From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9660E175A6E for ; Sat, 25 Apr 2026 06:12:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.43 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777097542; cv=none; b=VDrMLTsoWV5w2JtJtQynf+ktd568/yOGKkGaDjnEIsCqAFU4lMWEtkl5DaVTqoGmi1M8DBy8G0cZ+UKeYGjeP0NUa3ZFWrIrck+gNXfXBfySIaatU4zQJsYbtIgvkYyvsVm0qTdqluhGYYcrnZpeF+GSUy6nOaQhaNVWWE5SBGw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777097542; c=relaxed/simple; bh=/wWtL0skc+jocbWBnB+4tk9CxINY9JdBlAvMnz1/jXY=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=IuXG1lpGzPYYQBFagxWb1bIqwYG9FnZrCgt5y3pKD/aLS/apNzYUfVrRvf08uqceaODIswMlZjwcf6pfa3y/UzKb80JzbPC7Sw7zpXV+baDZQJD2QH3IdjhLjMBoQqxRxoL703ybbsyIN4ASxH8aIAZSEzjf1BOQYoADdtv+0h8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=SwnxDyRs; arc=none smtp.client-ip=209.85.128.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="SwnxDyRs" Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4893940bb5eso41593525e9.3 for ; Fri, 24 Apr 2026 23:12:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777097539; x=1777702339; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=/Jwf2N1SytLwNqUr8+wWQIFhO6KrcsoB/C3ok2ZTXRU=; b=SwnxDyRsnsLM5agWjm8fGgYnk3Zu67y58WgRcnx8/arp5teyDz+X7PB3axXHA//9Hq 7+CbdeDUdt3Mb2oVEdBLehhIJhpOx4WNcJBIxqu4QeY+sLVx/UvvApyih+/PgdxXTJGr F5lvHTs0aIVBLCUYC2LQiKCHAX8lYtO1A9QHTNTgcEOOdjad5xnGMaYDSSwgMhDfvq1Z 1Mli37SEz3TpSP6IzUQ2tIF3btNnRFLFZD+mu3Ia74lBQi2gijG/M1gjf1ch1NihZHZl 8B6qHUCPOhKKQuOBX/rOgWZLHtho39+gxucgpLGXmxF5miCFoXGcX2PqmH/j6E0gpsQ3 sK/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777097539; x=1777702339; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=/Jwf2N1SytLwNqUr8+wWQIFhO6KrcsoB/C3ok2ZTXRU=; b=SiON6pef24mQ53xhnV8u2eUja5u9soN9yKIrtLB/Cy//pILhGigU/rXkVcdoGrqMrh 50mFZklkHFYvvDs/syJH5OzszOkRNULc6ncVWQxg1Y7Vv5Dg5f64MftgzOy+HK8HyDaR OQN1HS3bQRbHpIiAkfvljlb8HHaZyaAaHfwhlfeo5ZGw9ZFAt5Vv61rhABEZHyELrWpK htwZwylUR0t7kJ3GZf8j5sBkkjoiNnPxcEMPo5ipneMfzF8k4dtjIZAODznaV7n4VGbV VwaGDoFmZqaLOhlII5esKhyoJtD0AFm49qOOcYg/QSHryiBP0OGxZ2YlGAqUOL84avgU oviA== X-Forwarded-Encrypted: i=1; AFNElJ8npF1W4ZdWejQZXJ1P+VJMAdwmODT2/8SBegFx1gcp9FVmOgz/zpz75vCj4kt/Th74kpKTh/rHknaNq9o=@vger.kernel.org X-Gm-Message-State: AOJu0Yz50OoYthUYkaHt2GXDkfehhnAPr7/INMYx6E1noswG0eXWrHxj OOiuhtbqW8z8Swp6uTShy0JoUsHHEFdDVN8bu/qonB2xTmYuy0nbLDoo X-Gm-Gg: AeBDietXqC1zxgWxvNnx0STrZ9mYdT1DHr19O7/XJTF9kYLd5lduacGVUNggQEnZZrq +cVv0QFFIeSvFuhlMASGWmVU6ojEoBElNd3g1a0+ywwifloMXCuSmYaQ7ZPVIVyoZT0AK0FQ3hO ++K3IFv+aLjT2QJOLSGSuafVDQWusISV2v1ztap1FdUhm8VKky3aO2pyyzovFTEnqWUWiYaxAJg TnbGAuJntGf0zW08eGHM3YRNGkELZoVXkhTE3JPpSM9Gnh5Pj6L0ALU3x9I13caa4ZC2r8N8UI+ zPnDOVAlMn04HAdPq0rhY0Xja/Zqy0ZF1DJCT1qZ0PlHnu+QSB41mQWhGhD8q/DRSgt1QVTdM7l gPPIlfa5tvDzeQC+t3NYL28e2B2QlAJsz+dUi7fT1M2RFD/YaQY+fLzEH0kIysViBGCih2BPj1a dnGygvirhbpcPO5CFXAfkj4lCWHUzjYLVh X-Received: by 2002:a05:600c:4f8c:b0:48a:58ae:993b with SMTP id 5b1f17b1804b1-48a58ae9faemr276643335e9.16.1777097538678; Fri, 24 Apr 2026 23:12:18 -0700 (PDT) Received: from localhost ([145.40.214.139]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a5aa3ae83sm467290965e9.12.2026.04.24.23.12.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Apr 2026 23:12:18 -0700 (PDT) From: Teng Liu <27rabbitlt@gmail.com> To: linux-btrfs@vger.kernel.org Cc: dsterba@suse.com, clm@fb.com, linux-kernel@vger.kernel.org, Teng Liu <27rabbitlt@gmail.com>, syzbot+3e20d8f3d41bac5dc9a2@syzkaller.appspotmail.com Subject: [PATCH] btrfs: replace BUG_ON() with error return in get_new_location() Date: Sat, 25 Apr 2026 08:10:46 +0200 Message-ID: <20260425061214.235982-1-27rabbitlt@gmail.com> X-Mailer: git-send-email 2.54.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit In get_new_location(), BUG_ON() crashes the kernel if the looked up file extent item has any of offset, compression, encryption, or other encoding set. While entries created by the relocation code itself are not expected to have these fields set, the values come from on-disk data and a malformed file system can reach this code with non-zero values, panicking the kernel during a balance operation. Replace the BUG_ON() with a return of -EUCLEAN, the established error code in fs/btrfs/relocation.c for filesystem corruption. The caller in replace_file_extents() already handles errors from get_new_location() by breaking out of the loop without aborting the transaction so no caller changes are needed. Reported-by: syzbot+3e20d8f3d41bac5dc9a2@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3e20d8f3d41bac5dc9a2 Signed-off-by: Teng Liu <27rabbitlt@gmail.com> --- fs/btrfs/relocation.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index 1c42c5180bdd..ce751c35945f 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -835,10 +835,11 @@ static int get_new_location(struct inode *reloc_inode, u64 *new_bytenr, fi = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_file_extent_item); - BUG_ON(btrfs_file_extent_offset(leaf, fi) || - btrfs_file_extent_compression(leaf, fi) || - btrfs_file_extent_encryption(leaf, fi) || - btrfs_file_extent_other_encoding(leaf, fi)); + if (unlikely(btrfs_file_extent_offset(leaf, fi) || + btrfs_file_extent_compression(leaf, fi) || + btrfs_file_extent_encryption(leaf, fi) || + btrfs_file_extent_other_encoding(leaf, fi))) + return -EUCLEAN; if (num_bytes != btrfs_file_extent_disk_num_bytes(leaf, fi)) return -EINVAL; -- 2.54.0