Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check --mode=lowmem loops on fuzzed image bko-155621-bad-block-group-offset #788

Open
kdave opened this issue May 3, 2024 · 0 comments
Open

check --mode=lowmem loops on fuzzed image bko-155621-bad-block-group-offset #788

kdave opened this issue May 3, 2024 · 0 comments
Labels
bug check Changes in btrfs check

Comments

@kdave
Copy link
Owner

kdave commented May 3, 2024

In original mode check works

--mode=original

[1/7] checking root items
[2/7] checking extents
corrupt extent record: key [131072,169,4096]
corrupt extent record: key [4194304,169,4096]
corrupt extent record: key [4198400,169,4096]
corrupt extent record: key [4202496,169,4096]
corrupt extent record: key [4227072,169,4096]
corrupt extent record: key [4231168,169,4096]
corrupt extent record: key [4235264,169,4096]
Chunk[256, 228, 0]: length(4194304), offset(0), type(2) is not found in block group
Chunk[256, 228, 4194304]: length(1638400), offset(4194304), type(5) mismatch with block group[4194304, 192, 1638400]: offset(1638400), objectid(4194304), flags(21474836480)
Chunk[256, 228, 5832704]: length(1638400), offset(5832704), type(5) mismatch with block group[5832704, 192, 1638400]: offset(1638400), objectid(5832704), flags(21474836480)
Block group[0, 0] (flags = 8589934592) didn't find the relative chunk.
Block group[4194304, 1638400] (flags = 21474836480) didn't find the relative chunk.
Block group[5832704, 1638400] (flags = 21474836480) didn't find the relative chunk.
ref mismatch on [131072 4096] extent item 4294967296, found 1
tree extent[131072, 4096] root 3 has no backref item in extent tree
backpointer mismatch on [131072 4096]
bad extent [131072, 135168), type mismatch with chunk
ERROR: invalid generation for extent 4194304, have 17179869184 expect (0, 6]
ref mismatch on [4194304 4096] extent item 4294967296, found 1
tree extent[4194304, 4096] root 5 has no backref item in extent tree
backpointer mismatch on [4194304 4096]
bad extent [4194304, 4198400), type mismatch with chunk
ref mismatch on [4198400 4096] extent item 4294967296, found 1
tree extent[4198400, 4096] root 1 has no backref item in extent tree
backpointer mismatch on [4198400 4096]
bad extent [4198400, 4202496), type mismatch with chunk
ref mismatch on [4202496 4096] extent item 4294967296, found 1
tree extent[4202496, 4096] root 2 has no backref item in extent tree
backpointer mismatch on [4202496 4096]
bad extent [4202496, 4206592), type mismatch with chunk
ERROR: invalid generation for extent 4227072, have 17179869184 expect (0, 6]
ref mismatch on [4227072 4096] extent item 4294967296, found 1
tree extent[4227072, 4096] root 4 has no backref item in extent tree
backpointer mismatch on [4227072 4096]
bad extent [4227072, 4231168), type mismatch with chunk
ERROR: invalid generation for extent 4231168, have 17179869184 expect (0, 6]
ref mismatch on [4231168 4096] extent item 8589934591, found 1
tree extent[4231168, 4096] root 7 has no backref item in extent tree
backpointer mismatch on [4231168 4096]
bad extent [4231168, 4235264), type mismatch with chunk
ERROR: invalid generation for extent 4235264, have 17179869184 expect (0, 6]
ref mismatch on [4235264 4096] extent item 4294967296, found 0
owner ref check failed [4235264 4096]
bad extent [4235264, 4239360), type mismatch with chunk
ERROR: errors found in extent allocation tree or chunk allocation
[3/7] checking free space cache
[4/7] checking fs roots
[5/7] checking only csums items (without verifying data)
[6/7] checking root refs
[7/7] checking quota groups skipped (not enabled on this FS)
Opening filesystem to check...
Checking filesystem on bko-155621-bad-block-group-offset.raw.restored
UUID: 5cb33553-6f6d-4ce8-83fd-20af5a2f8181
found 28672 bytes used, error(s) found
total csum bytes: 0
total tree bytes: 24576
total fs tree bytes: 4096
total extent tree bytes: 4096
btree space waste bytes: 19892
file data blocks allocated: 0
referenced 0

In --mode=lowmem it loops up to versions 6.5 at least and on 6.1 it crashes:

loop

[1/7] checking root items
[2/7] checking extents
kernel-shared/backref.c:653: __add_inline_refs: Warning: assertion 1 failed, value 1
btrfs(+0xf3e8e)[0x557b017d7e8e]
btrfs(+0xf4806)[0x557b017d8806]
btrfs(+0xd2d2a)[0x557b017b6d2a]
btrfs(+0xdf688)[0x557b017c3688]
btrfs(check_chunks_and_extents_lowmem+0x4e)[0x557b017c787e]
btrfs(+0xb5c69)[0x557b01799c69]
btrfs(main+0x8f)[0x557b01700f9f]
/lib64/libc.so.6(+0x2a1f0)[0x7f2cd2e2a1f0]
/lib64/libc.so.6(__libc_start_main+0x8b)[0x7f2cd2e2a2b9]
btrfs(_start+0x27)[0x557b017024f5]
kernel-shared/backref.c:653: __add_inline_refs: Warning: assertion 1 failed, value 1
btrfs(+0xf3e8e)[0x557b017d7e8e]
btrfs(+0xf4806)[0x557b017d8806]
btrfs(+0xd2d2a)[0x557b017b6d2a]
btrfs(+0xdf688)[0x557b017c3688]
btrfs(check_chunks_and_extents_lowmem+0x4e)[0x557b017c787e]
btrfs(+0xb5c69)[0x557b01799c69]
btrfs(main+0x8f)[0x557b01700f9f]
/lib64/libc.so.6(+0x2a1f0)[0x7f2cd2e2a1f0]
/lib64/libc.so.6(__libc_start_main+0x8b)[0x7f2cd2e2a2b9]
btrfs(_start+0x27)[0x557b017024f5]
kernel-shared/backref.c:653: __add_inline_refs: Warning: assertion 1 failed, value 1
btrfs(+0xf3e8e)[0x557b017d7e8e]
btrfs(+0xf4806)[0x557b017d8806]
btrfs(+0xd2d2a)[0x557b017b6d2a]
btrfs(+0xdf688)[0x557b017c3688]
btrfs(check_chunks_and_extents_lowmem+0x4e)[0x557b017c787e]
btrfs(+0xb5c69)[0x557b01799c69]
btrfs(main+0x8f)[0x557b01700f9f]
/lib64/libc.so.6(+0x2a1f0)[0x7f2cd2e2a1f0]
/lib64/libc.so.6(__libc_start_main+0x8b)[0x7f2cd2e2a2b9]
btrfs(_start+0x27)[0x557b017024f5]
...
@kdave kdave added bug check Changes in btrfs check labels May 3, 2024
adam900710 added a commit to adam900710/btrfs-progs that referenced this issue Jun 4, 2024
@adam900710
btrfs-progs: error out immediately if an unknown backref type is hit
a8cb754 
There is a bug report that for fuzzed image
bko-155621-bad-block-group-offset.raw, "btrfs check --mode=lowmem
--repair" would lead to a deadloop.

Unlike original mode, lowmem mode relies on the backref walk to properly
go through each root, but unfortunately inside __add_inline_refs() we
doesn't handle unknown backref types correctly, causing it never moving
forward thus deadloop.

Fix it by erroring out to prevent deadloop.

Issue: kdave#788
Signed-off-by: Qu Wenruo <wqu@suse.com>
adam900710 added a commit to adam900710/btrfs-progs that referenced this issue Jun 4, 2024
@adam900710
btrfs-progs: error out immediately if an unknown backref type is hit
d5c1a2d 
There is a bug report that for fuzzed image
bko-155621-bad-block-group-offset.raw, "btrfs check --mode=lowmem
--repair" would lead to a deadloop.

Unlike original mode, lowmem mode relies on the backref walk to properly
go through each root, but unfortunately inside __add_inline_refs() we
doesn't handle unknown backref types correctly, causing it never moving
forward thus deadloop.

Fix it by erroring out to prevent deadloop.

Issue: kdave#788
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
kdave pushed a commit that referenced this issue Jun 5, 2024
@adam900710 @kdave
btrfs-progs: error out immediately if an unknown backref type is found
0eeb12a 
There is a bug report that for fuzzed image
bko-155621-bad-block-group-offset.raw, "btrfs check --mode=lowmem
--repair" would lead to an endless loop.

Unlike original mode, lowmem mode relies on the backref walk to properly
go through each root, but unfortunately inside __add_inline_refs() we
doesn't handle unknown backref types correctly, causing it never moving
forward thus deadloop.

Fix it by erroring out to prevent an endless loop.

Issue: #788
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug check Changes in btrfs check
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kdave