• Filipe Manana's avatar
    Btrfs: fix emptiness check for dirtied extent buffers at check_leaf() · a1e0e047
    Filipe Manana authored
    commit f177d739 upstream.
    
    We can not simply use the owner field from an extent buffer's header to
    get the id of the respective tree when the extent buffer is from a
    relocation tree. When we create the root for a relocation tree we leave
    (on purpose) the owner field with the same value as the subvolume's tree
    root (we do this at ctree.c:btrfs_copy_root()). So we must ignore extent
    buffers from relocation trees, which have the BTRFS_HEADER_FLAG_RELOC
    flag set, because otherwise we will always consider the extent buffer
    as not being the root of the tree (the root of original subvolume tree
    is always different from the root of the respective relocation tree).
    
    This lead to assertion failures when running with the integrity checker
    enabled (CONFIG_BTRFS_FS_CHECK_INTEGRITY=y) such as the following:
    
    [  643.393409] BTRFS critical (device sdg): corrupt leaf, non-root leaf's nritems is 0: block=38506496, root=260, slot=0
    [  643.397609] BTRFS info (device sdg): leaf 38506496 total ptrs 0 free space 3995
    [  643.407075] assertion failed: 0, file: fs/btrfs/disk-io.c, line: 4078
    [  643.408425] ------------[ cut here ]------------
    [  643.409112] kernel BUG at fs/btrfs/ctree.h:3419!
    [  643.409773] invalid opcode: 0000 [#1] PREEMPT SMP
    [  643.410447] Modules linked in: dm_flakey dm_mod crc32c_generic btrfs xor raid6_pq ppdev psmouse acpi_cpufreq parport_pc evdev parport tpm_tis tpm_tis_core pcspkr serio_raw i2c_piix4 sg tpm i2c_core button processor loop autofs4 ext4 crc16 jbd2 mbcache sr_mod cdrom sd_mod ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring scsi_mod virtio e1000 floppy
    [  643.414356] CPU: 11 PID: 32726 Comm: btrfs Not tainted 4.8.0-rc8-btrfs-next-35+ #1
    [  643.414356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
    [  643.414356] task: ffff880145e95b00 task.stack: ffff88014826c000
    [  643.414356] RIP: 0010:[<ffffffffa0352759>]  [<ffffffffa0352759>] assfail.constprop.41+0x1c/0x1e [btrfs]
    [  643.414356] RSP: 0018:ffff88014826fa28  EFLAGS: 00010292
    [  643.414356] RAX: 0000000000000039 RBX: ffff88014e2d7c38 RCX: 0000000000000001
    [  643.414356] RDX: ffff88023f4d2f58 RSI: ffffffff81806c63 RDI: 00000000ffffffff
    [  643.414356] RBP: ffff88014826fa28 R08: 0000000000000001 R09: 0000000000000000
    [  643.414356] R10: ffff88014826f918 R11: ffffffff82f3c5ed R12: ffff880172910000
    [  643.414356] R13: ffff880233992230 R14: ffff8801a68a3310 R15: fffffffffffffff8
    [  643.414356] FS:  00007f9ca305e8c0(0000) GS:ffff88023f4c0000(0000) knlGS:0000000000000000
    [  643.414356] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [  643.414356] CR2: 00007f9ca3071000 CR3: 000000015d01b000 CR4: 00000000000006e0
    [  643.414356] Stack:
    [  643.414356]  ffff88014826fa50 ffffffffa02d655a 000000000000000a ffff88014e2d7c38
    [  643.414356]  0000000000000000 ffff88014826faa8 ffffffffa02b72f3 ffff88014826fab8
    [  643.414356]  00ffffffa03228e4 0000000000000000 0000000000000000 ffff8801bbd4e000
    [  643.414356] Call Trace:
    [  643.414356]  [<ffffffffa02d655a>] btrfs_mark_buffer_dirty+0xdf/0xe5 [btrfs]
    [  643.414356]  [<ffffffffa02b72f3>] btrfs_copy_root+0x18a/0x1d1 [btrfs]
    [  643.414356]  [<ffffffffa0322921>] create_reloc_root+0x72/0x1ba [btrfs]
    [  643.414356]  [<ffffffffa03267c2>] btrfs_init_reloc_root+0x7b/0xa7 [btrfs]
    [  643.414356]  [<ffffffffa02d9e44>] record_root_in_trans+0xdf/0xed [btrfs]
    [  643.414356]  [<ffffffffa02db04e>] btrfs_record_root_in_trans+0x50/0x6a [btrfs]
    [  643.414356]  [<ffffffffa030ad2b>] create_subvol+0x472/0x773 [btrfs]
    [  643.414356]  [<ffffffffa030b406>] btrfs_mksubvol+0x3da/0x463 [btrfs]
    [  643.414356]  [<ffffffffa030b406>] ? btrfs_mksubvol+0x3da/0x463 [btrfs]
    [  643.414356]  [<ffffffff810781ac>] ? preempt_count_add+0x65/0x68
    [  643.414356]  [<ffffffff811a6e97>] ? __mnt_want_write+0x62/0x77
    [  643.414356]  [<ffffffffa030b55d>] btrfs_ioctl_snap_create_transid+0xce/0x187 [btrfs]
    [  643.414356]  [<ffffffffa030b67d>] btrfs_ioctl_snap_create+0x67/0x81 [btrfs]
    [  643.414356]  [<ffffffffa030ecfd>] btrfs_ioctl+0x508/0x20dd [btrfs]
    [  643.414356]  [<ffffffff81293e39>] ? __this_cpu_preempt_check+0x13/0x15
    [  643.414356]  [<ffffffff81155eca>] ? handle_mm_fault+0x976/0x9ab
    [  643.414356]  [<ffffffff81091300>] ? arch_local_irq_save+0x9/0xc
    [  643.414356]  [<ffffffff8119a2b0>] vfs_ioctl+0x18/0x34
    [  643.414356]  [<ffffffff8119a8e8>] do_vfs_ioctl+0x581/0x600
    [  643.414356]  [<ffffffff814b9552>] ? entry_SYSCALL_64_fastpath+0x5/0xa8
    [  643.414356]  [<ffffffff81093fe9>] ? trace_hardirqs_on_caller+0x17b/0x197
    [  643.414356]  [<ffffffff8119a9be>] SyS_ioctl+0x57/0x79
    [  643.414356]  [<ffffffff814b9565>] entry_SYSCALL_64_fastpath+0x18/0xa8
    [  643.414356]  [<ffffffff81091b08>] ? trace_hardirqs_off_caller+0x3f/0xaa
    [  643.414356] Code: 89 83 88 00 00 00 31 c0 5b 41 5c 41 5d 5d c3 55 89 f1 48 c7 c2 98 bc 35 a0 48 89 fe 48 c7 c7 05 be 35 a0 48 89 e5 e8 13 46 dd e0 <0f> 0b 55 89 f1 48 c7 c2 9f d3 35 a0 48 89 fe 48 c7 c7 7a d5 35
    [  643.414356] RIP  [<ffffffffa0352759>] assfail.constprop.41+0x1c/0x1e [btrfs]
    [  643.414356]  RSP <ffff88014826fa28>
    [  643.468267] ---[ end trace 6a1b3fb1a9d7d6e3 ]---
    
    This can be easily reproduced by running xfstests with the integrity
    checker enabled.
    
    Fixes: 1ba98d08 (Btrfs: detect corruption when non-root leaf has zero item)
    Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
    Reviewed-by: default avatarLiu Bo <bo.li.liu@oracle.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    a1e0e047
disk-io.c 127 KB