From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Filipe Manana <fdmanana@suse.com>,
Liu Bo <bo.li.liu@oracle.com>
Subject: [PATCH 4.8 08/85] Btrfs: fix emptiness check for dirtied extent buffers at check_leaf()
Date: Wed, 4 Jan 2017 21:46:53 +0100 [thread overview]
Message-ID: <20170104200703.730744842@linuxfoundation.org> (raw)
In-Reply-To: <20170104200703.349648590@linuxfoundation.org>
4.8-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit f177d73949bf758542ca15a1c1945bd2e802cc65 upstream.
We can not simply use the owner field from an extent buffer's header to
get the id of the respective tree when the extent buffer is from a
relocation tree. When we create the root for a relocation tree we leave
(on purpose) the owner field with the same value as the subvolume's tree
root (we do this at ctree.c:btrfs_copy_root()). So we must ignore extent
buffers from relocation trees, which have the BTRFS_HEADER_FLAG_RELOC
flag set, because otherwise we will always consider the extent buffer
as not being the root of the tree (the root of original subvolume tree
is always different from the root of the respective relocation tree).
This lead to assertion failures when running with the integrity checker
enabled (CONFIG_BTRFS_FS_CHECK_INTEGRITY=y) such as the following:
[ 643.393409] BTRFS critical (device sdg): corrupt leaf, non-root leaf's nritems is 0: block=38506496, root=260, slot=0
[ 643.397609] BTRFS info (device sdg): leaf 38506496 total ptrs 0 free space 3995
[ 643.407075] assertion failed: 0, file: fs/btrfs/disk-io.c, line: 4078
[ 643.408425] ------------[ cut here ]------------
[ 643.409112] kernel BUG at fs/btrfs/ctree.h:3419!
[ 643.409773] invalid opcode: 0000 [#1] PREEMPT SMP
[ 643.410447] Modules linked in: dm_flakey dm_mod crc32c_generic btrfs xor raid6_pq ppdev psmouse acpi_cpufreq parport_pc evdev parport tpm_tis tpm_tis_core pcspkr serio_raw i2c_piix4 sg tpm i2c_core button processor loop autofs4 ext4 crc16 jbd2 mbcache sr_mod cdrom sd_mod ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring scsi_mod virtio e1000 floppy
[ 643.414356] CPU: 11 PID: 32726 Comm: btrfs Not tainted 4.8.0-rc8-btrfs-next-35+ #1
[ 643.414356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
[ 643.414356] task: ffff880145e95b00 task.stack: ffff88014826c000
[ 643.414356] RIP: 0010:[<ffffffffa0352759>] [<ffffffffa0352759>] assfail.constprop.41+0x1c/0x1e [btrfs]
[ 643.414356] RSP: 0018:ffff88014826fa28 EFLAGS: 00010292
[ 643.414356] RAX: 0000000000000039 RBX: ffff88014e2d7c38 RCX: 0000000000000001
[ 643.414356] RDX: ffff88023f4d2f58 RSI: ffffffff81806c63 RDI: 00000000ffffffff
[ 643.414356] RBP: ffff88014826fa28 R08: 0000000000000001 R09: 0000000000000000
[ 643.414356] R10: ffff88014826f918 R11: ffffffff82f3c5ed R12: ffff880172910000
[ 643.414356] R13: ffff880233992230 R14: ffff8801a68a3310 R15: fffffffffffffff8
[ 643.414356] FS: 00007f9ca305e8c0(0000) GS:ffff88023f4c0000(0000) knlGS:0000000000000000
[ 643.414356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 643.414356] CR2: 00007f9ca3071000 CR3: 000000015d01b000 CR4: 00000000000006e0
[ 643.414356] Stack:
[ 643.414356] ffff88014826fa50 ffffffffa02d655a 000000000000000a ffff88014e2d7c38
[ 643.414356] 0000000000000000 ffff88014826faa8 ffffffffa02b72f3 ffff88014826fab8
[ 643.414356] 00ffffffa03228e4 0000000000000000 0000000000000000 ffff8801bbd4e000
[ 643.414356] Call Trace:
[ 643.414356] [<ffffffffa02d655a>] btrfs_mark_buffer_dirty+0xdf/0xe5 [btrfs]
[ 643.414356] [<ffffffffa02b72f3>] btrfs_copy_root+0x18a/0x1d1 [btrfs]
[ 643.414356] [<ffffffffa0322921>] create_reloc_root+0x72/0x1ba [btrfs]
[ 643.414356] [<ffffffffa03267c2>] btrfs_init_reloc_root+0x7b/0xa7 [btrfs]
[ 643.414356] [<ffffffffa02d9e44>] record_root_in_trans+0xdf/0xed [btrfs]
[ 643.414356] [<ffffffffa02db04e>] btrfs_record_root_in_trans+0x50/0x6a [btrfs]
[ 643.414356] [<ffffffffa030ad2b>] create_subvol+0x472/0x773 [btrfs]
[ 643.414356] [<ffffffffa030b406>] btrfs_mksubvol+0x3da/0x463 [btrfs]
[ 643.414356] [<ffffffffa030b406>] ? btrfs_mksubvol+0x3da/0x463 [btrfs]
[ 643.414356] [<ffffffff810781ac>] ? preempt_count_add+0x65/0x68
[ 643.414356] [<ffffffff811a6e97>] ? __mnt_want_write+0x62/0x77
[ 643.414356] [<ffffffffa030b55d>] btrfs_ioctl_snap_create_transid+0xce/0x187 [btrfs]
[ 643.414356] [<ffffffffa030b67d>] btrfs_ioctl_snap_create+0x67/0x81 [btrfs]
[ 643.414356] [<ffffffffa030ecfd>] btrfs_ioctl+0x508/0x20dd [btrfs]
[ 643.414356] [<ffffffff81293e39>] ? __this_cpu_preempt_check+0x13/0x15
[ 643.414356] [<ffffffff81155eca>] ? handle_mm_fault+0x976/0x9ab
[ 643.414356] [<ffffffff81091300>] ? arch_local_irq_save+0x9/0xc
[ 643.414356] [<ffffffff8119a2b0>] vfs_ioctl+0x18/0x34
[ 643.414356] [<ffffffff8119a8e8>] do_vfs_ioctl+0x581/0x600
[ 643.414356] [<ffffffff814b9552>] ? entry_SYSCALL_64_fastpath+0x5/0xa8
[ 643.414356] [<ffffffff81093fe9>] ? trace_hardirqs_on_caller+0x17b/0x197
[ 643.414356] [<ffffffff8119a9be>] SyS_ioctl+0x57/0x79
[ 643.414356] [<ffffffff814b9565>] entry_SYSCALL_64_fastpath+0x18/0xa8
[ 643.414356] [<ffffffff81091b08>] ? trace_hardirqs_off_caller+0x3f/0xaa
[ 643.414356] Code: 89 83 88 00 00 00 31 c0 5b 41 5c 41 5d 5d c3 55 89 f1 48 c7 c2 98 bc 35 a0 48 89 fe 48 c7 c7 05 be 35 a0 48 89 e5 e8 13 46 dd e0 <0f> 0b 55 89 f1 48 c7 c2 9f d3 35 a0 48 89 fe 48 c7 c7 7a d5 35
[ 643.414356] RIP [<ffffffffa0352759>] assfail.constprop.41+0x1c/0x1e [btrfs]
[ 643.414356] RSP <ffff88014826fa28>
[ 643.468267] ---[ end trace 6a1b3fb1a9d7d6e3 ]---
This can be easily reproduced by running xfstests with the integrity
checker enabled.
Fixes: 1ba98d086fe3 (Btrfs: detect corruption when non-root leaf has zero item)
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -559,7 +559,15 @@ static noinline int check_leaf(struct bt
u32 nritems = btrfs_header_nritems(leaf);
int slot;
- if (nritems == 0) {
+ /*
+ * Extent buffers from a relocation tree have a owner field that
+ * corresponds to the subvolume tree they are based on. So just from an
+ * extent buffer alone we can not find out what is the id of the
+ * corresponding subvolume tree, so we can not figure out if the extent
+ * buffer corresponds to the root of the relocation tree or not. So skip
+ * this check for relocation trees.
+ */
+ if (nritems == 0 && !btrfs_header_flag(leaf, BTRFS_HEADER_FLAG_RELOC)) {
struct btrfs_root *check_root;
key.objectid = btrfs_header_owner(leaf);
@@ -587,6 +595,9 @@ static noinline int check_leaf(struct bt
return 0;
}
+ if (nritems == 0)
+ return 0;
+
/* Check the 0 item */
if (btrfs_item_offset_nr(leaf, 0) + btrfs_item_size_nr(leaf, 0) !=
BTRFS_LEAF_DATA_SIZE(root)) {
next prev parent reply other threads:[~2017-01-04 20:54 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20170104205509epcas3p18f5d32802d18fbe7167b7957e5cf87d4@epcas3p1.samsung.com>
2017-01-04 20:46 ` [PATCH 4.8 00/85] 4.8.16-stable review Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 01/85] aoe: fix crash in page count manipulation Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 02/85] btrfs: limit async_work allocation and worker func duration Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 03/85] Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 04/85] Btrfs: fix deadlock caused by fsync when logging directory entries Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 05/85] Btrfs: fix tree search logic when replaying directory entry deletes Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 06/85] Btrfs: fix relocation incorrectly dropping data references Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 07/85] btrfs: store and load values of stripes_min/stripes_max in balance status item Greg Kroah-Hartman
2017-01-04 20:46 ` Greg Kroah-Hartman [this message]
2017-01-04 20:46 ` [PATCH 4.8 09/85] Btrfs: fix qgroup rescan worker initialization Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 10/85] USB: serial: option: add support for Telit LE922A PIDs 0x1040, 0x1041 Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 11/85] USB: serial: option: add dlink dwm-158 Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 12/85] USB: serial: kl5kusb105: fix open error path Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 13/85] USB: cdc-acm: add device id for GW Instek AFG-125 Greg Kroah-Hartman
2017-01-04 20:46 ` [PATCH 4.8 14/85] usb: dwc3: gadget: set PCM1 field of isochronous-first TRBs Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 15/85] usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 16/85] usb: gadget: f_uac2: fix error handling at afunc_bind Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 17/85] usb: gadget: composite: correctly initialize ep->maxpacket Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 18/85] USB: UHCI: report non-PME wakeup signalling for Intel hardware Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 19/85] usbip: vudc: fix: Clear already_seen flag also for ep0 Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 20/85] ALSA: usb-audio: Add QuickCam Communicate Deluxe/S7500 to volume_control_quirks Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 21/85] ALSA: hiface: Fix M2Tech hiFace driver sampling rate change Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 22/85] ALSA: hda/ca0132 - Add quirk for Alienware 15 R2 2016 Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 23/85] ALSA: hda - ignore the assoc and seq when comparing pin configurations Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 24/85] ALSA: hda - fix headset-mic problem on a Dell laptop Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 25/85] ALSA: hda - Gate the mic jack on HP Z1 Gen3 AiO Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 26/85] ALSA: hda: when comparing pin configurations, ignore assoc in addition to seq Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 27/85] clk: ti: omap36xx: Work around sprz319 advisory 2.1 Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 28/85] Btrfs: fix memory leak in reading btree blocks Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 29/85] Btrfs: bail out if block group has different mixed flag Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 30/85] Btrfs: return gracefully from balance if fs tree is corrupted Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 31/85] Btrfs: dont leak reloc root nodes on error Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 32/85] btrfs: clean the old superblocks before freeing the device Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 33/85] Btrfs: fix memory leak in do_walk_down Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 34/85] btrfs: fix a possible umount deadlock Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 35/85] Btrfs: dont BUG() during drop snapshot Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 36/85] Btrfs: fix incremental send failure caused by balance Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 37/85] btrfs: make file clone aware of fatal signals Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 38/85] exec: Ensure mm->user_ns contains the execed files Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 39/85] fs: exec: apply CLOEXEC before changing dumpable task flags Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 40/85] block_dev: dont test bdev->bd_contains when it is not stable Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 41/85] mm: Add a user_ns owner to mm_struct and fix ptrace permission checks Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 42/85] vfs,mm: fix return value of read() at s_maxbytes Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 43/85] ptrace: Capture the ptracers creds not PT_PTRACE_CAP Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 45/85] ext4: fix mballoc breakage with 64k block size Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 46/85] ext4: fix stack memory corruption " Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 47/85] ext4: use more strict checks for inodes_per_block on mount Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 48/85] ext4: fix in-superblock mount options processing Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 49/85] ext4: add sanity checking to count_overhead() Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 50/85] ext4: reject inodes with negative size Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 51/85] ext4: return -ENOMEM instead of success Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 52/85] ext4: do not perform data journaling when data is encrypted Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 53/85] Revert "f2fs: use percpu_counter for # of dirty pages in inode" Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 54/85] f2fs: set ->owner for debugfs status files file_operations Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 55/85] f2fs: fix overflow due to condition check order Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 56/85] loop: return proper error from loop_queue_rq() Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 57/85] nvmet: Fix possible infinite loop triggered on hot namespace removal Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 58/85] mm/vmscan.c: set correct defer count for shrinker Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 59/85] mm, page_alloc: keep pcp count and list contents in sync if struct page is corrupted Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 60/85] usb: gadget: composite: always set ep->mult to a sensible value Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 61/85] PM / OPP: Pass opp_table to dev_pm_opp_put_regulator() Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 62/85] blk-mq: Do not invoke .queue_rq() for a stopped queue Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 63/85] dm table: fix all_blk_mq inconsistency when an empty table is loaded Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 64/85] dm table: an all_blk_mq table must be loaded for a blk-mq DM device Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 65/85] dm flakey: return -EINVAL on interval bounds error in flakey_ctr() Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 66/85] dm crypt: mark key as invalid until properly loaded Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 67/85] dm rq: fix a race condition in rq_completed() Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 68/85] dm raid: fix discard support regression Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 69/85] dm space map metadata: fix struct sm_metadata leak on failed create Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 70/85] ASoC: intel: Fix crash at suspend/resume without card registration Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 71/85] CIFS: Fix a possible memory corruption during reconnect Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 72/85] CIFS: Fix missing nls unload in smb2_reconnect() Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 73/85] CIFS: Fix a possible memory corruption in push locks Greg Kroah-Hartman
2017-01-04 20:47 ` [PATCH 4.8 74/85] kernel/watchdog: use nmi registers snapshot in hardlockup handler Greg Kroah-Hartman
2017-01-04 20:48 ` [PATCH 4.8 75/85] watchdog: mei_wdt: request stop on reboot to prevent false positive event Greg Kroah-Hartman
2017-01-04 20:48 ` [PATCH 4.8 76/85] watchdog: qcom: fix kernel panic due to external abort on non-linefetch Greg Kroah-Hartman
2017-01-04 20:48 ` [PATCH 4.8 77/85] kernel/debug/debug_core.c: more properly delay for secondary CPUs Greg Kroah-Hartman
2017-01-04 20:48 ` [PATCH 4.8 78/85] tpm xen: Remove bogus tpm_chip_unregister Greg Kroah-Hartman
2017-01-04 20:48 ` [PATCH 4.8 79/85] xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing Greg Kroah-Hartman
2017-01-04 20:48 ` [PATCH 4.8 80/85] arm/xen: Use alloc_percpu rather than __alloc_percpu Greg Kroah-Hartman
2017-01-04 20:48 ` [PATCH 4.8 81/85] xfs: set AGI buffer type in xlog_recover_clear_agi_bucket Greg Kroah-Hartman
2017-01-04 20:48 ` [PATCH 4.8 82/85] arm64: mark reserved memblock regions explicitly in iomem Greg Kroah-Hartman
2017-01-04 20:48 ` [PATCH 4.8 83/85] Revert "netfilter: nat: convert nat bysrc hash to rhashtable" Greg Kroah-Hartman
2017-01-04 20:48 ` [PATCH 4.8 84/85] Revert "netfilter: move nat hlist_head to nf_conn" Greg Kroah-Hartman
2017-01-04 20:48 ` [PATCH 4.8 85/85] driver core: fix race between creating/querying glue dir and its cleanup Greg Kroah-Hartman
2017-01-05 0:42 ` [PATCH 4.8 00/85] 4.8.16-stable review Shuah Khan
2017-01-05 4:47 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170104200703.730744842@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bo.li.liu@oracle.com \
--cc=fdmanana@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).