tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt

   1 URL: https://bugzilla.kernel.org/show_bug.cgi?id=97041
   2  Lukas Lueg 2015-04-21 21:53:14 UTC
   3
   4 The btrfs-image attached to this bug causes the userland tools v3.19.1 to
   5 crash with a SIGFPE. The problem is that map->sub_stripes in
   6 __btrfs_map_block() is allowed to be 0 before entering a division.
   7
   8 The userland tool crashes. The kernel reports a "divide error: 0000 ..."
   9 with a traceback from __btrfs_map_block()
  10
  11
  12 (gdb) run check btrfs_fukked_sigfpe_volumes:1404.bin
  13 Starting program: /usr/sbin/btrfs check btrfs_fukked_sigfpe_volumes:1404.bin
  14 [Thread debugging using libthread_db enabled]
  15 Using host libthread_db library "/lib64/libthread_db.so.1".
  16
  17 Program received signal SIGFPE, Arithmetic exception.
  18 0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170,
  19     rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0,
  20     type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0,
  21     raid_map_ret=0x0) at volumes.c:1404
  22 1404                    int factor = map->num_stripes / map->sub_stripes;
  23 (gdb) bt
  24 #0  0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170,
  25     rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0,
  26     type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0,
  27     raid_map_ret=0x0) at volumes.c:1404
  28 #1  0x000000000044db45 in btrfs_map_block (map_tree=map_tree@entry=0x88c170,
  29     rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0,
  30     multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=mirror_num@entry=0,
  31     raid_map_ret=0x0) at volumes.c:1291
  32 #2  0x000000000043b22d in read_whole_eb (info=0x88c010, eb=eb@entry=0x88f400,
  33     mirror=mirror@entry=0) at disk-io.c:232
  34 #3  0x000000000043caa2 in read_tree_block (root=root@entry=0x88c710,
  35     bytenr=<optimized out>, blocksize=<optimized out>, parent_transid=5)
  36     at disk-io.c:295
  37 #4  0x000000000043d5df in btrfs_setup_chunk_tree_and_device_map (
  38     fs_info=fs_info@entry=0x88c010) at disk-io.c:1106
  39 #5  0x000000000043d7d1 in __open_ctree_fd (fp=fp@entry=3,
  40     path=path@entry=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin",
  41     sb_bytenr=65536, sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0,
  42     flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1190
  43 #6  0x000000000043d965 in open_ctree_fs_info (
  44     filename=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin",
  45     sb_bytenr=sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0,
  46     flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1231
  47 #7  0x0000000000427bf5 in cmd_check (argc=1, argv=0x7fffffffde90) at cmds-check.c:9326
  48 #8  0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245
  49 (gdb) p map->sub_stripes
  50 $1 = 0