btrfs check --repair --force /dev/sdb2 segfaults in btrfs_buffer_uptodate #525
Description
BTRFS bugreport:
btrfs check --force --repair /dev/sdb2 crashes in VirtualBox.
btrfs version 5.14 (v5.19.1 e1d9dab also has the same problem)
btrfsprogs-5.14-150500.8.1.x86_64
GCC 7.5.0
Valgrind 3.18.1
VirtualBox 6.1.38 r153438 (Qt5.6.2)
Host: Windows 10 Home 21H2 (OS build 19044.2006) 64-bit
Guest: openSUSE 15.4 and 15.5 alpha (both 64-bit)
Kernel version in 15.5 VM: Linux localhost.localdomain 5.14.21-150400.24.18-default #1 SMP PREEMPT_DYNAMIC Thu Aug 4 14:17:48 UTC 2022 (e9f7bfc) x86_64 x86_64 x86_64 GNU/Linux
Every time I run btrfs check --repair --force on the broken filesystem (/dev/sdb2), it crashes in btrfs_buffer_uptodate() at kernel-shared/disk-io.c:2278 with buf->fs_info always equal to 0x4c5eec000 which is inaddressable. However, running btrfs check /dev/sdb2 without the --repair or --force option doesn't segfault.
btrfs_buffer_update() is called by read_tree_block(), whose parameter fs_info can be dereferenced just fine. I think maybe there's a bad extent_buffer in the extent_cache of that fs_info which is being returned by find_create_tree_block(). 0x4c5eec000 happens to be 20500627456 in decimal and there is a warning printed by all_backpointers_checked() when repairing the filesystem tree backref 20527529984 parent 20500627456 not found in extent tree which can be seen in the valgrind log in this bug report.
I had an openSUSE 15.4 VirtualBox virtual machine which I was fuzzing perl in. Fuzzing caused the filesystem to become readonly and when I used btrfs check --force --repair /dev/sda2 to fix it, btrfs segfaulted. Then I created a new VM, installed 15.5 alpha in it, and then attached the old VDI file from the 15.4 VM to the 15.5 VM. Running btrfs check --force --repair /dev/sdb2 still crashes. (sdb2 in the new VM is the same partition as sda2 in the old VM).
/dev/sdb2 was originally a 23GB partition but I resized it to 50 gigs using VBoxManage and GParted. & 'D:\Program Files\Oracle\VirtualBox\VBoxManage.exe' modifyhd "D:/VirtualBox VMs/openSUSE Leap 15.4 RC/openSUSE Leap 15.vdi" --resize 51200
There is another problem in the code which Valgrind found. The uninitialized value error can be fixed by setting iref to NULL in insert_inline_extent_backref. iref is uninitialized when lookup_inline_extent_backref fails and then is passed to setup_inline_extent_backref.
I noticed the btrfs segfault about 2 weeks ago but I haven't found a solution to the segfault yet. I would use rr debugger to find where the bad pointer came from, but btrfs uses ioctls that rr doesn't understand, causing rr's assertions to fail. Also, RR doesn't work in VirtualBox (since VB doesn't implement performance counters). I read on their wiki that rr works in VMware, so I installed openSUSE in VMware. However, VMware refuses to start most of the time when I have Virtualize performance counters checked in the VM. GDB's record command has a problem similar to rr: btrfs uses instructions that gdb's record command doesn't support yet. xsave is one of them, and the other instruction GDB can't handle is vpbroadcastb which is an AVX instruction. I have to set LD_BIND_NOW=1 to get past the xsave instruction while using gdb's record command.
Valgrind output
nathan@localhost:~/src/btrfs-progs> sudo valgrind --leak-check=no --track-origins=yes --vgdb-error=1 --fullpath-after=$PWD/ ./btrfs check --repair --force /dev/sdb2
[sudo] password for root:
==9962== Memcheck, a memory error detector
==9962== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==9962== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==9962== Command: ./btrfs check --repair --force /dev/sdb2
==9962==
==9962==
==9962== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==9962== /path/to/gdb ./btrfs
==9962== and then give GDB the following command
==9962== target remote | /usr/lib/valgrind/../../bin/vgdb --pid=9962
==9962== --pid is optional if only one valgrind process is running
==9962==
enabling repair mode
Opening filesystem to check...
parent transid verify failed on 20263731200 wanted 102845 found 103763
parent transid verify failed on 20263731200 wanted 102845 found 103763
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
Checking filesystem on /dev/sdb2
UUID: 2839eeeb-f87a-4a70-80a2-51ddb739d660
[1/7] checking root items
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
Fixed 0 roots.
[2/7] checking extents
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
Chunk[256, 228, 20532166656]: length(1073741824), offset(20532166656), type(1) is not found in block group
owner ref check failed [20263731200 16384]
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
repair deleting extent record: key [20263731200,168,16384]
adding new tree backref on start 20263731200 len 16384 parent 0 root 2
Repaired extent references for 20263731200
ref mismatch on [20527529984 16384] extent item 0, found 9
tree backref 20527529984 parent 20500627456 not found in extent tree
tree backref 20527529984 parent 20358987776 not found in extent tree
tree backref 20527529984 parent 20406976512 not found in extent tree
tree backref 20527529984 parent 14662598656 not found in extent tree
tree backref 20527529984 parent 207405056 not found in extent tree
tree backref 20527529984 parent 6759399424 not found in extent tree
tree backref 20527529984 root 268 not found in extent tree
tree backref 20527529984 parent 52559872 not found in extent tree
tree backref 20527529984 parent 20299874304 not found in extent tree
backpointer mismatch on [20527529984 16384]
parent transid verify failed on 20263731200 wanted 102845 found 103763
Ignoring transid failure
Failed to find [1246, 168, 16384]
==9962== Conditional jump or move depends on uninitialised value(s)
==9962== at 0x42D493: setup_inline_extent_backref (kernel-shared/extent-tree.c:1059)
==9962== by 0x42DAF5: insert_inline_extent_backref (kernel-shared/extent-tree.c:1194)
==9962== by 0x42DD18: btrfs_inc_extent_ref (kernel-shared/extent-tree.c:1259)
==9962== by 0x4ADB2F: record_extent (check/main.c:7115)
==9962== by 0x4AFA11: fixup_extent_refs (check/main.c:7926)
==9962== by 0x4B0C34: check_extent_refs (check/main.c:8406)
==9962== by 0x4B2947: check_chunks_and_extents (check/main.c:9221)
==9962== by 0x4B2BD6: do_check_chunks_and_extents (check/main.c:9284)
==9962== by 0x4B646F: cmd_check (check/main.c:10897)
==9962== by 0x40F391: cmd_execute (cmds/commands.h:125)
==9962== by 0x40FD4D: main (/home/nathan/src/btrfs-progs/btrfs.c:405)
==9962== Uninitialised value was created by a stack allocation
==9962== at 0x42DA0E: insert_inline_extent_backref (kernel-shared/extent-tree.c:1182)
==9962==
==9962== (action on error) vgdb me ...
==9962== Continuing ...
==9962== Use of uninitialised value of size 8
==9962== at 0x42AB28: btrfs_set_extent_inline_ref_type (kernel-shared/ctree.h:1916)
==9962== by 0x42D4E9: setup_inline_extent_backref (kernel-shared/extent-tree.c:1064)
==9962== by 0x42DAF5: insert_inline_extent_backref (kernel-shared/extent-tree.c:1194)
==9962== by 0x42DD18: btrfs_inc_extent_ref (kernel-shared/extent-tree.c:1259)
==9962== by 0x4ADB2F: record_extent (check/main.c:7115)
==9962== by 0x4AFA11: fixup_extent_refs (check/main.c:7926)
==9962== by 0x4B0C34: check_extent_refs (check/main.c:8406)
==9962== by 0x4B2947: check_chunks_and_extents (check/main.c:9221)
==9962== by 0x4B2BD6: do_check_chunks_and_extents (check/main.c:9284)
==9962== by 0x4B646F: cmd_check (check/main.c:10897)
==9962== by 0x40F391: cmd_execute (cmds/commands.h:125)
==9962== by 0x40FD4D: main (/home/nathan/src/btrfs-progs/btrfs.c:405)
==9962== Uninitialised value was created by a stack allocation
==9962== at 0x42DA0E: insert_inline_extent_backref (kernel-shared/extent-tree.c:1182)
==9962==
==9962== (action on error) vgdb me ...
==9962== Continuing ...
==9962== Use of uninitialised value of size 8
==9962== at 0x42AB98: btrfs_set_extent_inline_ref_offset (kernel-shared/ctree.h:1918)
==9962== by 0x42D5C8: setup_inline_extent_backref (kernel-shared/extent-tree.c:1078)
==9962== by 0x42DAF5: insert_inline_extent_backref (kernel-shared/extent-tree.c:1194)
==9962== by 0x42DD18: btrfs_inc_extent_ref (kernel-shared/extent-tree.c:1259)
==9962== by 0x4ADB2F: record_extent (check/main.c:7115)
==9962== by 0x4AFA11: fixup_extent_refs (check/main.c:7926)
==9962== by 0x4B0C34: check_extent_refs (check/main.c:8406)
==9962== by 0x4B2947: check_chunks_and_extents (check/main.c:9221)
==9962== by 0x4B2BD6: do_check_chunks_and_extents (check/main.c:9284)
==9962== by 0x4B646F: cmd_check (check/main.c:10897)
==9962== by 0x40F391: cmd_execute (cmds/commands.h:125)
==9962== by 0x40FD4D: main (/home/nathan/src/btrfs-progs/btrfs.c:405)
==9962== Uninitialised value was created by a stack allocation
==9962== at 0x42DA0E: insert_inline_extent_backref (kernel-shared/extent-tree.c:1182)
==9962==
==9962== (action on error) vgdb me ...
==9962== Continuing ...
adding new tree backref on start 20527529984 len 16384 parent 20500627456 root 20500627456
==9962== Invalid read of size 1
==9962== at 0x429C11: btrfs_buffer_uptodate (kernel-shared/disk-io.c:2278)
==9962== by 0x4253C2: read_tree_block (kernel-shared/disk-io.c:371)
==9962== by 0x41AA95: read_node_slot (kernel-shared/ctree.c:894)
==9962== by 0x41C156: btrfs_search_slot (kernel-shared/ctree.c:1429)
==9962== by 0x42CE7D: lookup_inline_extent_backref (kernel-shared/extent-tree.c:895)
==9962== by 0x42DA65: insert_inline_extent_backref (kernel-shared/extent-tree.c:1186)
==9962== by 0x42DD18: btrfs_inc_extent_ref (kernel-shared/extent-tree.c:1259)
==9962== by 0x4ADB2F: record_extent (check/main.c:7115)
==9962== by 0x4AFA11: fixup_extent_refs (check/main.c:7926)
==9962== by 0x4B0C34: check_extent_refs (check/main.c:8406)
==9962== by 0x4B2947: check_chunks_and_extents (check/main.c:9221)
==9962== by 0x4B2BD6: do_check_chunks_and_extents (check/main.c:9284)
==9962== Address 0x4c5eec1e1 is not stack'd, malloc'd or (recently) free'd
==9962==
==9962== (action on error) vgdb me ...
==9962== Continuing ...
==9962==
==9962== Process terminating with default action of signal 11 (SIGSEGV)
==9962== Access not within mapped region at address 0x4C5EEC1E1
==9962== at 0x429C11: btrfs_buffer_uptodate (kernel-shared/disk-io.c:2278)
==9962== by 0x4253C2: read_tree_block (kernel-shared/disk-io.c:371)
==9962== by 0x41AA95: read_node_slot (kernel-shared/ctree.c:894)
==9962== by 0x41C156: btrfs_search_slot (kernel-shared/ctree.c:1429)
==9962== by 0x42CE7D: lookup_inline_extent_backref (kernel-shared/extent-tree.c:895)
==9962== by 0x42DA65: insert_inline_extent_backref (kernel-shared/extent-tree.c:1186)
==9962== by 0x42DD18: btrfs_inc_extent_ref (kernel-shared/extent-tree.c:1259)
==9962== by 0x4ADB2F: record_extent (check/main.c:7115)
==9962== by 0x4AFA11: fixup_extent_refs (check/main.c:7926)
==9962== by 0x4B0C34: check_extent_refs (check/main.c:8406)
==9962== by 0x4B2947: check_chunks_and_extents (check/main.c:9221)
==9962== by 0x4B2BD6: do_check_chunks_and_extents (check/main.c:9284)
==9962== If you believe this happened as a result of a stack
==9962== overflow in your program's main thread (unlikely but
==9962== possible), you can try to increase the size of the
==9962== main thread stack using the --main-stacksize= flag.
==9962== The main thread stack size used in this run was 8388608.
==9962==
==9962== HEAP SUMMARY:
==9962== in use at exit: 515,583,507 bytes in 70,227 blocks
==9962== total heap usage: 1,108,987 allocs, 1,038,760 frees, 613,061,995 bytes allocated
==9962==
==9962== For a detailed leak analysis, rerun with: --leak-check=full
==9962==
==9962== For lists of detected and suppressed errors, rerun with: -s
==9962== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)
Segmentation fault
GDB output
sudo gdb ./btrfs
[sudo] password for root:
GNU gdb (GDB; SUSE Linux Enterprise 15) 11.1
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.opensuse.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./btrfs...
(gdb) target remote | vgdb
`/home/nathan/src/btrfs-progs/btrfs' has changed; re-reading symbols.
Remote debugging using | vgdb
relaying data between gdb and process 9962
Reading symbols from /usr/lib/valgrind/vgpreload_core-amd64-linux.so...
(No debugging symbols found in /usr/lib/valgrind/vgpreload_core-amd64-linux.so)
Reading symbols from /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so...
(No debugging symbols found in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
Reading symbols from /usr/lib64/libuuid.so.1...
(No debugging symbols found in /usr/lib64/libuuid.so.1)
Reading symbols from /usr/lib64/libblkid.so.1...
(No debugging symbols found in /usr/lib64/libblkid.so.1)
Reading symbols from /usr/lib64/libudev.so.1...
(No debugging symbols found in /usr/lib64/libudev.so.1)
Reading symbols from /lib64/libz.so.1...
(No debugging symbols found in /lib64/libz.so.1)
Reading symbols from /usr/lib64/liblzo2.so.2...
(No debugging symbols found in /usr/lib64/liblzo2.so.2)
Reading symbols from /usr/lib64/libzstd.so.1...
(No debugging symbols found in /usr/lib64/libzstd.so.1)
Reading symbols from /lib64/libpthread.so.0...
(No debugging symbols found in /lib64/libpthread.so.0)
Reading symbols from /lib64/libc.so.6...
(No debugging symbols found in /lib64/libc.so.6)
Reading symbols from /lib64/ld-linux-x86-64.so.2...
(No debugging symbols found in /lib64/ld-linux-x86-64.so.2)
Reading symbols from /lib64/librt.so.1...
(No debugging symbols found in /lib64/librt.so.1)
Missing separate debuginfos, use: zypper install glibc-debuginfo-2.31-150300.37.1.x86_64 libblkid1-debuginfo-2.37.2-150400.8.3.1.x86_64 liblzo2-2-debuginfo-2.10-2.22.x86_64 libudev1-debuginfo-249.12-150400.8.10.1.x86_64 libuuid1-debuginfo-2.37.2-150400.8.3.1.x86_64 libz1-debuginfo-1.2.11-150000.3.33.1.x86_64 libzstd1-debuginfo-1.5.0-150400.1.71.x86_64 valgrind-debuginfo-3.18.1-150400.1.4.x86_64
--Type <RET> for more, q to quit, c to continue without paging--c
0x000000000042d493 in setup_inline_extent_backref (root=0x64810b0, path=0x1110ee80, iref=0x0, parent=20500627456, root_objectid=20500627456, owner=0, offset=0, refs_to_add=1) at kernel-shared/extent-tree.c:1059
1059 if (ptr < end - size)
(gdb) print ptr
$5 = 18446744073709551607
(gdb) print iref
$6 = (struct btrfs_extent_inline_ref *) 0x0
(gdb) print &iref
$7 = (struct btrfs_extent_inline_ref **) 0x1fff0003a8
(gdb) monitor get_vbitx 0x1fff0003a8 8
command 'get_vbitx 0x1fff0003a8 8' not recognised
In gdb, try 'monitor help'
In a shell, try 'vgdb help'
(gdb) monitor get_vbits 0x1fff0003a8 8
ffffffff ffffffff
(gdb) bt
#0 0x000000000042d493 in setup_inline_extent_backref (root=0x64810b0, path=0x1110ee80, iref=0x0,
parent=20500627456, root_objectid=20500627456, owner=0, offset=0, refs_to_add=1)
at kernel-shared/extent-tree.c:1059
#1 0x000000000042daf6 in insert_inline_extent_backref (trans=0x7cdca80, root=0x64810b0, path=0x1110ee80,
bytenr=20527529984, num_bytes=16384, parent=20500627456, root_objectid=20500627456, owner=0, offset=0,
refs_to_add=1) at kernel-shared/extent-tree.c:1194
#2 0x000000000042dd19 in btrfs_inc_extent_ref (trans=0x7cdca80, root=0x64810b0, bytenr=20527529984,
num_bytes=16384, parent=20500627456, root_objectid=20500627456, owner=0, offset=0)
at kernel-shared/extent-tree.c:1259
#3 0x00000000004adb30 in record_extent (trans=0x7cdca80, path=0x1fff000650, rec=0x7c97b20, back=0xdb97530,
allocated=0, flags=0) at check/main.c:7115
#4 0x00000000004afa12 in fixup_extent_refs (extent_cache=0x1fff000828, rec=0x7c97b20) at check/main.c:7926
#5 0x00000000004b0c35 in check_extent_refs (root=0x6523cd0, extent_cache=0x1fff000828) at check/main.c:8406
#6 0x00000000004b2948 in check_chunks_and_extents () at check/main.c:9221
#7 0x00000000004b2bd7 in do_check_chunks_and_extents () at check/main.c:9284
#8 0x00000000004b6470 in cmd_check (cmd=0x746640 <cmd_struct_check>, argc=4, argv=0x1fff000ba0)
at check/main.c:10897
#9 0x000000000040f392 in cmd_execute (cmd=0x746640 <cmd_struct_check>, argc=4, argv=0x1fff000ba0)
at cmds/commands.h:125
#10 0x000000000040fd4e in main (argc=4, argv=0x1fff000ba0) at btrfs.c:405
(gdb) frame 1
#1 0x000000000042daf6 in insert_inline_extent_backref (trans=0x7cdca80, root=0x64810b0, path=0x1110ee80,
bytenr=20527529984, num_bytes=16384, parent=20500627456, root_objectid=20500627456, owner=0, offset=0,
refs_to_add=1) at kernel-shared/extent-tree.c:1194
1194 ret = setup_inline_extent_backref(root, path, iref,
(gdb) l
1189 if (ret == 0) {
1190 BUG_ON(owner < BTRFS_FIRST_FREE_OBJECTID);
1191 ret = update_inline_extent_backref(trans, root, path, iref,
1192 refs_to_add);
1193 } else if (ret == -ENOENT) {
1194 ret = setup_inline_extent_backref(root, path, iref,
1195 parent, root_objectid,
1196 owner, offset, refs_to_add);
1197 }
1198 return ret;
(gdb) l -
1179 u64 bytenr, u64 num_bytes, u64 parent,
1180 u64 root_objectid, u64 owner,
1181 u64 offset, int refs_to_add)
1182 {
1183 struct btrfs_extent_inline_ref *iref;
1184 int ret;
1185
1186 ret = lookup_inline_extent_backref(trans, root, path, &iref,
1187 bytenr, num_bytes, parent,
1188 root_objectid, owner, offset, 1);
(gdb) c
Continuing.
Program received signal SIGTRAP, Trace/breakpoint trap.
0x000000000042ab28 in btrfs_set_extent_inline_ref_type (eb=0xd62e350, s=0xfffffffffffffff7, val=182 '\266') at ./kernel-shared/ctree.h:1916
1916 BTRFS_SETGET_FUNCS(extent_inline_ref_type, struct btrfs_extent_inline_ref,
(gdb) c
Continuing.
Program received signal SIGTRAP, Trace/breakpoint trap.
0x000000000042ab98 in btrfs_set_extent_inline_ref_offset (eb=0xd62e350, s=0xfffffffffffffff7, val=20500627456) at ./kernel-shared/ctree.h:1918
1918 BTRFS_SETGET_FUNCS(extent_inline_ref_offset, struct btrfs_extent_inline_ref,
(gdb) c
Continuing.
Program received signal SIGTRAP, Trace/breakpoint trap.
0x0000000000429c11 in btrfs_buffer_uptodate (buf=0xd62e350, parent_transid=103879) at kernel-shared/disk-io.c:2278
2278 buf->fs_info->allow_transid_mismatch);
(gdb) bt full
#0 0x0000000000429c11 in btrfs_buffer_uptodate (buf=0xd62e350, parent_transid=103879)
at kernel-shared/disk-io.c:2278
ret = 1
#1 0x00000000004253c3 in read_tree_block (fs_info=0x6467590, bytenr=6741311488, parent_transid=103879)
at kernel-shared/disk-io.c:371
ret = 0
eb = 0xd62e350
best_transid = 0
sectorsize = 4096
mirror_num = 1
good_mirror = 0
candidate_mirror = 0
num_copies = 0
ignore = 0
#2 0x000000000041aa96 in read_node_slot (fs_info=0x6467590, parent=0x6478de0, slot=0)
at kernel-shared/ctree.c:894
ret = 0x1fff0002a0
level = 1
#3 0x000000000041c157 in btrfs_search_slot (trans=0x7cdca80, root=0x64810b0, key=0x1fff000370,
p=0x1157f690, ins_len=9, cow=1) at kernel-shared/ctree.c:1429
b = 0x6478de0
slot = 0
ret = 1
level = 1
should_reada = 0
fs_info = 0x6467590
--Type <RET> for more, q to quit, c to continue without paging--c
lowest_level = 0 '\000'
__func__ = "btrfs_search_slot"
#4 0x000000000042ce7e in lookup_inline_extent_backref (trans=0x7cdca80, root=0x64810b0, path=0x1157f690, ref_ret=0x1fff000470, bytenr=20527529984, num_bytes=16384, parent=20358987776, root_objectid=20358987776, owner=0, offset=0, insert=1) at kernel-shared/extent-tree.c:895
key = {objectid = 1246, type = 168 '\250', offset = 16384}
leaf = 0x64810b0
ei = 0x64812d8
iref = 0x1fff0003e0
flags = 137422177408
item_size = 1944
ptr = 4588283
end = 4349742
extra_size = 9
type = 31
want = 182
ret = 1
err = 0
skinny_metadata = 0
__func__ = "lookup_inline_extent_backref"
#5 0x000000000042da66 in insert_inline_extent_backref (trans=0x7cdca80, root=0x64810b0, path=0x1157f690, bytenr=20527529984, num_bytes=16384, parent=20358987776, root_objectid=20358987776, owner=0, offset=0, refs_to_add=1) at kernel-shared/extent-tree.c:1186
iref = 0x0
ret = 0
__func__ = "insert_inline_extent_backref"
#6 0x000000000042dd19 in btrfs_inc_extent_ref (trans=0x7cdca80, root=0x64810b0, bytenr=20527529984, num_bytes=16384, parent=20358987776, root_objectid=20358987776, owner=0, offset=0) at kernel-shared/extent-tree.c:1259
extent_root = 0x64810b0
path = 0x1157f690
leaf = 0x64812d8
item = 0x64812d8
refs = 105280912
ret = 31
err = 0
__func__ = "btrfs_inc_extent_ref"
#7 0x00000000004adb30 in record_extent (trans=0x7cdca80, path=0x1fff000650, rec=0x7c97b20, back=0xe101480, allocated=1, flags=0) at check/main.c:7115
parent = 20358987776
tback = 0xe101480
ret = 0
extent_root = 0x64810b0
leaf = 0xd34e880
ins_key = {objectid = 20527529984, type = 168 '\250', offset = 16384}
ei = 0x15af
dback = 0x0
bi = 0x15c7
#8 0x00000000004afa12 in fixup_extent_refs (extent_cache=0x1fff000828, rec=0x7c97b20) at check/main.c:7926
trans = 0x7cdca80
ret = 0
path = {nodes = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, slots = {0, 0, 0, 0, 0, 0, 0, 0}, reada = 0 '\000', lowest_level = 0 '\000', search_for_split = 0 '\000', skip_check_block = 0 '\000'}
cache = 0x0
back = 0xe101480
tmp = 0x8b1dba0
allocated = 1
flags = 0
#9 0x00000000004b0c35 in check_extent_refs (root=0x6523cd0, extent_cache=0x1fff000828) at check/main.c:8406
cur_err = 1
fix = 1
rec = 0x7c97b20
cache = 0x7c97b58
super_gen = 103877
ret = 0
had_dups = 0
err = 1
#10 0x00000000004b2948 in check_chunks_and_extents () at check/main.c:9221
dev_cache = {rb_node = 0x7c7a860}
chunk_cache = {root = {rb_node = 0x7c7b090}}
block_group_cache = {tree = {root = {rb_node = 0xa63d4f0}}, pending_extents = {state = {root = {rb_node = 0xb6890e0}}, cache = {root = {rb_node = 0x0}}, lru = {next = 0x1fff000878, prev = 0x1fff000878}, cache_size = 0, max_cache_size = 2082201600}, block_groups = {next = 0x1fff000898, prev = 0x1fff000898}}
dev_extent_cache = {tree = {root = {rb_node = 0x10283c10}}, no_chunk_orphans = {next = 0x1fff000838, prev = 0x1fff000838}, no_device_orphans = {next = 0x102836a0, prev = 0x102853e0}}
extent_cache = {root = {rb_node = 0x845f278}}
seen = {root = {rb_node = 0x7cb3b20}}
pending = {root = {rb_node = 0x0}}
reada = {root = {rb_node = 0x0}}
nodes = {root = {rb_node = 0x0}}
excluded_extents = {state = {root = {rb_node = 0xbffb840}}, cache = {root = {rb_node = 0x0}}, lru = {next = 0x1fff0007e0, prev = 0x1fff0007e0}, cache_size = 0, max_cache_size = 2082201600}
corrupt_blocks = {root = {rb_node = 0x0}}
ret = 0
err = 0
bits = 0x7c753b0
bits_nr = 1024
dropping_trees = {next = 0x1fff0007b0, prev = 0x1fff0007b0}
normal_trees = {next = 0x1fff0007a0, prev = 0x1fff0007a0}
root = 0x6523cd0
#11 0x00000000004b2bd7 in do_check_chunks_and_extents () at check/main.c:9284
ret = 0
#12 0x00000000004b6470 in cmd_check (cmd=0x746640 <cmd_struct_check>, argc=4, argv=0x1fff000ba0) at check/main.c:10897
root_cache = {root = {rb_node = 0x0}}
root = 0x6523cd0
ocf = {filename = 0x1fff000dc6 "/dev/sdb2", sb_bytenr = 0, root_tree_bytenr = 0, chunk_tree_bytenr = 0, flags = 32771}
bytenr = 0
subvolid = 0
tree_root_bytenr = 0
chunk_root_bytenr = 0
uuidbuf = "2839eeeb-f87a-4a70-80a2-51ddb739d660"
ret = 0
err = 0
num = 0
init_csum_tree = 0
readonly = 0
clear_space_cache = 0
clear_ino_cache = 0
qgroup_report = 0
qgroups_repaired = 0
qgroup_verify_ret = 0
ctree_flags = 32771
force = 1
#13 0x000000000040f392 in cmd_execute (cmd=0x746640 <cmd_struct_check>, argc=4, argv=0x1fff000ba0) at cmds/commands.h:125
No locals.
#14 0x000000000040fd4e in main (argc=4, argv=0x1fff000ba0) at btrfs.c:405
cmd = 0x746640 <cmd_struct_check>
bname = 0x1fff000da9 "btrfs"
ret = 0
(gdb) print buf->fs_info
$8 = (struct btrfs_fs_info *) 0x4c5eec000
(gdb) x buf->fs_info
0x4c5eec000: Cannot access memory at address 0x4c5eec000
(gdb) disas
Dump of assembler code for function btrfs_buffer_uptodate:
0x0000000000429bdf <+0>: push %rbp
0x0000000000429be0 <+1>: mov %rsp,%rbp
0x0000000000429be3 <+4>: sub $0x20,%rsp
0x0000000000429be7 <+8>: mov %rdi,-0x18(%rbp)
0x0000000000429beb <+12>: mov %rsi,-0x20(%rbp)
0x0000000000429bef <+16>: mov -0x18(%rbp),%rax
0x0000000000429bf3 <+20>: mov %rax,%rdi
0x0000000000429bf6 <+23>: call 0x423a6c <extent_buffer_uptodate>
0x0000000000429bfb <+28>: mov %eax,-0x4(%rbp)
0x0000000000429bfe <+31>: cmpl $0x0,-0x4(%rbp)
0x0000000000429c02 <+35>: jne 0x429c09 <btrfs_buffer_uptodate+42>
0x0000000000429c04 <+37>: mov -0x4(%rbp),%eax
0x0000000000429c07 <+40>: jmp 0x429c4a <btrfs_buffer_uptodate+107>
0x0000000000429c09 <+42>: mov -0x18(%rbp),%rax
0x0000000000429c0d <+46>: mov 0x68(%rax),%rax
=> 0x0000000000429c11 <+50>: movzbl 0x1e1(%rax),%eax
0x0000000000429c18 <+57>: shr $0x5,%al
0x0000000000429c1b <+60>: and $0x1,%eax
0x0000000000429c1e <+63>: movzbl %al,%ecx
0x0000000000429c21 <+66>: mov -0x18(%rbp),%rax
0x0000000000429c25 <+70>: mov 0x68(%rax),%rax
0x0000000000429c29 <+74>: lea 0x68(%rax),%rdi
0x0000000000429c2d <+78>: mov -0x20(%rbp),%rdx
0x0000000000429c31 <+82>: mov -0x18(%rbp),%rax
0x0000000000429c35 <+86>: mov %rax,%rsi
--Type <RET> for more, q to quit, c to continue without paging--c
0x0000000000429c38 <+89>: call 0x42503d <verify_parent_transid>
0x0000000000429c3d <+94>: mov %eax,-0x4(%rbp)
0x0000000000429c40 <+97>: cmpl $0x0,-0x4(%rbp)
0x0000000000429c44 <+101>: sete %al
0x0000000000429c47 <+104>: movzbl %al,%eax
0x0000000000429c4a <+107>: leave
0x0000000000429c4b <+108>: ret
End of assembler dump.
(gdb) info registers
rax 0x1 1
rbx 0x195c7 103879
rcx 0x6478e18 105352728
rdx 0x195c7 103879
rsi 0x195c7 103879
rdi 0xd62e350 224584528
rbp 0x1fff0001d0 0x1fff0001d0
rsp 0x1fff0001b0 0x1fff0001b0
r8 0xf9 249
r9 0x1fff0002e4 137422176996
r10 0x647ae00 105360896
r11 0x647ae8e 105361038
r12 0x0 0
r13 0x1fff000b90 137422179216
r14 0x0 0
r15 0x0 0
rip 0x429c11 0x429c11 <btrfs_buffer_uptodate+50>
eflags 0x0 [ ]
cs 0x0 0
ss 0x0 0
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x0000000000429c11 in btrfs_buffer_uptodate (buf=0xd62e350, parent_transid=103879) at kernel-shared/disk-io.c:2278
2278 buf->fs_info->allow_transid_mismatch);
(gdb) c
Continuing.
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb)