Bug 213357 - chattr +e writes invalid checksum to extent block
Summary: chattr +e writes invalid checksum to extent block
Status: NEW
Alias: None
Product: File System
Classification: Unclassified
Component: ext4 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: fs_ext4@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-07 16:03 UTC by Jeroen van Wolffelaar
Modified: 2021-06-07 16:05 UTC (History)
0 users

See Also:
Kernel Version: 5.13.0-rc4
Tree: Mainline
Regression: No


Attachments
Reproduction script (1.69 KB, application/x-shellscript)
2021-06-07 16:03 UTC, Jeroen van Wolffelaar
Details
Execution log of reproduction script with vanilla kernel (2.69 KB, text/plain)
2021-06-07 16:05 UTC, Jeroen van Wolffelaar
Details
Kernel log (2.98 KB, text/plain)
2021-06-07 16:05 UTC, Jeroen van Wolffelaar
Details

Description Jeroen van Wolffelaar 2021-06-07 16:03:57 UTC
Created attachment 297207 [details]
Reproduction script

Overview:

Converting a file previously using (ext2/3) blocklists to ext4 extents using chattr +e makes the kernel write an invalid checksum to the extent block (if one needs to be written because of the metadata_csum feature & there being more than 4 extents). Because of inode caching, this won't be obvious until the inode has has been evicted from the cache, or the filesystem is remounted. The checksum errors are trivially correctable using e2fsck.

Reproduction:

In short:

* Create a large enough file on an ext3 filesystem to have it 5+ discontinuous ranges of blocks
* Add 'extent' and 'metadata_csum' feature to the filesystem
* chattr +e the file
* Reload the filesystem/clear inode cache

See repro.sh for full steps.

Observe:

* Reading the file gives I/O errors (EXT4-fs error: ext4_find_extent:885: inode #12: comm cat: pblk 17591 bad header/extent: extent tree corrupted - magic f30a, entries 6, max 340(340), depth 0(0))
* e2fsck reports checksum mismatch (ext2fs_block_iterate3: Extent block checksum does not match extent block)

Reproduction:

Besides the system where I originally found the bug, I reproduced it with 3 Debian versions (Stretch, Buster, Bullseye rc1), and additionally Bullseye with vanilla 5.13.0-rc4 kernel built from kernel.org source tarball: so, kernel versions spanning 4.9 to 5.13.

The reproduction script is destructive to the provided device.
Comment 1 Jeroen van Wolffelaar 2021-06-07 16:05:16 UTC
Created attachment 297209 [details]
Execution log of reproduction script with vanilla kernel
Comment 2 Jeroen van Wolffelaar 2021-06-07 16:05:55 UTC
Created attachment 297211 [details]
Kernel log

Note You need to log in before you can comment on or make changes to this bug.