Bug 213357

Summary: chattr +e writes invalid checksum to extent block
Product: File System Reporter: Jeroen van Wolffelaar (jeroen)
Component: ext4Assignee: fs_ext4 (fs_ext4)
Status: NEW ---    
Severity: normal CC: luis.henriques
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 5.13.0-rc4 Subsystem:
Regression: No Bisected commit-id:
Attachments: Reproduction script
Execution log of reproduction script with vanilla kernel
Kernel log
ext4: set csum seed in tmp inode while migrating to extents

Description Jeroen van Wolffelaar 2021-06-07 16:03:57 UTC
Created attachment 297207 [details]
Reproduction script

Overview:

Converting a file previously using (ext2/3) blocklists to ext4 extents using chattr +e makes the kernel write an invalid checksum to the extent block (if one needs to be written because of the metadata_csum feature & there being more than 4 extents). Because of inode caching, this won't be obvious until the inode has has been evicted from the cache, or the filesystem is remounted. The checksum errors are trivially correctable using e2fsck.

Reproduction:

In short:

* Create a large enough file on an ext3 filesystem to have it 5+ discontinuous ranges of blocks
* Add 'extent' and 'metadata_csum' feature to the filesystem
* chattr +e the file
* Reload the filesystem/clear inode cache

See repro.sh for full steps.

Observe:

* Reading the file gives I/O errors (EXT4-fs error: ext4_find_extent:885: inode #12: comm cat: pblk 17591 bad header/extent: extent tree corrupted - magic f30a, entries 6, max 340(340), depth 0(0))
* e2fsck reports checksum mismatch (ext2fs_block_iterate3: Extent block checksum does not match extent block)

Reproduction:

Besides the system where I originally found the bug, I reproduced it with 3 Debian versions (Stretch, Buster, Bullseye rc1), and additionally Bullseye with vanilla 5.13.0-rc4 kernel built from kernel.org source tarball: so, kernel versions spanning 4.9 to 5.13.

The reproduction script is destructive to the provided device.
Comment 1 Jeroen van Wolffelaar 2021-06-07 16:05:16 UTC
Created attachment 297209 [details]
Execution log of reproduction script with vanilla kernel
Comment 2 Jeroen van Wolffelaar 2021-06-07 16:05:55 UTC
Created attachment 297211 [details]
Kernel log
Comment 3 Luis Henriques 2021-12-09 12:30:50 UTC
Created attachment 299969 [details]
ext4: set csum seed in tmp inode while migrating to extents

I forgot to comment on this bug regarding the fix I've proposed on the mailing-list[1] (although there are no replies yet).  For completeness, I'm attaching the patch here too.

[1] https://lore.kernel.org/all/20211206143733.18918-1-lhenriques@suse.de/