* [PATCH 1/2] btrfs-progs: block group: do not exclude bytenr adjacent to block group
@ 2019-11-18 5:53 damenly.su
2019-11-18 5:53 ` [PATCH 2/2] btrfs-progs: fuzz-tests: add image trigers abort of open_ctree() damenly.su
2019-11-20 6:51 ` [PATCH 1/2] btrfs-progs: block group: do not exclude bytenr adjacent to block group Su Yue
0 siblings, 2 replies; 3+ messages in thread
From: damenly.su @ 2019-11-18 5:53 UTC (permalink / raw)
To: linux-btrfs; +Cc: Damenly_Su
From: Su Yue <Damenly_Su@gmx.com>
While checking the image provided by the reporter, the btrfsck aborts:
======================================================================
Opening filesystem to check...
extent_io.c:158: insert_state: BUG_ON `end < start` triggered, value 1
btrfs check(+0xa3fa8)[0x5614c14c7fa8]
btrfs check(+0xa4046)[0x5614c14c8046]
btrfs check(+0xa45f1)[0x5614c14c85f1]
btrfs check(set_extent_bits+0x83)[0x5614c14c8c63]
btrfs check(+0xbfb90)[0x5614c14e3b90]
btrfs check(exclude_super_stripes+0x1fc)[0x5614c14e3de9]
btrfs check(+0xbd85d)[0x5614c14e185d]
btrfs check(btrfs_read_block_groups+0xd3)[0x5614c14e19f5]
btrfs check(btrfs_setup_all_roots+0x454)[0x5614c14d7740]
btrfs check(+0xb4219)[0x5614c14d8219]
btrfs check(open_ctree_fs_info+0x177)[0x5614c14d8415]
btrfs check(+0x693dd)[0x5614c148d3dd]
btrfs check(+0x14dc7)[0x5614c1438dc7]
btrfs check(main+0x126)[0x5614c1439713]
/usr/lib/libc.so.6(__libc_start_main+0xf3)[0x7fe3f1ecf153]
btrfs check(_start+0x2e)[0x5614c1438cce]
[1] 6196 abort (core dumped)
======================================================================
It's excluding super stripes from one block group, the bytenr equals
block group's start + len, so the @num_bytes is 0. Then
add_exclude_extent() calculates the @end is less than the @start
which trigers the abort.
Anyway, the logical bytenr should not be excluded if the block group's
start + len equals it, because it's not belong to the block group.
Link: https://github.com/kdave/btrfs-progs/issues/210
Signed-off-by: Su Yue <Damenly_Su@gmx.com>
---
extent-tree.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/extent-tree.c b/extent-tree.c
index f690ae999f37..848fb72f90a4 100644
--- a/extent-tree.c
+++ b/extent-tree.c
@@ -3630,7 +3630,7 @@ int exclude_super_stripes(struct btrfs_fs_info *fs_info,
while (nr--) {
u64 start, len;
- if (logical[nr] > cache->key.objectid +
+ if (logical[nr] >= cache->key.objectid +
cache->key.offset)
continue;
--
2.23.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] btrfs-progs: fuzz-tests: add image trigers abort of open_ctree()
2019-11-18 5:53 [PATCH 1/2] btrfs-progs: block group: do not exclude bytenr adjacent to block group damenly.su
@ 2019-11-18 5:53 ` damenly.su
2019-11-20 6:51 ` [PATCH 1/2] btrfs-progs: block group: do not exclude bytenr adjacent to block group Su Yue
1 sibling, 0 replies; 3+ messages in thread
From: damenly.su @ 2019-11-18 5:53 UTC (permalink / raw)
To: linux-btrfs; +Cc: Damenly_Su
From: Su Yue <Damenly_Su@gmx.com>
This test case contains a bad block of dev tree and trigers abort while
open_ctree() due to its exquisite chunk layout. It can't be repaired
by fsck, so put it into fuzz-tests/images.
The image is provided by Ruud van Asseldonk. This commit just did xz
and writes the record.
Link: https://github.com/kdave/btrfs-progs/issues/210
Signed-off-by: Su Yue <Damenly_Su@gmx.com>
---
.../images/bad-dev-tree-node.raw.txt | 58 ++++++++++++++++++
.../images/bad-dev-tree-node.raw.xz | Bin 0 -> 18788 bytes
2 files changed, 58 insertions(+)
create mode 100644 tests/fuzz-tests/images/bad-dev-tree-node.raw.txt
create mode 100644 tests/fuzz-tests/images/bad-dev-tree-node.raw.xz
diff --git a/tests/fuzz-tests/images/bad-dev-tree-node.raw.txt b/tests/fuzz-tests/images/bad-dev-tree-node.raw.txt
new file mode 100644
index 000000000000..64935568c7a6
--- /dev/null
+++ b/tests/fuzz-tests/images/bad-dev-tree-node.raw.txt
@@ -0,0 +1,58 @@
+URL: https://github.com/kdave/btrfs-progs/issues/210
+
+ruuda commented on Sep 24
+Running btrfs check on the attached minimal file system causes the following:
+
+Opening filesystem to check...
+extent_io.c:158: insert_state: BUG_ON `end < start` triggered, value 1
+btrfs(+0x2de57)[0x560c4d7cfe57]
+btrfs(+0x2e210)[0x560c4d7d0210]
+btrfs(set_extent_bits+0x254)[0x560c4d7d0854]
+btrfs(exclude_super_stripes+0xbf)[0x560c4d7c65ff]
+btrfs(btrfs_read_block_groups+0x29d)[0x560c4d7c698d]
+btrfs(btrfs_setup_all_roots+0x3f3)[0x560c4d7c0b23]
+btrfs(+0x1ef53)[0x560c4d7c0f53]
+btrfs(open_ctree_fs_info+0x90)[0x560c4d7c11a0]
+btrfs(+0x6d3f9)[0x560c4d80f3f9]
+btrfs(main+0x94)[0x560c4d7b60c4]
+/usr/lib/libc.so.6(__libc_start_main+0xf3)[0x7fd189773ee3]
+btrfs(_start+0x2e)[0x560c4d7b635e]
+zsh: abort (core dumped) btrfs check /tmp/bad.btrfs
+Tested versions:
+
+v5.2.1 as shipped by Arch in 5.2.1-1
+v5.2.2 built from source (55a8c96)
+Data to reproduce:
+
+4a2d85625461bfed3cb60c53e5e913.zip
+
+GDB output:
+Starting program: /btrfs-progs/btrfs check bad-dev-tree-node.raw
+[Thread debugging using libthread_db enabled]
+Using host libthread_db library "/usr/lib/libthread_db.so.1".
+Opening filesystem to check...
+extent_io.c:158: insert_state: BUG_ON `end < start` triggered, value 1
+/btrfs-progs/btrfs(+0xa3fa8)[0x5555555f7fa8]
+/btrfs-progs/btrfs(+0xa4046)[0x5555555f8046]
+/btrfs-progs/btrfs(+0xa45f1)[0x5555555f85f1]
+/btrfs-progs/btrfs(set_extent_bits+0x83)[0x5555555f8c63]
+/btrfs-progs/btrfs(+0xbfb90)[0x555555613b90]
+/btrfs-progs/btrfs(exclude_super_stripes+0x1fc)[0x555555613de9]
+/btrfs-progs/btrfs(+0xbd85d)[0x55555561185d]
+/btrfs-progs/btrfs(btrfs_read_block_groups+0xd3)[0x5555556119f5]
+/btrfs-progs/btrfs(btrfs_setup_all_roots+0x454)[0x555555607740]
+/btrfs-progs/btrfs(+0xb4219)[0x555555608219]
+/btrfs-progs/btrfs(open_ctree_fs_info+0x177)[0x555555608415]
+/btrfs-progs/btrfs(+0x693dd)[0x5555555bd3dd]
+/btrfs-progs/btrfs(+0x14dc7)[0x555555568dc7]
+/btrfs-progs/btrfs(main+0x126)[0x555555569713]
+/usr/lib/libc.so.6(__libc_start_main+0xf3)[0x7ffff7a85153]
+/btrfs-progs/btrfs(_start+0x2e)[0x555555568cce]
+
+Program received signal SIGABRT, Aborted.
+0x00007ffff7a99f25 in raise () from /usr/lib/libc.so.6
+
+
+The compressed fuzz image causes above btrfsck abort.
+Fixed by commit "btrfs-progs: block group: do not exclude bytenr
+adjacent to block group".
diff --git a/tests/fuzz-tests/images/bad-dev-tree-node.raw.xz b/tests/fuzz-tests/images/bad-dev-tree-node.raw.xz
new file mode 100644
index 0000000000000000000000000000000000000000..a6e62106da03d81a2dbafa23f0c8082d75f82af0
GIT binary patch
literal 18788
zcmeHPc{J4h{-24+I+0yyY+1u-lC6;^MAnSP*q4x^$oh;mOLjB1hOvi|ks?b8i6M-&
zM3O97AF@P3nA?5sz2`aioZs*M?%exSe&>Aun=}7>&Ut@c@7MSBe!btH_l^?A+yVrm
zogS#v-Uot$4}(CUgFWV*6pARVtu+XAZHGcBsG;bbI?H)o+1})Fvcz=3P5RBnNx`sJ
zaxE%q;B)1{?Xj^2as@0yA$LB+i?ErFp?O+-Vki7Is#8OlFE_sT*1c$TyXZ~my4Nc{
z55CvVVZz!3(<{)>ub^>PzfWZdC+TH^<VcNfv*oXAZY1rXp7-9-O3zOcKq+@Hq@1R-
z^Za?zp{%HOx8Jrf+4w~-1C}7j1!u+whE7KAJvdB6&c$~q_<lG)v4JCQc@^3zpw#$o
z9_B`Hq!)oO(9;c%j``)z2<1IiGcA59z_?F?U2M*)<hbtD-evu;XZ{~-ka+~RlG9s8
zqLK;AHQlFPX>lcx{d_!>TfBK1p5m5nN0rcC&6FE=H+c4vLKq3WtD4o#`=LnVu~TrF
zC9hm>9DAt>O@wF_XGuuRDV?mSM==fg$ZYGg;i>lEtW-sY$tSrVEcv%3G!@9tvTX6z
z&iQ)TV$kdL=SRoec7KId6)R#LB7!VT9Fo0ttw`<_$uoIv-So7Jx$lcK$<YWa5VqIw
zfw)Afr;s{UblfB7u88e|1Ua%VEj>0^D(TZvpD(<Pbm<1^J8vGm#z9D8rW>D=PAKdz
zdboJ)xrc!cb6*l$$$dM4+V1kBJXYwV?lh2!+Zs}MTrz&>HQOoPkpwoU#Z(*4r}l#y
zPMYe|%?>KvW*@bON4g)z_Vi_lieg>Y_Pgdw)NKy;a_P%e>Sg?jY&(wj-M4_#v-+iW
zIt`vq+{JNVpe5HXZx$?aatW*#!`%i?cgoQiM)OX)#>ckB`<}2CzglY$gh;Y*8|~04
zPOsy7FMno0l)2JeO4}m8%tBYAbv;47My2V+4fen>89x>Er}Q$fi=b=)-IA|veunU7
z$R1fk-A;XUZo?E-w+MrZjLa*#yv>TG1PBQl2l86B__8xFO8Cq2zq{(VNf53b3IbIJ
zbPQ|pqPg-O=~Vq%@o3fRL12Nkc@w+0v>0tFB0#M=Dula?c52C1?ZTJqtWo~gg$qR@
zC=qZaq3#YxZ1Az;wJ>gM^NFB~u}QT7iSb<93@?lfb}s9<R4K|q9L4C&(Jq4u#HEkz
z4pqr_$RoN%xjDr1VYN+z3Qk??jb?ZBs&AUc9tyv|zCQvV<13pMTCBW_b)R(}t)$F;
z3Xwl!Ef~&>itm((;w$l+ILE&f@M<&4`*8d+CC!N;)Un~lYT{#c=1c@sO&W4Y(0=hk
zkIEQWrV?$>aU+7Kn1tfUDU77V;AM?=o+RqRY*MDS(ux-4v3f>pt|GF$-dvM@?}l8(
zOe;IE9HF;gJmR5QDpfI)O+J?wktL|d;3-I#9A~px5a&B8pvt&nZAY+U^zx0axrHjN
zHW+smxc2p2^g*}pfWMn_&gab==6p-hFI7_Qb14VG(x3$|)4MwjWq}HOxitw2SN~gx
z|8d0Rl;!>dn=jtp-~M`D+Ph28@`&c<h^hL9<V6P6P_mTUXqD<Rss5O43FOo{XHDE8
zR?5MY4Nrgc22&R$O+p)TZ#(e)SAzVp3ys*w)$kjQPXAYSeb=K+Ac%@wN+->My%@00
zh35K2!YOB?e%j7JJ4DlsxMm@#OJ(l9G6tv{Zw=*V@Q1zJBDs@{Vona-7@i(&VXQN8
zvr7@=A9TExUmc0rimKRUgC@WwOyXlE#IU6+@9N5Vty$C20RdlT<+SM1!byIZt`@Ag
zDLf-B4y9ew)tAnR>{r0eVY19v*wAgl2c%C9W{4<F)U216X}vkJs-Nc@RTy8_Tk#xC
z%IR@2;g4B=Rfb!LEPma#mO;KSj)~M{d~)pM>0OB7A(=wxnkJ7%9OtulY3wyj3*g8q
z+nUPS6rMQB*GKY43sO_YK0ni{yGI;vOzGi_?mvC6%_y5$!td&lQIT92B1Dr>&VRG}
za?{vs%s5?!4SH@L<SYfD#6b?WP0RbDmSMI?e9~f+!)vx7S@g>ldPSxt7EXWW_X67G
z_DFk`dV#ItI{MZJA0CvQ)9VZDc9MY8XFm_*iIqYjk4e*<=dxrKoMxIfmo%2G-ryJT
z`1%XV+9rW?KpB<}kK#sV*t8Tni(D9f8*=OHl2CFjYX?u=ih-I%mqSbsxloTTy+3z%
zV)U0gOm@k7a{~pk%~+{5n)m`keyjG}hN02hm$Ikj;Hdq*MAOj2rC7caXESWPKB7gz
zX(dv<A9WJMxv+7|;u4J2ffR(}E@i)jn^L=L*S-P|s%xv^wk^~j6ba3y;tTXA<%pn*
z$qqmtR4~`y=mX%}f1B!ofKmBv1Of&G4E-n3`~R%I0E7Vu`w<AM1efeZk=<1-dlunv
z^Nyw25f1t4EtLLKe)X@!TSWewsX3?Um9Ks@_^ncXP`PhjYc8SbO%H3{Y{whz^bNPO
zm<mEsbNwc05wWj>3$Eo!SUA%~TWsGkbx(!-%^hifbs1_bFqFu_*hBlE`@XK4v)AFu
zxin;0io`kEInE?_=b4-P7AITeENdONS*Da;NT!l!V$Gn1eclyO!JgWl2SmW`hfv3j
z1ap6M8Hdr(-w((@s%4-C`1m(~8-jiG&Eta~G3wl!?M=JXtV|9+RJz{JNp2z^e|i~K
z{&TN(4^`+coyeZ$NQVP80Mw|4S~D27C%JSmC}p57+n8;m4<=I~NS%xNT}6)RIvZ0W
z05qzBwhLDKE6`Rm*Jc7}w%1wTa^{P5+o!dTi6jd5UGxnZVODE+lwqX)um=%J^Hj*%
z(d>US$-nRQ{!4%UCmk&u0LB22qZ)FPG`@S1+oo(%jq7f+#UM^Lv(%XEyI9NRFyP12
zC?2FJ?#H4JL1&;I==DZS%#G~xWL!_YQy++vHlbCYf2nS4-v;$;f2{qU54Z7~5T#8>
zv4_d1vtO(~fH6S1)(h-DpGhi*1`XBo^&)FL2a5FK)*-I<xe{=#u{F$wFQZ5OjlEE6
z+@!-f^#hXg_;pb$7SR4>CzeX6hV_Y~t(-w#a(up=?svq+Rr4Yxy}2BO&2(g{p>zCh
zE}2No&~74@KqSuGbu556>&!Z9%?~5#`W+KP1iG&WYkn+YFb^4JzbJC{im)RGv0Ed?
zn2!#3MDp0o`Jrnv5s+v`XG9?^c5<{&YHsl~q!H`^vLZoMh!fS9gTn+AMO}$(kO*3r
zeu<2u36nJbOqEysHXHcX;8KFjdcF1mEnZTw%|3^|hGz+TlRReR?|&*=-Qd1tb%or>
zD0Un)TCcM`(0#J3Q(^2$*0v9VDSOMZ))nvL$(=N>A?K75ks>wG)vGR`MlZSTN+h+G
zh!|>FPK(hcEoCLY*rE)WaLvr<`pb@(OutC58wg-L@WwBtJu}_8mCcbnW}PvE2~)}R
z+UEC5)8@#;v+TTkCe<fea}!gR&_B!UqxzC@tj@~HO?NftW4`k1hJy~ZT$(tJw+6J{
z_$2>N<u)&bP*{btHlKLi72kGVRGPPo8j`81Z^T<EF0CbreThnsCcqKB$)v5<?C#tv
zi>}r?N018~u!n}m&nWUP{aES#IpOVV7VcFNNZ1r<(luYx)FbLhr7os$LtR(<!sp@4
zgo-c%lFno93+9$a>k9dN<wF&jQ@d#A530e>d2`O>OuU@bUPmrR`^d--HyI<7gz<DV
zw(TCO9E~ug^de4h(QE;O)ItfxLcH`kGgtE62Ic>_n@N0Jr38=_)no-&zkv1od*}5#
zv_%194lw3^gfRzj7{FlwhwZ6>6d)ymlmt=|NXh@tLv;X$QORMoU~SO6bX>F~|2Sfm
z+rnX<8^0mq;Z>gvyK-hJTTZ7B$G-Sxa7DK}{wGgYYQ71Tqs-U*fXQm=o!fgm!`FT{
zGGz9oiTL{nYzfxBV2wFNm_^;?=gj&2^B_prD10TCG5}WJOA%w^=BO9PP6YW8Z|G!y
z&RGppY)eT>#Ij)RUWU7(3-yI`D7#MYG@ESwBG0gwp7?n0uqm3Lr2hO6q;({FXF%-7
z4ji*e^05H!8Q`A%eGDHkgZ9c~KOjP=6d^#sfPev&Cs26;mFGV_@ua>Gp+XG(>(`~<
z^=P2S1oW7I9@8Ftk_zZBs&&{m$H&Lc&=btAc8~L^z}pM$o%KVrvG?(^lw<RRf4tTI
zu59`fiJYpV*TW;{|7ut4J&(+S-*xiIyg~VYH_Y_MYKA}Sx-}n8;rC|5et%exH;D0V
zJxTv#)?NI2F%2@$e7J`rw%1k>%t0^h;OON66Ojtt42akNK)m8)#z2I<<n;fs9wa8D
t`gqW{T}i789XkBIa5M;9n+y&OZ9MVqzt2Ne`5fG;@-*LmgJ{tfe*vz)$c+F1
literal 0
HcmV?d00001
--
2.23.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/2] btrfs-progs: block group: do not exclude bytenr adjacent to block group
2019-11-18 5:53 [PATCH 1/2] btrfs-progs: block group: do not exclude bytenr adjacent to block group damenly.su
2019-11-18 5:53 ` [PATCH 2/2] btrfs-progs: fuzz-tests: add image trigers abort of open_ctree() damenly.su
@ 2019-11-20 6:51 ` Su Yue
1 sibling, 0 replies; 3+ messages in thread
From: Su Yue @ 2019-11-20 6:51 UTC (permalink / raw)
To: damenly.su; +Cc: linux-btrfs
Drop those too, will send new version fixed by another method.
On 2019/11/18 at 13:53, damenly.su@gmail.com wrote:
> From: Su Yue <Damenly_Su@gmx.com>
>
> While checking the image provided by the reporter, the btrfsck aborts:
> ======================================================================
> Opening filesystem to check...
> extent_io.c:158: insert_state: BUG_ON `end < start` triggered, value 1
> btrfs check(+0xa3fa8)[0x5614c14c7fa8]
> btrfs check(+0xa4046)[0x5614c14c8046]
> btrfs check(+0xa45f1)[0x5614c14c85f1]
> btrfs check(set_extent_bits+0x83)[0x5614c14c8c63]
> btrfs check(+0xbfb90)[0x5614c14e3b90]
> btrfs check(exclude_super_stripes+0x1fc)[0x5614c14e3de9]
> btrfs check(+0xbd85d)[0x5614c14e185d]
> btrfs check(btrfs_read_block_groups+0xd3)[0x5614c14e19f5]
> btrfs check(btrfs_setup_all_roots+0x454)[0x5614c14d7740]
> btrfs check(+0xb4219)[0x5614c14d8219]
> btrfs check(open_ctree_fs_info+0x177)[0x5614c14d8415]
> btrfs check(+0x693dd)[0x5614c148d3dd]
> btrfs check(+0x14dc7)[0x5614c1438dc7]
> btrfs check(main+0x126)[0x5614c1439713]
> /usr/lib/libc.so.6(__libc_start_main+0xf3)[0x7fe3f1ecf153]
> btrfs check(_start+0x2e)[0x5614c1438cce]
> [1] 6196 abort (core dumped)
> ======================================================================
>
> It's excluding super stripes from one block group, the bytenr equals
> block group's start + len, so the @num_bytes is 0. Then
> add_exclude_extent() calculates the @end is less than the @start
> which trigers the abort.
>
> Anyway, the logical bytenr should not be excluded if the block group's
> start + len equals it, because it's not belong to the block group.
>
> Link: https://github.com/kdave/btrfs-progs/issues/210
> Signed-off-by: Su Yue <Damenly_Su@gmx.com>
> ---
> extent-tree.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/extent-tree.c b/extent-tree.c
> index f690ae999f37..848fb72f90a4 100644
> --- a/extent-tree.c
> +++ b/extent-tree.c
> @@ -3630,7 +3630,7 @@ int exclude_super_stripes(struct btrfs_fs_info *fs_info,
> while (nr--) {
> u64 start, len;
>
> - if (logical[nr] > cache->key.objectid +
> + if (logical[nr] >= cache->key.objectid +
> cache->key.offset)
> continue;
>
> --
> 2.23.0
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-20 6:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-18 5:53 [PATCH 1/2] btrfs-progs: block group: do not exclude bytenr adjacent to block group damenly.su
2019-11-18 5:53 ` [PATCH 2/2] btrfs-progs: fuzz-tests: add image trigers abort of open_ctree() damenly.su
2019-11-20 6:51 ` [PATCH 1/2] btrfs-progs: block group: do not exclude bytenr adjacent to block group Su Yue
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.