x278/0x900 fs/namespace.c:3560
path_mount+0x590/0xe04 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount fs/namespace.c:4088 [inline]
__arm64_sys_mount+0x4f4/0x5d0 fs/namespace.c:4088
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
Code: d4210000 9773b6fe d4210000 9773b6fc (d4210000)
---[ end trace 0000000000000000 ]---
Tested on:
commit: 14d05f12 Merge remote-tracking branch 'will/for-next/p..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=12e78a64580000
kernel config: https://syzkaller.appspot.com/x/.config?x=afb3000d0159783f
dashboard link: https://syzkaller.appspot.com/bug?extid=3cb3d9e8c3f197754825
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch: https://syzkaller.appspot.com/x/patch.diff?x=1236ca54580000
next prev parent reply other threads:[~2025-03-06 17:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-03 14:51 [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in validate_bset_keys syzbot
2025-03-06 17:09 ` Alan Huang
2025-03-06 17:48 ` syzbot [this message]
2025-03-07 8:29 ` [syzbot] " syzbot
[not found] <7DF09BB7-B234-432B-A5A0-98575B756EFF@gmail.com>
2025-03-07 9:03 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67c9dfd2.050a0220.15b4b9.0042.GAE@google.com \
--to=syzbot+3cb3d9e8c3f197754825@syzkaller.appspotmail.com \
--cc=kent.overstreet@linux.dev \
--cc=linux-bcachefs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mmpgouride@gmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.