lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <67c9dfd2.050a0220.15b4b9.0042.GAE@google.com>
Date: Thu, 06 Mar 2025 09:48:02 -0800
From: syzbot <syzbot+3cb3d9e8c3f197754825@...kaller.appspotmail.com>
To: kent.overstreet@...ux.dev, linux-bcachefs@...r.kernel.org, 
	linux-kernel@...r.kernel.org, mmpgouride@...il.com, 
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in validate_bset_keys

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in __bch2_btree_node_write

bucket 0:127 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
 done
bcachefs (loop0): going read-write
bcachefs (loop0): journal_replay...
------------[ cut here ]------------
kernel BUG at fs/bcachefs/btree_io.c:2079!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 UID: 0 PID: 8204 Comm: syz.0.85 Not tainted 6.14.0-rc5-syzkaller-g14d05f12084d-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __bch2_btree_node_write+0x3514/0x3660 fs/bcachefs/btree_io.c:2079
lr : __bch2_btree_node_write+0x3514/0x3660 fs/bcachefs/btree_io.c:2079
sp : ffff80009bd66420
x29: ffff80009bd666f0 x28: dfff800000000000 x27: 0000000000000003
x26: ffff80009bd66540 x25: 0000000000007c00 x24: 0000000000000863
x23: ffff0000d5a930b8 x22: ffff0000d5a930b8 x21: ffff0000eb480000
x20: 0000000000000001 x19: 0000000000000001 x18: 0000000000000000
x17: 0000000000000000 x16: ffff80008b729288 x15: 0000000000000001
x14: 1ffff000137accd2 x13: 0000000000000000 x12: 0000000000000000
x11: ffff7000137accd3 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000da4f9e80 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000829b0b3c
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 __bch2_btree_node_write+0x3514/0x3660 fs/bcachefs/btree_io.c:2079 (P)
 bch2_btree_node_write_trans+0x9c/0x650 fs/bcachefs/btree_io.c:2360
 btree_node_write_if_need fs/bcachefs/btree_io.h:153 [inline]
 __btree_node_flush+0x254/0x2e8 fs/bcachefs/btree_trans_commit.c:252
 bch2_btree_node_flush0+0x38/0x50 fs/bcachefs/btree_trans_commit.c:261
 journal_flush_pins+0x6f4/0xc98 fs/bcachefs/journal_reclaim.c:589
 journal_flush_pins_or_still_flushing fs/bcachefs/journal_reclaim.c:861 [inline]
 journal_flush_done+0xe8/0x6ac fs/bcachefs/journal_reclaim.c:879
 bch2_journal_flush_pins+0xf4/0x348 fs/bcachefs/journal_reclaim.c:911
 bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline]
 bch2_journal_replay+0x1c28/0x1f64 fs/bcachefs/recovery.c:442
 bch2_run_recovery_pass+0xe4/0x1d4 fs/bcachefs/recovery_passes.c:226
 bch2_run_recovery_passes+0x260/0x92c fs/bcachefs/recovery_passes.c:291
 bch2_fs_recovery+0x20e0/0x32ec fs/bcachefs/recovery.c:936
 bch2_fs_start+0x32c/0x570 fs/bcachefs/super.c:1041
 bch2_fs_get_tree+0xa50/0x11d4 fs/bcachefs/fs.c:2203
 vfs_get_tree+0x90/0x28c fs/super.c:1814
 do_new_mount+0x278/0x900 fs/namespace.c:3560
 path_mount+0x590/0xe04 fs/namespace.c:3887
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount fs/namespace.c:4088 [inline]
 __arm64_sys_mount+0x4f4/0x5d0 fs/namespace.c:4088
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
Code: d4210000 9773b6fe d4210000 9773b6fc (d4210000) 
---[ end trace 0000000000000000 ]---


Tested on:

commit:         14d05f12 Merge remote-tracking branch 'will/for-next/p..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=12e78a64580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=afb3000d0159783f
dashboard link: https://syzkaller.appspot.com/bug?extid=3cb3d9e8c3f197754825
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1236ca54580000

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ