BUG_ON num_stripes == 0 triggered in ctree.h
#208
Labels
Comments
adam900710
added a commit
to adam900710/btrfs-progs
that referenced
this issue
Dec 17, 2019
[BUG] For one fuzzed image, `btrfs check` both modes will trigger a BUG_ON(): Opening filesystem to check... Checking filesystem on issue_208.raw UUID: 99e50868-0bda-4d89-b0e4-7e8560312ef9 [1/7] checking root items [2/7] checking extents ctree.h:320: btrfs_chunk_item_size: BUG_ON `num_stripes == 0` triggered, value 1 btrfs(+0x2f712)[0x55829afa6712] btrfs(+0x322e5)[0x55829afa92e5] btrfs(+0x6892a)[0x55829afdf92a] btrfs(+0x69099)[0x55829afe0099] btrfs(+0x69c68)[0x55829afe0c68] btrfs(+0x6dc27)[0x55829afe4c27] btrfs(main+0x94)[0x55829af8b0c4] /usr/lib/libc.so.6(__libc_start_main+0xf3)[0x7f3edc715ee3] btrfs(_start+0x2e)[0x55829af8b35e] [CAUSE] The fuzzed image has an invalid chunk item in chunk tree: item 1 key (FIRST_CHUNK_TREE CHUNK_ITEM 13631488) itemoff 16105 itemsize 80 invalid num_stripes: 0 Which triggers that BUG_ON(). [FIX] Here we enhance the verification of btrfs_check_chunk_valid(), to check the num_stripes and item size. Issue: kdave#208 Signed-off-by: Qu Wenruo <wqu@suse.com>
adam900710
added a commit
to adam900710/btrfs-progs
that referenced
this issue
Dec 17, 2019
[BUG] For one fuzzed image, `btrfs check` both modes will trigger a BUG_ON(): Opening filesystem to check... Checking filesystem on issue_208.raw UUID: 99e50868-0bda-4d89-b0e4-7e8560312ef9 [1/7] checking root items [2/7] checking extents ctree.h:320: btrfs_chunk_item_size: BUG_ON `num_stripes == 0` triggered, value 1 btrfs(+0x2f712)[0x55829afa6712] btrfs(+0x322e5)[0x55829afa92e5] btrfs(+0x6892a)[0x55829afdf92a] btrfs(+0x69099)[0x55829afe0099] btrfs(+0x69c68)[0x55829afe0c68] btrfs(+0x6dc27)[0x55829afe4c27] btrfs(main+0x94)[0x55829af8b0c4] /usr/lib/libc.so.6(__libc_start_main+0xf3)[0x7f3edc715ee3] btrfs(_start+0x2e)[0x55829af8b35e] [CAUSE] The fuzzed image has an invalid chunk item in chunk tree: item 1 key (FIRST_CHUNK_TREE CHUNK_ITEM 13631488) itemoff 16105 itemsize 80 invalid num_stripes: 0 Which triggers that BUG_ON(). [FIX] Here we enhance the verification of btrfs_check_chunk_valid(), to check the num_stripes and item size. Issue: kdave#208 Signed-off-by: Qu Wenruo <wqu@suse.com>
kdave
pushed a commit
that referenced
this issue
Jan 2, 2020
[BUG] For one fuzzed image, `btrfs check` both modes will trigger a BUG_ON(): Opening filesystem to check... Checking filesystem on issue_208.raw UUID: 99e50868-0bda-4d89-b0e4-7e8560312ef9 [1/7] checking root items [2/7] checking extents ctree.h:320: btrfs_chunk_item_size: BUG_ON `num_stripes == 0` triggered, value 1 btrfs(+0x2f712)[0x55829afa6712] btrfs(+0x322e5)[0x55829afa92e5] btrfs(+0x6892a)[0x55829afdf92a] btrfs(+0x69099)[0x55829afe0099] btrfs(+0x69c68)[0x55829afe0c68] btrfs(+0x6dc27)[0x55829afe4c27] btrfs(main+0x94)[0x55829af8b0c4] /usr/lib/libc.so.6(__libc_start_main+0xf3)[0x7f3edc715ee3] btrfs(_start+0x2e)[0x55829af8b35e] [CAUSE] The fuzzed image has an invalid chunk item in chunk tree: item 1 key (FIRST_CHUNK_TREE CHUNK_ITEM 13631488) itemoff 16105 itemsize 80 invalid num_stripes: 0 Which triggers that BUG_ON(). [FIX] Here we enhance the verification of btrfs_check_chunk_valid(), to check the num_stripes and item size. Issue: #208 Signed-off-by: Qu Wenruo <wqu@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
kdave
pushed a commit
that referenced
this issue
Jan 9, 2020
[BUG] For one fuzzed image, `btrfs check` both modes will trigger a BUG_ON(): Opening filesystem to check... Checking filesystem on issue_208.raw UUID: 99e50868-0bda-4d89-b0e4-7e8560312ef9 [1/7] checking root items [2/7] checking extents ctree.h:320: btrfs_chunk_item_size: BUG_ON `num_stripes == 0` triggered, value 1 btrfs(+0x2f712)[0x55829afa6712] btrfs(+0x322e5)[0x55829afa92e5] btrfs(+0x6892a)[0x55829afdf92a] btrfs(+0x69099)[0x55829afe0099] btrfs(+0x69c68)[0x55829afe0c68] btrfs(+0x6dc27)[0x55829afe4c27] btrfs(main+0x94)[0x55829af8b0c4] /usr/lib/libc.so.6(__libc_start_main+0xf3)[0x7f3edc715ee3] btrfs(_start+0x2e)[0x55829af8b35e] [CAUSE] The fuzzed image has an invalid chunk item in chunk tree: item 1 key (FIRST_CHUNK_TREE CHUNK_ITEM 13631488) itemoff 16105 itemsize 80 invalid num_stripes: 0 Which triggers that BUG_ON(). [FIX] Here we enhance the verification of btrfs_check_chunk_valid(), to check the num_stripes and item size. Issue: #208 Signed-off-by: Qu Wenruo <wqu@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
|
@adam900710 as the patch was merged, can we close this bug? |
|
Sure, please close the report. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Running
btrfs checkon the attached minimal file system causes the following:Tested versions:
Data to reproduce:
The text was updated successfully, but these errors were encountered: