search

kdave / btrfs-progs

Development of userspace BTRFS tools
GNU General Public License v2.0
550 stars 241 forks source link

btrfs check -> Seg fault #662

Closed dolorosus closed 12 months ago

dolorosus commented 1 year ago 
root@wyse5070~_#btrfs --version
btrfs-progs v6.3.3
root@wyse5070~[139]_#btrfs check --force /dev/sda2
Opening filesystem to check...
WARNING: filesystem mounted, continuing because of --force
Segmentation fault (core dumped)

Aug 20 12:28:22 wyse5070 kernel: [188926.511465] btrfs[2281254]: segfault at 214 ip 0000561747d578e6 sp 00007ffe213c4f40 error 4 in btrfs.box[561747d44000+c8000] likely on CPU 1 (core 1, socket 0)
Aug 20 12:28:22 wyse5070 kernel: [188926.511511] Code: 01 00 00 20 74 a9 45 89 fd e9 d4 fd ff ff c7 44 24 14 fb ff ff ff e9 0f fe ff ff f3 0f 1e fa 41 56 41 55 41 54 55 53 48 89 f3 <44> 8b b7 14 02 00 00 44 89 f0 48 39 f0 77 12 48 89 cd 45 89 c4 4d
dolorosus commented 1 year ago

It fails in every case:

#btrfs --version
btrfs-progs v6.5.2
#btrfs check  /dev/sda3
Opening filesystem to check...
Segmentation fault

It makes me doubt the reliability of the file system, if the verification is already broken.

adam900710 commented 12 months ago

Any gdb backtrace output?

dolorosus commented 12 months ago

Sorry, I forgot... ...since I could reproduce it on two different machines (arm64 and x64), I assumed it would be reproducible

(gdb) r check /dev/sda3
Starting program: /usr/local/bin/btrfs check /dev/sda3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".
Opening filesystem to check...

Program received signal SIGSEGV, Segmentation fault.
0x00000055555a58e4 in blk_file_in_dev_list (file=0x5555692a48 "/dev/sda3", fs_devices=0x55556926b0) at common/open-utils.c:48
48                      if((ret = is_same_loop_file(device->name, file)))
(gdb) bt
#0  0x00000055555a58e4 in blk_file_in_dev_list (file=0x5555692a48 "/dev/sda3", fs_devices=0x55556926b0) at common/open-utils.c:48
#1  check_mounted_where (fd=fd@entry=3, file=file@entry=0x7ffffff7cd "/dev/sda3", where=where@entry=0x0, size=size@entry=0, fs_dev_ret=fs_dev_ret@entry=0x0,
    sbflags=sbflags@entry=0, noscan=noscan@entry=false) at common/open-utils.c:87
#2  0x00000055555a59dc in check_mounted (file=0x7ffffff7cd "/dev/sda3") at common/open-utils.c:138
#3  0x00000055555e39bc in cmd_check (cmd=0x5555687d08 <cmd_struct_check>, argc=<optimized out>, argv=0x7ffffff540) at check/main.c:10175
#4  0x000000555556be28 in cmd_execute (argv=0x7ffffff540, argc=2, cmd=0x5555687d08 <cmd_struct_check>) at cmds/commands.h:125
#5  main (argc=2, argv=0x7ffffff540) at btrfs.c:449
 41          static int blk_file_in_dev_list(struct btrfs_fs_devices* fs_devices,                                                                                    │
│   42                          const char* file)                                                                                                                       │
│   43          {                                                                                                                                                       │
│   44                  int ret;                                                                                                                                        │
│   45                  struct btrfs_device *device;                                                                                                                    │
│   46                                                                                                                                                                  │
│   47                  list_for_each_entry(device, &fs_devices->devices, dev_list) {                                                                                   │
│  >48                          if((ret = is_same_loop_file(device->name, file)))                                                                                       │
│   49                                  return ret;                                                                                                                     │
│   50                  }                                                                                                                                               │
│   51                                                                                                                                                                  │
│   52                  return 0;
adam900710 commented 12 months ago

Unfortunately I tried to reproduce it with exactly v6.3.3 and failed to reproduce on a mounted LVM LV.

The same for all the newer progs.

Mind to print fs_devices->device and device?

The crash site is a little weird, unless fs_devices->devices is uninitialized, we should get a proper device pointer. Even if device->name is NULL, it should not crash here.

dolorosus commented 12 months ago

Ok, after inserting the print statement and recompile of open-utils.c I can't reproduce the error either...