Created attachment 281595 [details] The (compressed) crafted image which causes crash Overview After mounting crafted image, I got this kernel BUG message while running the attached program. - Produces mkdir test mount -t btrfs 05.img test gcc 05.c cp a.out test cd test ./a.out - Kernel messages [ 79.177558] BTRFS error (device sdb): parent transid verify failed on 29745152 wanted 254 found 19 [ 79.180127] BTRFS error (device sdb): parent transid verify failed on 29745152 wanted 254 found 19 [ 79.183057] BTRFS error (device sdb): parent transid verify failed on 29745152 wanted 254 found 19 [ 79.185839] BTRFS error (device sdb): parent transid verify failed on 29745152 wanted 254 found 19 [ 79.188510] BTRFS error (device sdb): parent transid verify failed on 29745152 wanted 254 found 19 [ 79.191302] BTRFS error (device sdb): parent transid verify failed on 29745152 wanted 254 found 19 [ 79.194065] BTRFS error (device sdb): bad fsid on block 29655040 [ 79.196862] BTRFS error (device sdb): parent transid verify failed on 29745152 wanted 254 found 19 [ 79.199488] BTRFS error (device sdb): parent transid verify failed on 29745152 wanted 254 found 19 [ 79.203034] BTRFS error (device sdb): parent transid verify failed on 29745152 wanted 254 found 19 [ 79.205815] BTRFS error (device sdb): parent transid verify failed on 29745152 wanted 254 found 19 [ 79.210431] BTRFS error (device sdb): bad tree block start, want 29761536 have 9914948639532841281 [ 79.213454] BTRFS critical (device sdb): corrupt leaf: root=7 block=29630464 slot=5, bad key order, prev (18446744073709551606 128 87072768) current (18446742974197923830 128 89907200) [ 109.896936] kernel BUG at fs/btrfs/raid56.c:522! [ 109.898182] invalid opcode: 0000 [#1] SMP PTI [ 109.899279] CPU: 0 PID: 1142 Comm: btrfs-transacti Not tainted 5.0.0-rc8+ #9 [ 109.901035] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 [ 109.903278] RIP: 0010:rbio_is_full+0x5e/0x60 [ 109.904352] Code: 48 63 d2 49 39 d4 74 1b bb 00 00 00 00 77 1b 48 89 c6 4c 89 ef e8 d2 c2 7e 00 89 d8 5b 41 5c 41 5d 5d c3 bb 01 00 00 00 eb e5 <0f> 0b 66 66 66 66 90 8b 06 85 c0 0f 8e 9f 00 00 00 55 49 89 f0 48 [ 109.908942] RSP: 0018:ffffb7718124fa98 EFLAGS: 00010006 [ 109.910264] RAX: 0000000000000202 RBX: 0000000000000000 RCX: 0000000000000020 [ 109.912031] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8cb5ab32cc98 [ 109.913813] RBP: ffffb7718124fab0 R08: 0000000000000001 R09: 0000000000000010 [ 109.915569] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000001000 [ 109.917342] R13: ffff8cb5ab32cc98 R14: ffff8cb5b5574d00 R15: 0000000000001000 [ 109.919107] FS: 0000000000000000(0000) GS:ffff8cb5b7a00000(0000) knlGS:0000000000000000 [ 109.921119] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.922550] CR2: 00007f0ae2c46028 CR3: 000000022f452001 CR4: 00000000000206f0 [ 109.924326] Call Trace: [ 109.924959] raid56_parity_write+0x88/0x170 [ 109.926021] btrfs_map_bio+0x396/0x3c0 [ 109.926970] btree_submit_bio_hook+0xcd/0xe0 [ 109.928039] submit_one_bio+0x5d/0x80 [ 109.928963] flush_write_bio.isra.45+0x21/0x40 [ 109.930070] btree_write_cache_pages+0x256/0x3c0 [ 109.931219] ? kvm_clock_get_cycles+0x11/0x20 [ 109.932303] ? ktime_get+0x3e/0xa0 [ 109.933167] ? _cond_resched+0x1a/0x50 [ 109.934107] ? merge_state.part.49+0x44/0x170 [ 109.935187] ? alloc_extent_state+0x24/0xd0 [ 109.936224] btree_writepages+0x5d/0x70 [ 109.937187] do_writepages+0x1f/0x70 [ 109.938085] __filemap_fdatawrite_range+0x80/0xb0 [ 109.939255] filemap_fdatawrite_range+0x13/0x20 [ 109.940380] btrfs_write_marked_extents+0x13a/0x150 [ 109.941629] btrfs_write_and_wait_transaction.isra.22+0x58/0xb0 [ 109.943111] btrfs_commit_transaction+0x588/0x950 [ 109.944289] ? btrfs_commit_transaction+0x588/0x950 [ 109.945520] transaction_kthread+0x163/0x190 [ 109.946589] kthread+0x105/0x140 [ 109.947401] ? btrfs_cleanup_transaction+0x560/0x560 [ 109.948627] ? kthread_destroy_worker+0x50/0x50 [ 109.949760] ret_from_fork+0x35/0x40 [ 109.950654] Modules linked in: [ 109.951426] ---[ end trace c5ba35a89753fe90 ]--- [ 109.952576] RIP: 0010:rbio_is_full+0x5e/0x60 [ 109.953653] Code: 48 63 d2 49 39 d4 74 1b bb 00 00 00 00 77 1b 48 89 c6 4c 89 ef e8 d2 c2 7e 00 89 d8 5b 41 5c 41 5d 5d c3 bb 01 00 00 00 eb e5 <0f> 0b 66 66 66 66 90 8b 06 85 c0 0f 8e 9f 00 00 00 55 49 89 f0 48 [ 109.958238] RSP: 0018:ffffb7718124fa98 EFLAGS: 00010006 [ 109.959539] RAX: 0000000000000202 RBX: 0000000000000000 RCX: 0000000000000020 [ 109.961318] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8cb5ab32cc98 [ 109.963087] RBP: ffffb7718124fab0 R08: 0000000000000001 R09: 0000000000000010 [ 109.964853] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000001000 [ 109.966632] R13: ffff8cb5ab32cc98 R14: ffff8cb5b5574d00 R15: 0000000000001000 [ 109.968386] FS: 0000000000000000(0000) GS:ffff8cb5b7a00000(0000) knlGS:0000000000000000 [ 109.970389] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.971810] CR2: 00007f0ae2c46028 CR3: 000000022f452001 CR4: 00000000000206f
Created attachment 281603 [details] 05.c Need to wait few seconds after program finished to get the error.
This is already fixed by upstream commit 80e46cf22ba0 ("btrfs: tree-checker: Enhance chunk checker to validate chunk profile"). Kernel will reject invalid chunk type at mount time already.