Bug 202837 - #PF error: [normal kernel read fault]
Summary: #PF error: [normal kernel read fault]
Status: NEW
Alias: None
Product: File System
Classification: Unclassified
Component: btrfs (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: BTRFS virtual assignee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-08 10:30 UTC by Jungyeon
Modified: 2019-07-10 08:17 UTC (History)
2 users (show)

See Also:
Kernel Version: 5.0-rc8
Tree: Mainline
Regression: No

Attachments
The (compressed) crafted image which causes crash (166.97 KB, application/zip)
2019-03-08 10:30 UTC, Jungyeon 		Details
poc_49.c (3.56 KB, text/x-csrc)
2019-03-08 10:30 UTC, Jungyeon 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Jungyeon 2019-03-08 10:30:12 UTC 
Created attachment 281627 [details]
The (compressed) crafted image which causes crash

- Overview
After mounting crafted image, I got this kernel panic while running attached program.

- Produces
mkdir test
mount -t btrfs tmp.img test 
gcc poc_49.c
cp a.out test
cd test
./a.out

- Kernel messages
[ 28.875993] btrfs bad mapping eb start 29761536 len 4096, wanted 1852 18446744072635812036
[ 28.882021] BUG: unable to handle kernel NULL pointer dereference at 0000000000000110
[ 28.884024] #PF error: [normal kernel read fault]
[ 28.885187] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.886873] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.888794] #PF error: [normal kernel read fault]
[ 28.889957] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.891655] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.893571] #PF error: [normal kernel read fault]
[ 28.894737] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.896453] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.898382] #PF error: [normal kernel read fault]
[ 28.899566] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.901269] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.903194] #PF error: [normal kernel read fault]
[ 28.904377] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.906076] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.908006] #PF error: [normal kernel read fault]
[ 28.909172] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.910865] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.912811] #PF error: [normal kernel read fault]
[ 28.913980] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.915693] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.917622] #PF error: [normal kernel read fault]
[ 28.918796] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.920511] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.922439] #PF error: [normal kernel read fault]
[ 28.923623] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.925334] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.927268] #PF error: [normal kernel read fault]
[ 28.928454] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.930153] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.932090] #PF error: [normal kernel read fault]
[ 28.933259] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.934958] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.936894] #PF error: [normal kernel read fault]
[ 28.938065] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.939778] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.941707] #PF error: [normal kernel read fault]
[ 28.942876] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.944594] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.946534] #PF error: [normal kernel read fault]
[ 28.947724] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.949431] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.951353] #PF error: [normal kernel read fault]
[ 28.952532] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.954231] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.956166] #PF error: [normal kernel read fault]
[ 28.957335] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.959032] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.960974] #PF error: [normal kernel read fault]
[ 28.962158] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.963880] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.965811] #PF error: [normal kernel read fault]
[ 28.966986] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.968708] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.970647] #PF error: [normal kernel read fault]
[ 28.971832] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.973539] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.975490] #PF error: [normal kernel read fault]
[ 28.976662] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.978382] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.980337] #PF error: [normal kernel read fault]
[ 28.981512] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.983223] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.985173] #PF error: [normal kernel read fault]
[ 28.986345] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.988073] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.990024] #PF error: [normal kernel read fault]
[ 28.991204] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.992929] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.994858] #PF error: [normal kernel read fault]
[ 28.996048] PGD 80000002354e6067 P4D 80000002354e6067 PUD 2307d3067 PMD 0 
[ 28.997751] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 28.997763] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: number+0x30b/0x310
[ 29.011819] Kernel Offset: 0x25600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Comment 1 Jungyeon 2019-03-08 10:30:40 UTC 
Created attachment 281629 [details]
poc_49.c
Comment 2 Qu Wenruo 2019-07-10 08:17:55 UTC 
Fixed by upstream commit 448de471cd4c ("btrfs: Check the first key and level for cached extent buffer").
Note You need to log in before you can comment on or make changes to this bug.