* [PATCH 1/2] btrfs: tree-checker: check item_size for inode_item
2022-01-21 9:33 [PATCH 0/2] Simple two patches for tree checker Su Yue
@ 2022-01-21 9:33 ` Su Yue
2022-01-21 9:33 ` [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item Su Yue
2022-01-24 15:44 ` [PATCH 0/2] Simple two patches for tree checker David Sterba
2 siblings, 0 replies; 13+ messages in thread
From: Su Yue @ 2022-01-21 9:33 UTC (permalink / raw)
To: linux-btrfs; +Cc: l, Wenqing Liu
while mounting the crafted image, out-of-bounds access happens:
=======================================================================
[ 350.429619] UBSAN: array-index-out-of-bounds in fs/btrfs/struct-funcs.c:161:1
[ 350.429636] index 1048096 is out of range for type 'page *[16]'
[ 350.429650] CPU: 0 PID: 9 Comm: kworker/u8:1 Not tainted 5.16.0-rc4 #1
[ 350.429652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[ 350.429653] Workqueue: btrfs-endio-meta btrfs_work_helper [btrfs]
[ 350.429772] Call Trace:
[ 350.429774] <TASK>
[ 350.429776] dump_stack_lvl+0x47/0x5c
[ 350.429780] ubsan_epilogue+0x5/0x50
[ 350.429786] __ubsan_handle_out_of_bounds+0x66/0x70
[ 350.429791] btrfs_get_16+0xfd/0x120 [btrfs]
[ 350.429832] check_leaf+0x754/0x1a40 [btrfs]
[ 350.429874] ? filemap_read+0x34a/0x390
[ 350.429878] ? load_balance+0x175/0xfc0
[ 350.429881] validate_extent_buffer+0x244/0x310 [btrfs]
[ 350.429911] btrfs_validate_metadata_buffer+0xf8/0x100 [btrfs]
[ 350.429935] end_bio_extent_readpage+0x3af/0x850 [btrfs]
[ 350.429969] ? newidle_balance+0x259/0x480
[ 350.429972] end_workqueue_fn+0x29/0x40 [btrfs]
[ 350.429995] btrfs_work_helper+0x71/0x330 [btrfs]
[ 350.430030] ? __schedule+0x2fb/0xa40
[ 350.430033] process_one_work+0x1f6/0x400
[ 350.430035] ? process_one_work+0x400/0x400
[ 350.430036] worker_thread+0x2d/0x3d0
[ 350.430037] ? process_one_work+0x400/0x400
[ 350.430038] kthread+0x165/0x190
[ 350.430041] ? set_kthread_struct+0x40/0x40
[ 350.430043] ret_from_fork+0x1f/0x30
[ 350.430047] </TASK>
[ 350.430077] BTRFS warning (device loop0): bad eb member start: ptr 0xffe20f4e start 20975616 member offset 4293005178 size 2
=======================================================================
check_leaf() is checking the leaf:
========================================================================
corrupt leaf: root=4 block=29396992 slot=1, bad key order, prev (16140901064495857664 1 0) current (1 204 12582912)
leaf 29396992 items 6 free space 3565 generation 6 owner DEV_TREE
leaf 29396992 flags 0x1(WRITTEN) backref revision 1
fs uuid a62e00e8-e94e-4200-8217-12444de93c2e
chunk uuid cecbd0f7-9ca0-441e-ae9f-f782f9732bd8
item 0 key (16140901064495857664 INODE_ITEM 0) itemoff 3955 itemsize 40
generation 0 transid 0 size 0 nbytes 17592186044416
block group 0 mode 52667 links 33 uid 0 gid 2104132511 rdev 94223634821136
sequence 100305 flags 0x2409000(none)
atime 0.0 (1970-01-01 08:00:00)
ctime 2973280098083405823.4294967295 (-269783007-01-01 21:37:03)
mtime 18446744071572723616.4026825121 (1902-04-16 12:40:00)
otime 9249929404488876031.4294967295 (622322949-04-16 04:25:58)
item 1 key (1 DEV_EXTENT 12582912) itemoff 3907 itemsize 48
dev extent chunk_tree 3
chunk_objectid 256 chunk_offset 12582912 length 8388608
chunk_tree_uuid cecbd0f7-9ca0-441e-ae9f-f782f9732bd8
========================================================================
The corrupted leaf of device tree has an inode item. The leaf passed
checksum and others checks in validate_extent_buffer until check_leaf_item().
Because of the key type BTRFS_INODE_ITEM, check_inode_item() is called even we
are in the device tree. Since the
item offset + sizeof(struct btrfs_inode_item) > eb->len, out-of-bounds access
is triggered.
The item end vs leaf boundary check has been done before
check_leaf_item(), so fix it by checking item size in check_inode_item()
before access of the inode item in extent buffer.
Other check functions except check_dev_item() in check_leaf_item()
has their item size checks.
The commit for check_dev_item() is followed.
No regression observed during running xfstests.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215299
Cc: Wenqing Liu <wenqingliu0120@gmail.com>
Signed-off-by: Su Yue <l@damenly.su>
---
fs/btrfs/tree-checker.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 72e1c942197d..2978fc89c093 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -1007,6 +1007,7 @@ static int check_inode_item(struct extent_buffer *leaf,
struct btrfs_inode_item *iitem;
u64 super_gen = btrfs_super_generation(fs_info->super_copy);
u32 valid_mask = (S_IFMT | S_ISUID | S_ISGID | S_ISVTX | 0777);
+ u32 item_size = btrfs_item_size(leaf, slot);
u32 mode;
int ret;
u32 flags;
@@ -1016,6 +1017,12 @@ static int check_inode_item(struct extent_buffer *leaf,
if (unlikely(ret < 0))
return ret;
+ if (unlikely(item_size != sizeof(*iitem))) {
+ generic_err(leaf, slot, "invalid item size: has=%u expect=%zu",
+ item_size, sizeof(*iitem));
+ return -EUCLEAN;
+ }
+
iitem = btrfs_item_ptr(leaf, slot, struct btrfs_inode_item);
/* Here we use super block generation + 1 to handle log tree */
--
2.34.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-01-21 9:33 [PATCH 0/2] Simple two patches for tree checker Su Yue
2022-01-21 9:33 ` [PATCH 1/2] btrfs: tree-checker: check item_size for inode_item Su Yue
@ 2022-01-21 9:33 ` Su Yue
2022-02-05 3:13 ` Wang Yugui
2022-01-24 15:44 ` [PATCH 0/2] Simple two patches for tree checker David Sterba
2 siblings, 1 reply; 13+ messages in thread
From: Su Yue @ 2022-01-21 9:33 UTC (permalink / raw)
To: linux-btrfs; +Cc: l
Check item size before accessing the device item to avoid out of bound
access.
Signed-off-by: Su Yue <l@damenly.su>
---
fs/btrfs/tree-checker.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 2978fc89c093..87fff4345977 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -965,6 +965,7 @@ static int check_dev_item(struct extent_buffer *leaf,
struct btrfs_key *key, int slot)
{
struct btrfs_dev_item *ditem;
+ u32 item_size = btrfs_item_size(leaf, slot);
if (unlikely(key->objectid != BTRFS_DEV_ITEMS_OBJECTID)) {
dev_item_err(leaf, slot,
@@ -972,6 +973,13 @@ static int check_dev_item(struct extent_buffer *leaf,
key->objectid, BTRFS_DEV_ITEMS_OBJECTID);
return -EUCLEAN;
}
+
+ if (unlikely(item_size != sizeof(*ditem))) {
+ dev_item_err(leaf, slot, "invalid item size: has=%u expect=%zu",
+ item_size, sizeof(*ditem));
+ return -EUCLEAN;
+ }
+
ditem = btrfs_item_ptr(leaf, slot, struct btrfs_dev_item);
if (unlikely(btrfs_device_id(leaf, ditem) != key->offset)) {
dev_item_err(leaf, slot,
--
2.34.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-01-21 9:33 ` [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item Su Yue
@ 2022-02-05 3:13 ` Wang Yugui
2022-02-05 4:35 ` Wang Yugui
0 siblings, 1 reply; 13+ messages in thread
From: Wang Yugui @ 2022-02-05 3:13 UTC (permalink / raw)
To: Su Yue; +Cc: linux-btrfs
Hi,
A btrfs filesystem failed to boot with this patch.
corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item size: has 0 expect 98
Any way to fix it online?
Best Regards
Wang Yugui (wangyugui@e16-tech.com)
2022/02/05
> Check item size before accessing the device item to avoid out of bound
> access.
>
> Signed-off-by: Su Yue <l@damenly.su>
> ---
> fs/btrfs/tree-checker.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
> index 2978fc89c093..87fff4345977 100644
> --- a/fs/btrfs/tree-checker.c
> +++ b/fs/btrfs/tree-checker.c
> @@ -965,6 +965,7 @@ static int check_dev_item(struct extent_buffer *leaf,
> struct btrfs_key *key, int slot)
> {
> struct btrfs_dev_item *ditem;
> + u32 item_size = btrfs_item_size(leaf, slot);
>
> if (unlikely(key->objectid != BTRFS_DEV_ITEMS_OBJECTID)) {
> dev_item_err(leaf, slot,
> @@ -972,6 +973,13 @@ static int check_dev_item(struct extent_buffer *leaf,
> key->objectid, BTRFS_DEV_ITEMS_OBJECTID);
> return -EUCLEAN;
> }
> +
> + if (unlikely(item_size != sizeof(*ditem))) {
> + dev_item_err(leaf, slot, "invalid item size: has=%u expect=%zu",
> + item_size, sizeof(*ditem));
> + return -EUCLEAN;
> + }
> +
> ditem = btrfs_item_ptr(leaf, slot, struct btrfs_dev_item);
> if (unlikely(btrfs_device_id(leaf, ditem) != key->offset)) {
> dev_item_err(leaf, slot,
> --
> 2.34.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 3:13 ` Wang Yugui
@ 2022-02-05 4:35 ` Wang Yugui
2022-02-05 11:15 ` Su Yue
0 siblings, 1 reply; 13+ messages in thread
From: Wang Yugui @ 2022-02-05 4:35 UTC (permalink / raw)
To: Su Yue, linux-btrfs
Hi,
> A btrfs filesystem failed to boot with this patch.
>
> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item size: has 0 expect 98
>
> Any way to fix it online?
This btrfs filesystem is created by centos 7.9 installer (btrfs 4.9?)
about 1 years ago. and then mainly writen by kernel 5.4/5.10/5.15.
Best Regards
Wang Yugui (wangyugui@e16-tech.com)
2022/02/05
>
> > Check item size before accessing the device item to avoid out of bound
> > access.
> >
> > Signed-off-by: Su Yue <l@damenly.su>
> > ---
> > fs/btrfs/tree-checker.c | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
> > diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
> > index 2978fc89c093..87fff4345977 100644
> > --- a/fs/btrfs/tree-checker.c
> > +++ b/fs/btrfs/tree-checker.c
> > @@ -965,6 +965,7 @@ static int check_dev_item(struct extent_buffer *leaf,
> > struct btrfs_key *key, int slot)
> > {
> > struct btrfs_dev_item *ditem;
> > + u32 item_size = btrfs_item_size(leaf, slot);
> >
> > if (unlikely(key->objectid != BTRFS_DEV_ITEMS_OBJECTID)) {
> > dev_item_err(leaf, slot,
> > @@ -972,6 +973,13 @@ static int check_dev_item(struct extent_buffer *leaf,
> > key->objectid, BTRFS_DEV_ITEMS_OBJECTID);
> > return -EUCLEAN;
> > }
> > +
> > + if (unlikely(item_size != sizeof(*ditem))) {
> > + dev_item_err(leaf, slot, "invalid item size: has=%u expect=%zu",
> > + item_size, sizeof(*ditem));
> > + return -EUCLEAN;
> > + }
> > +
> > ditem = btrfs_item_ptr(leaf, slot, struct btrfs_dev_item);
> > if (unlikely(btrfs_device_id(leaf, ditem) != key->offset)) {
> > dev_item_err(leaf, slot,
> > --
> > 2.34.1
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 4:35 ` Wang Yugui
@ 2022-02-05 11:15 ` Su Yue
2022-02-05 12:30 ` Wang Yugui
0 siblings, 1 reply; 13+ messages in thread
From: Su Yue @ 2022-02-05 11:15 UTC (permalink / raw)
To: Wang Yugui; +Cc: linux-btrfs
On Sat 05 Feb 2022 at 12:35, Wang Yugui <wangyugui@e16-tech.com>
wrote:
> Hi,
>
>> A btrfs filesystem failed to boot with this patch.
>>
>> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item
>> size: has 0 expect 98
>>
>> Any way to fix it online?
>
> This btrfs filesystem is created by centos 7.9 installer (btrfs
> 4.9?)
> about 1 years ago. and then mainly writen by kernel
> 5.4/5.10/5.15.
>
Yes, btrfs-progs v4.9 and v3.10 based kernel.
I created a btrfs and it looks fine.
Could please provide output of
btrfs inspect-internal dump-tree $device -t 3
?
You can trim it if the content is too long only leaf 1081344 is
needed.
--
Su
> Best Regards
> Wang Yugui (wangyugui@e16-tech.com)
> 2022/02/05
>
>
>>
>> > Check item size before accessing the device item to avoid out
>> > of bound
>> > access.
>> >
>> > Signed-off-by: Su Yue <l@damenly.su>
>> > ---
>> > fs/btrfs/tree-checker.c | 8 ++++++++
>> > 1 file changed, 8 insertions(+)
>> >
>> > diff --git a/fs/btrfs/tree-checker.c
>> > b/fs/btrfs/tree-checker.c
>> > index 2978fc89c093..87fff4345977 100644
>> > --- a/fs/btrfs/tree-checker.c
>> > +++ b/fs/btrfs/tree-checker.c
>> > @@ -965,6 +965,7 @@ static int check_dev_item(struct
>> > extent_buffer *leaf,
>> > struct btrfs_key *key, int slot)
>> > {
>> > struct btrfs_dev_item *ditem;
>> > + u32 item_size = btrfs_item_size(leaf, slot);
>> >
>> > if (unlikely(key->objectid != BTRFS_DEV_ITEMS_OBJECTID)) {
>> > dev_item_err(leaf, slot,
>> > @@ -972,6 +973,13 @@ static int check_dev_item(struct
>> > extent_buffer *leaf,
>> > key->objectid,
>> > BTRFS_DEV_ITEMS_OBJECTID);
>> > return -EUCLEAN;
>> > }
>> > +
>> > + if (unlikely(item_size != sizeof(*ditem))) {
>> > + dev_item_err(leaf, slot, "invalid item size:
>> > has=%u expect=%zu",
>> > + item_size, sizeof(*ditem));
>> > + return -EUCLEAN;
>> > + }
>> > +
>> > ditem = btrfs_item_ptr(leaf, slot, struct btrfs_dev_item);
>> > if (unlikely(btrfs_device_id(leaf, ditem) != key->offset))
>> > {
>> > dev_item_err(leaf, slot,
>> > --
>> > 2.34.1
>>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 11:15 ` Su Yue
@ 2022-02-05 12:30 ` Wang Yugui
2022-02-05 13:01 ` Qu Wenruo
0 siblings, 1 reply; 13+ messages in thread
From: Wang Yugui @ 2022-02-05 12:30 UTC (permalink / raw)
To: Su Yue; +Cc: linux-btrfs
[-- Attachment #1: Type: text/plain, Size: 1546 bytes --]
Hi,
> >> A btrfs filesystem failed to boot with this patch.
> >>
> >> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item
> >> size: has 0 expect 98
> >>
> >> Any way to fix it online?
> >
> > This btrfs filesystem is created by centos 7.9 installer (btrfs
> > 4.9?)
> > about 1 years ago. and then mainly writen by kernel
> > 5.4/5.10/5.15.
> >
> Yes, btrfs-progs v4.9 and v3.10 based kernel.
> I created a btrfs and it looks fine.
> Could please provide output of
> btrfs inspect-internal dump-tree $device -t 3
> ?
> You can trim it if the content is too long only leaf 1081344 is needed.
Hi,
# btrfs filesystem show /
Label: 'OS_T640' uuid: 73dcce98-8f6b-4ec8-bfac-fa7c7c87409d
Total devices 10 FS bytes used 5.53TiB
devid 1 size 799.00GiB used 332.01GiB path /dev/sda2
devid 2 size 1.75TiB used 741.00GiB path /dev/sdg1
devid 3 size 1.75TiB used 745.00GiB path /dev/sdj1
devid 4 size 1.75TiB used 740.00GiB path /dev/sdi1
devid 5 size 1.75TiB used 745.00GiB path /dev/sdd1
devid 6 size 1.75TiB used 480.00GiB path /dev/sde1
devid 7 size 1.75TiB used 480.00GiB path /dev/sdh1
devid 8 size 1.75TiB used 479.00GiB path /dev/sdc1
devid 9 size 1.75TiB used 480.00GiB path /dev/sdb1
devid 10 size 1.75TiB used 479.00GiB path /dev/sdf1
#btrfs inspect-internal dump-tree /dev/sda2 -t 3 > 3.txt
and then 3.txt is zipped as this attachment file(3.zip)
Best Regards
Wang Yugui (wangyugui@e16-tech.com)
2022/02/05
[-- Attachment #2: 3.zip --]
[-- Type: application/x-zip-compressed, Size: 120280 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 12:30 ` Wang Yugui
@ 2022-02-05 13:01 ` Qu Wenruo
2022-02-05 14:49 ` Wang Yugui
0 siblings, 1 reply; 13+ messages in thread
From: Qu Wenruo @ 2022-02-05 13:01 UTC (permalink / raw)
To: Wang Yugui, Su Yue; +Cc: linux-btrfs
On 2022/2/5 20:30, Wang Yugui wrote:
> Hi,
>
>>>> A btrfs filesystem failed to boot with this patch.
>>>>
>>>> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item
>>>> size: has 0 expect 98
>>>>
>>>> Any way to fix it online?
>>>
>>> This btrfs filesystem is created by centos 7.9 installer (btrfs
>>> 4.9?)
>>> about 1 years ago. and then mainly writen by kernel
>>> 5.4/5.10/5.15.
>>>
>> Yes, btrfs-progs v4.9 and v3.10 based kernel.
>> I created a btrfs and it looks fine.
>> Could please provide output of
>> btrfs inspect-internal dump-tree $device -t 3
>> ?
>> You can trim it if the content is too long only leaf 1081344 is needed.
>
> Hi,
>
> # btrfs filesystem show /
> Label: 'OS_T640' uuid: 73dcce98-8f6b-4ec8-bfac-fa7c7c87409d
> Total devices 10 FS bytes used 5.53TiB
> devid 1 size 799.00GiB used 332.01GiB path /dev/sda2
> devid 2 size 1.75TiB used 741.00GiB path /dev/sdg1
> devid 3 size 1.75TiB used 745.00GiB path /dev/sdj1
> devid 4 size 1.75TiB used 740.00GiB path /dev/sdi1
> devid 5 size 1.75TiB used 745.00GiB path /dev/sdd1
> devid 6 size 1.75TiB used 480.00GiB path /dev/sde1
> devid 7 size 1.75TiB used 480.00GiB path /dev/sdh1
> devid 8 size 1.75TiB used 479.00GiB path /dev/sdc1
> devid 9 size 1.75TiB used 480.00GiB path /dev/sdb1
> devid 10 size 1.75TiB used 479.00GiB path /dev/sdf1
>
> #btrfs inspect-internal dump-tree /dev/sda2 -t 3 > 3.txt
>
> and then 3.txt is zipped as this attachment file(3.zip)
Full dmesg of the boot failure please.
The dump-tree shows the device item is completely sane, it has size 98,
not the value (0) reported from tree-checker.
Thus I don't know why tree-checker is reporting this problem.
Thanks,
Qu
>
> Best Regards
> Wang Yugui (wangyugui@e16-tech.com)
> 2022/02/05
>
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 13:01 ` Qu Wenruo
@ 2022-02-05 14:49 ` Wang Yugui
2022-02-06 12:12 ` Su Yue
0 siblings, 1 reply; 13+ messages in thread
From: Wang Yugui @ 2022-02-05 14:49 UTC (permalink / raw)
To: Qu Wenruo; +Cc: Su Yue, linux-btrfs
[-- Attachment #1: Type: text/plain, Size: 1981 bytes --]
Hi,
> >>>> A btrfs filesystem failed to boot with this patch.
> >>>>
> >>>> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid item
> >>>> size: has 0 expect 98
> >>>>
> >>>> Any way to fix it online?
> >>>
> >>> This btrfs filesystem is created by centos 7.9 installer (btrfs
> >>> 4.9?)
> >>> about 1 years ago. and then mainly writen by kernel
> >>> 5.4/5.10/5.15.
> >>>
> >> Yes, btrfs-progs v4.9 and v3.10 based kernel.
> >> I created a btrfs and it looks fine.
> >> Could please provide output of
> >> btrfs inspect-internal dump-tree $device -t 3
> >> ?
> >> You can trim it if the content is too long only leaf 1081344 is needed.
> >
> > Hi,
> >
> > # btrfs filesystem show /
> > Label: 'OS_T640' uuid: 73dcce98-8f6b-4ec8-bfac-fa7c7c87409d
> > Total devices 10 FS bytes used 5.53TiB
> > devid 1 size 799.00GiB used 332.01GiB path /dev/sda2
> > devid 2 size 1.75TiB used 741.00GiB path /dev/sdg1
> > devid 3 size 1.75TiB used 745.00GiB path /dev/sdj1
> > devid 4 size 1.75TiB used 740.00GiB path /dev/sdi1
> > devid 5 size 1.75TiB used 745.00GiB path /dev/sdd1
> > devid 6 size 1.75TiB used 480.00GiB path /dev/sde1
> > devid 7 size 1.75TiB used 480.00GiB path /dev/sdh1
> > devid 8 size 1.75TiB used 479.00GiB path /dev/sdc1
> > devid 9 size 1.75TiB used 480.00GiB path /dev/sdb1
> > devid 10 size 1.75TiB used 479.00GiB path /dev/sdf1
> >
> > #btrfs inspect-internal dump-tree /dev/sda2 -t 3 > 3.txt
> >
> > and then 3.txt is zipped as this attachment file(3.zip)
>
> Full dmesg of the boot failure please.
>
> The dump-tree shows the device item is completely sane, it has size 98,
> not the value (0) reported from tree-checker.
>
> Thus I don't know why tree-checker is reporting this problem.
>
This (attachment file boot.dmesg.txt.zip ) is the full dmesg output
Best Regards
Wang Yugui (wangyugui@e16-tech.com)
2022/02/05
[-- Attachment #2: boot.dmesg.txt.zip --]
[-- Type: application/x-zip-compressed, Size: 27568 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-05 14:49 ` Wang Yugui
@ 2022-02-06 12:12 ` Su Yue
2022-02-06 15:39 ` Wang Yugui
0 siblings, 1 reply; 13+ messages in thread
From: Su Yue @ 2022-02-06 12:12 UTC (permalink / raw)
To: Wang Yugui; +Cc: Qu Wenruo, linux-btrfs
On Sat 05 Feb 2022 at 22:49, Wang Yugui <wangyugui@e16-tech.com>
wrote:
> Hi,
>
>> >>>> A btrfs filesystem failed to boot with this patch.
>> >>>>
>> >>>> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid
>> >>>> item
>> >>>> size: has 0 expect 98
>> >>>>
>> >>>> Any way to fix it online?
>> >>>
>> >>> This btrfs filesystem is created by centos 7.9 installer
>> >>> (btrfs
>> >>> 4.9?)
>> >>> about 1 years ago. and then mainly writen by kernel
>> >>> 5.4/5.10/5.15.
>> >>>
>> >> Yes, btrfs-progs v4.9 and v3.10 based kernel.
>> >> I created a btrfs and it looks fine.
>> >> Could please provide output of
>> >> btrfs inspect-internal dump-tree $device -t 3
>> >> ?
>> >> You can trim it if the content is too long only leaf 1081344
>> >> is needed.
>> >
>> > Hi,
>> >
>> > # btrfs filesystem show /
>> > Label: 'OS_T640' uuid: 73dcce98-8f6b-4ec8-bfac-fa7c7c87409d
>> > Total devices 10 FS bytes used 5.53TiB
>> > devid 1 size 799.00GiB used 332.01GiB path
>> > /dev/sda2
>> > devid 2 size 1.75TiB used 741.00GiB path
>> > /dev/sdg1
>> > devid 3 size 1.75TiB used 745.00GiB path
>> > /dev/sdj1
>> > devid 4 size 1.75TiB used 740.00GiB path
>> > /dev/sdi1
>> > devid 5 size 1.75TiB used 745.00GiB path
>> > /dev/sdd1
>> > devid 6 size 1.75TiB used 480.00GiB path
>> > /dev/sde1
>> > devid 7 size 1.75TiB used 480.00GiB path
>> > /dev/sdh1
>> > devid 8 size 1.75TiB used 479.00GiB path
>> > /dev/sdc1
>> > devid 9 size 1.75TiB used 480.00GiB path
>> > /dev/sdb1
>> > devid 10 size 1.75TiB used 479.00GiB path
>> > /dev/sdf1
>> >
>> > #btrfs inspect-internal dump-tree /dev/sda2 -t 3 > 3.txt
>> >
>> > and then 3.txt is zipped as this attachment file(3.zip)
>>
>> Full dmesg of the boot failure please.
>>
>> The dump-tree shows the device item is completely sane, it has
>> size 98,
>> not the value (0) reported from tree-checker.
>>
>> Thus I don't know why tree-checker is reporting this problem.
>>
>
> This (attachment file boot.dmesg.txt.zip ) is the full dmesg
> output
>
As Qu suggested to me, would you plase provide output after
apply of the following diff? (It may crash the kernel if there is
*real*
one invalid dev_item).
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 9fd145f1c4bc..5fb981b4b42a 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -25,6 +25,7 @@
#include "volumes.h"
#include "misc.h"
#include "btrfs_inode.h"
+#include "print-tree.h"
/*
* Error message should follow the following format:
@@ -977,6 +978,7 @@ static int check_dev_item(struct extent_buffer
*leaf,
if (unlikely(item_size != sizeof(*ditem))) {
dev_item_err(leaf, slot, "invalid item size: has
%u expect %zu",
item_size, sizeof(*ditem));
+ btrfs_print_leaf(leaf);
return -EUCLEAN;
}
--
Su
> Best Regards
> Wang Yugui (wangyugui@e16-tech.com)
> 2022/02/05
>
> [2. application/x-zip-compressed; boot.dmesg.txt.zip]...
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item
2022-02-06 12:12 ` Su Yue
@ 2022-02-06 15:39 ` Wang Yugui
0 siblings, 0 replies; 13+ messages in thread
From: Wang Yugui @ 2022-02-06 15:39 UTC (permalink / raw)
To: Su Yue; +Cc: Qu Wenruo, linux-btrfs
Hi,
> >> >>>> A btrfs filesystem failed to boot with this patch.
> >> >>>>
> >> >>>> corrupt leaf: root=3 block=1081344 slot=0 devid=1 invalid
> >> >>>> item
> >> >>>> size: has 0 expect 98
> >> >>>>
> As Qu suggested to me, would you plase provide output after
> apply of the following diff? (It may crash the kernel if there is *real*
> one invalid dev_item).
>
> diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
> index 9fd145f1c4bc..5fb981b4b42a 100644
> --- a/fs/btrfs/tree-checker.c
> +++ b/fs/btrfs/tree-checker.c
> @@ -25,6 +25,7 @@
> #include "volumes.h"
> #include "misc.h"
> #include "btrfs_inode.h"
> +#include "print-tree.h"
>
> /*
> * Error message should follow the following format:
> @@ -977,6 +978,7 @@ static int check_dev_item(struct extent_buffer *leaf,
> if (unlikely(item_size != sizeof(*ditem))) {
> dev_item_err(leaf, slot, "invalid item size: has %u expect %zu",
> item_size, sizeof(*ditem));
> + btrfs_print_leaf(leaf);
> return -EUCLEAN;
> }
When I tested this new diag patch, I noticed that I wrongly applied
these 2 patches to 5.15.x.
btrfs-tree-checker-check-item_size-for-inode_item.patch
btrfs-tree-checker-check-item_size-for-dev_item.patch
some depency patches(at least btrfs-drop-the-_nr-from-the-item-helpers.patch,
maybe more) are missed.
In fact, without these depency patches, there are some build warning,
but I failed to noticed them.
so this is just my bad now. sorry.
Best Regards
Wang Yugui (wangyugui@e16-tech.com)
2022/02/06
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/2] Simple two patches for tree checker
2022-01-21 9:33 [PATCH 0/2] Simple two patches for tree checker Su Yue
2022-01-21 9:33 ` [PATCH 1/2] btrfs: tree-checker: check item_size for inode_item Su Yue
2022-01-21 9:33 ` [PATCH 2/2] btrfs: tree-checker: check item_size for dev_item Su Yue
@ 2022-01-24 15:44 ` David Sterba
2022-02-18 15:13 ` Su Yue
2 siblings, 1 reply; 13+ messages in thread
From: David Sterba @ 2022-01-24 15:44 UTC (permalink / raw)
To: Su Yue; +Cc: linux-btrfs
On Fri, Jan 21, 2022 at 05:33:33PM +0800, Su Yue wrote:
> Two commits for enhancing tree checker to reject the img from
> https://bugzilla.kernel.org/show_bug.cgi?id=215299.
>
> Su Yue (2):
> btrfs: tree-checker: check item_size for inode_item
> btrfs: tree-checker: check item_size for dev_item
Nice, added to misc-next, thanks. I'll update and close the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread