I xfstests generic/113 hit below kernel warning [1] on xfs with 64k directory block size (-n size=65536). It's reproducible for me, and the last time I reproduce this bug on linux v6.0+ which HEAD= ... commit e8bc52cb8df80c31c73c726ab58ea9746e9ff734 Author: Linus Torvalds <torvalds@linux-foundation.org> Date: Fri Oct 7 17:04:10 2022 -0700 Merge tag 'driver-core-6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core I hit this issue on xfs with 64k directory block size 3 times(aarch64, x86_64 and ppc64le), and once on xfs with 1k blocksize (aarch64). [1] [ 4328.023770] run fstests generic/113 at 2022-10-08 11:57:42 [ 4330.104632] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at your own risk! [ 4333.094807] XFS (sda3): Unmounting Filesystem [ 4333.934996] XFS (sda3): Mounting V5 Filesystem [ 4333.973061] XFS (sda3): Ending clean mount [ 4335.457595] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at your own risk! [ 4338.564849] XFS (sda3): Unmounting Filesystem [ 4339.391848] XFS (sda3): Mounting V5 Filesystem [ 4339.430908] XFS (sda3): Ending clean mount [ 4340.100364] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at your own risk! [ 4343.379506] XFS (sda3): Unmounting Filesystem [ 4344.195036] XFS (sda3): Mounting V5 Filesystem [ 4344.232984] XFS (sda3): Ending clean mount [ 4345.190073] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at your own risk! [ 4348.198562] XFS (sda3): Unmounting Filesystem [ 4349.065061] XFS (sda3): Mounting V5 Filesystem [ 4349.104995] XFS (sda3): Ending clean mount [ 4350.118883] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at your own risk! [ 4353.233555] XFS (sda3): Unmounting Filesystem [ 4354.093530] XFS (sda3): Mounting V5 Filesystem [ 4354.135975] XFS (sda3): Ending clean mount [ 4354.337550] ------------[ cut here ]------------ [ 4354.342354] memcpy: detected field-spanning write (size 32) of single field "efdp->efd_format.efd_extents" at fs/xfs/xfs_extfree_item.c:693 (size 16) [ 4354.355820] WARNING: CPU: 7 PID: 899243 at fs/xfs/xfs_extfree_item.c:693 xfs_efi_item_relog+0x1fc/0x270 [xfs] [ 4354.365918] Modules linked in: dm_snapshot dm_bufio ext4 mbcache jbd2 loop dm_flakey dm_mod intel_rapl_msr mgag200 intel_rapl_common intel_uncore_frequency i2c_algo_bit intel_uncore_frequency_common drm_shmem_helper ipmi_ssif drm_kms_helper mlx5_ib syscopyarea sysfillrect mei_me dell_smbios i10nm_edac nfit x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel rfkill dcdbas kvm irqbypass rapl intel_cstate ib_uverbs intel_uncore dell_wmi_descriptor wmi_bmof pcspkr ib_core isst_if_mmio isst_if_mbox_pci sysimgblt acpi_ipmi isst_if_common i2c_i801 mei fb_sys_fops ipmi_si i2c_smbus intel_pch_thermal intel_vsec ipmi_devintf ipmi_msghandler acpi_power_meter sunrpc drm fuse xfs libcrc32c sd_mod t10_pi sg mlx5_core crct10dif_pclmul crc32_pclmul mlxfw crc32c_intel ghash_clmulni_intel tls ahci libahci psample megaraid_sas pci_hyperv_intf tg3 libata wmi [last unloaded: scsi_debug] [ 4354.443217] CPU: 7 PID: 899243 Comm: kworker/7:0 Kdump: loaded Not tainted 6.0.0+ #1 [ 4354.450990] Hardware name: Dell Inc. PowerEdge R750/0PJ80M, BIOS 1.5.4 12/17/2021 [ 4354.458497] Workqueue: xfs-inodegc/sda3 xfs_inodegc_worker [xfs] [ 4354.464648] RIP: 0010:xfs_efi_item_relog+0x1fc/0x270 [xfs] [ 4354.470279] Code: 00 00 0f 85 09 ff ff ff b9 10 00 00 00 48 c7 c2 20 a8 22 c1 4c 89 f6 48 c7 c7 a0 a8 22 c1 c6 05 50 56 28 00 01 e8 b1 2c 28 c5 <0f> 0b e9 e0 fe ff ff 80 3d 3c 56 28 00 00 0f 85 35 ff ff ff b9 10 [ 4354.472133] XFS (sda3): xlog_verify_grant_tail: space > BBTOB(tail_blocks) [ 4354.489042] RSP: 0018:ffa0000037dc7950 EFLAGS: 00010286 [ 4354.489088] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000 [ 4354.489092] RDX: 0000000000000001 RSI: ffffffff86cce8e0 RDI: fff3fc0006fb8f1c [ 4354.489096] RBP: ff11001170bbf2e0 R08: 0000000000000001 R09: ff11002031dfd487 [ 4354.489100] R10: ffe21c04063bfa90 R11: 0000000000000001 R12: ff1100115db29f80 [ 4354.489104] R13: ff1100118a7cb500 R14: 0000000000000020 R15: ff1100115db2a038 [ 4354.537068] FS: 0000000000000000(0000) GS:ff11002031c00000(0000) knlGS:0000000000000000 [ 4354.545178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4354.550938] CR2: 00007fa368b18b30 CR3: 0000000bd962c002 CR4: 0000000000771ee0 [ 4354.558090] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4354.565240] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4354.572395] PKRU: 55555554 [ 4354.575127] Call Trace: [ 4354.577598] <TASK> [ 4354.579729] xfs_defer_relog+0x406/0x840 [xfs] [ 4354.584320] xfs_defer_finish_noroll+0xb84/0x1790 [xfs] [ 4354.589685] ? xfs_defer_trans_abort+0x680/0x680 [xfs] [ 4354.594954] ? xfs_defer_cancel+0x290/0x290 [xfs] [ 4354.599801] xfs_defer_finish+0x13/0x200 [xfs] [ 4354.604366] xfs_itruncate_extents_flags+0x404/0xd70 [xfs] [ 4354.610060] ? xfs_link+0x8e0/0x8e0 [xfs] [ 4354.614218] ? xfs_trans_ichgtime+0x190/0x190 [xfs] [ 4354.619236] ? xfs_inactive_truncate+0xb8/0x250 [xfs] [ 4354.624427] ? rcu_read_lock_sched_held+0x43/0x80 [ 4354.629168] xfs_inactive_truncate+0x109/0x250 [xfs] [ 4354.634266] ? xfs_itruncate_extents_flags+0xd70/0xd70 [xfs] [ 4354.640067] ? xfs_inactive+0xe6/0x660 [xfs] [ 4354.644502] xfs_inactive+0x4ff/0x660 [xfs] [ 4354.648822] xfs_inodegc_worker+0x1aa/0x650 [xfs] [ 4354.653673] process_one_work+0x8b7/0x1540 [ 4354.657814] ? __lock_acquired+0x209/0x890 [ 4354.661942] ? pwq_dec_nr_in_flight+0x230/0x230 [ 4354.666502] ? __lock_contended+0x980/0x980 [ 4354.670726] ? worker_thread+0x160/0xed0 [ 4354.674691] worker_thread+0x5ac/0xed0 [ 4354.678509] ? process_one_work+0x1540/0x1540 [ 4354.682896] kthread+0x29f/0x340 [ 4354.686154] ? kthread_complete_and_exit+0x20/0x20 [ 4354.690974] ret_from_fork+0x1f/0x30 [ 4354.694603] </TASK> [ 4354.696813] irq event stamp: 225213 [ 4354.700325] hardirqs last enabled at (225223): [<ffffffff843b7f3b>] __up_console_sem+0x6b/0x80 [ 4354.709049] hardirqs last disabled at (225238): [<ffffffff843b7f20>] __up_console_sem+0x50/0x80 [ 4354.717770] softirqs last enabled at (225236): [<ffffffff86800625>] __do_softirq+0x625/0x9b0 [ 4354.726316] softirqs last disabled at (225231): [<ffffffff8422640c>] __irq_exit_rcu+0x1fc/0x2a0 [ 4354.735030] ---[ end trace 0000000000000000 ]--- [ 4354.739682] ------------[ cut here ]------------ [ 4354.744333] memcpy: detected field-spanning write (size 32) of single field "efip->efi_format.efi_extents" at fs/xfs/xfs_extfree_item.c:697 (size 16) [ 4354.757790] WARNING: CPU: 7 PID: 899243 at fs/xfs/xfs_extfree_item.c:697 xfs_efi_item_relog+0x232/0x270 [xfs] [ 4354.767843] Modules linked in: dm_snapshot dm_bufio ext4 mbcache jbd2 loop dm_flakey dm_mod intel_rapl_msr mgag200 intel_rapl_common intel_uncore_frequency i2c_algo_bit intel_uncore_frequency_common drm_shmem_helper ipmi_ssif drm_kms_helper mlx5_ib syscopyarea sysfillrect mei_me dell_smbios i10nm_edac nfit x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel rfkill dcdbas kvm irqbypass rapl intel_cstate ib_uverbs intel_uncore dell_wmi_descriptor wmi_bmof pcspkr ib_core isst_if_mmio isst_if_mbox_pci sysimgblt acpi_ipmi isst_if_common i2c_i801 mei fb_sys_fops ipmi_si i2c_smbus intel_pch_thermal intel_vsec ipmi_devintf ipmi_msghandler acpi_power_meter sunrpc drm fuse xfs libcrc32c sd_mod t10_pi sg mlx5_core crct10dif_pclmul crc32_pclmul mlxfw crc32c_intel ghash_clmulni_intel tls ahci libahci psample megaraid_sas pci_hyperv_intf tg3 libata wmi [last unloaded: scsi_debug] [ 4354.845125] CPU: 7 PID: 899243 Comm: kworker/7:0 Kdump: loaded Tainted: G W 6.0.0+ #1 [ 4354.854370] Hardware name: Dell Inc. PowerEdge R750/0PJ80M, BIOS 1.5.4 12/17/2021 [ 4354.861875] Workqueue: xfs-inodegc/sda3 xfs_inodegc_worker [xfs] [ 4354.868016] RIP: 0010:xfs_efi_item_relog+0x232/0x270 [xfs] [ 4354.873643] Code: 00 00 0f 85 35 ff ff ff b9 10 00 00 00 48 c7 c2 20 a9 22 c1 4c 89 f6 48 c7 c7 a0 a8 22 c1 c6 05 19 56 28 00 01 e8 7b 2c 28 c5 <0f> 0b e9 0c ff ff ff 4c 89 ef e8 bf e2 8e c3 e9 4c ff ff ff e8 b5 [ 4354.892409] RSP: 0018:ffa0000037dc7950 EFLAGS: 00010286 [ 4354.897660] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000 [ 4354.904816] RDX: 0000000000000001 RSI: ffffffff86cce8e0 RDI: fff3fc0006fb8f1c [ 4354.911978] RBP: ff11001170bbf2e0 R08: 0000000000000001 R09: ff11002031dfd487 [ 4354.919135] R10: ffe21c04063bfa90 R11: 0000000000000001 R12: ff1100118a7c8d90 [ 4354.926296] R13: ff1100118a7cb500 R14: 0000000000000020 R15: ff1100118a7c8e40 [ 4354.933454] FS: 0000000000000000(0000) GS:ff11002031c00000(0000) knlGS:0000000000000000 [ 4354.941564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4354.947337] CR2: 00007fa368b18b30 CR3: 0000000bd962c002 CR4: 0000000000771ee0 [ 4354.954497] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4354.961653] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4354.968812] PKRU: 55555554 [ 4354.971546] Call Trace: [ 4354.974021] <TASK> [ 4354.976163] xfs_defer_relog+0x406/0x840 [xfs] [ 4354.980753] xfs_defer_finish_noroll+0xb84/0x1790 [xfs] [ 4354.986135] ? xfs_defer_trans_abort+0x680/0x680 [xfs] [ 4354.991400] ? xfs_defer_cancel+0x290/0x290 [xfs] [ 4354.996271] xfs_defer_finish+0x13/0x200 [xfs] [ 4355.000844] xfs_itruncate_extents_flags+0x404/0xd70 [xfs] [ 4355.006487] ? xfs_link+0x8e0/0x8e0 [xfs] [ 4355.010642] ? xfs_trans_ichgtime+0x190/0x190 [xfs] [ 4355.015656] ? xfs_inactive_truncate+0xb8/0x250 [xfs] [ 4355.020851] ? rcu_read_lock_sched_held+0x43/0x80 [ 4355.025591] xfs_inactive_truncate+0x109/0x250 [xfs] [ 4355.030695] ? xfs_itruncate_extents_flags+0xd70/0xd70 [xfs] [ 4355.036504] ? xfs_inactive+0xe6/0x660 [xfs] [ 4355.040931] xfs_inactive+0x4ff/0x660 [xfs] [ 4355.045255] xfs_inodegc_worker+0x1aa/0x650 [xfs] [ 4355.050111] process_one_work+0x8b7/0x1540 [ 4355.054247] ? __lock_acquired+0x209/0x890 [ 4355.058378] ? pwq_dec_nr_in_flight+0x230/0x230 [ 4355.062937] ? __lock_contended+0x980/0x980 [ 4355.067161] ? worker_thread+0x160/0xed0 [ 4355.071125] worker_thread+0x5ac/0xed0 [ 4355.074926] ? process_one_work+0x1540/0x1540 [ 4355.079320] kthread+0x29f/0x340 [ 4355.082582] ? kthread_complete_and_exit+0x20/0x20 [ 4355.087406] ret_from_fork+0x1f/0x30 [ 4355.091042] </TASK> [ 4355.093255] irq event stamp: 226333 [ 4355.096768] hardirqs last enabled at (226343): [<ffffffff843b7f3b>] __up_console_sem+0x6b/0x80 [ 4355.105492] hardirqs last disabled at (226358): [<ffffffff843b7f20>] __up_console_sem+0x50/0x80 [ 4355.114214] softirqs last enabled at (226356): [<ffffffff86800625>] __do_softirq+0x625/0x9b0 [ 4355.122762] softirqs last disabled at (226351): [<ffffffff8422640c>] __irq_exit_rcu+0x1fc/0x2a0 [ 4355.131484] ---[ end trace 0000000000000000 ]--- [ 4355.263177] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at your own risk! [ 4358.321839] XFS (sda3): Unmounting Filesystem [ 4359.155439] XFS (sda3): Mounting V5 Filesystem [ 4359.193937] XFS (sda3): Ending clean mount [ 4359.367326] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at your own risk! [ 4362.438659] XFS (sda3): Unmounting Filesystem [ 4363.230018] XFS (sda3): Mounting V5 Filesystem [ 4363.269186] XFS (sda3): Ending clean mount
decode_stacktrace.sh output: [11223.467241] memcpy: detected field-spanning write (size 32) of single field "efdp->efd_format.efd_extents" at fs/xfs/xfs_extfree_item.c:693 (size 16) [11223.467271] WARNING: CPU: 7 PID: 604448 at fs/xfs/xfs_extfree_item.c:693 xfs_efi_item_relog (fs/xfs/xfs_extfree_item.c:693 (discriminator 3)) xfs [11223.467349] Modules linked in: dm_snapshot dm_bufio ext4 mbcache jbd2 loop dm_flakey dm_mod bonding tls rfkill sunrpc pseries_rng drm fuse drm_panel_orientation_quirks xfs libcrc32c sd_mod t10_pi sg ibmvscsi ibmveth scsi_transport_srp vmx_crypto [last unloaded: scsi_debug] [11223.467408] Workqueue: xfs-inodegc/sda5 xfs_inodegc_worker [xfs] [11223.467478] NIP: c008000001e001cc LR: c008000001e001c8 CTR: 0000000000000000 [11223.467484] REGS: c000000045893610 TRAP: 0700 Not tainted (6.0.0+) [11223.467490] MSR: 800000000282b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 48004222 XER: 0000000a [11223.467514] CFAR: c000000000150060 IRQMASK: 0 GPR00: c008000001e001c8 c0000000458938b0 c008000001ebc000 0000000000000089 GPR04: 0000000000000000 c0000000458936b0 c0000000458936a8 00000001fbb90000 GPR08: 0000000000000027 0000000000000000 c000000095728800 0000000000004000 GPR12: 00000001fbb90000 c00000000ffc9080 0000000000000000 0000000000000000 GPR16: c008000001d4df14 fffffffffffff000 c000000002d40a30 c000000002d404b0 GPR20: c000000095728800 c0000000458939d8 0000000000000000 0000000000000000 GPR24: c000000002d40a30 0000000000000002 c000000033c654f0 0000000000000002 GPR28: 0000000000000020 c0000000488816a8 c000000033016440 c000000033c65438 [11223.467598] NIP [c008000001e001cc] xfs_efi_item_relog (fs/xfs/xfs_extfree_item.c:693 (discriminator 3)) xfs [11223.467667] LR [c008000001e001c8] xfs_efi_item_relog (fs/xfs/xfs_extfree_item.c:693 (discriminator 3)) xfs [11223.467737] Call Trace: [11223.467741] [c0000000458938b0] [c008000001e001c8] xfs_efi_item_relog+0x180/0x1d0 [xfs] unreliable [11223.467814] [c000000045893950] [c008000001d4d198] xfs_defer_relog (./fs/xfs/xfs_trans.h:255 fs/xfs/libxfs/xfs_defer.c:451) xfs [11223.467879] [c0000000458939b0] [c008000001d4d6d8] xfs_defer_finish_noroll (fs/xfs/libxfs/xfs_defer.c:557) xfs [11223.467943] [c000000045893a80] [c008000001d4df14] xfs_defer_finish (fs/xfs/libxfs/xfs_defer.c:591) xfs [11223.468007] [c000000045893ab0] [c008000001dcd74c] xfs_itruncate_extents_flags (fs/xfs/xfs_inode.c:1378) xfs [11223.468077] [c000000045893b40] [c008000001dcde14] xfs_inactive_truncate (fs/xfs/xfs_inode.c:1518) xfs [11223.468146] [c000000045893b90] [c008000001dcec18] xfs_inactive (fs/xfs/xfs_inode.c:1758) xfs [11223.468214] [c000000045893be0] [c008000001dba36c] xfs_inodegc_worker (fs/xfs/xfs_icache.c:1838 fs/xfs/xfs_icache.c:1862) xfs [11223.468284] [c000000045893c40] [c000000000185298] process_one_work (kernel/workqueue.c:2289) [11223.468294] [c000000045893d30] [c000000000185848] worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437) [11223.468302] [c000000045893dc0] [c0000000001945b8] kthread (kernel/kthread.c:376) [11223.468309] [c000000045893e10] [c00000000000cbe4] ret_from_kernel_thread (arch/powerpc/kernel/interrupt_64.S:718) [11223.468319] Instruction dump: [11223.468324] 2c0a0000 4082ff30 3d420000 38c00010 7f84e378 e8aaf9e8 3d420000 e86af9f0 [11223.468342] 39400001 99490000 48054b35 e8410018 <0fe00000> 3d220000 e929f9e0 89490001 [11223.468359] irq event stamp: 97484 [11223.468363] hardirqs last enabled at (97483): __up_console_sem (kernel/printk/printk.c:264 (discriminator 1)) [11223.468371] hardirqs last disabled at (97484): interrupt_enter_prepare (./arch/powerpc/include/asm/interrupt.h:182) [11223.468380] softirqs last enabled at (95310): __do_softirq (./arch/powerpc/include/asm/current.h:20 ./include/asm-generic/preempt.h:11 kernel/softirq.c:415 kernel/softirq.c:600) [11223.468388] softirqs last disabled at (95259): do_softirq_own_stack (arch/powerpc/kernel/irq.c:206 arch/powerpc/kernel/irq.c:341) [11223.468395] ---[ end trace 0000000000000000 ]--- [11223.468403] ------------[ cut here ]------------ [11223.467241] memcpy: detected field-spanning write (size 32) of single field "efdp->efd_format.efd_extents" at fs/xfs/xfs_extfree_item.c:693 (size 16) [11223.467271] WARNING: CPU: 7 PID: 604448 at fs/xfs/xfs_extfree_item.c:693 xfs_efi_item_relog (fs/xfs/xfs_extfree_item.c:693 (discriminator 3)) xfs [11223.467349] Modules linked in: dm_snapshot dm_bufio ext4 mbcache jbd2 loop dm_flakey dm_mod bonding tls rfkill sunrpc pseries_rng drm fuse drm_panel_orientation_quirks xfs libcrc32c sd_mod t10_pi sg ibmvscsi ibmveth scsi_transport_srp vmx_crypto [last unloaded: scsi_debug] [11223.467408] Workqueue: xfs-inodegc/sda5 xfs_inodegc_worker [xfs] [11223.467478] NIP: c008000001e001cc LR: c008000001e001c8 CTR: 0000000000000000 [11223.467484] REGS: c000000045893610 TRAP: 0700 Not tainted (6.0.0+) [11223.467490] MSR: 800000000282b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 48004222 XER: 0000000a [11223.467514] CFAR: c000000000150060 IRQMASK: 0 GPR00: c008000001e001c8 c0000000458938b0 c008000001ebc000 0000000000000089 GPR04: 0000000000000000 c0000000458936b0 c0000000458936a8 00000001fbb90000 GPR08: 0000000000000027 0000000000000000 c000000095728800 0000000000004000 GPR12: 00000001fbb90000 c00000000ffc9080 0000000000000000 0000000000000000 GPR16: c008000001d4df14 fffffffffffff000 c000000002d40a30 c000000002d404b0 GPR20: c000000095728800 c0000000458939d8 0000000000000000 0000000000000000 GPR24: c000000002d40a30 0000000000000002 c000000033c654f0 0000000000000002 GPR28: 0000000000000020 c0000000488816a8 c000000033016440 c000000033c65438 [11223.467598] NIP [c008000001e001cc] xfs_efi_item_relog (fs/xfs/xfs_extfree_item.c:693 (discriminator 3)) xfs [11223.467667] LR [c008000001e001c8] xfs_efi_item_relog (fs/xfs/xfs_extfree_item.c:693 (discriminator 3)) xfs [11223.467737] Call Trace: [11223.467741] [c0000000458938b0] [c008000001e001c8] xfs_efi_item_relog+0x180/0x1d0 [xfs] unreliable [11223.467814] [c000000045893950] [c008000001d4d198] xfs_defer_relog (./fs/xfs/xfs_trans.h:255 fs/xfs/libxfs/xfs_defer.c:451) xfs [11223.467879] [c0000000458939b0] [c008000001d4d6d8] xfs_defer_finish_noroll (fs/xfs/libxfs/xfs_defer.c:557) xfs [11223.467943] [c000000045893a80] [c008000001d4df14] xfs_defer_finish (fs/xfs/libxfs/xfs_defer.c:591) xfs [11223.468007] [c000000045893ab0] [c008000001dcd74c] xfs_itruncate_extents_flags (fs/xfs/xfs_inode.c:1378) xfs [11223.468077] [c000000045893b40] [c008000001dcde14] xfs_inactive_truncate (fs/xfs/xfs_inode.c:1518) xfs [11223.468146] [c000000045893b90] [c008000001dcec18] xfs_inactive (fs/xfs/xfs_inode.c:1758) xfs [11223.468214] [c000000045893be0] [c008000001dba36c] xfs_inodegc_worker (fs/xfs/xfs_icache.c:1838 fs/xfs/xfs_icache.c:1862) xfs [11223.468284] [c000000045893c40] [c000000000185298] process_one_work (kernel/workqueue.c:2289) [11223.468294] [c000000045893d30] [c000000000185848] worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437) [11223.468302] [c000000045893dc0] [c0000000001945b8] kthread (kernel/kthread.c:376) [11223.468309] [c000000045893e10] [c00000000000cbe4] ret_from_kernel_thread (arch/powerpc/kernel/interrupt_64.S:718) [11223.468319] Instruction dump: [11223.468324] 2c0a0000 4082ff30 3d420000 38c00010 7f84e378 e8aaf9e8 3d420000 e86af9f0 [11223.468342] 39400001 99490000 48054b35 e8410018 <0fe00000> 3d220000 e929f9e0 89490001 [11223.468359] irq event stamp: 97484 [11223.468363] hardirqs last enabled at (97483): __up_console_sem (kernel/printk/printk.c:264 (discriminator 1)) [11223.468371] hardirqs last disabled at (97484): interrupt_enter_prepare (./arch/powerpc/include/asm/interrupt.h:182) [11223.468380] softirqs last enabled at (95310): __do_softirq (./arch/powerpc/include/asm/current.h:20 ./include/asm-generic/preempt.h:11 kernel/softirq.c:415 kernel/softirq.c:600) [11223.468388] softirqs last disabled at (95259): do_softirq_own_stack (arch/powerpc/kernel/irq.c:206 arch/powerpc/kernel/irq.c:341) [11223.468395] ---[ end trace 0000000000000000 ]--- [11223.468403] ------------[ cut here ]------------ ...
On Sun, Oct 09, 2022 at 11:59:13AM +0000, bugzilla-daemon@kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=216563 > > Bug ID: 216563 > Summary: [xfstests generic/113] memcpy: detected field-spanning > write (size 32) of single field > "efdp->efd_format.efd_extents" at > fs/xfs/xfs_extfree_item.c:693 (size 16) > Product: File System > Version: 2.5 > Kernel Version: v6.1-rc0 > Hardware: All > OS: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: XFS > Assignee: filesystem_xfs@kernel-bugs.kernel.org > Reporter: zlang@redhat.com > Regression: No > > I xfstests generic/113 hit below kernel warning [1] on xfs with 64k directory > block size (-n size=65536). It's reproducible for me, and the last time I > reproduce this bug on linux v6.0+ which HEAD= ... > > commit e8bc52cb8df80c31c73c726ab58ea9746e9ff734 > Author: Linus Torvalds <torvalds@linux-foundation.org> > Date: Fri Oct 7 17:04:10 2022 -0700 > > Merge tag 'driver-core-6.1-rc1' of > git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core > > I hit this issue on xfs with 64k directory block size 3 times(aarch64, x86_64 > and ppc64le), and once on xfs with 1k blocksize (aarch64). > > > [1] > [ 4328.023770] run fstests generic/113 at 2022-10-08 11:57:42 > [ 4330.104632] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > your own risk! > [ 4333.094807] XFS (sda3): Unmounting Filesystem > [ 4333.934996] XFS (sda3): Mounting V5 Filesystem > [ 4333.973061] XFS (sda3): Ending clean mount > [ 4335.457595] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > your own risk! > [ 4338.564849] XFS (sda3): Unmounting Filesystem > [ 4339.391848] XFS (sda3): Mounting V5 Filesystem > [ 4339.430908] XFS (sda3): Ending clean mount > [ 4340.100364] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > your own risk! > [ 4343.379506] XFS (sda3): Unmounting Filesystem > [ 4344.195036] XFS (sda3): Mounting V5 Filesystem > [ 4344.232984] XFS (sda3): Ending clean mount > [ 4345.190073] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > your own risk! > [ 4348.198562] XFS (sda3): Unmounting Filesystem > [ 4349.065061] XFS (sda3): Mounting V5 Filesystem > [ 4349.104995] XFS (sda3): Ending clean mount > [ 4350.118883] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > your own risk! > [ 4353.233555] XFS (sda3): Unmounting Filesystem > [ 4354.093530] XFS (sda3): Mounting V5 Filesystem > [ 4354.135975] XFS (sda3): Ending clean mount > [ 4354.337550] ------------[ cut here ]------------ > [ 4354.342354] memcpy: detected field-spanning write (size 32) of single > field > "efdp->efd_format.efd_extents" at fs/xfs/xfs_extfree_item.c:693 (size 16) > [ 4354.355820] WARNING: CPU: 7 PID: 899243 at fs/xfs/xfs_extfree_item.c:693 > xfs_efi_item_relog+0x1fc/0x270 [xfs] I think this is caused by an EF[ID] with ef[id]_nextents > 1, since the structure definition is: typedef struct xfs_efd_log_format { uint16_t efd_type; /* efd log item type */ uint16_t efd_size; /* size of this item */ uint32_t efd_nextents; /* # of extents freed */ uint64_t efd_efi_id; /* id of corresponding efi */ xfs_extent_t efd_extents[1]; /* array of extents freed */ } xfs_efd_log_format_t; Yuck, an array[1] that is actually a VLA! I guess we're going to have to turn that into a real VLA, and adjust the xfs_ondisk.h macros to match? What memory sanitizer kconfig option enables this, anyway? --D > [ 4354.365918] Modules linked in: dm_snapshot dm_bufio ext4 mbcache jbd2 loop > dm_flakey dm_mod intel_rapl_msr mgag200 intel_rapl_common > intel_uncore_frequency i2c_algo_bit intel_uncore_frequency_common > drm_shmem_helper ipmi_ssif drm_kms_helper mlx5_ib syscopyarea sysfillrect > mei_me dell_smbios i10nm_edac nfit x86_pkg_temp_thermal intel_powerclamp > coretemp kvm_intel rfkill dcdbas kvm irqbypass rapl intel_cstate ib_uverbs > intel_uncore dell_wmi_descriptor wmi_bmof pcspkr ib_core isst_if_mmio > isst_if_mbox_pci sysimgblt acpi_ipmi isst_if_common i2c_i801 mei fb_sys_fops > ipmi_si i2c_smbus intel_pch_thermal intel_vsec ipmi_devintf ipmi_msghandler > acpi_power_meter sunrpc drm fuse xfs libcrc32c sd_mod t10_pi sg mlx5_core > crct10dif_pclmul crc32_pclmul mlxfw crc32c_intel ghash_clmulni_intel tls ahci > libahci psample megaraid_sas pci_hyperv_intf tg3 libata wmi [last unloaded: > scsi_debug] > [ 4354.443217] CPU: 7 PID: 899243 Comm: kworker/7:0 Kdump: loaded Not tainted > 6.0.0+ #1 > [ 4354.450990] Hardware name: Dell Inc. PowerEdge R750/0PJ80M, BIOS 1.5.4 > 12/17/2021 > [ 4354.458497] Workqueue: xfs-inodegc/sda3 xfs_inodegc_worker [xfs] > [ 4354.464648] RIP: 0010:xfs_efi_item_relog+0x1fc/0x270 [xfs] > [ 4354.470279] Code: 00 00 0f 85 09 ff ff ff b9 10 00 00 00 48 c7 c2 20 a8 22 > c1 4c 89 f6 48 c7 c7 a0 a8 22 c1 c6 05 50 56 28 00 01 e8 b1 2c 28 c5 <0f> 0b > e9 > e0 fe ff ff 80 3d 3c 56 28 00 00 0f 85 35 ff ff ff b9 10 > [ 4354.472133] XFS (sda3): xlog_verify_grant_tail: space > BBTOB(tail_blocks) > [ 4354.489042] RSP: 0018:ffa0000037dc7950 EFLAGS: 00010286 > [ 4354.489088] RAX: 0000000000000000 RBX: 0000000000000002 RCX: > 0000000000000000 > [ 4354.489092] RDX: 0000000000000001 RSI: ffffffff86cce8e0 RDI: > fff3fc0006fb8f1c > [ 4354.489096] RBP: ff11001170bbf2e0 R08: 0000000000000001 R09: > ff11002031dfd487 > [ 4354.489100] R10: ffe21c04063bfa90 R11: 0000000000000001 R12: > ff1100115db29f80 > [ 4354.489104] R13: ff1100118a7cb500 R14: 0000000000000020 R15: > ff1100115db2a038 > [ 4354.537068] FS: 0000000000000000(0000) GS:ff11002031c00000(0000) > knlGS:0000000000000000 > [ 4354.545178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 4354.550938] CR2: 00007fa368b18b30 CR3: 0000000bd962c002 CR4: > 0000000000771ee0 > [ 4354.558090] DR0: 0000000000000000 DR1: 0000000000000000 DR2: > 0000000000000000 > [ 4354.565240] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: > 0000000000000400 > [ 4354.572395] PKRU: 55555554 > [ 4354.575127] Call Trace: > [ 4354.577598] <TASK> > [ 4354.579729] xfs_defer_relog+0x406/0x840 [xfs] > [ 4354.584320] xfs_defer_finish_noroll+0xb84/0x1790 [xfs] > [ 4354.589685] ? xfs_defer_trans_abort+0x680/0x680 [xfs] > [ 4354.594954] ? xfs_defer_cancel+0x290/0x290 [xfs] > [ 4354.599801] xfs_defer_finish+0x13/0x200 [xfs] > [ 4354.604366] xfs_itruncate_extents_flags+0x404/0xd70 [xfs] > [ 4354.610060] ? xfs_link+0x8e0/0x8e0 [xfs] > [ 4354.614218] ? xfs_trans_ichgtime+0x190/0x190 [xfs] > [ 4354.619236] ? xfs_inactive_truncate+0xb8/0x250 [xfs] > [ 4354.624427] ? rcu_read_lock_sched_held+0x43/0x80 > [ 4354.629168] xfs_inactive_truncate+0x109/0x250 [xfs] > [ 4354.634266] ? xfs_itruncate_extents_flags+0xd70/0xd70 [xfs] > [ 4354.640067] ? xfs_inactive+0xe6/0x660 [xfs] > [ 4354.644502] xfs_inactive+0x4ff/0x660 [xfs] > [ 4354.648822] xfs_inodegc_worker+0x1aa/0x650 [xfs] > [ 4354.653673] process_one_work+0x8b7/0x1540 > [ 4354.657814] ? __lock_acquired+0x209/0x890 > [ 4354.661942] ? pwq_dec_nr_in_flight+0x230/0x230 > [ 4354.666502] ? __lock_contended+0x980/0x980 > [ 4354.670726] ? worker_thread+0x160/0xed0 > [ 4354.674691] worker_thread+0x5ac/0xed0 > [ 4354.678509] ? process_one_work+0x1540/0x1540 > [ 4354.682896] kthread+0x29f/0x340 > [ 4354.686154] ? kthread_complete_and_exit+0x20/0x20 > [ 4354.690974] ret_from_fork+0x1f/0x30 > [ 4354.694603] </TASK> > [ 4354.696813] irq event stamp: 225213 > [ 4354.700325] hardirqs last enabled at (225223): [<ffffffff843b7f3b>] > __up_console_sem+0x6b/0x80 > [ 4354.709049] hardirqs last disabled at (225238): [<ffffffff843b7f20>] > __up_console_sem+0x50/0x80 > [ 4354.717770] softirqs last enabled at (225236): [<ffffffff86800625>] > __do_softirq+0x625/0x9b0 > [ 4354.726316] softirqs last disabled at (225231): [<ffffffff8422640c>] > __irq_exit_rcu+0x1fc/0x2a0 > [ 4354.735030] ---[ end trace 0000000000000000 ]--- > [ 4354.739682] ------------[ cut here ]------------ > [ 4354.744333] memcpy: detected field-spanning write (size 32) of single > field > "efip->efi_format.efi_extents" at fs/xfs/xfs_extfree_item.c:697 (size 16) > [ 4354.757790] WARNING: CPU: 7 PID: 899243 at fs/xfs/xfs_extfree_item.c:697 > xfs_efi_item_relog+0x232/0x270 [xfs] > [ 4354.767843] Modules linked in: dm_snapshot dm_bufio ext4 mbcache jbd2 loop > dm_flakey dm_mod intel_rapl_msr mgag200 intel_rapl_common > intel_uncore_frequency i2c_algo_bit intel_uncore_frequency_common > drm_shmem_helper ipmi_ssif drm_kms_helper mlx5_ib syscopyarea sysfillrect > mei_me dell_smbios i10nm_edac nfit x86_pkg_temp_thermal intel_powerclamp > coretemp kvm_intel rfkill dcdbas kvm irqbypass rapl intel_cstate ib_uverbs > intel_uncore dell_wmi_descriptor wmi_bmof pcspkr ib_core isst_if_mmio > isst_if_mbox_pci sysimgblt acpi_ipmi isst_if_common i2c_i801 mei fb_sys_fops > ipmi_si i2c_smbus intel_pch_thermal intel_vsec ipmi_devintf ipmi_msghandler > acpi_power_meter sunrpc drm fuse xfs libcrc32c sd_mod t10_pi sg mlx5_core > crct10dif_pclmul crc32_pclmul mlxfw crc32c_intel ghash_clmulni_intel tls ahci > libahci psample megaraid_sas pci_hyperv_intf tg3 libata wmi [last unloaded: > scsi_debug] > [ 4354.845125] CPU: 7 PID: 899243 Comm: kworker/7:0 Kdump: loaded Tainted: G > W 6.0.0+ #1 > [ 4354.854370] Hardware name: Dell Inc. PowerEdge R750/0PJ80M, BIOS 1.5.4 > 12/17/2021 > [ 4354.861875] Workqueue: xfs-inodegc/sda3 xfs_inodegc_worker [xfs] > [ 4354.868016] RIP: 0010:xfs_efi_item_relog+0x232/0x270 [xfs] > [ 4354.873643] Code: 00 00 0f 85 35 ff ff ff b9 10 00 00 00 48 c7 c2 20 a9 22 > c1 4c 89 f6 48 c7 c7 a0 a8 22 c1 c6 05 19 56 28 00 01 e8 7b 2c 28 c5 <0f> 0b > e9 > 0c ff ff ff 4c 89 ef e8 bf e2 8e c3 e9 4c ff ff ff e8 b5 > [ 4354.892409] RSP: 0018:ffa0000037dc7950 EFLAGS: 00010286 > [ 4354.897660] RAX: 0000000000000000 RBX: 0000000000000002 RCX: > 0000000000000000 > [ 4354.904816] RDX: 0000000000000001 RSI: ffffffff86cce8e0 RDI: > fff3fc0006fb8f1c > [ 4354.911978] RBP: ff11001170bbf2e0 R08: 0000000000000001 R09: > ff11002031dfd487 > [ 4354.919135] R10: ffe21c04063bfa90 R11: 0000000000000001 R12: > ff1100118a7c8d90 > [ 4354.926296] R13: ff1100118a7cb500 R14: 0000000000000020 R15: > ff1100118a7c8e40 > [ 4354.933454] FS: 0000000000000000(0000) GS:ff11002031c00000(0000) > knlGS:0000000000000000 > [ 4354.941564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 4354.947337] CR2: 00007fa368b18b30 CR3: 0000000bd962c002 CR4: > 0000000000771ee0 > [ 4354.954497] DR0: 0000000000000000 DR1: 0000000000000000 DR2: > 0000000000000000 > [ 4354.961653] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: > 0000000000000400 > [ 4354.968812] PKRU: 55555554 > [ 4354.971546] Call Trace: > [ 4354.974021] <TASK> > [ 4354.976163] xfs_defer_relog+0x406/0x840 [xfs] > [ 4354.980753] xfs_defer_finish_noroll+0xb84/0x1790 [xfs] > [ 4354.986135] ? xfs_defer_trans_abort+0x680/0x680 [xfs] > [ 4354.991400] ? xfs_defer_cancel+0x290/0x290 [xfs] > [ 4354.996271] xfs_defer_finish+0x13/0x200 [xfs] > [ 4355.000844] xfs_itruncate_extents_flags+0x404/0xd70 [xfs] > [ 4355.006487] ? xfs_link+0x8e0/0x8e0 [xfs] > [ 4355.010642] ? xfs_trans_ichgtime+0x190/0x190 [xfs] > [ 4355.015656] ? xfs_inactive_truncate+0xb8/0x250 [xfs] > [ 4355.020851] ? rcu_read_lock_sched_held+0x43/0x80 > [ 4355.025591] xfs_inactive_truncate+0x109/0x250 [xfs] > [ 4355.030695] ? xfs_itruncate_extents_flags+0xd70/0xd70 [xfs] > [ 4355.036504] ? xfs_inactive+0xe6/0x660 [xfs] > [ 4355.040931] xfs_inactive+0x4ff/0x660 [xfs] > [ 4355.045255] xfs_inodegc_worker+0x1aa/0x650 [xfs] > [ 4355.050111] process_one_work+0x8b7/0x1540 > [ 4355.054247] ? __lock_acquired+0x209/0x890 > [ 4355.058378] ? pwq_dec_nr_in_flight+0x230/0x230 > [ 4355.062937] ? __lock_contended+0x980/0x980 > [ 4355.067161] ? worker_thread+0x160/0xed0 > [ 4355.071125] worker_thread+0x5ac/0xed0 > [ 4355.074926] ? process_one_work+0x1540/0x1540 > [ 4355.079320] kthread+0x29f/0x340 > [ 4355.082582] ? kthread_complete_and_exit+0x20/0x20 > [ 4355.087406] ret_from_fork+0x1f/0x30 > [ 4355.091042] </TASK> > [ 4355.093255] irq event stamp: 226333 > [ 4355.096768] hardirqs last enabled at (226343): [<ffffffff843b7f3b>] > __up_console_sem+0x6b/0x80 > [ 4355.105492] hardirqs last disabled at (226358): [<ffffffff843b7f20>] > __up_console_sem+0x50/0x80 > [ 4355.114214] softirqs last enabled at (226356): [<ffffffff86800625>] > __do_softirq+0x625/0x9b0 > [ 4355.122762] softirqs last disabled at (226351): [<ffffffff8422640c>] > __irq_exit_rcu+0x1fc/0x2a0 > [ 4355.131484] ---[ end trace 0000000000000000 ]--- > [ 4355.263177] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > your own risk! > [ 4358.321839] XFS (sda3): Unmounting Filesystem > [ 4359.155439] XFS (sda3): Mounting V5 Filesystem > [ 4359.193937] XFS (sda3): Ending clean mount > [ 4359.367326] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > your own risk! > [ 4362.438659] XFS (sda3): Unmounting Filesystem > [ 4363.230018] XFS (sda3): Mounting V5 Filesystem > [ 4363.269186] XFS (sda3): Ending clean mount > > -- > You may reply to this email to add a comment. > > You are receiving this mail because: > You are watching the assignee of the bug.
On Sun, Oct 09, 2022 at 10:08:46AM -0700, Darrick J. Wong wrote: > On Sun, Oct 09, 2022 at 11:59:13AM +0000, bugzilla-daemon@kernel.org wrote: > > https://bugzilla.kernel.org/show_bug.cgi?id=216563 > > > > Bug ID: 216563 > > Summary: [xfstests generic/113] memcpy: detected field-spanning > > write (size 32) of single field > > "efdp->efd_format.efd_extents" at > > fs/xfs/xfs_extfree_item.c:693 (size 16) > > Product: File System > > Version: 2.5 > > Kernel Version: v6.1-rc0 > > Hardware: All > > OS: Linux > > Tree: Mainline > > Status: NEW > > Severity: normal > > Priority: P1 > > Component: XFS > > Assignee: filesystem_xfs@kernel-bugs.kernel.org > > Reporter: zlang@redhat.com > > Regression: No > > > > I xfstests generic/113 hit below kernel warning [1] on xfs with 64k > directory > > block size (-n size=65536). It's reproducible for me, and the last time I > > reproduce this bug on linux v6.0+ which HEAD= ... > > > > commit e8bc52cb8df80c31c73c726ab58ea9746e9ff734 > > Author: Linus Torvalds <torvalds@linux-foundation.org> > > Date: Fri Oct 7 17:04:10 2022 -0700 > > > > Merge tag 'driver-core-6.1-rc1' of > > git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core > > > > I hit this issue on xfs with 64k directory block size 3 times(aarch64, > x86_64 > > and ppc64le), and once on xfs with 1k blocksize (aarch64). > > > > > > [1] > > [ 4328.023770] run fstests generic/113 at 2022-10-08 11:57:42 > > [ 4330.104632] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > > your own risk! > > [ 4333.094807] XFS (sda3): Unmounting Filesystem > > [ 4333.934996] XFS (sda3): Mounting V5 Filesystem > > [ 4333.973061] XFS (sda3): Ending clean mount > > [ 4335.457595] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > > your own risk! > > [ 4338.564849] XFS (sda3): Unmounting Filesystem > > [ 4339.391848] XFS (sda3): Mounting V5 Filesystem > > [ 4339.430908] XFS (sda3): Ending clean mount > > [ 4340.100364] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > > your own risk! > > [ 4343.379506] XFS (sda3): Unmounting Filesystem > > [ 4344.195036] XFS (sda3): Mounting V5 Filesystem > > [ 4344.232984] XFS (sda3): Ending clean mount > > [ 4345.190073] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > > your own risk! > > [ 4348.198562] XFS (sda3): Unmounting Filesystem > > [ 4349.065061] XFS (sda3): Mounting V5 Filesystem > > [ 4349.104995] XFS (sda3): Ending clean mount > > [ 4350.118883] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use at > > your own risk! > > [ 4353.233555] XFS (sda3): Unmounting Filesystem > > [ 4354.093530] XFS (sda3): Mounting V5 Filesystem > > [ 4354.135975] XFS (sda3): Ending clean mount > > [ 4354.337550] ------------[ cut here ]------------ > > [ 4354.342354] memcpy: detected field-spanning write (size 32) of single > field > > "efdp->efd_format.efd_extents" at fs/xfs/xfs_extfree_item.c:693 (size 16) > > [ 4354.355820] WARNING: CPU: 7 PID: 899243 at fs/xfs/xfs_extfree_item.c:693 > > xfs_efi_item_relog+0x1fc/0x270 [xfs] > > I think this is caused by an EF[ID] with ef[id]_nextents > 1, since the > structure definition is: > > typedef struct xfs_efd_log_format { > uint16_t efd_type; /* efd log item type */ > uint16_t efd_size; /* size of this item */ > uint32_t efd_nextents; /* # of extents freed */ > uint64_t efd_efi_id; /* id of corresponding efi */ > xfs_extent_t efd_extents[1]; /* array of extents freed */ > } xfs_efd_log_format_t; > > Yuck, an array[1] that is actually a VLA! Always been the case; the comment above both EFI and EFD definitions state this directly: /* * This is the structure used to lay out an efi log item in the * log. The efi_extents field is a variable size array whose * size is given by efi_nextents. */ The EFI/EFD support recording multiple extents being freed in a single intent. The idea behind this originally was that all the extents being freed in a single transaction would be recorded in the same EFI (i.e. XFS_ITRUNC_MAX_EXTENTS) and the EFI and EFD could then be relogged as progress freeing those extents is made after the BMBT modifications were committed... > I guess we're going to have to turn that into a real VLA, and adjust the > xfs_ondisk.h macros to match? > > What memory sanitizer kconfig option enables this, anyway? 54d9469bc515 fortify: Add run-time WARN for cross-field memcpy() CONFIG_FORTIFY_SOURCE=y, committed in 6.0-rc2. It effectively ignores flex arrays defined with [], but sees anything defined with [1] as a fixed size array of known size and so issues a warning when it's actually used as a flex array. unsafe_memcpy() could be a temporary solution, given we know the code works fine as it stands... Cheers, Dave.
On Sun, Oct 09, 2022 at 10:42:29PM +0000, bugzilla-daemon@kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=216563 > > --- Comment #3 from Dave Chinner (david@fromorbit.com) --- > On Sun, Oct 09, 2022 at 10:08:46AM -0700, Darrick J. Wong wrote: > > On Sun, Oct 09, 2022 at 11:59:13AM +0000, bugzilla-daemon@kernel.org wrote: > > > https://bugzilla.kernel.org/show_bug.cgi?id=216563 > > > > > > Bug ID: 216563 > > > Summary: [xfstests generic/113] memcpy: detected > field-spanning > > > write (size 32) of single field > > > "efdp->efd_format.efd_extents" at > > > fs/xfs/xfs_extfree_item.c:693 (size 16) > > > Product: File System > > > Version: 2.5 > > > Kernel Version: v6.1-rc0 > > > Hardware: All > > > OS: Linux > > > Tree: Mainline > > > Status: NEW > > > Severity: normal > > > Priority: P1 > > > Component: XFS > > > Assignee: filesystem_xfs@kernel-bugs.kernel.org > > > Reporter: zlang@redhat.com > > > Regression: No > > > > > > I xfstests generic/113 hit below kernel warning [1] on xfs with 64k > > directory > > > block size (-n size=65536). It's reproducible for me, and the last time I > > > reproduce this bug on linux v6.0+ which HEAD= ... > > > > > > commit e8bc52cb8df80c31c73c726ab58ea9746e9ff734 > > > Author: Linus Torvalds <torvalds@linux-foundation.org> > > > Date: Fri Oct 7 17:04:10 2022 -0700 > > > > > > Merge tag 'driver-core-6.1-rc1' of > > > git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core > > > > > > I hit this issue on xfs with 64k directory block size 3 times(aarch64, > > x86_64 > > > and ppc64le), and once on xfs with 1k blocksize (aarch64). > > > > > > > > > [1] > > > [ 4328.023770] run fstests generic/113 at 2022-10-08 11:57:42 > > > [ 4330.104632] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use > at > > > your own risk! > > > [ 4333.094807] XFS (sda3): Unmounting Filesystem > > > [ 4333.934996] XFS (sda3): Mounting V5 Filesystem > > > [ 4333.973061] XFS (sda3): Ending clean mount > > > [ 4335.457595] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use > at > > > your own risk! > > > [ 4338.564849] XFS (sda3): Unmounting Filesystem > > > [ 4339.391848] XFS (sda3): Mounting V5 Filesystem > > > [ 4339.430908] XFS (sda3): Ending clean mount > > > [ 4340.100364] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use > at > > > your own risk! > > > [ 4343.379506] XFS (sda3): Unmounting Filesystem > > > [ 4344.195036] XFS (sda3): Mounting V5 Filesystem > > > [ 4344.232984] XFS (sda3): Ending clean mount > > > [ 4345.190073] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use > at > > > your own risk! > > > [ 4348.198562] XFS (sda3): Unmounting Filesystem > > > [ 4349.065061] XFS (sda3): Mounting V5 Filesystem > > > [ 4349.104995] XFS (sda3): Ending clean mount > > > [ 4350.118883] XFS (sda3): EXPERIMENTAL online scrub feature in use. Use > at > > > your own risk! > > > [ 4353.233555] XFS (sda3): Unmounting Filesystem > > > [ 4354.093530] XFS (sda3): Mounting V5 Filesystem > > > [ 4354.135975] XFS (sda3): Ending clean mount > > > [ 4354.337550] ------------[ cut here ]------------ > > > [ 4354.342354] memcpy: detected field-spanning write (size 32) of single > > field > > > "efdp->efd_format.efd_extents" at fs/xfs/xfs_extfree_item.c:693 (size 16) > > > [ 4354.355820] WARNING: CPU: 7 PID: 899243 at > fs/xfs/xfs_extfree_item.c:693 > > > xfs_efi_item_relog+0x1fc/0x270 [xfs] > > > > I think this is caused by an EF[ID] with ef[id]_nextents > 1, since the > > structure definition is: > > > > typedef struct xfs_efd_log_format { > > uint16_t efd_type; /* efd log item type */ > > uint16_t efd_size; /* size of this item */ > > uint32_t efd_nextents; /* # of extents freed */ > > uint64_t efd_efi_id; /* id of corresponding efi */ > > xfs_extent_t efd_extents[1]; /* array of extents freed */ > > } xfs_efd_log_format_t; > > > > Yuck, an array[1] that is actually a VLA! > > Always been the case; the comment above both EFI and EFD definitions > state this directly: > > /* > * This is the structure used to lay out an efi log item in the > * log. The efi_extents field is a variable size array whose > * size is given by efi_nextents. > */ > > The EFI/EFD support recording multiple extents being freed in a > single intent. The idea behind this originally was that all the > extents being freed in a single transaction would be recorded in the > same EFI (i.e. XFS_ITRUNC_MAX_EXTENTS) and the EFI and EFD could > then be relogged as progress freeing those extents is made after the > BMBT modifications were committed... > > > I guess we're going to have to turn that into a real VLA, and adjust the > > xfs_ondisk.h macros to match? > > > > What memory sanitizer kconfig option enables this, anyway? > > 54d9469bc515 fortify: Add run-time WARN for cross-field memcpy() > > CONFIG_FORTIFY_SOURCE=y, committed in 6.0-rc2. > > It effectively ignores flex arrays defined with [], but sees > anything defined with [1] as a fixed size array of known size and so > issues a warning when it's actually used as a flex array. > > unsafe_memcpy() could be a temporary solution, given we know the > code works fine as it stands... Annoyingly, this now triggers fstests failures on xfs/436 when log recovery tries to memcpy a BUI log item: ------------[ cut here ]------------ memcpy: detected field-spanning write (size 48) of single field "dst_bui_fmt" at fs/xfs/xfs_bmap_item.c:628 (size 16) WARNING: CPU: 0 PID: 20925 at fs/xfs/xfs_bmap_item.c:628 xlog_recover_bui_commit_pass2+0x124/0x160 [xfs] Here we're using struct xfs_map_extent bui_extents[] for the VLA, so I think this means the memcpy fortify macros aren't detecting the VLAs correctly at all. --D > Cheers, > > Dave. > > -- > You may reply to this email to add a comment. > > You are receiving this mail because: > You are watching the assignee of the bug.