From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DBE80C02198 for ; Tue, 18 Feb 2025 12:17:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1AF6D280125; Tue, 18 Feb 2025 07:17:05 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 15FAC280124; Tue, 18 Feb 2025 07:17:05 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 00030280125; Tue, 18 Feb 2025 07:17:04 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D5B8A280124 for ; Tue, 18 Feb 2025 07:17:04 -0500 (EST) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 4781E12106D for ; Tue, 18 Feb 2025 12:17:04 +0000 (UTC) X-FDA: 83132964768.11.7DDC7B7 Received: from mail-qk1-f180.google.com (mail-qk1-f180.google.com [209.85.222.180]) by imf17.hostedemail.com (Postfix) with ESMTP id E49E04001C for ; Tue, 18 Feb 2025 12:17:00 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=RKBK7jhB; spf=pass (imf17.hostedemail.com: domain of mmpgouride@gmail.com designates 209.85.222.180 as permitted sender) smtp.mailfrom=mmpgouride@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1739881020; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=94WjMlwBeMhqPjiS2ysQkSO3XWSoqcMcB1ehVgKIhdg=; b=yRXGTxFDaPBUGVrq25Ldu33jClrPJQCHbbdLAj1bTmuo8xfCfer7JMhabZIu0tQX0CPDm5 Ey/QGvWxd9hxAVkeqrTMuBwkj9QPFIMaLNGT2Cu2QzAs1Os0X7FRKd+DBCGyzNRqdg0PjE UL7pAslv0CwlFWtXu4DV9pmNOY7y8Ik= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=RKBK7jhB; spf=pass (imf17.hostedemail.com: domain of mmpgouride@gmail.com designates 209.85.222.180 as permitted sender) smtp.mailfrom=mmpgouride@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739881020; a=rsa-sha256; cv=none; b=xjAeym5IZt9U8cI11NF3dvv0Q/NdwBV0c16mAcLuyclVsO4R+wTTfhFK1VXu7lmu/jKV8l s6jaHP3I26nYHHlk2kQRRsR6es6dRD7sQckHYFUX5C3hRrDgO6YRoVkZCvogjszW8wxKJM JO8CascSObMwNPkP6QUfCCKQG3qexQ8= Received: by mail-qk1-f180.google.com with SMTP id af79cd13be357-7c0a4b030f2so147130685a.0 for ; Tue, 18 Feb 2025 04:17:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739881020; x=1740485820; darn=kvack.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=94WjMlwBeMhqPjiS2ysQkSO3XWSoqcMcB1ehVgKIhdg=; b=RKBK7jhBHskgKviFW2F42X/25reyWmtx0+Yp0/qCSBj5PIHdHGUTRmYExAXBa6XKhm bV39QEtfL+KsFJEWNWqNgi3O4MF5jq1Ltl2DvQkQ++JHTYLTChl3Ceho4Q7JdWKm6Mn0 lX21nMCYxBKgyn50jsUeG6TD7zbdD/iNSP17dAb2rL7IsckZQAFGqu2WkAceXidKzdQs bO5jpJlG/0cnzbLENf+0/vdIUabrOX1iVC0DkH74zLJe9CHDHJvgCEfXPgu9NJKJ2Jjl scTQY8bRhfqwLI8oUQKtahwekS7lH9HMxjAAeHQpnW8z/b76gN2UbWhafv/DnLGJdtaL h1GA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739881020; x=1740485820; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=94WjMlwBeMhqPjiS2ysQkSO3XWSoqcMcB1ehVgKIhdg=; b=itZcsE5B5IAYt/iQbjElHCYNFAYzlPkxxa5JZu0EHyM9tvwBOS7DWUIU31mdLYGCVJ qRMJS9XqlrVywR13hlcrSjYd7uplBfj/Bc+Isi/h30IwuMDiMV43c4q99vBZSjtkOkpy PVytkLh4dHshsMT/NvVzAKtSUM4XinNklVXO+DqVcW60rLrER3G0aczXK4Liuh/a9qhS wIGWCR599e+q0Xc9go1OPd/1OlqISwW6Ga0NiNsWqBf6ab9OfzxsRd4SONW+k3/hak9g YNX5VRqZJKM5MECI0GR61OdeFxl3w8pPKdi91IRkV72edZ4rvs/gNFyGC858kIlzqpTW Qsbg== X-Forwarded-Encrypted: i=1; AJvYcCVCLkar+d6T6fsoYg8RsZFu0WKkuSBbFTNCWDNpcPYsYuy8hQ//4YmqtdZ9aiwsgAy7WhfjTNT4HQ==@kvack.org X-Gm-Message-State: AOJu0YxorWXKXUx9c4DmN/mbNvwo9BPty4d2sPDAZbV61GyK33pYn60u pXHWb6PKWE6L+tbV9VxXAXtP6ZAo6xhciOiFvHKiSph2sFL+KXX4 X-Gm-Gg: ASbGncsua3Akw0KrbjOoMSpxtP3jIiSTs1a/DzMKxgZJe2T7+baep/aSPLPxSEvqNKz +rMlb//Zy6JwsjIDp9PLOqa4z8G3n/XVNlfkScfvgrWder+MNuEyfVXG793jTszAraDYEfkYpHA bzbWbxJT54KVhyCdNJo4Jv93zLceRpm7oJT+FAkEV7hg6qnKGbNOa+THFeD3Gdkq5D0g3ixhX+c 3g5bA8jKmOpBJuGP4nL4nE3Y117yk7PwGusN+bwu9uLxRu1Q2XOLy4SGvMeuqicuTHVGBDw4+8= X-Google-Smtp-Source: AGHT+IF1xdUiIX6SUXIQVTTsOeNV/e/Qk1hPYhapW6udf+cOK5U9s486ezIrSHhNrJ31mmeMN9qHLw== X-Received: by 2002:a05:620a:46a1:b0:7c0:7a8a:c0e3 with SMTP id af79cd13be357-7c08a9d8cb1mr1575218485a.26.1739881019814; Tue, 18 Feb 2025 04:16:59 -0800 (PST) Received: from smtpclient.apple ([2402:d0c0:11:86::1]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7c0b186f723sm25936085a.82.2025.02.18.04.16.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Feb 2025 04:16:59 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.400.131.1.6\)) Subject: Re: [syzbot] [mm?] [bcachefs?] WARNING in lock_list_lru_of_memcg From: Alan Huang In-Reply-To: Date: Tue, 18 Feb 2025 20:16:40 +0800 Cc: Andrew Morton , kent.overstreet@linux.dev, syzbot , chengming.zhou@linux.dev, hannes@cmpxchg.org, linux-bcachefs@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, mhocko@suse.com, muchun.song@linux.dev, roman.gushchin@linux.dev, sashal@kernel.org, shakeel.butt@linux.dev, syzkaller-bugs@googlegroups.com, willy@infradead.org, yuzhao@google.com, zhengqi.arch@bytedance.com Content-Transfer-Encoding: quoted-printable Message-Id: References: <675d01e9.050a0220.37aaf.00be.GAE@google.com> <67af8747.050a0220.21dd3.004c.GAE@google.com> <20250214152358.7ba29d10229e2155c0899774@linux-foundation.org> <751557A5-5417-497D-95FF-62E7CFCCDC59@gmail.com> To: Kairui Song X-Mailer: Apple Mail (2.3826.400.131.1.6) X-Rspam-User: X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: E49E04001C X-Stat-Signature: wj53ygfdm1a7tx7bafs9mfb1n779u4a6 X-HE-Tag: 1739881020-976168 X-HE-Meta: U2FsdGVkX19dipQDY97TMnPEjen4O37gDLENNlq+C2C6BCKwCyS/qgw3s0XxxinZNLiXdavjkMAFUTRuGnuO/4Fh2V77BVL05g3LCp/YE9j9VQ3x6/tF+CRGO2mykXg0k/7UMdIQ2HPt6tseYZeKWTOR5mEnoPST6JHG2qIlXE1pC6vS6AheUd4GMY80UedpLZr2wfaH1/7eIcDzpjj6J7Thsf+sqBIXH1jokqNW8Zr5XiV4ALb4qJaDZCV4q4gU4GOIPAWKBGgcuVSReu8wIAoaYs9c3t2NMzL8X/mpy6IUJYBABQIP/IHa3IWzIgfAd9UU9kb++1x4biXtnYIMaeApnsc+0IvFTnW2Gur1p5zNSfowK3tdLq7SaUwTQu3kkXYriCEurjAITWpDw/ZcruHJvadsLSMHUWDGUM405VZtMZV6Lv2kkZ16w6RdkFDAhL5Dwg74Te30fv/EqZBSMdd1SXWrLVnmPYmt+BWW4TVSiyv9D1l/uJBzMWoqGX/3eSNFpK/Su8QxgirfSP47/V0mT01ZB6DDMTzrahyFMAzCnUePJ6mVtk0rGKZK9YBV8m398lKPEnyOBnsqkqNszdIThj7w99pE5J8WVUEPIIqBYY0Eo1EPLFhYutsV2j8KYtb42JIwkeDntKJ4eFB2jedCCNbeGc4xyaJBMx3m25u+nivNGEBxsnu2P7RuVjlmkz2NK70dZNGSUFl6paUzmnmFdoU1c1Lfd7oAaUHpA2l3FARuaVCPAQ0qWUbtvGQC3yT2b/ZqONlP0wRPYw18mf9jjnKgga12ZP+FuYxZ1Yq0OdcZSGwAg1VSDUk1ITkZc+WHAOfp/73sbyNm0MbnD8NwxD/LBfUlxIu0OpN95PlEL3a0d8oL7GL273TpWYfdAp5OTSi6g1KnFJ+wUbB7zGhwHAMy+lmtA5PnoNJU1Nb17p8qwnlcE0yGhqKiJhUH81gFGQjs2kJ/zd2s449 z8emxddL fnp/kq1OR4ZUhXDiXCXPCKDXexKeJWKM37jGfG7QQJokfObu49QkuaRtTlm8T2Iu1c5FKeQgUKZnmx4kaLTW4xFSAfT/iIRsGscFjUVlcPqFQTdoKWLJZt2w7/SOtgzpbX63K0GKQAOzpVOWOqa6RohdvQkWH+lgjdNz0buIsjlArJD7a77ugsB3oO57PewA6UuZ+7gc/dTYyMOe9quBcVlskTqgKfaB63H2TSeWG1jpK7rem32tSaDP0DMrULve1wUPnU9k6MK2SHxIS7wXF7MuxjZRFCY71am1QG8xX3wPG/hENEXf03WpHI/q1/Hv7JW45dbDyvL5qd/WEouUiryyRM2vUi05DI+djIePqDSV8RqmhaOTIZXD7fUWM1/YgXLGGr9PvJuKzUBs/p6DwRTpbpw9t7//KE8Plb1D/yrzF4NUYUQW+0QHd0P5m/AMTFzSgRtHHotQol7hwpPR28Mj23QYEjQiLGyDxO6dUe3nklFN9+B44UiABwqA/d71lQiEZhPx37ldjEhi1OUe/VWRE3ntSC2R8ZNrXtcqDjvTQxSEzrYXkaTGNI4o9iPx5UZrQKYHqK+oRG7uJvEbBZJNQ6sXogAuE3y+ivMG1GpV3zjTuD4Oh8sUW2KDEEq4GanHIWvKthAj3N1oYlekxIs+xUrP3Uw3LYKK+1mRBu6/prDkIu+oNBEZoA31ergqTHpzyC9FEkxhuoztrlcSEyXSfZAEPc69dBnWDAvPMTB3Z9da326QCbSitfzW0VDXn5d6eeVSwlh8izlxzflfKWH5jzqLamdITZ/Kno2htXbBvySGrfxenRafQu9LhmTqHm3B5xsfiNzk3OXq/IAzlCEFwkaEttjqrk6FEIHDwRabmYO1nWlDmWVp9y6oYqNPSIvJoAgWNCYShEA3d/7RhPDgSnv6Zug+NG+PnqgDJvw96MgrdenVI7PBeLYKRfAWkC8yBF+g8y9GQVTRIjkv8GLLYIHG4 xhOzgF1K /hWQBSpuk64LQXi/Bh6MSXcLeCCaPt+93yoS18slnwDgof5bZZiBUq481XYG/TW9ZVIQByHY+knfdTm3G1oNJwQgTraAwUp6VwyTLAjWTcvGi4PBguSEF/tMsWIpzJfb9H+ckJADJdt3cm6+dZrjcRzneId+6nbpZwS6t+01dHgVluyIG5GrnA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Feb 18, 2025, at 19:40, Kairui Song wrote: >=20 > On Tue, Feb 18, 2025 at 2:09=E2=80=AFAM Alan Huang = wrote: >>=20 >> On Feb 18, 2025, at 01:12, Kairui Song wrote: >>>=20 >>> On Mon, Feb 17, 2025 at 12:13=E2=80=AFAM Kairui Song = wrote: >>>>=20 >>>> On Sat, Feb 15, 2025 at 7:24=E2=80=AFAM Andrew Morton = wrote: >>>>>=20 >>>>> On Fri, 14 Feb 2025 10:11:19 -0800 syzbot = wrote: >>>>>=20 >>>>>> syzbot has found a reproducer for the following issue on: >>>>>=20 >>>>> Thanks. I doubt if bcachefs is implicated in this? >>>>>=20 >>>>>> HEAD commit: 128c8f96eb86 Merge tag 'drm-fixes-2025-02-14' of = https://g.. >>>>>> git tree: upstream >>>>>> console output: = https://syzkaller.appspot.com/x/log.txt?x=3D148019a4580000 >>>>>> kernel config: = https://syzkaller.appspot.com/x/.config?x=3Dc776e555cfbdb82d >>>>>> dashboard link: = https://syzkaller.appspot.com/bug?extid=3D38a0cbd267eff2d286ff >>>>>> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils = for Debian) 2.40 >>>>>> syz repro: = https://syzkaller.appspot.com/x/repro.syz?x=3D12328bf8580000 >>>>>>=20 >>>>>> Downloadable assets: >>>>>> disk image (non-bootable): = https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_dis= k-128c8f96.raw.xz >>>>>> vmlinux: = https://storage.googleapis.com/syzbot-assets/a97f78ac821e/vmlinux-128c8f96= .xz >>>>>> kernel image: = https://storage.googleapis.com/syzbot-assets/f451cf16fc9f/bzImage-128c8f96= .xz >>>>>> mounted in repro: = https://storage.googleapis.com/syzbot-assets/a7da783f97cf/mount_3.gz >>>>>>=20 >>>>>> IMPORTANT: if you fix the issue, please add the following tag to = the commit: >>>>>> Reported-by: = syzbot+38a0cbd267eff2d286ff@syzkaller.appspotmail.com >>>>>>=20 >>>>>> ------------[ cut here ]------------ >>>>>> WARNING: CPU: 0 PID: 5459 at mm/list_lru.c:96 = lock_list_lru_of_memcg+0x39e/0x4d0 mm/list_lru.c:96 >>>>>=20 >>>>> VM_WARN_ON(!css_is_dying(&memcg->css)); >>>>=20 >>>> I'm checking this, when last time this was triggered, it was caused = by >>>> a list_lru user did not initialize the memcg list_lru properly = before >>>> list_lru reclaim started, and fixed by: >>>> = https://lore.kernel.org/all/20241222122936.67501-1-ryncsn@gmail.com/T/ >>>>=20 >>>> This shouldn't be a big issue, maybe there are leaks that will be >>>> fixed upon reparenting, and this new added sanity check might be = too >>>> lenient, I'm not 100% sure though. >>>>=20 >>>> Unfortunately I couldn't reproduce the issue locally with the >>>> reproducer yet. will keep the test running and see if it can hit = this >>>> WARN_ON. >>>=20 >>> So far I am still unable to trigger this VM_WARN_ON using the >>> reproducer, and I'm seeing many other random crashes. >>>=20 >>> But after I changed the .config a bit adding more debug configs >>> (SLAB_FREELIST_HARDENED, DEBUG_PAGEALLOC), following crash showed up >>> and will be triggered immediately after I start the test: >>>=20 >>> [ T1242] BUG: unable to handle page fault for address: = ffff888054c60000 >>> [ T1242] #PF: supervisor read access in kernel mode >>> [ T1242] #PF: error_code(0x0000) - not-present page >>> [ T1242] PGD 19e01067 P4D 19e01067 PUD 19e04067 PMD 7fc5c067 PTE >>> 800fffffab39f060 >>> [ T1242] Oops: Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN PTI >>> [ T1242] CPU: 1 UID: 0 PID: 1242 Comm: kworker/1:1H Not tainted >>> 6.14.0-rc2-00185-g128c8f96eb86 #2 >>> [ T1242] Hardware name: Red Hat KVM/RHEL-AV, BIOS >>> 1.16.0-4.module+el8.8.0+664+0a3d6c83 04/01/2014 >>> [ T1242] Workqueue: bcachefs_btree_read_complete = btree_node_read_work >>> [ T1242] RIP: 0010:validate_bset_keys+0xae3/0x14f0 >>> [ T6058] bcachefs (loop2): empty btree root xattrs >>> [ T1242] Code: 49 39 df 0f 87 fc 09 00 00 e8 79 54 a8 fd 41 0f b7 c6 >>> 48 8b 4c 24 68 48 8d 04 c1 4c 29 f8 48 c1 e8 03 89 c1 48 89 de 4c 89 >>> ff 48 a5 48 8b bc 24 c8 00 00 08 >>> [ T1242] RSP: 0018:ffffc900070a72c0 EFLAGS: 00010206 >>> [ T1242] RAX: 000000000000ec0f RBX: ffff888054c20110 RCX: = 0000000000006c31 >>> [ T1242] RDX: 0000000000000000 RSI: ffff888054c60000 RDI: = ffff888054c5ff90 >>> [ T1242] RBP: ffffc900070a7570 R08: ffff888065e001af R09: = 1ffff1100cbc0035 >>> [ T1242] R10: dffffc0000000000 R11: ffffed100cbc0036 R12: = ffff888054c2009e >>> [ T1242] R13: dffffc0000000000 R14: 000000000000ec0f R15: = ffff888054c200a0 >>> [ T1242] FS: 0000000000000000(0000) GS:ffff88807ea00000(0000) >>> knlGS:0000000000000000 >>> [ T1242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >>> [ T1242] CR2: ffff888054c60000 CR3: 000000006cea6000 CR4: = 00000000000006f0 >>> [ T1242] DR0: 0000000000000000 DR1: 0000000000000000 DR2: = 0000000000000000 >>> [ T1242] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: = 0000000000000400 >>> [ T1242] Call Trace: >>> [ T1242] >>> [ T1242] bch2_btree_node_read_done+0x1d20/0x53a0 >>> [ T1242] btree_node_read_work+0x54d/0xdc0 >>> [ T1242] process_scheduled_works+0xaf8/0x17f0 >>> [ T1242] worker_thread+0x89d/0xd60 >>> [ T1242] kthread+0x722/0x890 >>> [ T1242] ret_from_fork+0x4e/0x80 >>> [ T1242] ret_from_fork_asm+0x1a/0x30 >>> [ T1242] >>> [ T1242] Modules linked in: >>> [ T1242] ---[ end trace 0000000000000000 ]--- >>> [ T1242] RIP: 0010:validate_bset_keys+0xae3/0x14f0 >>> [ T1242] Code: 49 39 df 0f 87 fc 09 00 00 e8 79 54 a8 fd 41 0f b7 c6 >>> 48 8b 4c 24 68 48 8d 04 c1 4c 29 f8 48 c1 e8 03 89 c1 48 89 de 4c 89 >>> ff 48 a5 48 8b bc 24 c8 00 00 08 >>> [ T1242] RSP: 0018:ffffc900070a72c0 EFLAGS: 00010206 >>> [ T1242] RAX: 000000000000ec0f RBX: ffff888054c20110 RCX: = 0000000000006c31 >>> [ T1242] RDX: 0000000000000000 RSI: ffff888054c60000 RDI: = ffff888054c5ff90 >>> [ T1242] RBP: ffffc900070a7570 R08: ffff888065e001af R09: = 1ffff1100cbc0035 >>> [ T1242] R10: dffffc0000000000 R11: ffffed100cbc0036 R12: = ffff888054c2009e >>> [ T1242] R13: dffffc0000000000 R14: 000000000000ec0f R15: = ffff888054c200a0 >>> [ T1242] FS: 0000000000000000(0000) GS:ffff88807ea00000(0000) >>> knlGS:0000000000000000 >>> [ T1242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >>> [ T1242] CR2: ffff888054c60000 CR3: 000000006cea6000 CR4: = 00000000000006f0 >>> [ T1242] DR0: 0000000000000000 DR1: 0000000000000000 DR2: = 0000000000000000 >>> [ T1242] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: = 0000000000000400 >>> [ T1242] Kernel panic - not syncing: Fatal exception >>> [ T1242] Kernel Offset: disabled >>> [ T1242] Rebooting in 86400 seconds.. >>>=20 >>> It's caused by the memmove_u64s_down in validate_bset_keys of >>> fs/bcachefs/btree_io.c: >>> -> memmove_u64s_down(k, bkey_p_next(k), (u64 *) vstruct_end(i) - = (u64 *) k); >>=20 >>=20 >> Might need this. >>=20 >> diff --git a/fs/bcachefs/btree_io.c b/fs/bcachefs/btree_io.c >> index e71b278672b6..fb53174cb735 100644 >> --- a/fs/bcachefs/btree_io.c >> +++ b/fs/bcachefs/btree_io.c >> @@ -997,7 +997,7 @@ static int validate_bset_keys(struct bch_fs *c, = struct btree *b, >> } >> got_good_key: >> le16_add_cpu(&i->u64s, -next_good_key); >> - memmove_u64s_down(k, bkey_p_next(k), (u64 *) = vstruct_end(i) - (u64 *) k); >> + memmove_u64s_down(k, bkey_p_next(k), (u64 *) = vstruct_end(i) - (u64 *) bkey_p_next(k)); >> set_btree_node_need_rewrite(b); >> } >> fsck_err: >>=20 >=20 > Thanks, but this didn't fix everything. I think the problem is more > complex, syzbot seems to be trying to mount damaged bcachefs (on > purpose I think), so the vstruct_end(i) is already returning an offset > that is out of border. Could you try this (I need to go out now): diff --git a/fs/bcachefs/btree_io.c b/fs/bcachefs/btree_io.c index e71b278672b6..80a0094be356 100644 --- a/fs/bcachefs/btree_io.c +++ b/fs/bcachefs/btree_io.c @@ -997,7 +997,7 @@ static int validate_bset_keys(struct bch_fs *c, = struct btree *b, } got_good_key: le16_add_cpu(&i->u64s, -next_good_key); - memmove_u64s_down(k, bkey_p_next(k), (u64 *) = vstruct_end(i) - (u64 *) k); + memmove_u64s_down(k, (u64 *) k + next_good_key, (u64 *) = vstruct_end(i) - (u64 *) k); set_btree_node_need_rewrite(b); } fsck_err: >=20 > I retriggered it and print some more debug info: i->_data is > ffff88806d5c00a0, i->u64s is 60928, and the faulting address is > ffff88806d600000.