[PATCH v2] btrfs: reject empty non-root tree blocks at read time

[PATCH v2] btrfs: reject empty non-root tree blocks at read time

[ZhengYuan Huang]

[BUG]
A corrupted tree can contain an empty non-root tree block linked from
its parent. If that block is later used by normal tree balancing,
btrfs can hit:

kernel BUG at fs/btrfs/ctree.c:3388!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
RIP: 0010:__push_leaf_left+0x11f8/0x1610 fs/btrfs/ctree.c:3388
Code: ff48c1ea 03803c02 000f85bd 00000048
Call Trace:
 push_leaf_left+0x3b3/0x540 fs/btrfs/ctree.c:3511
 btrfs_del_items+0x74d/0xf10 fs/btrfs/ctree.c:4541
 btrfs_del_csums+0x44d/0xa50 fs/btrfs/file-item.c:969
 do_free_extent_accounting fs/btrfs/extent-tree.c:2984 [inline]
 __btrfs_free_extent.isra.0+0xded/0x41d0 fs/btrfs/extent-tree.c:3372
 run_delayed_data_ref fs/btrfs/extent-tree.c:1599 [inline]
 run_one_delayed_ref fs/btrfs/extent-tree.c:1779 [inline]
 btrfs_run_delayed_refs_for_head fs/btrfs/extent-tree.c:1972 [inline]
 __btrfs_run_delayed_refs+0x86e/0x39a0 fs/btrfs/extent-tree.c:2047
 btrfs_run_delayed_refs+0x181/0x420 fs/btrfs/extent-tree.c:2159
 btrfs_commit_transaction+0xc9b/0x3d90 fs/btrfs/transaction.c:2211
 btrfs_sync_fs+0xf0/0x630 fs/btrfs/super.c:1057
 sync_fs_one_sb fs/sync.c:84 [inline]
 sync_fs_one_sb+0xf4/0x140 fs/sync.c:80
 __iterate_supers+0x1be/0x290 fs/super.c:923
 iterate_supers+0x24/0x40 fs/super.c:938
 ksys_sync+0xb4/0x160 fs/sync.c:104
 __do_sys_sync+0x13/0x20 fs/sync.c:113
 ...

[CAUSE]
The old btrfs_verify_level_key() path rejected tree blocks with
nritems == 0 whenever the parent check provided a first key.
Commit 947a629988f1 ("btrfs: move tree block parentness check into
validate_extent_buffer()") moved the parentness checks into the read-time
validation path, but it dropped that guard. This lets an empty non-root
tree block pass read-time validation even though slot 0 must exist if the
parent provides a first key.

[FIX]
Restore the nritems == 0 rejection in btrfs_validate_extent_buffer()
when check->has_first_key is set. This rejects empty non-root tree
blocks as soon as they are read from disk, before later btree
operations can hit BUG_ONs while trying to use them.

Fixes: 947a629988f1 ("btrfs: move tree block parentness check into validate_extent_buffer()")
Signed-off-by: ZhengYuan Huang <gality369@gmail.com>
---
v2:
- Move the corruption check from push_leaf_left() to read-time validation
- Restore the old nritems == 0 guard before reading slot 0

 fs/btrfs/disk-io.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index 0aa7e5d1b05f..ab2044d83155 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -430,6 +430,15 @@ int btrfs_validate_extent_buffer(struct extent_buffer *eb,
 		const struct btrfs_key *expect_key = &check->first_key;
 		struct btrfs_key found_key;
 
+		/* We have @first_key, so this @eb must have at least one item. */
+		if (unlikely(btrfs_header_nritems(eb) == 0)) {
+			btrfs_err(fs_info,
+				  "invalid tree nritems, bytenr=%llu nritems=0 expect >0",
+				  eb->start);
+			ret = -EUCLEAN;
+			goto out;
+		}
+
 		if (found_level)
 			btrfs_node_key_to_cpu(eb, &found_key, 0);
 		else
-- 
2.43.0

Re: [PATCH v2] btrfs: reject empty non-root tree blocks at read time

[Qu Wenruo]

在 2026/4/9 17:41, ZhengYuan Huang 写道:
> 
> [CAUSE]
> The old btrfs_verify_level_key() path rejected tree blocks with
> nritems == 0 whenever the parent check provided a first key.
> Commit 947a629988f1 ("btrfs: move tree block parentness check into
> validate_extent_buffer()") moved the parentness checks into the read-time
> validation path, but it dropped that guard. This lets an empty non-root
> tree block pass read-time validation even though slot 0 must exist if the
> parent provides a first key.

Wait for a second, there is still the nritems == 0 check inside 
btrfs_verify_level_key().

It looks like there is a missing link.

Is the btrfs_buffer_uptodate() call inside read_block_for_search() not 
passing the correct check structure?

Thanks,
Qu

Re: [PATCH v2] btrfs: reject empty non-root tree blocks at read time

[Qu Wenruo]

在 2026/4/9 18:39, Qu Wenruo 写道:
> 
> 
> 在 2026/4/9 17:41, ZhengYuan Huang 写道:
>>
>> [CAUSE]
>> The old btrfs_verify_level_key() path rejected tree blocks with
>> nritems == 0 whenever the parent check provided a first key.
>> Commit 947a629988f1 ("btrfs: move tree block parentness check into
>> validate_extent_buffer()") moved the parentness checks into the read-time
>> validation path, but it dropped that guard. This lets an empty non-root
>> tree block pass read-time validation even though slot 0 must exist if the
>> parent provides a first key.
> 
> Wait for a second, there is still the nritems == 0 check inside 
> btrfs_verify_level_key().
> 
> It looks like there is a missing link.
> 
> Is the btrfs_buffer_uptodate() call inside read_block_for_search() not 
> passing the correct check structure?

And if you can provide the fuzzed image for each of your fix/report, it 
will help a lot.

It will not only provide a reliable way to test, but also allows 
reviewer to verify if the root cause is correct.

> 
> Thanks,
> Qu

Re: [PATCH v2] btrfs: reject empty non-root tree blocks at read time

[kernel test robot]

Hi ZhengYuan,

kernel test robot noticed the following build errors:

[auto build test ERROR on kdave/for-next]
[also build test ERROR on linus/master v7.0-rc7 next-20260410]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/ZhengYuan-Huang/btrfs-reject-empty-non-root-tree-blocks-at-read-time/20260412-051345
base:   https://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux.git for-next
patch link:    https://lore.kernel.org/r/20260409081140.3400650-1-gality369%40gmail.com
patch subject: [PATCH v2] btrfs: reject empty non-root tree blocks at read time
config: arm-randconfig-002-20260412 (https://download.01.org/0day-ci/archive/20260412/202604121109.U7Y29jQ1-lkp@intel.com/config)
compiler: arm-linux-gnueabi-gcc (GCC) 14.3.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260412/202604121109.U7Y29jQ1-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202604121109.U7Y29jQ1-lkp@intel.com/

All errors (new ones prefixed by >>):

   fs/btrfs/disk-io.c: In function 'btrfs_validate_extent_buffer':
>> fs/btrfs/disk-io.c:431:25: error: label 'out' used but not defined
     431 |                         goto out;
         |                         ^~~~


vim +/out +431 fs/btrfs/disk-io.c

   355	
   356	/* Do basic extent buffer checks at read time */
   357	int btrfs_validate_extent_buffer(struct extent_buffer *eb,
   358					 const struct btrfs_tree_parent_check *check)
   359	{
   360		struct btrfs_fs_info *fs_info = eb->fs_info;
   361		u64 found_start;
   362		const u32 csum_size = fs_info->csum_size;
   363		u8 found_level;
   364		u8 result[BTRFS_CSUM_SIZE];
   365		const u8 *header_csum;
   366		int ret = 0;
   367		const bool ignore_csum = btrfs_test_opt(fs_info, IGNOREMETACSUMS);
   368	
   369		ASSERT(check);
   370	
   371		found_start = btrfs_header_bytenr(eb);
   372		if (unlikely(found_start != eb->start)) {
   373			btrfs_err_rl(fs_info,
   374				"bad tree block start, mirror %u want %llu have %llu",
   375				     eb->read_mirror, eb->start, found_start);
   376			return -EIO;
   377		}
   378		if (unlikely(check_tree_block_fsid(eb))) {
   379			btrfs_err_rl(fs_info, "bad fsid on logical %llu mirror %u",
   380				     eb->start, eb->read_mirror);
   381			return -EIO;
   382		}
   383		found_level = btrfs_header_level(eb);
   384		if (unlikely(found_level >= BTRFS_MAX_LEVEL)) {
   385			btrfs_err(fs_info,
   386				"bad tree block level, mirror %u level %d on logical %llu",
   387				eb->read_mirror, btrfs_header_level(eb), eb->start);
   388			return -EIO;
   389		}
   390	
   391		csum_tree_block(eb, result);
   392		header_csum = folio_address(eb->folios[0]) +
   393			get_eb_offset_in_folio(eb, offsetof(struct btrfs_header, csum));
   394	
   395		if (memcmp(result, header_csum, csum_size) != 0) {
   396			btrfs_warn_rl(fs_info,
   397	"checksum verify failed on logical %llu mirror %u wanted " BTRFS_CSUM_FMT " found " BTRFS_CSUM_FMT " level %d%s",
   398				      eb->start, eb->read_mirror,
   399				      BTRFS_CSUM_FMT_VALUE(csum_size, header_csum),
   400				      BTRFS_CSUM_FMT_VALUE(csum_size, result),
   401				      btrfs_header_level(eb),
   402				      ignore_csum ? ", ignored" : "");
   403			if (unlikely(!ignore_csum))
   404				return -EUCLEAN;
   405		}
   406	
   407		if (unlikely(found_level != check->level)) {
   408			btrfs_err(fs_info,
   409			"level verify failed on logical %llu mirror %u wanted %u found %u",
   410				  eb->start, eb->read_mirror, check->level, found_level);
   411			return -EIO;
   412		}
   413		if (unlikely(check->transid &&
   414			     btrfs_header_generation(eb) != check->transid)) {
   415			btrfs_err_rl(eb->fs_info,
   416	"parent transid verify failed on logical %llu mirror %u wanted %llu found %llu",
   417					eb->start, eb->read_mirror, check->transid,
   418					btrfs_header_generation(eb));
   419			return -EIO;
   420		}
   421		if (check->has_first_key) {
   422			const struct btrfs_key *expect_key = &check->first_key;
   423			struct btrfs_key found_key;
   424	
   425			/* We have @first_key, so this @eb must have at least one item. */
   426			if (unlikely(btrfs_header_nritems(eb) == 0)) {
   427				btrfs_err(fs_info,
   428					  "invalid tree nritems, bytenr=%llu nritems=0 expect >0",
   429					  eb->start);
   430				ret = -EUCLEAN;
 > 431				goto out;
   432			}
   433	
   434			if (found_level)
   435				btrfs_node_key_to_cpu(eb, &found_key, 0);
   436			else
   437				btrfs_item_key_to_cpu(eb, &found_key, 0);
   438			if (unlikely(btrfs_comp_cpu_keys(expect_key, &found_key))) {
   439				btrfs_err(fs_info,
   440	"tree first key mismatch detected, bytenr=%llu parent_transid=%llu key expected=(%llu,%u,%llu) has=(%llu,%u,%llu)",
   441					  eb->start, check->transid,
   442					  expect_key->objectid,
   443					  expect_key->type, expect_key->offset,
   444					  found_key.objectid, found_key.type,
   445					  found_key.offset);
   446				return -EUCLEAN;
   447			}
   448		}
   449		if (check->owner_root) {
   450			ret = btrfs_check_eb_owner(eb, check->owner_root);
   451			if (ret < 0)
   452				return ret;
   453		}
   454	
   455		/* If this is a leaf block and it is corrupt, just return -EIO. */
   456		if (found_level == 0 && btrfs_check_leaf(eb))
   457			ret = -EIO;
   458	
   459		if (found_level > 0 && btrfs_check_node(eb))
   460			ret = -EIO;
   461	
   462		if (ret)
   463			btrfs_err(fs_info,
   464			"read time tree block corruption detected on logical %llu mirror %u",
   465				  eb->start, eb->read_mirror);
   466		return ret;
   467	}
   468	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH v2] btrfs: reject empty non-root tree blocks at read time

[kernel test robot]

Hi ZhengYuan,

kernel test robot noticed the following build errors:

[auto build test ERROR on kdave/for-next]
[also build test ERROR on linus/master v7.0-rc7 next-20260410]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/ZhengYuan-Huang/btrfs-reject-empty-non-root-tree-blocks-at-read-time/20260412-051345
base:   https://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux.git for-next
patch link:    https://lore.kernel.org/r/20260409081140.3400650-1-gality369%40gmail.com
patch subject: [PATCH v2] btrfs: reject empty non-root tree blocks at read time
config: x86_64-kexec (https://download.01.org/0day-ci/archive/20260412/202604120628.G64NL6IJ-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260412/202604120628.G64NL6IJ-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202604120628.G64NL6IJ-lkp@intel.com/

All errors (new ones prefixed by >>):

>> fs/btrfs/disk-io.c:431:9: error: use of undeclared label 'out'
     431 |                         goto out;
         |                              ^
   1 error generated.


vim +/out +431 fs/btrfs/disk-io.c

   355	
   356	/* Do basic extent buffer checks at read time */
   357	int btrfs_validate_extent_buffer(struct extent_buffer *eb,
   358					 const struct btrfs_tree_parent_check *check)
   359	{
   360		struct btrfs_fs_info *fs_info = eb->fs_info;
   361		u64 found_start;
   362		const u32 csum_size = fs_info->csum_size;
   363		u8 found_level;
   364		u8 result[BTRFS_CSUM_SIZE];
   365		const u8 *header_csum;
   366		int ret = 0;
   367		const bool ignore_csum = btrfs_test_opt(fs_info, IGNOREMETACSUMS);
   368	
   369		ASSERT(check);
   370	
   371		found_start = btrfs_header_bytenr(eb);
   372		if (unlikely(found_start != eb->start)) {
   373			btrfs_err_rl(fs_info,
   374				"bad tree block start, mirror %u want %llu have %llu",
   375				     eb->read_mirror, eb->start, found_start);
   376			return -EIO;
   377		}
   378		if (unlikely(check_tree_block_fsid(eb))) {
   379			btrfs_err_rl(fs_info, "bad fsid on logical %llu mirror %u",
   380				     eb->start, eb->read_mirror);
   381			return -EIO;
   382		}
   383		found_level = btrfs_header_level(eb);
   384		if (unlikely(found_level >= BTRFS_MAX_LEVEL)) {
   385			btrfs_err(fs_info,
   386				"bad tree block level, mirror %u level %d on logical %llu",
   387				eb->read_mirror, btrfs_header_level(eb), eb->start);
   388			return -EIO;
   389		}
   390	
   391		csum_tree_block(eb, result);
   392		header_csum = folio_address(eb->folios[0]) +
   393			get_eb_offset_in_folio(eb, offsetof(struct btrfs_header, csum));
   394	
   395		if (memcmp(result, header_csum, csum_size) != 0) {
   396			btrfs_warn_rl(fs_info,
   397	"checksum verify failed on logical %llu mirror %u wanted " BTRFS_CSUM_FMT " found " BTRFS_CSUM_FMT " level %d%s",
   398				      eb->start, eb->read_mirror,
   399				      BTRFS_CSUM_FMT_VALUE(csum_size, header_csum),
   400				      BTRFS_CSUM_FMT_VALUE(csum_size, result),
   401				      btrfs_header_level(eb),
   402				      ignore_csum ? ", ignored" : "");
   403			if (unlikely(!ignore_csum))
   404				return -EUCLEAN;
   405		}
   406	
   407		if (unlikely(found_level != check->level)) {
   408			btrfs_err(fs_info,
   409			"level verify failed on logical %llu mirror %u wanted %u found %u",
   410				  eb->start, eb->read_mirror, check->level, found_level);
   411			return -EIO;
   412		}
   413		if (unlikely(check->transid &&
   414			     btrfs_header_generation(eb) != check->transid)) {
   415			btrfs_err_rl(eb->fs_info,
   416	"parent transid verify failed on logical %llu mirror %u wanted %llu found %llu",
   417					eb->start, eb->read_mirror, check->transid,
   418					btrfs_header_generation(eb));
   419			return -EIO;
   420		}
   421		if (check->has_first_key) {
   422			const struct btrfs_key *expect_key = &check->first_key;
   423			struct btrfs_key found_key;
   424	
   425			/* We have @first_key, so this @eb must have at least one item. */
   426			if (unlikely(btrfs_header_nritems(eb) == 0)) {
   427				btrfs_err(fs_info,
   428					  "invalid tree nritems, bytenr=%llu nritems=0 expect >0",
   429					  eb->start);
   430				ret = -EUCLEAN;
 > 431				goto out;
   432			}
   433	
   434			if (found_level)
   435				btrfs_node_key_to_cpu(eb, &found_key, 0);
   436			else
   437				btrfs_item_key_to_cpu(eb, &found_key, 0);
   438			if (unlikely(btrfs_comp_cpu_keys(expect_key, &found_key))) {
   439				btrfs_err(fs_info,
   440	"tree first key mismatch detected, bytenr=%llu parent_transid=%llu key expected=(%llu,%u,%llu) has=(%llu,%u,%llu)",
   441					  eb->start, check->transid,
   442					  expect_key->objectid,
   443					  expect_key->type, expect_key->offset,
   444					  found_key.objectid, found_key.type,
   445					  found_key.offset);
   446				return -EUCLEAN;
   447			}
   448		}
   449		if (check->owner_root) {
   450			ret = btrfs_check_eb_owner(eb, check->owner_root);
   451			if (ret < 0)
   452				return ret;
   453		}
   454	
   455		/* If this is a leaf block and it is corrupt, just return -EIO. */
   456		if (found_level == 0 && btrfs_check_leaf(eb))
   457			ret = -EIO;
   458	
   459		if (found_level > 0 && btrfs_check_node(eb))
   460			ret = -EIO;
   461	
   462		if (ret)
   463			btrfs_err(fs_info,
   464			"read time tree block corruption detected on logical %llu mirror %u",
   465				  eb->start, eb->read_mirror);
   466		return ret;
   467	}
   468	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH v2] btrfs: reject empty non-root tree blocks at read time

[kernel test robot]

Hi ZhengYuan,

kernel test robot noticed the following build errors:

[auto build test ERROR on kdave/for-next]
[also build test ERROR on linus/master v7.0-rc7 next-20260410]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/ZhengYuan-Huang/btrfs-reject-empty-non-root-tree-blocks-at-read-time/20260412-051345
base:   https://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux.git for-next
patch link:    https://lore.kernel.org/r/20260409081140.3400650-1-gality369%40gmail.com
patch subject: [PATCH v2] btrfs: reject empty non-root tree blocks at read time
config: i386-randconfig-141-20260412 (https://download.01.org/0day-ci/archive/20260412/202604121228.ciXtbZT6-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
smatch: v0.5.0-9004-gb810ac53
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260412/202604121228.ciXtbZT6-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202604121228.ciXtbZT6-lkp@intel.com/

All errors (new ones prefixed by >>):

>> fs/btrfs/disk-io.c:431:9: error: use of undeclared label 'out'
     431 |                         goto out;
         |                              ^
   1 error generated.


vim +/out +431 fs/btrfs/disk-io.c

   355	
   356	/* Do basic extent buffer checks at read time */
   357	int btrfs_validate_extent_buffer(struct extent_buffer *eb,
   358					 const struct btrfs_tree_parent_check *check)
   359	{
   360		struct btrfs_fs_info *fs_info = eb->fs_info;
   361		u64 found_start;
   362		const u32 csum_size = fs_info->csum_size;
   363		u8 found_level;
   364		u8 result[BTRFS_CSUM_SIZE];
   365		const u8 *header_csum;
   366		int ret = 0;
   367		const bool ignore_csum = btrfs_test_opt(fs_info, IGNOREMETACSUMS);
   368	
   369		ASSERT(check);
   370	
   371		found_start = btrfs_header_bytenr(eb);
   372		if (unlikely(found_start != eb->start)) {
   373			btrfs_err_rl(fs_info,
   374				"bad tree block start, mirror %u want %llu have %llu",
   375				     eb->read_mirror, eb->start, found_start);
   376			return -EIO;
   377		}
   378		if (unlikely(check_tree_block_fsid(eb))) {
   379			btrfs_err_rl(fs_info, "bad fsid on logical %llu mirror %u",
   380				     eb->start, eb->read_mirror);
   381			return -EIO;
   382		}
   383		found_level = btrfs_header_level(eb);
   384		if (unlikely(found_level >= BTRFS_MAX_LEVEL)) {
   385			btrfs_err(fs_info,
   386				"bad tree block level, mirror %u level %d on logical %llu",
   387				eb->read_mirror, btrfs_header_level(eb), eb->start);
   388			return -EIO;
   389		}
   390	
   391		csum_tree_block(eb, result);
   392		header_csum = folio_address(eb->folios[0]) +
   393			get_eb_offset_in_folio(eb, offsetof(struct btrfs_header, csum));
   394	
   395		if (memcmp(result, header_csum, csum_size) != 0) {
   396			btrfs_warn_rl(fs_info,
   397	"checksum verify failed on logical %llu mirror %u wanted " BTRFS_CSUM_FMT " found " BTRFS_CSUM_FMT " level %d%s",
   398				      eb->start, eb->read_mirror,
   399				      BTRFS_CSUM_FMT_VALUE(csum_size, header_csum),
   400				      BTRFS_CSUM_FMT_VALUE(csum_size, result),
   401				      btrfs_header_level(eb),
   402				      ignore_csum ? ", ignored" : "");
   403			if (unlikely(!ignore_csum))
   404				return -EUCLEAN;
   405		}
   406	
   407		if (unlikely(found_level != check->level)) {
   408			btrfs_err(fs_info,
   409			"level verify failed on logical %llu mirror %u wanted %u found %u",
   410				  eb->start, eb->read_mirror, check->level, found_level);
   411			return -EIO;
   412		}
   413		if (unlikely(check->transid &&
   414			     btrfs_header_generation(eb) != check->transid)) {
   415			btrfs_err_rl(eb->fs_info,
   416	"parent transid verify failed on logical %llu mirror %u wanted %llu found %llu",
   417					eb->start, eb->read_mirror, check->transid,
   418					btrfs_header_generation(eb));
   419			return -EIO;
   420		}
   421		if (check->has_first_key) {
   422			const struct btrfs_key *expect_key = &check->first_key;
   423			struct btrfs_key found_key;
   424	
   425			/* We have @first_key, so this @eb must have at least one item. */
   426			if (unlikely(btrfs_header_nritems(eb) == 0)) {
   427				btrfs_err(fs_info,
   428					  "invalid tree nritems, bytenr=%llu nritems=0 expect >0",
   429					  eb->start);
   430				ret = -EUCLEAN;
 > 431				goto out;
   432			}
   433	
   434			if (found_level)
   435				btrfs_node_key_to_cpu(eb, &found_key, 0);
   436			else
   437				btrfs_item_key_to_cpu(eb, &found_key, 0);
   438			if (unlikely(btrfs_comp_cpu_keys(expect_key, &found_key))) {
   439				btrfs_err(fs_info,
   440	"tree first key mismatch detected, bytenr=%llu parent_transid=%llu key expected=(%llu,%u,%llu) has=(%llu,%u,%llu)",
   441					  eb->start, check->transid,
   442					  expect_key->objectid,
   443					  expect_key->type, expect_key->offset,
   444					  found_key.objectid, found_key.type,
   445					  found_key.offset);
   446				return -EUCLEAN;
   447			}
   448		}
   449		if (check->owner_root) {
   450			ret = btrfs_check_eb_owner(eb, check->owner_root);
   451			if (ret < 0)
   452				return ret;
   453		}
   454	
   455		/* If this is a leaf block and it is corrupt, just return -EIO. */
   456		if (found_level == 0 && btrfs_check_leaf(eb))
   457			ret = -EIO;
   458	
   459		if (found_level > 0 && btrfs_check_node(eb))
   460			ret = -EIO;
   461	
   462		if (ret)
   463			btrfs_err(fs_info,
   464			"read time tree block corruption detected on logical %llu mirror %u",
   465				  eb->start, eb->read_mirror);
   466		return ret;
   467	}
   468	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki