debugfs

Open the filesystem in read only mode

$ debugfs [/dev/sdXN]

$ debugfs -w [/dev/sdXN]

$ debugfs -f [path/to/cmd_file] [/dev/sdXN]

$ stats

$ close -a

$ lr

debugfs [-w] [-c cmd_file] [-i image_file] [-b block_size] [-s superblock] [-f] [-R request] [-d directory] device

-w
    Open the filesystem in read-write mode. Use with extreme caution!

-c cmd_file
    Execute commands from cmd_file.

-i image_file
    Read the filesystem image from image_file.

-b block_size
    Use block_size as the block size (in bytes) for the filesystem.

-s superblock
    Use superblock as the superblock number to be used by debugfs.

-f
    Force the filesystem to be opened even if it has errors.

-R request
    Execute request as a single debugfs command.

-d directory
    Change to directory when starting.

device
    The filesystem device (e.g., /dev/sda1).

debugfs is an interactive filesystem debugger for the ext2, ext3, and ext4 filesystems. It allows you to examine and modify the internal structures of these filesystems. It can be used to recover damaged filesystems, examine metadata, and perform low-level filesystem operations that are not typically accessible through standard system tools.
Warning: Using debugfs requires a deep understanding of the filesystem structure and can lead to data loss or filesystem corruption if used incorrectly. It is intended for advanced users and filesystem developers.

debugfs can cause irreversible damage to your filesystem if used improperly. Always back up your data before using debugfs. Running debugfs on a mounted filesystem is generally not recommended and may lead to corruption. Using the -w option is especially dangerous.

debugfs provides a rich set of interactive commands for navigating and manipulating the filesystem. Common commands include ls (list directory contents), cd (change directory), stat (display inode information), icheck (find files using a block number), ncheck (find files using an inode number), and dump (copy file data to a local file).

While debugfs is not a replacement for fsck, it can be used to perform some basic filesystem consistency checks, such as verifying inode and block bitmaps. It is also helpful in diagnosing the root cause of issues reported by fsck.

debugfs is part of the e2fsprogs suite of tools for managing ext2, ext3, and ext4 filesystems. It has been developed and maintained alongside these filesystems, evolving to support new features and functionalities over time. Its primary purpose remains as a debugging and recovery tool for filesystem administrators and developers.

dumpe2fs(8), fsck(8), tune2fs(8)