Created attachment 174741 [details] BTRFS-Image causing userland tools and kernel to crash The btrfs-image attached to this bug causes the userland tools v3.19.1 to crash with a SIGFPE. The problem is that map->sub_stripes in __btrfs_map_block() is allowed to be 0 before entering a division. The userland tool crashes. The kernel reports a "divide error: 0000 ..." with a traceback from __btrfs_map_block() (gdb) run check btrfs_fukked_sigfpe_volumes:1404.bin Starting program: /usr/sbin/btrfs check btrfs_fukked_sigfpe_volumes:1404.bin [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGFPE, Arithmetic exception. 0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, raid_map_ret=0x0) at volumes.c:1404 1404 int factor = map->num_stripes / map->sub_stripes; (gdb) bt #0 0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, raid_map_ret=0x0) at volumes.c:1404 #1 0x000000000044db45 in btrfs_map_block (map_tree=map_tree@entry=0x88c170, rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=mirror_num@entry=0, raid_map_ret=0x0) at volumes.c:1291 #2 0x000000000043b22d in read_whole_eb (info=0x88c010, eb=eb@entry=0x88f400, mirror=mirror@entry=0) at disk-io.c:232 #3 0x000000000043caa2 in read_tree_block (root=root@entry=0x88c710, bytenr=<optimized out>, blocksize=<optimized out>, parent_transid=5) at disk-io.c:295 #4 0x000000000043d5df in btrfs_setup_chunk_tree_and_device_map ( fs_info=fs_info@entry=0x88c010) at disk-io.c:1106 #5 0x000000000043d7d1 in __open_ctree_fd (fp=fp@entry=3, path=path@entry=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin", sb_bytenr=65536, sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1190 #6 0x000000000043d965 in open_ctree_fs_info ( filename=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin", sb_bytenr=sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1231 #7 0x0000000000427bf5 in cmd_check (argc=1, argv=0x7fffffffde90) at cmds-check.c:9326 #8 0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245 (gdb) p map->sub_stripes $1 = 0
Current btrfs-progs 4.7.1 do not reach the zero division as it does more extensive checks at the beginning: ERROR: Invalid num_stripes:sub_stripes 1:0 for profile 64 ERROR: Superblock checksums match, but it has an invalid chunk, try btrfsck --repair -s <superblock> ie, 0,1,2 Couldn't open file system same for kernel, e06cd3dd7cea50e87663a88acdfdb7ac1c53a5ca "Btrfs: add validadtion checks for chunk loading", since 4.7. Nevertheless, I'll add the image to the testsuite. CLosing.