divide error in __btrfs_map_block (div64_u64(stripe_nr, stripe_len))

Tue, 01 Dec 2015 03:14:04 -0800 · Description:

Hi,

With the attached (fuzzed) disk image I get this crash on latest
linus/master when mounting:

BTRFS: device fsid de80ced1-18ac-490c-9afb-cf0a7d66cc7e devid 1 transid
7 /dev/loop0
BTRFS info (device loop0): disk space caching is enabled
divide error: 0000 [#1] SMP KASAN
CPU: 0 PID: 955 Comm: mount Not tainted 4.4.0-rc3+ #244
task: ffff880015231c00 ti: ffff8800156f0000 task.ti: ffff8800156f0000
RIP: 0010:[<ffffffff814cabf5>] [<ffffffff814cabf5>]
__btrfs_map_block+0x175/0x1b30
RSP: 0018:ffff8800156f6f18  EFLAGS: 00010246
RAX: 0000000000021000 RBX: 0000000000021000 RCX: ffff880015fce000
RDX: 0000000000000000 RSI: 0000000000021000 RDI: ffff8800152cb9f0
RBP: ffff8800156f70c8 R08: 0000000000400000 R09: 0000000000000000
R10: ffff880015fde1c0 R11: 0000000000000001 R12: 0000000000400000
R13: 0000000000021000 R14: 0000000000000000 R15: ffff8800156f7170
FS:  00007f387f51c880(0000) GS:ffff880016e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f387eca3540 CR3: 000000000005d000 CR4: 00000000001406b0
Stack:
 ffffffff81224300 ffff8800156f6f48 ffffffff8101af95 ffff8800156f6f48
 ffffffff810ad7fe 0000000000000000 ffff8800156f6fa8 ffffffff8100b5cb
 ffff8800156f7ff8 ffff8800156f0000 00000000c0ed0001 ffff8800156f71b0
Call Trace:
 [<ffffffff814ccdd8>] btrfs_map_bio+0x128/0x600
 [<ffffffff8147b369>] btree_submit_bio_hook+0x179/0x190
 [<ffffffff814b388e>] submit_one_bio+0xee/0x120
 [<ffffffff814beecf>] read_extent_buffer_pages+0x2cf/0x4a0
 [<ffffffff81479bfe>]
btree_read_extent_buffer_pages.constprop.51+0x12e/0x190
 [<ffffffff8147b63b>] read_tree_block+0x4b/0x80
 [<ffffffff81482b19>] open_ctree+0x2489/0x3770
 [<ffffffff81440883>] btrfs_mount+0xf43/0x10c0
 [<ffffffff812328e6>] mount_fs+0x56/0x1b0
 [<ffffffff8125e116>] vfs_kern_mount+0x66/0x190
 [<ffffffff8143fbbe>] btrfs_mount+0x27e/0x10c0
 [<ffffffff812328e6>] mount_fs+0x56/0x1b0
 [<ffffffff8125e116>] vfs_kern_mount+0x66/0x190
 [<ffffffff8125fc32>] do_mount+0x362/0x16b0
 [<ffffffff812614b6>] SyS_mount+0xf6/0x160
 [<ffffffff81f7d82e>] entry_SYSCALL_64_fastpath+0x12/0x71
Code: 29 da 48 89 d3 49 89 c6 48 89 85 e8 fe ff ff 48 83 c0 10 48 89 c7
48 89 85 30 ff ff ff e8 54 95 d5 ff 4d 63 76 10 31 d2 48 89 d8 <49> f7
f6 44 89 b5 20 ff ff ff 48 89 85 10 ff ff ff 49 0f af c6
RIP  [<ffffffff814cabf5>] __btrfs_map_block+0x175/0x1b30
 RSP <ffff8800156f6f18>
---[ end trace c42185c4a2495b9c ]---
mount (955) used greatest stack depth: 25200 bytes left
Segmentation fault

It seems to be this line:

/*
 * stripe_nr counts the total number of stripes we have to stride
 * to get to this block
 */
stripe_nr = div64_u64(stripe_nr, stripe_len);

I can test patches. Thanks,

Vegard

btrfs.2.bz2

Description: application/bzip

divide error in __btrfs_map_block (div64_u64(stripe_nr, stripe_len))

Reply via email to