[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAG-Bmoc9NVTZgOTGTsngKCw2mCankPvwz8ywExNzFiij+2sGQA@mail.gmail.com>
Date: Wed, 4 Sep 2024 21:20:02 +0530
From: Ghanshyam Agrawal <ghanshyam1898@...il.com>
To: Qu Wenruo <quwenruo.btrfs@....com>
Cc: clm@...com, josef@...icpanda.com, dsterba@...e.com,
linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
syzbot+9c3e0cdfbfe351b0bc0e@...kaller.appspotmail.com
Subject: Re: [PATCH] btrfs: Added null check to extent_root variable
On Wed, Sep 4, 2024 at 11:21 AM Qu Wenruo <quwenruo.btrfs@....com> wrote:
>
>
>
> 在 2024/9/4 12:07, Ghanshyam Agrawal 写道:
> > Reported-by: syzbot+9c3e0cdfbfe351b0bc0e@...kaller.appspotmail.com
> > Closes:https://syzkaller.appspot.com/bug?extid=9c3e0cdfbfe351b0bc0e
> > Signed-off-by: Ghanshyam Agrawal <ghanshyam1898@...il.com>
> > ---
> > fs/btrfs/ref-verify.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/fs/btrfs/ref-verify.c b/fs/btrfs/ref-verify.c
> > index 9522a8b79d22..4e98ddf5e8df 100644
> > --- a/fs/btrfs/ref-verify.c
> > +++ b/fs/btrfs/ref-verify.c
> > @@ -1002,6 +1002,9 @@ int btrfs_build_ref_tree(struct btrfs_fs_info *fs_info)
> > return -ENOMEM;
> >
> > extent_root = btrfs_extent_root(fs_info, 0);
> > + if (!extent_root)
> > + return -EIO;
> > +
>
> Can you reproduce the original bug and are sure it's an NULL extent tree
> causing the problem?
The original bug can be reproduced using the c program provided by syzkaller
https://syzkaller.appspot.com/bug?extid=9c3e0cdfbfe351b0bc0e
>
> At least a quick glance into the console output shows there is no
> special handling like rescue=ibadroots to ignore extent root, nor any
> obvious corruption in the extent tree.
I don't have a deep knowledge of filesystems and am unable to
understand this. If you believe I should try to understand this part
for working on this particular bug, please let me know. I will try to
understand this.
>
> If extent root is really empty, we should error out way earlier.
Upon studying the function call sequence, I found out that the
variable extent_root is read for the first time at btrfs_root_node
in fs/btrfs/ctree.c, "eb = rcu_dereference(root->node);" where "root"
is the extent_root. This is where we get a null pointer error.
>
> Mind to explain the crash with more details?
I have answered your questions individually. If any other details are
needed, please let me know.
>
> Thanks,
> Qu
>
> > eb = btrfs_read_lock_root_node(extent_root);
> > level = btrfs_header_level(eb);
> > path->nodes[level] = eb;
Thank you very much for reviewing my patch. I look forward to hearing
back from you.
Thanks & Regards,
Ghanshyam Agrawal
Powered by blists - more mailing lists