lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240904174630.GP26776@twin.jikos.cz>
Date: Wed, 4 Sep 2024 19:46:30 +0200
From: David Sterba <dsterba@...e.cz>
To: Qu Wenruo <quwenruo.btrfs@....com>
Cc: Ghanshyam Agrawal <ghanshyam1898@...il.com>, clm@...com,
	josef@...icpanda.com, dsterba@...e.com, linux-btrfs@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	syzbot+9c3e0cdfbfe351b0bc0e@...kaller.appspotmail.com
Subject: Re: [PATCH] btrfs: Added null check to extent_root variable

On Wed, Sep 04, 2024 at 03:21:34PM +0930, Qu Wenruo wrote:
> 
> 
> 在 2024/9/4 12:07, Ghanshyam Agrawal 写道:
> > Reported-by: syzbot+9c3e0cdfbfe351b0bc0e@...kaller.appspotmail.com
> > Closes:https://syzkaller.appspot.com/bug?extid=9c3e0cdfbfe351b0bc0e
> > Signed-off-by: Ghanshyam Agrawal <ghanshyam1898@...il.com>
> > ---
> >   fs/btrfs/ref-verify.c | 3 +++
> >   1 file changed, 3 insertions(+)
> >
> > diff --git a/fs/btrfs/ref-verify.c b/fs/btrfs/ref-verify.c
> > index 9522a8b79d22..4e98ddf5e8df 100644
> > --- a/fs/btrfs/ref-verify.c
> > +++ b/fs/btrfs/ref-verify.c
> > @@ -1002,6 +1002,9 @@ int btrfs_build_ref_tree(struct btrfs_fs_info *fs_info)
> >   		return -ENOMEM;
> >
> >   	extent_root = btrfs_extent_root(fs_info, 0);
> > +	if (!extent_root)
> > +		return -EIO;
> > +
> 
> Can you reproduce the original bug and are sure it's an NULL extent tree
> causing the problem?
> 
> At least a quick glance into the console output shows there is no
> special handling like rescue=ibadroots to ignore extent root, nor any
> obvious corruption in the extent tree.
> 
> If extent root is really empty, we should error out way earlier.
> 
> Mind to explain the crash with more details?

In the stack trace it looks the ref-verify mount option is enabled, I
don't think we've tested that in combination with the rescue options as
ref-verify is a debugging tool, must be built in config (by default is
not and is not on distro configs).

We should fix the bug where it crashes when run in syzkaller so we can
allow it to continue coverage but otherwise I wouldn't put too much
effort into that. I.e. if we can do a simple fallback and exit gracefully
and not try to continue ref-verify + missint extent (or other trees).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ