Hardware Environment: qemu x86 Software Environment: minimal Debian sid/unstable Problem Description: On mounting an intentionally corrupted filesystem, I get the following oops. Since I did not fix any checksums after corrupting the fs, I assume this is due to some data that is not protected by a checksum. Unfortunately the 256 MiB minimum filesystem size limit makes attaching a test case a bit harder. Still ask for it if you think you need one. ------------------------------------------------------------ device fsid 754307078c69d888-2aaaab2531fc0aa9 <6>devid 1 transid 15 /dev/hdb btrfs: hdb checksum verify failed on 20971520 wanted 997053EF found 5F42117D level 0 btrfs: hdb checksum verify failed on 20971520 wanted 997053EF found 5F42117D level 0 btrfs: hdb checksum verify failed on 20971520 wanted 997053EF found B670A8AB level 0 [a warn_slowpath() warning cut away] btrfs bad mapping eb start 20971520 len 4096, wanted 2147487182 8 [a warn_slowpath() warning cut away] BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<c0216e05>] kmap_atomic_prot+0x15/0xb1 *pde = 00000000 Oops: 0000 [#1] SMP DEBUG_PAGEALLOC last sysfs file: Pid: 997, comm: mount Tainted: G W (2.6.29-rc2 #2) EIP: 0060:[<c0216e05>] EFLAGS: 00000282 CPU: 0 EIP is at kmap_atomic_prot+0x15/0xb1 EAX: c6ee5000 EBX: 00000000 ECX: 00000163 EDX: 00000004 ESI: 00000004 EDI: 00000000 EBP: 00000163 ESP: c6ee5cec DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process mount (pid: 997, ti=c6ee5000 task=c5d50000 task.ti=c6ee5000) Stack: 00000000 00001400 00000000 00080000 c04987bd 00000002 00000001 00000000 c0498818 80000dce 00000008 c710db00 00000000 c726dc6c 00001000 80000dce 00000000 c710db00 00000000 c04915d3 c6ee5d64 c6ee5d60 c6ee5d5c c6ee5d58 Call Trace: [<c04987bd>] map_private_extent_buffer+0x83/0x180 [<c0498818>] map_private_extent_buffer+0xde/0x180 [<c04915d3>] btrfs_chunk_length+0x4e/0xcf [<c04987bd>] map_private_extent_buffer+0x83/0x180 [<c04a0d90>] read_one_chunk+0x28/0x311 [<c048f570>] btrfs_item_offset+0xc0/0xc2 [<c04a121e>] btrfs_read_chunk_tree+0x1a5/0x1b1 [<c047dd8b>] open_ctree+0xad6/0xfd1 [<c02b48f5>] disk_name+0x9c/0xa6 [<c04d8414>] strlcpy+0x11/0x3d [<c04610d7>] btrfs_get_sb+0x2f5/0x3e7 [<c02610c8>] kstrdup+0x24/0x40 [<c0278c28>] vfs_kern_mount+0x37/0x88 [<c0278cc0>] do_kern_mount+0x31/0xbc [<c028c4fd>] do_mount+0x39b/0x77d [<c028ac13>] copy_mount_options+0x2c/0x11b [<c028c967>] sys_mount+0x88/0xc1 [<c02030be>] syscall_call+0x7/0xb Code: 84 c8 c0 83 e2 fc 8d 04 09 01 c8 8d 04 81 8d 04 82 c3 0f 0b eb fe 55 57 56 53 89 c3 89 d6 89 cd 89 e0 25 00 f0 ff ff 83 40 14 01 <8b> 0b 89 c8 c1 e8 0d 25 00 18 00 00 05 80 4e 6e c0 2b 80 8c 07 EIP: [<c0216e05>] kmap_atomic_prot+0x15/0xb1 SS:ESP 0068:c6ee5cec ---[ end trace 13cdbae0c899649b ]--- note: mount[997] exited with preempt_count 1 BUG: scheduling while atomic: mount/997/0x10000001 INFO: lockdep is turned off. Pid: 997, comm: mount Tainted: G D W 2.6.29-rc2 #2 Call Trace: [<c05c78f9>] schedule+0x612/0xb0e [<c04dea6f>] debug_check_no_obj_freed+0x123/0x179 [<c0268366>] remove_vma+0x52/0x66 [<c02212b0>] __cond_resched+0x22/0x37 [<c05c7efd>] _cond_resched+0x2b/0x37 [<c02264d6>] put_files_struct+0x65/0xa6 [<c0227d6b>] do_exit+0x116/0x788 [<c0225308>] release_console_sem+0x17d/0x1bd [<c05c6fce>] printk+0x17/0x1b [<c0205ea5>] oops_begin+0x0/0x86 [<c0213155>] do_page_fault+0x2dc/0x6b7 [<c02060bc>] show_trace+0x18/0x1d [<c05c6eb6>] dump_stack+0x6d/0x72 [<c05c6fce>] printk+0x17/0x1b [<c0224c9e>] warn_slowpath+0xa1/0xce [<c05c9e65>] _spin_lock_irqsave+0x3c/0x44 [<c0225308>] release_console_sem+0x17d/0x1bd [<c0212e79>] do_page_fault+0x0/0x6b7 [<c05ca20a>] error_code+0x72/0x78 [<c0216e05>] kmap_atomic_prot+0x15/0xb1 [<c04987bd>] map_private_extent_buffer+0x83/0x180 [<c0498818>] map_private_extent_buffer+0xde/0x180 [<c04915d3>] btrfs_chunk_length+0x4e/0xcf [<c04987bd>] map_private_extent_buffer+0x83/0x180 [<c04a0d90>] read_one_chunk+0x28/0x311 [<c048f570>] btrfs_item_offset+0xc0/0xc2 [<c04a121e>] btrfs_read_chunk_tree+0x1a5/0x1b1 [<c047dd8b>] open_ctree+0xad6/0xfd1 [<c02b48f5>] disk_name+0x9c/0xa6 [<c04d8414>] strlcpy+0x11/0x3d [<c04610d7>] btrfs_get_sb+0x2f5/0x3e7 [<c02610c8>] kstrdup+0x24/0x40 [<c0278c28>] vfs_kern_mount+0x37/0x88 [<c0278cc0>] do_kern_mount+0x31/0xbc [<c028c4fd>] do_mount+0x39b/0x77d [<c028ac13>] copy_mount_options+0x2c/0x11b [<c028c967>] sys_mount+0x88/0xc1 [<c02030be>] syscall_call+0x7/0xb ./runtest: line 31: 997 Segmentation fault mount /dev/hdb /mnt -t btrfs umount: /mnt: not mounted ***** zzuffing ***** seed 30000002 device fsid 754307078c69d888-2aaaab2531fc0aa9 <6>devid 1 transid 15 /dev/hdb BUG: unable to handle kernel NULL pointer dereference at 0000015c IP: [<c0460d5b>] btrfs_test_super+0x6/0x19 *pde = 00000000 Oops: 0000 [#2] SMP DEBUG_PAGEALLOC last sysfs file: Pid: 1016, comm: mount Tainted: G D W (2.6.29-rc2 #2) EIP: 0060:[<c0460d5b>] EFLAGS: 00000287 CPU: 0 EIP is at btrfs_test_super+0x6/0x19 EAX: 00000000 EBX: c7ad2800 ECX: 00000000 EDX: c79faf80 ESI: 00000000 EDI: c06cd4d8 EBP: 00000000 ESP: c6ee5ea0 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process mount (pid: 1016, ti=c6ee5000 task=c7891340 task.ti=c6ee5000) Stack: c02792be 22222222 c0278d4b c0460d55 c06cd4c0 c06cd4e0 c06cd4e8 c740c9c0 00000000 00000000 00000000 c0460ebf c79faf80 c68a1000 c06cd4c0 c79d8d90 00000010 00000009 c68a1000 000000d0 c68a1000 c02610c8 c7aacc00 00000000 Call Trace: [<c02792be>] sget+0x51/0x363 [<c0278d4b>] set_anon_super+0x0/0xa2 [<c0460d55>] btrfs_test_super+0x0/0x19 [<c0460ebf>] btrfs_get_sb+0xdd/0x3e7 [<c02610c8>] kstrdup+0x24/0x40 [<c0278c28>] vfs_kern_mount+0x37/0x88 [<c0278cc0>] do_kern_mount+0x31/0xbc [<c028c4fd>] do_mount+0x39b/0x77d [<c028ac13>] copy_mount_options+0x2c/0x11b [<c028c967>] sys_mount+0x88/0xc1 [<c02030be>] syscall_call+0x7/0xb Code: 44 24 04 82 d6 66 c0 c7 04 24 bc 09 46 c0 b9 c1 09 46 c0 e8 76 d7 e2 ff 83 c4 08 c3 90 90 90 90 c6 40 11 00 c3 8b 80 78 02 00 00 <8b> 80 5c 01 00 00 39 90 98 1f 00 00 0f 94 c0 0f b6 c0 c3 53 8b EIP: [<c0460d5b>] btrfs_test_super+0x6/0x19 SS:ESP 0068:c6ee5ea0 ---[ end trace 13cdbae0c899649c ]--- ./runtest: line 31: 1016 Segmentation fault mount /dev/hdb /mnt -t btrfs umount: /mnt: not mounted ***** zzuffing ***** seed 30000003 BUG: soft lockup - CPU#0 stuck for 61s! [pdflush:103] Pid: 103, comm: pdflush Tainted: G D W (2.6.29-rc2 #2) EIP: 0060:[<c04ddfb9>] EFLAGS: 00000246 CPU: 0 EIP is at _raw_spin_lock+0xd7/0x12b EAX: 00000000 EBX: c06c30a8 ECX: 00000000 EDX: 00003400 ESI: 12fc19d8 EDI: 00000000 EBP: 00000001 ESP: c7888f3c DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 CR0: 8005003b CR2: 08058480 CR3: 06849000 CR4: 00000690 DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 DR6: 00000000 DR7: 00000000 Call Trace: [<c02791c5>] ? sync_supers+0xc/0xb4 [<c05c9da0>] ? _spin_lock+0x31/0x3c [<c02791c5>] ? sync_supers+0xc/0xb4 [<c02595f3>] ? wb_kupdate+0x2b/0xe8 [<c025a18b>] ? pdflush+0xe6/0x1a0 [<c02595c8>] ? wb_kupdate+0x0/0xe8 [<c025a0a5>] ? pdflush+0x0/0x1a0 [<c023681e>] ? kthread+0x39/0x62 [<c02367e5>] ? kthread+0x0/0x62 [<c020384b>] ? kernel_thread_helper+0x7/0x1c ------------------------------------------------------------
How exactly did you corrupt the FS? This is a test we should be passing.