On 27/8/24 8:13 am, Qu Wenruo wrote:
[BUG] There is a bug report that, KASAN get triggered when: - A read bio needs to be split This can happen for profiles with stripes, including RAID0/RAID10/RAID5/RAID6. - An error happens before submitting the new split bio This includes: * chunk map lookup failure * data csum lookup failure Then during the error path of btrfs_submit_chunk(), the original bio is fully freed before submitted range has a chance to call its endio function, resulting a use-after-free bug. [NEW TEST CASE] Introduce a new test case to verify the specific behavior by: - Create a btrfs with enough csum leaves with data RAID0 profile To bump the csum tree level, use the minimal nodesize possible (4K). Writing 32M data which needs at least 8 leaves for data checksum RAID0 profile ensures the data read bios will get split. - Find the last csum tree leave and corrupt it - Read the data many times until we trigger the bug or exit gracefully With an x86_64 VM with KASAN enabled, it can trigger the KASAN report in just 4 iterations (the default iteration number is 32). Signed-off-by: Qu Wenruo <wqu@xxxxxxxx> --- Changelog: v3: - Remove the unrelated btrfs/125 references There is nothing specific to RAID56, it's just a coincident that btrfs/125 leads us to the bug. Since we have a more comprehensive understanding of the bug, there is no need to mention it at all. - More grammar fixes - Use proper _check_btrfs_raid_type() to verify raid0 support - Update the title to be more specific about the test case - Renumber to btrfs/321 to avoid conflicts with an new test case - Remove unnecessary 'sync' which is followed by unmount - Use full subcommand name "inspect-internal" - Explain why we want to fail early if hitting the bug - Remove unnecessary `_require_scratch` which is duplicated to `_require_scratch_nocheck`
looks good Reviewed-by: Anand Jain <anand.jain@xxxxxxxxxx> Thx. Anand
