* [PATCH 0/2] Simple two patches for tree checker
@ 2022-01-21 9:33 Su Yue
2022-01-21 9:33 ` [PATCH 1/2] btrfs: tree-checker: check item_size for inode_item Su Yue
` (2 more replies)
0 siblings, 3 replies; 13+ messages in thread
From: Su Yue @ 2022-01-21 9:33 UTC (permalink / raw)
To: linux-btrfs; +Cc: l
Two commits for enhancing tree checker to reject the img from
https://bugzilla.kernel.org/show_bug.cgi?id=215299.
Su Yue (2):
btrfs: tree-checker: check item_size for inode_item
btrfs: tree-checker: check item_size for dev_item
fs/btrfs/tree-checker.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--
2.34.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/2] btrfs: tree-checker: check item_size for inode_item
2022-01-21 9:33 [PATCH 0/2] Simple two patches for tree checker Su Yue
@ 2022-01-21 9:33 ` Su Yue
2022-01-21 9:33 ` [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item Su Yue
2022-01-24 15:44 ` [PATCH 0/2] Simple two patches for tree checker David Sterba
2 siblings, 0 replies; 13+ messages in thread
From: Su Yue @ 2022-01-21 9:33 UTC (permalink / raw)
To: linux-btrfs; +Cc: l, Wenqing Liu
while mounting the crafted image, out-of-bounds access happens:
=======================================================================
[ 350.429619] UBSAN: array-index-out-of-bounds in fs/btrfs/struct-funcs.c:161:1
[ 350.429636] index 1048096 is out of range for type 'page *[16]'
[ 350.429650] CPU: 0 PID: 9 Comm: kworker/u8:1 Not tainted 5.16.0-rc4 #1
[ 350.429652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[ 350.429653] Workqueue: btrfs-endio-meta btrfs_work_helper [btrfs]
[ 350.429772] Call Trace:
[ 350.429774] <TASK>
[ 350.429776] dump_stack_lvl+0x47/0x5c
[ 350.429780] ubsan_epilogue+0x5/0x50
[ 350.429786] __ubsan_handle_out_of_bounds+0x66/0x70
[ 350.429791] btrfs_get_16+0xfd/0x120 [btrfs]
[ 350.429832] check_leaf+0x754/0x1a40 [btrfs]
[ 350.429874] ? filemap_read+0x34a/0x390
[ 350.429878] ? load_balance+0x175/0xfc0
[ 350.429881] validate_extent_buffer+0x244/0x310 [btrfs]
[ 350.429911] btrfs_validate_metadata_buffer+0xf8/0x100 [btrfs]
[ 350.429935] end_bio_extent_readpage+0x3af/0x850 [btrfs]
[ 350.429969] ? newidle_balance+0x259/0x480
[ 350.429972] end_workqueue_fn+0x29/0x40 [btrfs]
[ 350.429995] btrfs_work_helper+0x71/0x330 [btrfs]
[ 350.430030] ? __schedule+0x2fb/0xa40
[ 350.430033] process_one_work+0x1f6/0x400
[ 350.430035] ? process_one_work+0x400/0x400
[ 350.430036] worker_thread+0x2d/0x3d0
[ 350.430037] ? process_one_work+0x400/0x400
[ 350.430038] kthread+0x165/0x190
[ 350.430041] ? set_kthread_struct+0x40/0x40
[ 350.430043] ret_from_fork+0x1f/0x30
[ 350.430047] </TASK>
[ 350.430077] BTRFS warning (device loop0): bad eb member start: ptr 0xffe20f4e start 20975616 member offset 4293005178 size 2
=======================================================================
check_leaf() is checking the leaf:
========================================================================
corrupt leaf: root=4 block=29396992 slot=1, bad key order, prev (16140901064495857664 1 0) current (1 204 12582912)
leaf 29396992 items 6 free space 3565 generation 6 owner DEV_TREE
leaf 29396992 flags 0x1(WRITTEN) backref revision 1
fs uuid a62e00e8-e94e-4200-8217-12444de93c2e
chunk uuid cecbd0f7-9ca0-441e-ae9f-f782f9732bd8
item 0 key (16140901064495857664 INODE_ITEM 0) itemoff 3955 itemsize 40
generation 0 transid 0 size 0 nbytes 17592186044416
block group 0 mode 52667 links 33 uid 0 gid 2104132511 rdev 94223634821136
sequence 100305 flags 0x2409000(none)
atime 0.0 (1970-01-01 08:00:00)
ctime 2973280098083405823.4294967295 (-269783007-01-01 21:37:03)
mtime 18446744071572723616.4026825121 (1902-04-16 12:40:00)
otime 9249929404488876031.4294967295 (622322949-04-16 04:25:58)
item 1 key (1 DEV_EXTENT 12582912) itemoff 3907 itemsize 48
dev extent chunk_tree 3
chunk_objectid 256 chunk_offset 12582912 length 8388608
chunk_tree_uuid cecbd0f7-9ca0-441e-ae9f-f782f9732bd8
========================================================================
The corrupted leaf of device tree has an inode item. The leaf passed
checksum and others checks in validate_extent_buffer until check_leaf_item().
Because of the key type BTRFS_INODE_ITEM, check_inode_item() is called even we
are in the device tree. Since the
item offset + sizeof(struct btrfs_inode_item) > eb->len, out-of-bounds access
is triggered.
The item end vs leaf boundary check has been done before
check_leaf_item(), so fix it by checking item size in check_inode_item()
before access of the inode item in extent buffer.
Other check functions except check_dev_item() in check_leaf_item()
has their item size checks.
The commit for check_dev_item() is followed.
No regression observed during running xfstests.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215299
Cc: Wenqing Liu <wenqingliu0120@gmail.com>
Signed-off-by: Su Yue <l@damenly.su>
---
fs/btrfs/tree-checker.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 72e1c942197d..2978fc89c093 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -1007,6 +1007,7 @@ static int check_inode_item(struct extent_buffer *leaf,
struct btrfs_inode_item *iitem;
u64 super_gen = btrfs_super_generation(fs_info->super_copy);
u32 valid_mask = (S_IFMT | S_ISUID | S_ISGID | S_ISVTX | 0777);
+ u32 item_size = btrfs_item_size(leaf, slot);
u32 mode;
int ret;
u32 flags;
@@ -1016,6 +1017,12 @@ static int check_inode_item(struct extent_buffer *leaf,
if (unlikely(ret < 0))
return ret;
+ if (unlikely(item_size != sizeof(*iitem))) {
+ generic_err(leaf, slot, "invalid item size: has=%u expect=%zu",
+ item_size, sizeof(*iitem));
+ return -EUCLEAN;
+ }
+
iitem = btrfs_item_ptr(leaf, slot, struct btrfs_inode_item);
/* Here we use super block generation + 1 to handle log tree */
--
2.34.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-01-21 9:33 [PATCH 0/2] Simple two patches for tree checker Su Yue
2022-01-21 9:33 ` [PATCH 1/2] btrfs: tree-checker: check item_size for inode_item Su Yue
@ 2022-01-21 9:33 ` Su Yue
2022-02-05 3:13 ` Wang Yugui
2022-01-24 15:44 ` [PATCH 0/2] Simple two patches for tree checker David Sterba
2 siblings, 1 reply; 13+ messages in thread
From: Su Yue @ 2022-01-21 9:33 UTC (permalink / raw)
To: linux-btrfs; +Cc: l
Check item size before accessing the device item to avoid out of bound
access.
Signed-off-by: Su Yue <l@damenly.su>
---
fs/btrfs/tree-checker.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 2978fc89c093..87fff4345977 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -965,6 +965,7 @@ static int check_dev_item(struct extent_buffer *leaf,
struct btrfs_key *key, int slot)
{
struct btrfs_dev_item *ditem;
+ u32 item_size = btrfs_item_size(leaf, slot);
if (unlikely(key->objectid != BTRFS_DEV_ITEMS_OBJECTID)) {
dev_item_err(leaf, slot,
@@ -972,6 +973,13 @@ static int check_dev_item(struct extent_buffer *leaf,
key->objectid, BTRFS_DEV_ITEMS_OBJECTID);
return -EUCLEAN;
}
+
+ if (unlikely(item_size != sizeof(*ditem))) {
+ dev_item_err(leaf, slot, "invalid item size: has=%u expect=%zu",
+ item_size, sizeof(*ditem));
+ return -EUCLEAN;
+ }
+
ditem = btrfs_item_ptr(leaf, slot, struct btrfs_dev_item);
if (unlikely(btrfs_device_id(leaf, ditem) != key->offset)) {
dev_item_err(leaf, slot,
--
2.34.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 0/2] Simple two patches for tree checker
2022-01-21 9:33 [PATCH 0/2] Simple two patches for tree checker Su Yue
2022-01-21 9:33 ` [PATCH 1/2] btrfs: tree-checker: check item_size for inode_item Su Yue
2022-01-21 9:33 ` [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item Su Yue
@ 2022-01-24 15:44 ` David Sterba
2022-02-18 15:13 ` Su Yue
2 siblings, 1 reply; 13+ messages in thread
From: David Sterba @ 2022-01-24 15:44 UTC (permalink / raw)
To: Su Yue; +Cc: linux-btrfs
On Fri, Jan 21, 2022 at 05:33:33PM +0800, Su Yue wrote:
> Two commits for enhancing tree checker to reject the img from
> https://bugzilla.kernel.org/show_bug.cgi?id=215299.
>
> Su Yue (2):
> btrfs: tree-checker: check item_size for inode_item
> btrfs: tree-checker: check item_size for dev_item
Nice, added to misc-next, thanks. I'll update and close the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-01-21 9:33 ` [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item Su Yue
@ 2022-02-05 3:13 ` Wang Yugui
2022-02-05 4:35 ` Wang Yugui
0 siblings, 1 reply; 13+ messages in thread
From: Wang Yugui @ 2022-02-05 3:13 UTC (permalink / raw)
To: Su Yue; +Cc: linux-btrfs
Hi,
A btrfs filesystem failed to boot with this patch.
corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item size: has 0 expect 98
Any way to fix it online?
Best Regards
Wang Yugui (wangyugui@e16-tech.com)
2022/02/05
> Check item size before accessing the device item to avoid out of bound
> access.
>
> Signed-off-by: Su Yue <l@damenly.su>
> ---
> fs/btrfs/tree-checker.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
> index 2978fc89c093..87fff4345977 100644
> --- a/fs/btrfs/tree-checker.c
> +++ b/fs/btrfs/tree-checker.c
> @@ -965,6 +965,7 @@ static int check_dev_item(struct extent_buffer *leaf,
> struct btrfs_key *key, int slot)
> {
> struct btrfs_dev_item *ditem;
> + u32 item_size = btrfs_item_size(leaf, slot);
>
> if (unlikely(key->objectid != BTRFS_DEV_ITEMS_OBJECTID)) {
> dev_item_err(leaf, slot,
> @@ -972,6 +973,13 @@ static int check_dev_item(struct extent_buffer *leaf,
> key->objectid, BTRFS_DEV_ITEMS_OBJECTID);
> return -EUCLEAN;
> }
> +
> + if (unlikely(item_size != sizeof(*ditem))) {
> + dev_item_err(leaf, slot, "invalid item size: has=%u expect=%zu",
> + item_size, sizeof(*ditem));
> + return -EUCLEAN;
> + }
> +
> ditem = btrfs_item_ptr(leaf, slot, struct btrfs_dev_item);
> if (unlikely(btrfs_device_id(leaf, ditem) != key->offset)) {
> dev_item_err(leaf, slot,
> --
> 2.34.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 3:13 ` Wang Yugui
@ 2022-02-05 4:35 ` Wang Yugui
2022-02-05 11:15 ` Su Yue
0 siblings, 1 reply; 13+ messages in thread
From: Wang Yugui @ 2022-02-05 4:35 UTC (permalink / raw)
To: Su Yue, linux-btrfs
Hi,
> A btrfs filesystem failed to boot with this patch.
>
> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item size: has 0 expect 98
>
> Any way to fix it online?
This btrfs filesystem is created by centos 7.9 installer (btrfs 4.9?)
about 1 years ago. and then mainly writen by kernel 5.4/5.10/5.15.
Best Regards
Wang Yugui (wangyugui@e16-tech.com)
2022/02/05
>
> > Check item size before accessing the device item to avoid out of bound
> > access.
> >
> > Signed-off-by: Su Yue <l@damenly.su>
> > ---
> > fs/btrfs/tree-checker.c | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
> > diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
> > index 2978fc89c093..87fff4345977 100644
> > --- a/fs/btrfs/tree-checker.c
> > +++ b/fs/btrfs/tree-checker.c
> > @@ -965,6 +965,7 @@ static int check_dev_item(struct extent_buffer *leaf,
> > struct btrfs_key *key, int slot)
> > {
> > struct btrfs_dev_item *ditem;
> > + u32 item_size = btrfs_item_size(leaf, slot);
> >
> > if (unlikely(key->objectid != BTRFS_DEV_ITEMS_OBJECTID)) {
> > dev_item_err(leaf, slot,
> > @@ -972,6 +973,13 @@ static int check_dev_item(struct extent_buffer *leaf,
> > key->objectid, BTRFS_DEV_ITEMS_OBJECTID);
> > return -EUCLEAN;
> > }
> > +
> > + if (unlikely(item_size != sizeof(*ditem))) {
> > + dev_item_err(leaf, slot, "invalid item size: has=%u expect=%zu",
> > + item_size, sizeof(*ditem));
> > + return -EUCLEAN;
> > + }
> > +
> > ditem = btrfs_item_ptr(leaf, slot, struct btrfs_dev_item);
> > if (unlikely(btrfs_device_id(leaf, ditem) != key->offset)) {
> > dev_item_err(leaf, slot,
> > --
> > 2.34.1
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 4:35 ` Wang Yugui
@ 2022-02-05 11:15 ` Su Yue
2022-02-05 12:30 ` Wang Yugui
0 siblings, 1 reply; 13+ messages in thread
From: Su Yue @ 2022-02-05 11:15 UTC (permalink / raw)
To: Wang Yugui; +Cc: linux-btrfs
On Sat 05 Feb 2022 at 12:35, Wang Yugui <wangyugui@e16-tech.com>
wrote:
> Hi,
>
>> A btrfs filesystem failed to boot with this patch.
>>
>> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item
>> size: has 0 expect 98
>>
>> Any way to fix it online?
>
> This btrfs filesystem is created by centos 7.9 installer (btrfs
> 4.9?)
> about 1 years ago. and then mainly writen by kernel
> 5.4/5.10/5.15.
>
Yes, btrfs-progs v4.9 and v3.10 based kernel.
I created a btrfs and it looks fine.
Could please provide output of
btrfs inspect-internal dump-tree $device -t 3
?
You can trim it if the content is too long only leaf 1081344 is
needed.
--
Su
> Best Regards
> Wang Yugui (wangyugui@e16-tech.com)
> 2022/02/05
>
>
>>
>> > Check item size before accessing the device item to avoid out
>> > of bound
>> > access.
>> >
>> > Signed-off-by: Su Yue <l@damenly.su>
>> > ---
>> > fs/btrfs/tree-checker.c | 8 ++++++++
>> > 1 file changed, 8 insertions(+)
>> >
>> > diff --git a/fs/btrfs/tree-checker.c
>> > b/fs/btrfs/tree-checker.c
>> > index 2978fc89c093..87fff4345977 100644
>> > --- a/fs/btrfs/tree-checker.c
>> > +++ b/fs/btrfs/tree-checker.c
>> > @@ -965,6 +965,7 @@ static int check_dev_item(struct
>> > extent_buffer *leaf,
>> > struct btrfs_key *key, int slot)
>> > {
>> > struct btrfs_dev_item *ditem;
>> > + u32 item_size = btrfs_item_size(leaf, slot);
>> >
>> > if (unlikely(key->objectid != BTRFS_DEV_ITEMS_OBJECTID)) {
>> > dev_item_err(leaf, slot,
>> > @@ -972,6 +973,13 @@ static int check_dev_item(struct
>> > extent_buffer *leaf,
>> > key->objectid,
>> > BTRFS_DEV_ITEMS_OBJECTID);
>> > return -EUCLEAN;
>> > }
>> > +
>> > + if (unlikely(item_size != sizeof(*ditem))) {
>> > + dev_item_err(leaf, slot, "invalid item size:
>> > has=%u expect=%zu",
>> > + item_size, sizeof(*ditem));
>> > + return -EUCLEAN;
>> > + }
>> > +
>> > ditem = btrfs_item_ptr(leaf, slot, struct btrfs_dev_item);
>> > if (unlikely(btrfs_device_id(leaf, ditem) != key->offset))
>> > {
>> > dev_item_err(leaf, slot,
>> > --
>> > 2.34.1
>>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 11:15 ` Su Yue
@ 2022-02-05 12:30 ` Wang Yugui
2022-02-05 13:01 ` Qu Wenruo
0 siblings, 1 reply; 13+ messages in thread
From: Wang Yugui @ 2022-02-05 12:30 UTC (permalink / raw)
To: Su Yue; +Cc: linux-btrfs
[-- Attachment #1: Type: text/plain, Size: 1546 bytes --]
Hi,
> >> A btrfs filesystem failed to boot with this patch.
> >>
> >> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item
> >> size: has 0 expect 98
> >>
> >> Any way to fix it online?
> >
> > This btrfs filesystem is created by centos 7.9 installer (btrfs
> > 4.9?)
> > about 1 years ago. and then mainly writen by kernel
> > 5.4/5.10/5.15.
> >
> Yes, btrfs-progs v4.9 and v3.10 based kernel.
> I created a btrfs and it looks fine.
> Could please provide output of
> btrfs inspect-internal dump-tree $device -t 3
> ?
> You can trim it if the content is too long only leaf 1081344 is needed.
Hi,
# btrfs filesystem show /
Label: 'OS_T640' uuid: 73dcce98-8f6b-4ec8-bfac-fa7c7c87409d
Total devices 10 FS bytes used 5.53TiB
devid 1 size 799.00GiB used 332.01GiB path /dev/sda2
devid 2 size 1.75TiB used 741.00GiB path /dev/sdg1
devid 3 size 1.75TiB used 745.00GiB path /dev/sdj1
devid 4 size 1.75TiB used 740.00GiB path /dev/sdi1
devid 5 size 1.75TiB used 745.00GiB path /dev/sdd1
devid 6 size 1.75TiB used 480.00GiB path /dev/sde1
devid 7 size 1.75TiB used 480.00GiB path /dev/sdh1
devid 8 size 1.75TiB used 479.00GiB path /dev/sdc1
devid 9 size 1.75TiB used 480.00GiB path /dev/sdb1
devid 10 size 1.75TiB used 479.00GiB path /dev/sdf1
#btrfs inspect-internal dump-tree /dev/sda2 -t 3 > 3.txt
and then 3.txt is zipped as this attachment file(3.zip)
Best Regards
Wang Yugui (wangyugui@e16-tech.com)
2022/02/05
[-- Attachment #2: 3.zip --]
[-- Type: application/x-zip-compressed, Size: 120280 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 12:30 ` Wang Yugui
@ 2022-02-05 13:01 ` Qu Wenruo
2022-02-05 14:49 ` Wang Yugui
0 siblings, 1 reply; 13+ messages in thread
From: Qu Wenruo @ 2022-02-05 13:01 UTC (permalink / raw)
To: Wang Yugui, Su Yue; +Cc: linux-btrfs
On 2022/2/5 20:30, Wang Yugui wrote:
> Hi,
>
>>>> A btrfs filesystem failed to boot with this patch.
>>>>
>>>> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item
>>>> size: has 0 expect 98
>>>>
>>>> Any way to fix it online?
>>>
>>> This btrfs filesystem is created by centos 7.9 installer (btrfs
>>> 4.9?)
>>> about 1 years ago. and then mainly writen by kernel
>>> 5.4/5.10/5.15.
>>>
>> Yes, btrfs-progs v4.9 and v3.10 based kernel.
>> I created a btrfs and it looks fine.
>> Could please provide output of
>> btrfs inspect-internal dump-tree $device -t 3
>> ?
>> You can trim it if the content is too long only leaf 1081344 is needed.
>
> Hi,
>
> # btrfs filesystem show /
> Label: 'OS_T640' uuid: 73dcce98-8f6b-4ec8-bfac-fa7c7c87409d
> Total devices 10 FS bytes used 5.53TiB
> devid 1 size 799.00GiB used 332.01GiB path /dev/sda2
> devid 2 size 1.75TiB used 741.00GiB path /dev/sdg1
> devid 3 size 1.75TiB used 745.00GiB path /dev/sdj1
> devid 4 size 1.75TiB used 740.00GiB path /dev/sdi1
> devid 5 size 1.75TiB used 745.00GiB path /dev/sdd1
> devid 6 size 1.75TiB used 480.00GiB path /dev/sde1
> devid 7 size 1.75TiB used 480.00GiB path /dev/sdh1
> devid 8 size 1.75TiB used 479.00GiB path /dev/sdc1
> devid 9 size 1.75TiB used 480.00GiB path /dev/sdb1
> devid 10 size 1.75TiB used 479.00GiB path /dev/sdf1
>
> #btrfs inspect-internal dump-tree /dev/sda2 -t 3 > 3.txt
>
> and then 3.txt is zipped as this attachment file(3.zip)
Full dmesg of the boot failure please.
The dump-tree shows the device item is completely sane, it has size 98,
not the value (0) reported from tree-checker.
Thus I don't know why tree-checker is reporting this problem.
Thanks,
Qu
>
> Best Regards
> Wang Yugui (wangyugui@e16-tech.com)
> 2022/02/05
>
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 13:01 ` Qu Wenruo
@ 2022-02-05 14:49 ` Wang Yugui
2022-02-06 12:12 ` Su Yue
0 siblings, 1 reply; 13+ messages in thread
From: Wang Yugui @ 2022-02-05 14:49 UTC (permalink / raw)
To: Qu Wenruo; +Cc: Su Yue, linux-btrfs
[-- Attachment #1: Type: text/plain, Size: 1981 bytes --]
Hi,
> >>>> A btrfs filesystem failed to boot with this patch.
> >>>>
> >>>> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item
> >>>> size: has 0 expect 98
> >>>>
> >>>> Any way to fix it online?
> >>>
> >>> This btrfs filesystem is created by centos 7.9 installer (btrfs
> >>> 4.9?)
> >>> about 1 years ago. and then mainly writen by kernel
> >>> 5.4/5.10/5.15.
> >>>
> >> Yes, btrfs-progs v4.9 and v3.10 based kernel.
> >> I created a btrfs and it looks fine.
> >> Could please provide output of
> >> btrfs inspect-internal dump-tree $device -t 3
> >> ?
> >> You can trim it if the content is too long only leaf 1081344 is needed.
> >
> > Hi,
> >
> > # btrfs filesystem show /
> > Label: 'OS_T640' uuid: 73dcce98-8f6b-4ec8-bfac-fa7c7c87409d
> > Total devices 10 FS bytes used 5.53TiB
> > devid 1 size 799.00GiB used 332.01GiB path /dev/sda2
> > devid 2 size 1.75TiB used 741.00GiB path /dev/sdg1
> > devid 3 size 1.75TiB used 745.00GiB path /dev/sdj1
> > devid 4 size 1.75TiB used 740.00GiB path /dev/sdi1
> > devid 5 size 1.75TiB used 745.00GiB path /dev/sdd1
> > devid 6 size 1.75TiB used 480.00GiB path /dev/sde1
> > devid 7 size 1.75TiB used 480.00GiB path /dev/sdh1
> > devid 8 size 1.75TiB used 479.00GiB path /dev/sdc1
> > devid 9 size 1.75TiB used 480.00GiB path /dev/sdb1
> > devid 10 size 1.75TiB used 479.00GiB path /dev/sdf1
> >
> > #btrfs inspect-internal dump-tree /dev/sda2 -t 3 > 3.txt
> >
> > and then 3.txt is zipped as this attachment file(3.zip)
>
> Full dmesg of the boot failure please.
>
> The dump-tree shows the device item is completely sane, it has size 98,
> not the value (0) reported from tree-checker.
>
> Thus I don't know why tree-checker is reporting this problem.
>
This (attachment file boot.dmesg.txt.zip ) is the full dmesg output
Best Regards
Wang Yugui (wangyugui@e16-tech.com)
2022/02/05
[-- Attachment #2: boot.dmesg.txt.zip --]
[-- Type: application/x-zip-compressed, Size: 27568 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 14:49 ` Wang Yugui
@ 2022-02-06 12:12 ` Su Yue
2022-02-06 15:39 ` Wang Yugui
0 siblings, 1 reply; 13+ messages in thread
From: Su Yue @ 2022-02-06 12:12 UTC (permalink / raw)
To: Wang Yugui; +Cc: Qu Wenruo, linux-btrfs
On Sat 05 Feb 2022 at 22:49, Wang Yugui <wangyugui@e16-tech.com>
wrote:
> Hi,
>
>> >>>> A btrfs filesystem failed to boot with this patch.
>> >>>>
>> >>>> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid
>> >>>> item
>> >>>> size: has 0 expect 98
>> >>>>
>> >>>> Any way to fix it online?
>> >>>
>> >>> This btrfs filesystem is created by centos 7.9 installer
>> >>> (btrfs
>> >>> 4.9?)
>> >>> about 1 years ago. and then mainly writen by kernel
>> >>> 5.4/5.10/5.15.
>> >>>
>> >> Yes, btrfs-progs v4.9 and v3.10 based kernel.
>> >> I created a btrfs and it looks fine.
>> >> Could please provide output of
>> >> btrfs inspect-internal dump-tree $device -t 3
>> >> ?
>> >> You can trim it if the content is too long only leaf 1081344
>> >> is needed.
>> >
>> > Hi,
>> >
>> > # btrfs filesystem show /
>> > Label: 'OS_T640' uuid: 73dcce98-8f6b-4ec8-bfac-fa7c7c87409d
>> > Total devices 10 FS bytes used 5.53TiB
>> > devid 1 size 799.00GiB used 332.01GiB path
>> > /dev/sda2
>> > devid 2 size 1.75TiB used 741.00GiB path
>> > /dev/sdg1
>> > devid 3 size 1.75TiB used 745.00GiB path
>> > /dev/sdj1
>> > devid 4 size 1.75TiB used 740.00GiB path
>> > /dev/sdi1
>> > devid 5 size 1.75TiB used 745.00GiB path
>> > /dev/sdd1
>> > devid 6 size 1.75TiB used 480.00GiB path
>> > /dev/sde1
>> > devid 7 size 1.75TiB used 480.00GiB path
>> > /dev/sdh1
>> > devid 8 size 1.75TiB used 479.00GiB path
>> > /dev/sdc1
>> > devid 9 size 1.75TiB used 480.00GiB path
>> > /dev/sdb1
>> > devid 10 size 1.75TiB used 479.00GiB path
>> > /dev/sdf1
>> >
>> > #btrfs inspect-internal dump-tree /dev/sda2 -t 3 > 3.txt
>> >
>> > and then 3.txt is zipped as this attachment file(3.zip)
>>
>> Full dmesg of the boot failure please.
>>
>> The dump-tree shows the device item is completely sane, it has
>> size 98,
>> not the value (0) reported from tree-checker.
>>
>> Thus I don't know why tree-checker is reporting this problem.
>>
>
> This (attachment file boot.dmesg.txt.zip ) is the full dmesg
> output
>
As Qu suggested to me, would you plase provide output after
apply of the following diff? (It may crash the kernel if there is
*real*
one invalid dev_item).
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 9fd145f1c4bc..5fb981b4b42a 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -25,6 +25,7 @@
#include "volumes.h"
#include "misc.h"
#include "btrfs_inode.h"
+#include "print-tree.h"
/*
* Error message should follow the following format:
@@ -977,6 +978,7 @@ static int check_dev_item(struct extent_buffer
*leaf,
if (unlikely(item_size != sizeof(*ditem))) {
dev_item_err(leaf, slot, "invalid item size: has
%u expect %zu",
item_size, sizeof(*ditem));
+ btrfs_print_leaf(leaf);
return -EUCLEAN;
}
--
Su
> Best Regards
> Wang Yugui (wangyugui@e16-tech.com)
> 2022/02/05
>
> [2. application/x-zip-compressed; boot.dmesg.txt.zip]...
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-06 12:12 ` Su Yue
@ 2022-02-06 15:39 ` Wang Yugui
0 siblings, 0 replies; 13+ messages in thread
From: Wang Yugui @ 2022-02-06 15:39 UTC (permalink / raw)
To: Su Yue; +Cc: Qu Wenruo, linux-btrfs
Hi,
> >> >>>> A btrfs filesystem failed to boot with this patch.
> >> >>>>
> >> >>>> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid
> >> >>>> item
> >> >>>> size: has 0 expect 98
> >> >>>>
> As Qu suggested to me, would you plase provide output after
> apply of the following diff? (It may crash the kernel if there is *real*
> one invalid dev_item).
>
> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
> index 9fd145f1c4bc..5fb981b4b42a 100644
> --- a/fs/btrfs/tree-checker.c
> +++ b/fs/btrfs/tree-checker.c
> @@ -25,6 +25,7 @@
> #include "volumes.h"
> #include "misc.h"
> #include "btrfs_inode.h"
> +#include "print-tree.h"
>
> /*
> * Error message should follow the following format:
> @@ -977,6 +978,7 @@ static int check_dev_item(struct extent_buffer *leaf,
> if (unlikely(item_size != sizeof(*ditem))) {
> dev_item_err(leaf, slot, "invalid item size: has %u expect %zu",
> item_size, sizeof(*ditem));
> + btrfs_print_leaf(leaf);
> return -EUCLEAN;
> }
When I tested this new diag patch, I noticed that I wrongly applied
these 2 patches to 5.15.x.
btrfs-tree-checker-check-item_size-for-inode_item.patch
btrfs-tree-checker-check-item_size-for-dev_item.patch
some depency patches(at least btrfs-drop-the-_nr-from-the-item-helpers.patch,
maybe more) are missed.
In fact, without these depency patches, there are some build warning,
but I failed to noticed them.
so this is just my bad now. sorry.
Best Regards
Wang Yugui (wangyugui@e16-tech.com)
2022/02/06
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/2] Simple two patches for tree checker
2022-01-24 15:44 ` [PATCH 0/2] Simple two patches for tree checker David Sterba
@ 2022-02-18 15:13 ` Su Yue
0 siblings, 0 replies; 13+ messages in thread
From: Su Yue @ 2022-02-18 15:13 UTC (permalink / raw)
To: dsterba; +Cc: linux-btrfs
On Mon 24 Jan 2022 at 16:44, David Sterba <dsterba@suse.cz> wrote:
> On Fri, Jan 21, 2022 at 05:33:33PM +0800, Su Yue wrote:
>> Two commits for enhancing tree checker to reject the img from
>> https://bugzilla.kernel.org/show_bug.cgi?id=215299.
>>
>> Su Yue (2):
>> btrfs: tree-checker: check item_size for inode_item
>> btrfs: tree-checker: check item_size for dev_item
>
> Nice, added to misc-next, thanks. I'll update and close the bug.
CC the reporter.
Oops. The Link of the crafted image in the first megered patch was
pasted
wrongly. Just found while testing backports.
It should be
https://bugzilla.kernel.org/show_bug.cgi?id=215289
instead of
https://bugzilla.kernel.org/show_bug.cgi?id=215299
And the latter is still unfixed.
My bad.
--
Su
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2022-02-18 15:24 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-21 9:33 [PATCH 0/2] Simple two patches for tree checker Su Yue
2022-01-21 9:33 ` [PATCH 1/2] btrfs: tree-checker: check item_size for inode_item Su Yue
2022-01-21 9:33 ` [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item Su Yue
2022-02-05 3:13 ` Wang Yugui
2022-02-05 4:35 ` Wang Yugui
2022-02-05 11:15 ` Su Yue
2022-02-05 12:30 ` Wang Yugui
2022-02-05 13:01 ` Qu Wenruo
2022-02-05 14:49 ` Wang Yugui
2022-02-06 12:12 ` Su Yue
2022-02-06 15:39 ` Wang Yugui
2022-01-24 15:44 ` [PATCH 0/2] Simple two patches for tree checker David Sterba
2022-02-18 15:13 ` Su Yue
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).