APPLIED[F]: [B/F/G][PATCH 0/7] btrfs: Fix kernel BUG at fs/btrfs/ctree.c:3233 / btrfs_set_item_key_safe()

Ian May ian.may at canonical.com
Fri Nov 6 06:03:19 UTC 2020 

Applied to Focal/master-next

Thanks,
Ian

On 2020-10-30 12:27:51 , Mauricio Faria de Oliveira wrote:
> BugLink: https://bugs.launchpad.net/bugs/1902254
> 
> [Impact]
> 
>  * Users of btrfs started hitting a kernel BUG() (below)
>    after upgrade from 4.15.0-99.100 to 4.15.0-109.110,
>    which has 55 btrfs changes.
> 
>      kernel BUG at /build/linux-eTBZpZ/linux-4.15.0/fs/btrfs/ctree.c:3233!
>      ...
>      Krnl PSW : 00000000be9cb874 00000000ef3786e8 (btrfs_set_item_key_safe+0x152/0x1c0 [btrfs])
>      ...
>      [...] Call Trace:
>      [...] btrfs_set_item_key_safe+0x11c/0x1c0 [btrfs])
>      [...] __btrfs_drop_extents+0xb5a/0xda8 [btrfs]
>      [...] btrfs_log_changed_extents+0x35c/0xaf0 [btrfs]
>      [...] btrfs_log_inode+0x9ee/0x1080 [btrfs]
>      [...] btrfs_log_inode_parent+0x224/0xa10 [btrfs]
>      [...] btrfs_log_dentry_safe+0x80/0xa8 [btrfs]
>      [...] btrfs_sync_file+0x392/0x550 [btrfs]
>      [...] do_fsync+0x5e/0x90
>      [...] SyS_fdatasync+0x32/0x48
>      [...] system_call+0xd8/0x2c8
> 
>      $ git log --oneline Ubuntu-4.15.0-99.100..Ubuntu-4.15.0-109.110 -- fs/btrfs/ | wc -l
>      55
> 
>  * The error happens at random moments, regardless of a
>    particular activity/load. Workaround is to downgrade.
> 
> [Fix]
> 
>  * This BUG()/function is addressed in patch 4/4 [1] of series
>    'btrfs: Enhanced runtime defence against fuzzed images' [2],
>    after issues in the real world, not just crafted fs images:
>    'one internal report has hit one BUG_ON() with real world fs'
>  
>      kernel BUG at fs/btrfs/ctree.c:3188!
>      ...
>      RIP: 0010:btrfs_set_item_key_safe+0x16c/0x180
>  
>  * The patch/set [3] is applied in v5.10-rc1 and Ubuntu Unstable:
>    - d16c702fe4f2 btrfs: ctree: check key order before merging tree blocks
>    - 07cce5cf3b48 btrfs: extent-tree: kill the BUG_ON() in insert_inline_extent_backref()
>    - 1c2a07f598d5 btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent()
>    - f98b6215d7d1 btrfs: extent_io: do extra check for extent buffer read write functions
>  
> [Test Case]
> 
>  * There is working synthetic reproducer for this issue,
>    which is hard to reproduce as reported in commit [4]
>    that introduces debugging for the issue.
>    
>  * Regression tests with xfstests and stress-ng shows
>    no regressions between un/patched kernels.
> 
> [Other Info]
> 
>  * Trivial backports (only refreshing a few context lines)
>    with 3 more dependency patches on Bionic and 1 on Focal.
>    And Bionic needed one extra hunk to '#include' a header.
>    Groovy all apply cleanly.
> 
>  * Build/tested on top of master-next btrfs patches at
>    these commit IDs; still apply on top of the latest:
>    - Bionic: commit 5252180a25fa ("bcache: reap from tail of c->btree_cache in bch_mca_scan()")
>    - Focal:  commit 35981110f74d ("selftests: rtnetlink: load fou module for kci_test_encap_fou() test")
>    - Groovy: commit 280f13e61a24 ("ALSA: hda: fix jack detection with Realtek codecs when in D3")
> 
> [1] https://lore.kernel.org/linux-btrfs/20200819063550.62832-5-wqu@suse.com/
> [2] https://lore.kernel.org/linux-btrfs/20200819063550.62832-1-wqu@suse.com/
> [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d16c702fe4f274bd77b47d3ab737eadcf24e0b93
> [4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c15d41016dc886cc011e3854d855e219759ae68
> 
> Arnd Bergmann (1):
>   btrfs: use BUG() instead of BUG_ON(1)
> 
> David Sterba (1):
>   btrfs: drop unnecessary offset_in_page in extent buffer helpers
> 
> Johannes Thumshirn (1):
>   btrfs: use offset_in_page instead of open-coding it
> 
> Qu Wenruo (4):
>   btrfs: extent_io: do extra check for extent buffer read write
>     functions
>   btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent()
>   btrfs: extent-tree: kill the BUG_ON() in
>     insert_inline_extent_backref()
>   btrfs: ctree: check key order before merging tree blocks
> 
>  fs/btrfs/backref.c         |   4 +-
>  fs/btrfs/check-integrity.c |  12 +--
>  fs/btrfs/compression.c     |   2 +-
>  fs/btrfs/ctree.c           |  78 +++++++++++++++-
>  fs/btrfs/extent-tree.c     | 177 ++++++++++++++++++++++++++++++++++---
>  fs/btrfs/extent_io.c       | 151 ++++++++++++++++---------------
>  fs/btrfs/file.c            |   6 +-
>  fs/btrfs/inode.c           |   9 +-
>  fs/btrfs/send.c            |   2 +-
>  fs/btrfs/volumes.c         |   4 +-
>  10 files changed, 332 insertions(+), 113 deletions(-)
> 
> -- 
> 2.27.0
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list