Created attachment 281613 [details] The (compressed) crafted image which causes crash - Overview After mounting crafted image, I got this kernel panic while running attached program. Need to wait few seconds after program finished to get the error. - Produces mkdir test mount -t btrfs tmp.img test gcc min_22.c cp a.out test cd test ./a.out - Kernel messages [ 73.016526] kernel BUG at fs/btrfs/extent-tree.c:1857! [ 73.017847] invalid opcode: 0000 [#1] SMP PTI [ 73.018964] CPU: 0 PID: 1117 Comm: btrfs-transacti Not tainted 5.0.0-rc8+ #9 [ 73.020765] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 [ 73.023015] RIP: 0010:insert_inline_extent_backref+0xcc/0xe0 [ 73.024459] Code: 45 20 49 8b 7e 50 49 89 d8 4c 8b 4d 10 48 8b 55 c8 4c 89 e1 41 57 4c 89 ee 50 ff 75 18 e8 cc bf ff ff 31 c0 48 83 c4 18 eb b2 <0f> 0b e8 9d df bd ff 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 66 66 [ 73.029168] RSP: 0018:ffffac4dc1287be8 EFLAGS: 00010293 [ 73.030497] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000000001 [ 73.032306] RDX: 0000000000001000 RSI: 0000000000000000 RDI: 0000000000000000 [ 73.034118] RBP: ffffac4dc1287c28 R08: ffffac4dc1287ab8 R09: ffffac4dc1287ac0 [ 73.035932] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 73.037733] R13: ffff8febef88a540 R14: ffff8febeaa7bc30 R15: 0000000000000000 [ 73.039545] FS: 0000000000000000(0000) GS:ffff8febf7a00000(0000) knlGS:0000000000000000 [ 73.041581] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.043038] CR2: 00007f663ace94c0 CR3: 0000000235698006 CR4: 00000000000206f0 [ 73.044851] Call Trace: [ 73.045496] ? _cond_resched+0x1a/0x50 [ 73.046458] __btrfs_inc_extent_ref.isra.64+0x7e/0x240 [ 73.047776] ? btrfs_merge_delayed_refs+0xa5/0x330 [ 73.048990] __btrfs_run_delayed_refs+0x653/0x1120 [ 73.050207] btrfs_run_delayed_refs+0xdb/0x1b0 [ 73.051352] btrfs_commit_transaction+0x52/0x950 [ 73.052533] ? start_transaction+0x94/0x450 [ 73.053603] transaction_kthread+0x163/0x190 [ 73.054692] kthread+0x105/0x140 [ 73.055536] ? btrfs_cleanup_transaction+0x560/0x560 [ 73.056796] ? kthread_destroy_worker+0x50/0x50 [ 73.057952] ret_from_fork+0x35/0x40 [ 73.058868] Modules linked in: [ 73.059689] ---[ end trace 2ad8b3de903cf825 ]--- [ 73.060891] RIP: 0010:insert_inline_extent_backref+0xcc/0xe0 [ 73.062341] Code: 45 20 49 8b 7e 50 49 89 d8 4c 8b 4d 10 48 8b 55 c8 4c 89 e1 41 57 4c 89 ee 50 ff 75 18 e8 cc bf ff ff 31 c0 48 83 c4 18 eb b2 <0f> 0b e8 9d df bd ff 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 66 66 [ 73.067070] RSP: 0018:ffffac4dc1287be8 EFLAGS: 00010293 [ 73.068434] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000000001 [ 73.070258] RDX: 0000000000001000 RSI: 0000000000000000 RDI: 0000000000000000 [ 73.072086] RBP: ffffac4dc1287c28 R08: ffffac4dc1287ab8 R09: ffffac4dc1287ac0 [ 73.073900] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 73.075736] R13: ffff8febef88a540 R14: ffff8febeaa7bc30 R15: 0000000000000000 [ 73.077553] FS: 0000000000000000(0000) GS:ffff8febf7a00000(0000) knlGS:0000000000000000 [ 73.079621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.081090] CR2: 00007f663ace94c0 CR3: 0000000235698006 CR4: 00000000000206f0
Created attachment 281615 [details] min_22.c