Bug 215722
Summary: | general protection fault at fs/btrfs/tree-checker.c: check_dir_item() when mount a corrupted image | ||
---|---|---|---|
Product: | File System | Reporter: | Wenqing Liu (wenqingliu0120) |
Component: | btrfs | Assignee: | BTRFS virtual assignee (fs_btrfs) |
Status: | NEW --- | ||
Severity: | normal | CC: | wenqingliu0120 |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 5.15.30 | Subsystem: | |
Regression: | No | Bisected commit-id: | |
Attachments: | corrupted image and .config |
Created attachment 300598 [details] corrupted image and .config - Overview general protection fault at fs/btrfs/tree-checker.c: check_dir_item() when mount a corrupted image - Reproduce tested on kernel 5.15.30 $ mkdir mnt $ sudo mount tmp4.img mnt - Kernel dump [ 121.577598] loop0: detected capacity change from 0 to 262144 [ 121.594472] BTRFS: device fsid a62e00e8-e94e-4200-8217-12444de93c2e devid 1 transid 8 /dev/loop0 scanned by mount (1069) [ 121.595220] BTRFS info (device loop0): disk space caching is enabled [ 121.595222] BTRFS info (device loop0): has skinny extents [ 121.595585] BTRFS critical (device loop0): corrupt leaf: root=3 block=20975616 slot=0 devid=72027907223977985 invalid objectid: has=72027907223977985 expect=1 [ 121.595628] BTRFS error (device loop0): block=20975616 read time tree block corruption detected [ 121.595912] BTRFS info (device loop0): read error corrected: ino 0 off 20975616 (dev /dev/loop0 sector 40968) [ 121.595952] BTRFS critical (device loop0): corrupt leaf: block=29421568 slot=4 extent bytenr=29364224 len=4096 invalid generation, have 7599824371187718 expect (0, 9] [ 121.595999] BTRFS error (device loop0): block=29421568 read time tree block corruption detected [ 121.596051] BTRFS info (device loop0): read error corrected: ino 0 off 29421568 (dev /dev/loop0 sector 73848) [ 121.596059] BTRFS critical (device loop0): corrupt leaf: root=4 block=29396992 slot=0, unexpected item end, have 3880 expect 3995 [ 121.596082] BTRFS error (device loop0): block=29396992 read time tree block corruption detected [ 121.596288] BTRFS info (device loop0): read error corrected: ino 0 off 29396992 (dev /dev/loop0 sector 73800) [ 121.596312] BTRFS error (device loop0): parent transid verify failed on 29380608 wanted 4 found 2164195332 [ 121.596344] BTRFS info (device loop0): read error corrected: ino 0 off 29380608 (dev /dev/loop0 sector 73768) [ 121.596670] BTRFS warning (device loop0): access to eb bytenr 29409280 len 4096 out of range start 7442 len 17 [ 121.596673] BTRFS warning (device loop0): bad eb member start: ptr 0x1d12 start 29409280 member offset 7471 size 1 [ 121.596693] general protection fault, probably for non-canonical address 0x8832200000d2f: 0000 [#1] SMP NOPTI [ 121.596716] CPU: 1 PID: 7 Comm: kworker/u8:0 Not tainted 5.15.30 #1 [ 121.596730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014 [ 121.596746] Workqueue: btrfs-endio-meta btrfs_work_helper [ 121.596760] RIP: 0010:btrfs_get_8+0x5a/0x90 [ 121.596770] Code: 8b 5c dc 70 48 2b 1d 95 44 12 01 4c 89 ee 4c 89 e7 b9 01 00 00 00 48 c1 fb 06 48 c1 e3 0c 48 03 1d 8b 44 12 01 e8 76 fe ff ff <0f> b6 04 2b 48 83 c4 08 5b 5d 41 5c 41 5d c3 48 89 de 48 c7 c7 c0 [ 121.596803] RSP: 0018:ffffafa1c0043aa8 EFLAGS: 00010246 [ 121.596813] RAX: 0000000000000000 RBX: 0008832200000000 RCX: 0000000000000027 [ 121.596827] RDX: 0000000000000000 RSI: ffffa014f5c9c8d0 RDI: ffffa014f5c9c8d8 [ 121.596841] RBP: 0000000000000d2f R08: 0000000000000000 R09: 0000000000000001 [ 121.596854] R10: 0000000000000003 R11: 0000000000000034 R12: ffffa013024b9b00 [ 121.596867] R13: 0000000000001d12 R14: 00000000fffff221 R15: ffffafa1c0043c8f [ 121.596881] FS: 0000000000000000(0000) GS:ffffa014f5c80000(0000) knlGS:0000000000000000 [ 121.596897] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.596908] CR2: 000055ab382c1288 CR3: 0000000100c7e004 CR4: 0000000000370ee0 [ 121.596925] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 121.596939] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 121.596953] Call Trace: [ 121.596961] <TASK> [ 121.596967] check_dir_item+0x100/0x3e0 [ 121.596978] ? crc32c_pcl_intel_update+0x92/0xa0 [ 121.596990] ? csum_tree_block+0x13c/0x180 [ 121.597001] ? current_time+0x42/0x80 [ 121.597011] ? update_load_avg+0x1cc/0x620 [ 121.597023] ? btrfs_get_32+0x77/0x160 [ 121.597032] ? check_inode_key+0x41/0x160 [ 121.597041] check_leaf+0xc64/0x1ad0 [ 121.597050] ? check_preempt_wakeup+0x1b6/0x330 [ 121.597062] validate_extent_buffer+0x244/0x310 [ 121.597072] btrfs_validate_metadata_buffer+0xf8/0x100 [ 121.597083] end_bio_extent_readpage+0x3af/0x860 [ 121.597094] ? update_load_avg+0x1cc/0x620 [ 121.597104] end_workqueue_fn+0x29/0x40 [ 121.597113] btrfs_work_helper+0x7d/0x2e0 [ 121.597566] ? __schedule+0x2b4/0x910 [ 121.598020] process_one_work+0x1ff/0x3d0 [ 121.598455] worker_thread+0x2d/0x3e0 [ 121.598889] ? process_one_work+0x3d0/0x3d0 [ 121.599320] kthread+0x118/0x140 [ 121.599735] ? set_kthread_struct+0x40/0x40 [ 121.600197] ret_from_fork+0x1f/0x30 [ 121.600547] </TASK> [ 121.600960] Modules linked in: iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi xfs joydev input_leds serio_raw qemu_fw_cfg autofs4 raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid1 raid0 multipath linear qxl drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd hid_generic usbhid psmouse hid cryptd [ 121.602502] ---[ end trace 6e609471ab2b813c ]--- [ 121.603013] RIP: 0010:btrfs_get_8+0x5a/0x90 [ 121.603555] Code: 8b 5c dc 70 48 2b 1d 95 44 12 01 4c 89 ee 4c 89 e7 b9 01 00 00 00 48 c1 fb 06 48 c1 e3 0c 48 03 1d 8b 44 12 01 e8 76 fe ff ff <0f> b6 04 2b 48 83 c4 08 5b 5d 41 5c 41 5d c3 48 89 de 48 c7 c7 c0 [ 121.604771] RSP: 0018:ffffafa1c0043aa8 EFLAGS: 00010246 [ 121.605151] RAX: 0000000000000000 RBX: 0008832200000000 RCX: 0000000000000027 [ 121.605589] RDX: 0000000000000000 RSI: ffffa014f5c9c8d0 RDI: ffffa014f5c9c8d8 [ 121.606161] RBP: 0000000000000d2f R08: 0000000000000000 R09: 0000000000000001 [ 121.606666] R10: 0000000000000003 R11: 0000000000000034 R12: ffffa013024b9b00 [ 121.607066] R13: 0000000000001d12 R14: 00000000fffff221 R15: ffffafa1c0043c8f [ 121.607621] FS: 0000000000000000(0000) GS:ffffa014f5c80000(0000) knlGS:0000000000000000 [ 121.608191] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.608753] CR2: 000055ab382c1288 CR3: 0000000100c7e004 CR4: 0000000000370ee0 [ 121.609397] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 121.610009] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400