-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
check --mode=lowmem
loops on fuzzed image bko-155621-bad-block-group-offset
#788
Comments
adam900710
added a commit
to adam900710/btrfs-progs
that referenced
this issue
Jun 4, 2024
There is a bug report that for fuzzed image bko-155621-bad-block-group-offset.raw, "btrfs check --mode=lowmem --repair" would lead to a deadloop. Unlike original mode, lowmem mode relies on the backref walk to properly go through each root, but unfortunately inside __add_inline_refs() we doesn't handle unknown backref types correctly, causing it never moving forward thus deadloop. Fix it by erroring out to prevent deadloop. Issue: kdave#788 Signed-off-by: Qu Wenruo <[email protected]>
adam900710
added a commit
to adam900710/btrfs-progs
that referenced
this issue
Jun 4, 2024
There is a bug report that for fuzzed image bko-155621-bad-block-group-offset.raw, "btrfs check --mode=lowmem --repair" would lead to a deadloop. Unlike original mode, lowmem mode relies on the backref walk to properly go through each root, but unfortunately inside __add_inline_refs() we doesn't handle unknown backref types correctly, causing it never moving forward thus deadloop. Fix it by erroring out to prevent deadloop. Issue: kdave#788 Reviewed-by: Josef Bacik <[email protected]> Signed-off-by: Qu Wenruo <[email protected]>
kdave
pushed a commit
that referenced
this issue
Jun 5, 2024
There is a bug report that for fuzzed image bko-155621-bad-block-group-offset.raw, "btrfs check --mode=lowmem --repair" would lead to an endless loop. Unlike original mode, lowmem mode relies on the backref walk to properly go through each root, but unfortunately inside __add_inline_refs() we doesn't handle unknown backref types correctly, causing it never moving forward thus deadloop. Fix it by erroring out to prevent an endless loop. Issue: #788 Reviewed-by: Josef Bacik <[email protected]> Signed-off-by: Qu Wenruo <[email protected]> Signed-off-by: David Sterba <[email protected]>
Fixed in devel. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In original mode
check
works--mode=original
[1/7] checking root items
[2/7] checking extents
corrupt extent record: key [131072,169,4096]
corrupt extent record: key [4194304,169,4096]
corrupt extent record: key [4198400,169,4096]
corrupt extent record: key [4202496,169,4096]
corrupt extent record: key [4227072,169,4096]
corrupt extent record: key [4231168,169,4096]
corrupt extent record: key [4235264,169,4096]
Chunk[256, 228, 0]: length(4194304), offset(0), type(2) is not found in block group
Chunk[256, 228, 4194304]: length(1638400), offset(4194304), type(5) mismatch with block group[4194304, 192, 1638400]: offset(1638400), objectid(4194304), flags(21474836480)
Chunk[256, 228, 5832704]: length(1638400), offset(5832704), type(5) mismatch with block group[5832704, 192, 1638400]: offset(1638400), objectid(5832704), flags(21474836480)
Block group[0, 0] (flags = 8589934592) didn't find the relative chunk.
Block group[4194304, 1638400] (flags = 21474836480) didn't find the relative chunk.
Block group[5832704, 1638400] (flags = 21474836480) didn't find the relative chunk.
ref mismatch on [131072 4096] extent item 4294967296, found 1
tree extent[131072, 4096] root 3 has no backref item in extent tree
backpointer mismatch on [131072 4096]
bad extent [131072, 135168), type mismatch with chunk
ERROR: invalid generation for extent 4194304, have 17179869184 expect (0, 6]
ref mismatch on [4194304 4096] extent item 4294967296, found 1
tree extent[4194304, 4096] root 5 has no backref item in extent tree
backpointer mismatch on [4194304 4096]
bad extent [4194304, 4198400), type mismatch with chunk
ref mismatch on [4198400 4096] extent item 4294967296, found 1
tree extent[4198400, 4096] root 1 has no backref item in extent tree
backpointer mismatch on [4198400 4096]
bad extent [4198400, 4202496), type mismatch with chunk
ref mismatch on [4202496 4096] extent item 4294967296, found 1
tree extent[4202496, 4096] root 2 has no backref item in extent tree
backpointer mismatch on [4202496 4096]
bad extent [4202496, 4206592), type mismatch with chunk
ERROR: invalid generation for extent 4227072, have 17179869184 expect (0, 6]
ref mismatch on [4227072 4096] extent item 4294967296, found 1
tree extent[4227072, 4096] root 4 has no backref item in extent tree
backpointer mismatch on [4227072 4096]
bad extent [4227072, 4231168), type mismatch with chunk
ERROR: invalid generation for extent 4231168, have 17179869184 expect (0, 6]
ref mismatch on [4231168 4096] extent item 8589934591, found 1
tree extent[4231168, 4096] root 7 has no backref item in extent tree
backpointer mismatch on [4231168 4096]
bad extent [4231168, 4235264), type mismatch with chunk
ERROR: invalid generation for extent 4235264, have 17179869184 expect (0, 6]
ref mismatch on [4235264 4096] extent item 4294967296, found 0
owner ref check failed [4235264 4096]
bad extent [4235264, 4239360), type mismatch with chunk
ERROR: errors found in extent allocation tree or chunk allocation
[3/7] checking free space cache
[4/7] checking fs roots
[5/7] checking only csums items (without verifying data)
[6/7] checking root refs
[7/7] checking quota groups skipped (not enabled on this FS)
Opening filesystem to check...
Checking filesystem on bko-155621-bad-block-group-offset.raw.restored
UUID: 5cb33553-6f6d-4ce8-83fd-20af5a2f8181
found 28672 bytes used, error(s) found
total csum bytes: 0
total tree bytes: 24576
total fs tree bytes: 4096
total extent tree bytes: 4096
btree space waste bytes: 19892
file data blocks allocated: 0
referenced 0
In
--mode=lowmem
it loops up to versions 6.5 at least and on 6.1 it crashes:loop
[1/7] checking root items
[2/7] checking extents
kernel-shared/backref.c:653: __add_inline_refs: Warning: assertion
1
failed, value 1btrfs(+0xf3e8e)[0x557b017d7e8e]
btrfs(+0xf4806)[0x557b017d8806]
btrfs(+0xd2d2a)[0x557b017b6d2a]
btrfs(+0xdf688)[0x557b017c3688]
btrfs(check_chunks_and_extents_lowmem+0x4e)[0x557b017c787e]
btrfs(+0xb5c69)[0x557b01799c69]
btrfs(main+0x8f)[0x557b01700f9f]
/lib64/libc.so.6(+0x2a1f0)[0x7f2cd2e2a1f0]
/lib64/libc.so.6(__libc_start_main+0x8b)[0x7f2cd2e2a2b9]
btrfs(_start+0x27)[0x557b017024f5]
kernel-shared/backref.c:653: __add_inline_refs: Warning: assertion
1
failed, value 1btrfs(+0xf3e8e)[0x557b017d7e8e]
btrfs(+0xf4806)[0x557b017d8806]
btrfs(+0xd2d2a)[0x557b017b6d2a]
btrfs(+0xdf688)[0x557b017c3688]
btrfs(check_chunks_and_extents_lowmem+0x4e)[0x557b017c787e]
btrfs(+0xb5c69)[0x557b01799c69]
btrfs(main+0x8f)[0x557b01700f9f]
/lib64/libc.so.6(+0x2a1f0)[0x7f2cd2e2a1f0]
/lib64/libc.so.6(__libc_start_main+0x8b)[0x7f2cd2e2a2b9]
btrfs(_start+0x27)[0x557b017024f5]
kernel-shared/backref.c:653: __add_inline_refs: Warning: assertion
1
failed, value 1btrfs(+0xf3e8e)[0x557b017d7e8e]
btrfs(+0xf4806)[0x557b017d8806]
btrfs(+0xd2d2a)[0x557b017b6d2a]
btrfs(+0xdf688)[0x557b017c3688]
btrfs(check_chunks_and_extents_lowmem+0x4e)[0x557b017c787e]
btrfs(+0xb5c69)[0x557b01799c69]
btrfs(main+0x8f)[0x557b01700f9f]
/lib64/libc.so.6(+0x2a1f0)[0x7f2cd2e2a1f0]
/lib64/libc.so.6(__libc_start_main+0x8b)[0x7f2cd2e2a2b9]
btrfs(_start+0x27)[0x557b017024f5]
...
The text was updated successfully, but these errors were encountered: