From 1e4ef75053e05cef19f3ba41eef80d2dabbb49ce Mon Sep 17 00:00:00 2001 From: David Sterba Date: Sat, 3 Sep 2016 20:47:21 +0200 Subject: [PATCH] btrfs-progs: tests: add fuzzed image for invalid sub_stripe value Reported-by: Lukas Lueg Signed-off-by: David Sterba --- .../bko-97041-invalid-sub-stripes-zero-FPE.raw.txt | 50 +++++++++++++++++++++ .../bko-97041-invalid-sub-stripes-zero-FPE.raw.xz | Bin 0 -> 6476 bytes 2 files changed, 50 insertions(+) create mode 100644 tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt create mode 100644 tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz diff --git a/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt new file mode 100644 index 0000000..5f63164 --- /dev/null +++ b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt @@ -0,0 +1,50 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=97041 + Lukas Lueg 2015-04-21 21:53:14 UTC + +The btrfs-image attached to this bug causes the userland tools v3.19.1 to +crash with a SIGFPE. The problem is that map->sub_stripes in +__btrfs_map_block() is allowed to be 0 before entering a division. + +The userland tool crashes. The kernel reports a "divide error: 0000 ..." +with a traceback from __btrfs_map_block() + + +(gdb) run check btrfs_fukked_sigfpe_volumes:1404.bin +Starting program: /usr/sbin/btrfs check btrfs_fukked_sigfpe_volumes:1404.bin +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/lib64/libthread_db.so.1". + +Program received signal SIGFPE, Arithmetic exception. +0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=, length=length@entry=0x7fffffffd8f0, + type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, + raid_map_ret=0x0) at volumes.c:1404 +1404 int factor = map->num_stripes / map->sub_stripes; +(gdb) bt +#0 0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=, length=length@entry=0x7fffffffd8f0, + type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, + raid_map_ret=0x0) at volumes.c:1404 +#1 0x000000000044db45 in btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=, length=length@entry=0x7fffffffd8f0, + multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=mirror_num@entry=0, + raid_map_ret=0x0) at volumes.c:1291 +#2 0x000000000043b22d in read_whole_eb (info=0x88c010, eb=eb@entry=0x88f400, + mirror=mirror@entry=0) at disk-io.c:232 +#3 0x000000000043caa2 in read_tree_block (root=root@entry=0x88c710, + bytenr=, blocksize=, parent_transid=5) + at disk-io.c:295 +#4 0x000000000043d5df in btrfs_setup_chunk_tree_and_device_map ( + fs_info=fs_info@entry=0x88c010) at disk-io.c:1106 +#5 0x000000000043d7d1 in __open_ctree_fd (fp=fp@entry=3, + path=path@entry=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin", + sb_bytenr=65536, sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, + flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1190 +#6 0x000000000043d965 in open_ctree_fs_info ( + filename=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin", + sb_bytenr=sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, + flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1231 +#7 0x0000000000427bf5 in cmd_check (argc=1, argv=0x7fffffffde90) at cmds-check.c:9326 +#8 0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245 +(gdb) p map->sub_stripes +$1 = 0 diff --git a/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz new file mode 100644 index 0000000000000000000000000000000000000000..b8e23eb7acac8baf6be64fb4d005921b564d44a9 GIT binary patch literal 6476 zcmeI1cTf}Rn#My@Is^<-l&TQvh}4iEQX(K#KzgrIrAY56H4p@(H$gfg9qFNn^cs#B z2u*sI8d~nz-Pzf>vpaM4?%X}IJ9Ga2{`h8|?|Gkhp5J#R;iqp101&TE*C`PKI0)_l z007!i{UJQwl^ARS0JvV^@db@|IP59NUCKhM=^c2r;O$M^?oZaRNuge883NVnp#GQ` zHK78knc$-3I4AXmceD#UjW18z+28i1q`;?mT)UH&Z;M9Fu%#*h) zeWc$f#ei)G+u>?1IS<+^3Fa61NQ8+G59wGq*sY^#?n!aSJ!J8sc436=IX{Ujpu-`y4PMeU@?3=4ORjG9`D@Yj z;?|{P{AN=+`BG7dq}R8=t3z%nWUY?9(c)MBgSZfjJ&D^0rG>Z>uppcO#qt5i;nA7y z*^$735pMnplyHuSX`o@VAc{=6?~-;&7$3#Q7I-%>y#$IGjsjlDec5Y4WM(Q?5Lb;W z5$FOH8vBD1111RUfkJu~j$Jnva+6te)vpmBU$L$Nz-%x`Pp%zxCqI| z&%3TDH#Iorcp|W@()@1oNHq_mvBBF7TW$UJjn@?hKUa)MNO65XDladz`8y z=AJ{(9$1q>LI!!A=IbH*J#B(!Wi&8V+b2kRYCM&Zj|}Z(*n$5eGU3Y^&C=1 zUiekj@vwU&$!5_a+U^P4jt|vM%L4U5^H|OnO5s*HWMl3kA_a+grRbKfRY^p3q7(X+ zUCEwH>+3-9y)d4%rcVP=;xXdq-=a=#7wNpLEfbkV@0$!Zd@1O;`9i3?M^!J1_D&@U z`z-XK>hi*QYbV|^ymxouJ`LSoQ%e!qO2a{9;FSZg4L5c(7J?~e&;3?K5MC&=a*Os7 z3Z*~}1$$SOc|s1GRC(qo`RypvUfqhSu5-di<=_aSVi3c5$(znZX2Bn9{oQV|3~wt% zU`AJ(Q9^1q>gA1YMMW9P)9@+IgXc#E0U*JK+n3bkJXDtMrA&QnOPUS3HSLLN4tJaa z{bgdyynVpN1&;Q)ke8ZwzC$kVb}tu1M^fWylg?iG7@ScI<5R#&G^LjT*ozEdLA}m| zH;3V&oi_jE_o|LaeUyu*CEx>Wdps|`YX1}Z#!y zpR@LHq8$Oe(`I#S(ef_2mPQVIbyvyfrAB+7h*7&`#rPQQWz!FNJZOogA;Huo7HZcG zJ*6w+vWf9@>(60V5rbH+p1pnrMKq$E*mYf=h~G-vgsyWb2~ZAN6ujB7OxbK!b?>7C z>GJN-YaL;`Nl4*$Co$7wf6&sH^6+{3^>xY>vu-5j9&0Op7zCK27>{4>IsVr4tOc=- zA%~;1@=93IdWvCjk7m0*dw8&=jBhzj^m-_-he|9v(i|GpxNO)x&;Q}uKWkHn{-)u+ zGbf>X!htZVkBNA@c5T|-EhSa^M9zA{)n!2L41Wj+iR`mF>Bj0k=JpvX5Tx(ubRZAi zr4MK7Qr>0ry%26Z(V-SXMHaR`)ibP;8qJnMQnWmFF{GDVOy$ZS&qv6GZD019ODkzm zQ-J!a$XJM#USAazN|oQN zoiJE2M!@O6Kv?(FDPQa~+dQdm01U_Q>f{8E^~TN1!AZ+j)+eeM8?PuBVN{gQ^sgH4U*EUt*3dq&%_yj2{=>Me4R=f;}pb4q+$Fv5SIv=m~Tiyb>vI zzNl;o#osc(Y2Mc2uB!|RNMW)S$xz^WWASd&Mz~ONSo{4dbSOuI^aQQJtHJ~|&JFbh zzxk9Xj+F7);LQj>kc^~xMt4{fnC?u;_mH;#p{%*Fu2#gl_PjPXN#<>TWU}Gb-AEH!C)3m46!{epus3~GvRwe>l%nf2 zHt5nt2sbC@77wmD+wFXug`Mj`O-W>rJj15c7ij@$>6nZ0s{W;Z?K&5;XtVVTQeR<* zNh|msz8Q9`R#}P-kn+MaYHa9+gM4|%uRgo zikn?6>sO1`0gl8If z22za~`-a@&Wsm!| zJkBF}npSJgGMWO{059W+5?I+%iHZ0SODY#kQLeQTLEqnok5SeVVW#Hp_p#GOH#NM9 zC^wIF>n0}i(nobNYOYjw1Cpci=*a7+aon0;bfohIuzB;_ zth?WAiBjU3@z=2dAF~*(us0Hl(Ci`1RUmpRNOy3*ZDu(#1B%rBJ)xz|?$BXJ%bqZ$ z1DjVAKAO)>sOTmXyunvjun9AKoxCxPjKAjKi?TS`mCVef*3qBb!&;@&k7%2Ee((%> z_GqW6kDEUkEdS1gl~ezlKzp^Q_YLz`C)y*E@HxJ0bC0hq*Z!p4%R)IUT3HajSZPam zg_XPMj$Z#Ghn5*MM%_LL5z)!M<=}V}o6k}jvCzJ8SB*~_-bKXk%=b(B?m~IcjB+L; zm>E{_?9k6p)fUtB3^hzhl*Z#-EK|^n8t+hVfCSp&W*|U4UA4eIuvo_EK?~)ggAl}O z;0RZH`T_E4cM__aG_A*s=7^o8Ke!Dt)LsN;-Pm8Hr--9T?bG{mh;sY+#V(&dYs*5d zxLV326zeri_S}sjUg22B8Z3ORBa1~qCE9a3MN^S(cF){VK?BPLwoDxcF#c$tBHj%# z*y-IwQbh+f#S_yv?<8?#JPhUar?nMRI-E}hCx;X&#atdKi(W3Ynhf8a3RtT~8(fw) z+~*}n-vIEDga!vL{QM;FA}9Q9MN<0WJ}fEKuSAw~&2msz@6+9P*v_|sa+;Z^WXTbc z&iLjLwr>X|+meZh&W1_zJRb)y}SoZuB@^Gv0H?-1X>q{{%v zixXB(37kd9gA79KWeczb&0SSN2#wRxbz`5bh?KFX%i+Pg$$Dj{ZBc6koYZ^#fCK@( z9S@(%8aRjsz6+3!GVB1Ud^uHBp(@?bLIAI&mwBg3^N5sqWYD3kijt(d%uQ6FHJwWI zaa6a4!n-gG;m~WK1<~Tr&OgmiKDpRzEvzdNsqLhEq3@a+N1^^ zOrK!CV+5h`qGs7lTTE!E#Li*rSNZB0z-sx2O}|g8-jGiG#Np92i${4Vv(qipJI4mc zatE)2Ytts9GQH`K$3xWLG&_r^KF;0t8&d(9iaLh>YZOzUhTt* zYk84-1_@GJo7stjnzT{PYU11#LNi>Iwvj71n|HjpC#psuIz#AaO9s2q&=1j%G?UO- zv)5V%iuMJ=RxM1xFbeU{oyF~%uzfZ4NB5(l#7FiqN#-gOgWwI#iMQmARS9nzE&E;I z93wUN!S6f)eM3tCHie`@PHoghX3%=%Xb9jIWdG#)!@x+w8w!&gi%`vKgx zoi-=%ViD|bGxJzZHq%9HaL_hS<`HytXZZ)?%k7>iR@AJNWu@b^+uOsXInsdq0*;=D zfiwNpT%T##O={ai(LRD+HG&(YhDip1At%a-~d;&KG-grHYbV)KUX43&&-|izA z){M(kIl$f`d*Byq)@D!=_c?nmt`#vvW8gmHFGb$u-hlY9IF=?nqzv`r&@9yn*#+wV z0wo|LoJoP_UwC9jH1@SC{M3)yTEjjau<2djx!L@*8aLKmb#lFJHo~hw&x=C!Qdw=q zNJizimM?RaL?&`B#3at z3)ojy)*RpihfCtuW{n(*{B#Tu`CH9c0;}#Ya>*TjgStC)8|OAz42lWz3){#y>nBG> zY-H&ajb^hXo`njtKo%hSw8A2al&=TtmHndiY2N9CZj9umSFn-u-FhHgz|2X2|Mf0D zcTX43YoXTro>wx+>pZpE8&$m-~3L5C#q;!olUgaK-u>b*(-G;Zs zOL+azJ1gF6Dem9T-4V0$1AAA&KQmP-$!rr2ZVyCJv~L@IUVr-*-Q+uX%IE#|#%?($ZXYO$l`^Vy=-o?i6B8QPxgVx}WmC~=-E zY2Y~sC4bDu;h}Y%=I%2Z^h@JN-$0dw=kYeWZ`F?!vCeb-AwZb3y{M_{u?9ukXGjkV zL)&)u3W2qyn0qe5HCkCAlfKqH3IeS-*%qN zyw>k@8p9gc2$vja>zRo%!X8xICT1pzr;=Yx-TH1SU#=otKfQYF5 zVP0-)ufeygPbsKpCuT#G1C*RjyHJF%aU%}!iqWf;G6{cv?nPSd+b424)65I*yQS}_ zKYoQJgKfP=s@J%=O3rS?&Kw6%Q?bYfdY6aa;&2&9`yIk=J-7TH74bi8HUA_AKojP^ zwECQ*>W%S=lKjw?`IY2sf*&ipu5X03f#2oB>+=FpLS`FZsLTb?gR5HiWJ;&PmyVIN zp=^H4KgIk=pyM&#<~v1hSanlxa0Yprj>~Vc15vVOA{XB@*6E>*%OTDGwKDS|E%Lee z1OnmzCoR_PGlX~4r9I!7b!ecqGraIBi<1g!_ZwHppG9W=)euT