Re: btrfs oops while mounting fuzzed btrfs image

linux-btrfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Eric Sandeen <sandeen@redhat.com>
To: bo.li.liu@oracle.com, Eryu Guan <guaneryu@gmail.com>
Cc: linux-btrfs@vger.kernel.org
Subject: Re: btrfs oops while mounting fuzzed btrfs image
Date: Thu, 05 Mar 2015 10:03:54 -0600	[thread overview]
Message-ID: <54F87E6A.9090401@redhat.com> (raw)
In-Reply-To: <20150305094611.GA4147@localhost.localdomain>

On 3/5/15 3:46 AM, Liu Bo wrote:
> On Thu, Mar 05, 2015 at 03:09:33PM +0800, Eryu Guan wrote:
>> Hi,
>>
>> I was testing btrfs with fsfuzzer and encountered a divide error on
>> mount, kernel version 3.19 and 4.0-rc1.
>>
>> I found a similar bug on kernel bugzilla
>>
>> https://bugzilla.kernel.org/show_bug.cgi?id=88611
>>
>> Please find the fuzzed btrfs image in the buzilla, and the following
>> command will reproduce:
>>
>> mount -o loop btrfs.img /mnt/btrfs
> 
> A divide by 0 oops.
> 
> My printk shows that a raid56 chunk has a negative map->length, so we need to find out
> how fsfuzzer made that.  Can you share your script so that we can
> reproduce the oops?

All you need to reproduce the oops is the image Eryu provided.

fsfuzzer intentionally damages the filesystem, simulating what might happen
if hardware goes bad, disks fail, admins dd to the wrong disk, memory corrupts,
bugs happen, etc.

The point is that filesystems need to be robust in the face of unexpected data
on the disk, and Eryu has uncovered a case where btrfs is not.  :)

-Eric

     prev parent reply	other threads:[~2015-03-05 16:04 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-05  7:09 btrfs oops while mounting fuzzed btrfs image Eryu Guan
2015-03-05  9:46 ` Liu Bo
2015-03-05 10:13   ` Eryu Guan
2015-03-05 10:27     ` Liu Bo
2015-03-06  1:56       ` Qu Wenruo
2015-03-06 10:01         ` Omar Sandoval
2015-03-06 15:46           ` Eric Sandeen
2015-03-09  0:48             ` Qu Wenruo
2015-03-09 15:38           ` David Sterba
2015-03-05 16:03   ` Eric Sandeen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=54F87E6A.9090401@redhat.com \
    --to=sandeen@redhat.com \
    --cc=bo.li.liu@oracle.com \
    --cc=guaneryu@gmail.com \
    --cc=linux-btrfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).