Hi Marc, On Thu, May 18, 2017 at 09:16:38PM -0700, Marc MERLIN wrote: > Looks like all the unhelpful BUG() aren't gone yet :-/ > This one is really not helpful, I don't even know which one of my filesystems > caused the crash :( > > Why is this not remounting the filesystem read only? > Really, from a user and admin perspective, this is really not helpful. > > Could someone who know more than me do a pass and eradicate those? > Btrfs cannot be a production filesystem as long as those are still around IMO.
Looks like there's a security hole hidden in code, I don't think it's a bug in code, it's more like caused by a corrupted metadata reading from disk rather than a memory corruption. A quick glance at the stack shows in extent-tree.c:lookup_inline_extent_backref() type = btrfs_extent_inline_ref_type(leaf, iref); then... ptr += btrfs_extent_inline_ref_size(type); I agree that a corrupted image should not corrupt the kernel, so we can fix it by forcing it to readonly. -liubo > > Thanks, > Marc > > ------------[ cut here ]------------ > kernel BUG at fs/btrfs/ctree.h:1779! > invalid opcode: 0000 [#1] PREEMPT SMP > Modules linked in: veth ip6table_filter ip6_tables ebtable_nat ebtables ppdev > lp xt_addrtype br_netfilter bridge stp llc tun autofs4 softdog binfmt_misc > ftdi_sio nfsd auth_rpcgss nfs_acl nfs lockd grace fscache sunrpc ipt_REJECT > nf_reject_ipv4 xt_conntrack xt_mark xt_nat xt_tcpudp nf_log_ipv4 > nf_log_common xt_LOG iptable_mangle iptable_filter lm85 hwmon_vid pl2303 > dm_snapshot dm_bufio iptable_nat ip_tables nf_conntrack_ipv4 nf_defrag_ipv4 > nf_nat_ipv4 nf_conntrack_ftp ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_nat > nf_conntrack x_tables sg st snd_pcm_oss snd_mixer_oss bcache kvm_intel kvm > irqbypass snd_hda_codec_realtek snd_hda_codec_generic snd_cmipci > snd_hda_intel snd_mpu401_uart snd_hda_codec snd_opl3_lib snd_hda_core > snd_rawmidi eeepc_wmi snd_hwdep snd_seq_device asus_wmi snd_pcm sparse_keymap > rfkill snd_timer hwmon snd i915 lpc_ich tpm_infineon rc_ati_x10 asix mei_me > usbnet ati_remote pcspkr libphy tpm_tis rc_core usbserial tpm_tis_core wmi > tpm parport_pc parport input_leds battery i2c_i801 soundcore evdev e1000e ptp > pps_core fuse raid456 multipath mmc_block mmc_core lrw ablk_helper dm_crypt > dm_mod async_raid6_recov async_pq async_xor async_memcpy async_tx > crc32c_intel blowfish_x86_64 blowfish_common pcbc aesni_intel aes_x86_64 > crypto_simd glue_helper cryptd xhci_pci ehci_pci xhci_hcd ehci_hcd mvsas > r8169 sata_sil24 mii libsas usbcore scsi_transport_sas thermal fan [last > unloaded: ftdi_sio] > CPU: 2 PID: 22204 Comm: kworker/u16:20 Tainted: G U > 4.11.0-amd64-preempt-sysrq-20170406 #2 > Hardware name: System manufacturer System Product Name/P8H67-M PRO, BIOS 3904 > 04/27/2013 > Workqueue: btrfs-extent-refs btrfs_extent_refs_helper > task: ffff9417d6de2240 task.stack: ffffa1314e7e0000 > RIP: 0010:btrfs_extent_inline_ref_size+0x29/0x39 > RSP: 0018:ffffa1314e7e3b10 EFLAGS: 00010297 > RAX: 000000000000001d RBX: ffff941849fd3700 RCX: ffff941aaa669000 > RDX: 0000000000002000 RSI: 000000000000245a RDI: 0000000000000000 > RBP: ffffa1314e7e3b10 R08: 0000000000004000 R09: ffffa1314e7e3ad8 > R10: 0000000000000000 R11: 0000000000002000 R12: 000000000000245a > R13: 0000000000000000 R14: ffff94183c20b5b8 R15: 0000000000000000 > FS: 0000000000000000(0000) GS:ffff941d9e280000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000f7557d76 CR3: 00000003f8c09000 CR4: 00000000001406e0 > Call Trace: > lookup_inline_extent_backref+0x302/0x436 > ? ___cache_free+0x200/0x25c > __btrfs_free_extent+0xf1/0xb18 > __btrfs_run_delayed_refs+0xb2f/0xd15 > ? __wake_up_common+0x4d/0x81 > btrfs_run_delayed_refs+0x7a/0x1cc > delayed_ref_async_start+0x5e/0x9b > btrfs_scrubparity_helper+0x111/0x271 > ? pwq_activate_delayed_work+0x4d/0x5b > btrfs_extent_refs_helper+0xe/0x10 > process_one_work+0x193/0x2b0 > ? rescuer_thread+0x2b1/0x2b1 > worker_thread+0x1e9/0x2c1 > ? rescuer_thread+0x2b1/0x2b1 > kthread+0xfb/0x100 > ? init_completion+0x24/0x24 > ? do_fast_syscall_32+0xb7/0xfe > ret_from_fork+0x2c/0x40 > Code: 5d c3 55 81 ff b0 00 00 00 48 89 e5 74 1f 81 ff b6 00 00 00 74 17 81 ff > b8 00 00 00 74 16 81 ff b2 00 00 00 b8 1d 00 00 00 74 0e <0f> 0b b8 09 00 00 > 00 eb 05 b8 0d 00 00 00 5d c3 55 48 89 f0 48 > RIP: btrfs_extent_inline_ref_size+0x29/0x39 RSP: ffffa1314e7e3b10 > ---[ end trace 8bd2bf161055b042 ]--- > > static inline u32 btrfs_extent_inline_ref_size(int type) > { > if (type == BTRFS_TREE_BLOCK_REF_KEY || > type == BTRFS_SHARED_BLOCK_REF_KEY) > return sizeof(struct btrfs_extent_inline_ref); > if (type == BTRFS_SHARED_DATA_REF_KEY) > return sizeof(struct btrfs_shared_data_ref) + > sizeof(struct btrfs_extent_inline_ref); > if (type == BTRFS_EXTENT_DATA_REF_KEY) > return sizeof(struct btrfs_extent_data_ref) + > offsetof(struct btrfs_extent_inline_ref, offset); > BUG(); <<<<<<<<<<<<<<<<< > return 0; > } > > -- > "A mouse is a device used to point at the xterm you want to type in" - A.S.R. > Microsoft is to operating systems .... > .... what McDonalds is to gourmet > cooking > Home page: http://marc.merlins.org/ | PGP > 1024R/763BE901 > -- > To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html