202751 – Segmentation fault while mounting

Bug 202751 - Segmentation fault while mounting

Summary: Segmentation fault while mounting

Status:	RESOLVED CODE_FIX

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	btrfs (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	BTRFS virtual assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-03-04 19:09 UTC by Jungyeon
Modified:	2019-07-09 01:07 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	5.0-rc8
Tree:	Mainline
Regression:	No

Attachments
crafted img (166.40 KB, application/zip) 2019-03-04 19:09 UTC, Jungyeon	Details
Minimized test code (614 bytes, text/x-csrc) 2019-03-07 03:58 UTC, Jungyeon	Details
Add an attachment (proposed patch, testcase, etc.)

Description Jungyeon 2019-03-04 19:09:54 UTC

Created attachment 281479 [details]
crafted img

While trying to mount this attached image, btrfs crashes with segmentation fault.
Messages & reproduces are as follows.

---
mkdir test
mount -t btrfs 10.img test 

---
Messages (I used /dev/sdb to get 10.img in following reproduces)

[   43.103325] BTRFS critical (device sdb): corrupt leaf: root=2 block=29786112 slot=42, bad key order, prev (248489707569152 192 12582912) current (86507520 168 5111808)
[   43.108521] BTRFS critical (device sdb): corrupt leaf: root=4 block=29552640 slot=2, bad key order, prev (1 204 1152921504607895552) current (1 204 12582912)
[   43.113691] divide error: 0000 [#1] SMP PTI
[   43.114765] CPU: 0 PID: 1064 Comm: mount Not tainted 5.0.0-rc8+ #9
[   43.116348] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[   43.118621] RIP: 0010:btrfs_verify_dev_extents+0x210/0x5a0
[   43.120071] Code: f8 01 00 00 48 81 ff 80 00 00 00 0f 84 e3 01 00 00 48 81 ff 00 01 00 00 8d 46 fe 74 06 89 f0 99 41 f7 fb 89 c7 31 d2 4c 89 c8 <48> f7 f7 48 39 45 a0 0f 85 2c 03 00 00 85 f6 0f 8e 6b 01 00 00 8d
[   43.124823] RSP: 0018:ffffa26c010779c8 EFLAGS: 00010246
[   43.126167] RAX: 0000000000800000 RBX: 0000000000000001 RCX: ffff937cb07f4ac0
[   43.128002] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   43.129829] RBP: ffffa26c01077a60 R08: 0000000000c00000 R09: 0000000000800000
[   43.131654] R10: 0000000000000000 R11: 0000000000000002 R12: ffff937caf802850
[   43.133492] R13: ffff937caad20118 R14: 0000000000c00000 R15: ffff937cab92cc60
[   43.135311] FS:  00007fac30ae0840(0000) GS:ffff937cb7a00000(0000) knlGS:0000000000000000
[   43.137384] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.138855] CR2: 000055821d513928 CR3: 000000022b3a4004 CR4: 00000000000206f0
[   43.140692] Call Trace:
[   43.141345]  open_ctree+0x160d/0x2149
[   43.142292]  btrfs_mount_root+0x5b2/0x680
[   43.143327]  ? btrfs_mount_root+0x5b2/0x680
[   43.144415]  ? pcpu_next_unpop+0x3c/0x50
[   43.145421]  ? cpumask_next+0x1b/0x20
[   43.146357]  ? pcpu_alloc+0x2f1/0x650
[   43.147299]  mount_fs+0x51/0x170
[   43.148143]  ? btrfs_decode_error+0x30/0x30
[   43.149229]  ? mount_fs+0x51/0x170
[   43.150120]  vfs_kern_mount+0x67/0x120
[   43.151098]  btrfs_mount+0x173/0x8cd
[   43.152044]  ? pcpu_block_update_hint_alloc+0x1bb/0x1e0
[   43.153385]  ? pcpu_next_unpop+0x3c/0x50
[   43.154401]  ? cpumask_next+0x1b/0x20
[   43.155349]  ? pcpu_alloc+0x2f1/0x650
[   43.156314]  mount_fs+0x51/0x170
[   43.157153]  ? mount_fs+0x51/0x170
[   43.158043]  vfs_kern_mount+0x67/0x120
[   43.159018]  do_mount+0x208/0xd20
[   43.159896]  ? __check_object_size+0x111/0x1b0
[   43.161051]  ? memdup_user+0x4f/0x70
[   43.161984]  ksys_mount+0x83/0xd0
[   43.162848]  __x64_sys_mount+0x25/0x30
[   43.163834]  do_syscall_64+0x5a/0x110
[   43.164793]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   43.166091] RIP: 0033:0x7fac303bfb9a
[   43.167021] Code: 48 8b 0d 01 c3 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ce c2 2b 00 f7 d8 64 89 01 48
[   43.171774] RSP: 002b:00007ffe0ac18d08 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[   43.173730] RAX: ffffffffffffffda RBX: 00000000011e7030 RCX: 00007fac303bfb9a
[   43.175553] RDX: 00000000011e7210 RSI: 00000000011e9f40 RDI: 00000000011e7230
[   43.177384] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000014
[   43.179209] R10: 00000000c0ed0000 R11: 0000000000000202 R12: 00000000011e7230
[   43.181039] R13: 00000000011e7210 R14: 0000000000000000 R15: 0000000000000003
[   43.182864] Modules linked in:
[   43.183688] ---[ end trace fb4c41a79273f93b ]---
[   43.187397] RIP: 0010:btrfs_verify_dev_extents+0x210/0x5a0
[   43.188835] Code: f8 01 00 00 48 81 ff 80 00 00 00 0f 84 e3 01 00 00 48 81 ff 00 01 00 00 8d 46 fe 74 06 89 f0 99 41 f7 fb 89 c7 31 d2 4c 89 c8 <48> f7 f7 48 39 45 a0 0f 85 2c 03 00 00 85 f6 0f 8e 6b 01 00 00 8d
[   43.193572] RSP: 0018:ffffa26c010779c8 EFLAGS: 00010246
[   43.194920] RAX: 0000000000800000 RBX: 0000000000000001 RCX: ffff937cb07f4ac0
[   43.196762] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   43.198583] RBP: ffffa26c01077a60 R08: 0000000000c00000 R09: 0000000000800000
[   43.200431] R10: 0000000000000000 R11: 0000000000000002 R12: ffff937caf802850
[   43.202249] R13: ffff937caad20118 R14: 0000000000c00000 R15: ffff937cab92cc60
[   43.204074] FS:  00007fac30ae0840(0000) GS:ffff937cb7a00000(0000) knlGS:0000000000000000
[   43.206127] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.207596] CR2: 000055821d513928 CR3: 000000022b3a4004 CR4: 00000000000206f0
Segmentation fault (core dumped)

Comment 1 Jungyeon 2019-03-07 03:58:07 UTC

Created attachment 281551 [details]
Minimized test code

Attaching minimized version of program with the same result. (Plz use this)

Comment 2 Jungyeon 2019-03-07 04:01:39 UTC

(In reply to Jungyeon from comment #1)
> Created attachment 281551 [details]
> Minimized test code
> 
> Attaching minimized version of program with the same result. (Plz use this)

Ignore this message. (Wrong)

Note You need to log in before you can comment on or make changes to this bug.