[B/F/G][PATCH 0/7] btrfs: Fix kernel BUG at fs/btrfs/ctree.c:3233 / btrfs_set_item_key_safe()
Mauricio Faria de Oliveira
mfo at canonical.com
Fri Oct 30 15:27:51 UTC 2020
BugLink: https://bugs.launchpad.net/bugs/1902254
[Impact]
* Users of btrfs started hitting a kernel BUG() (below)
after upgrade from 4.15.0-99.100 to 4.15.0-109.110,
which has 55 btrfs changes.
kernel BUG at /build/linux-eTBZpZ/linux-4.15.0/fs/btrfs/ctree.c:3233!
...
Krnl PSW : 00000000be9cb874 00000000ef3786e8 (btrfs_set_item_key_safe+0x152/0x1c0 [btrfs])
...
[...] Call Trace:
[...] btrfs_set_item_key_safe+0x11c/0x1c0 [btrfs])
[...] __btrfs_drop_extents+0xb5a/0xda8 [btrfs]
[...] btrfs_log_changed_extents+0x35c/0xaf0 [btrfs]
[...] btrfs_log_inode+0x9ee/0x1080 [btrfs]
[...] btrfs_log_inode_parent+0x224/0xa10 [btrfs]
[...] btrfs_log_dentry_safe+0x80/0xa8 [btrfs]
[...] btrfs_sync_file+0x392/0x550 [btrfs]
[...] do_fsync+0x5e/0x90
[...] SyS_fdatasync+0x32/0x48
[...] system_call+0xd8/0x2c8
$ git log --oneline Ubuntu-4.15.0-99.100..Ubuntu-4.15.0-109.110 -- fs/btrfs/ | wc -l
55
* The error happens at random moments, regardless of a
particular activity/load. Workaround is to downgrade.
[Fix]
* This BUG()/function is addressed in patch 4/4 [1] of series
'btrfs: Enhanced runtime defence against fuzzed images' [2],
after issues in the real world, not just crafted fs images:
'one internal report has hit one BUG_ON() with real world fs'
kernel BUG at fs/btrfs/ctree.c:3188!
...
RIP: 0010:btrfs_set_item_key_safe+0x16c/0x180
* The patch/set [3] is applied in v5.10-rc1 and Ubuntu Unstable:
- d16c702fe4f2 btrfs: ctree: check key order before merging tree blocks
- 07cce5cf3b48 btrfs: extent-tree: kill the BUG_ON() in insert_inline_extent_backref()
- 1c2a07f598d5 btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent()
- f98b6215d7d1 btrfs: extent_io: do extra check for extent buffer read write functions
[Test Case]
* There is working synthetic reproducer for this issue,
which is hard to reproduce as reported in commit [4]
that introduces debugging for the issue.
* Regression tests with xfstests and stress-ng shows
no regressions between un/patched kernels.
[Other Info]
* Trivial backports (only refreshing a few context lines)
with 3 more dependency patches on Bionic and 1 on Focal.
And Bionic needed one extra hunk to '#include' a header.
Groovy all apply cleanly.
* Build/tested on top of master-next btrfs patches at
these commit IDs; still apply on top of the latest:
- Bionic: commit 5252180a25fa ("bcache: reap from tail of c->btree_cache in bch_mca_scan()")
- Focal: commit 35981110f74d ("selftests: rtnetlink: load fou module for kci_test_encap_fou() test")
- Groovy: commit 280f13e61a24 ("ALSA: hda: fix jack detection with Realtek codecs when in D3")
[1] https://lore.kernel.org/linux-btrfs/20200819063550.62832-5-wqu@suse.com/
[2] https://lore.kernel.org/linux-btrfs/20200819063550.62832-1-wqu@suse.com/
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d16c702fe4f274bd77b47d3ab737eadcf24e0b93
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c15d41016dc886cc011e3854d855e219759ae68
Arnd Bergmann (1):
btrfs: use BUG() instead of BUG_ON(1)
David Sterba (1):
btrfs: drop unnecessary offset_in_page in extent buffer helpers
Johannes Thumshirn (1):
btrfs: use offset_in_page instead of open-coding it
Qu Wenruo (4):
btrfs: extent_io: do extra check for extent buffer read write
functions
btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent()
btrfs: extent-tree: kill the BUG_ON() in
insert_inline_extent_backref()
btrfs: ctree: check key order before merging tree blocks
fs/btrfs/backref.c | 4 +-
fs/btrfs/check-integrity.c | 12 +--
fs/btrfs/compression.c | 2 +-
fs/btrfs/ctree.c | 78 +++++++++++++++-
fs/btrfs/extent-tree.c | 177 ++++++++++++++++++++++++++++++++++---
fs/btrfs/extent_io.c | 151 ++++++++++++++++---------------
fs/btrfs/file.c | 6 +-
fs/btrfs/inode.c | 9 +-
fs/btrfs/send.c | 2 +-
fs/btrfs/volumes.c | 4 +-
10 files changed, 332 insertions(+), 113 deletions(-)
--
2.27.0
More information about the kernel-team
mailing list