All of lore.kernel.org
 help / color / mirror / Atom feed
From: Vegard Nossum <vegard.nossum@oracle.com>
To: clm@fb.com, jbacik@fb.com, linux-btrfs@vger.kernel.org
Cc: dsterba@suse.cz, quwenruo@cn.fujitsu.com
Subject: divide error in __btrfs_map_block (div64_u64(stripe_nr, stripe_len))
Date: Tue, 1 Dec 2015 12:12:24 +0100	[thread overview]
Message-ID: <565D8098.5080200@oracle.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 2713 bytes --]

Hi,

With the attached (fuzzed) disk image I get this crash on latest 
linus/master when mounting:

BTRFS: device fsid de80ced1-18ac-490c-9afb-cf0a7d66cc7e devid 1 transid 
7 /dev/loop0
BTRFS info (device loop0): disk space caching is enabled
divide error: 0000 [#1] SMP KASAN
CPU: 0 PID: 955 Comm: mount Not tainted 4.4.0-rc3+ #244
task: ffff880015231c00 ti: ffff8800156f0000 task.ti: ffff8800156f0000
RIP: 0010:[<ffffffff814cabf5>]  [<ffffffff814cabf5>] 
__btrfs_map_block+0x175/0x1b30
RSP: 0018:ffff8800156f6f18  EFLAGS: 00010246
RAX: 0000000000021000 RBX: 0000000000021000 RCX: ffff880015fce000
RDX: 0000000000000000 RSI: 0000000000021000 RDI: ffff8800152cb9f0
RBP: ffff8800156f70c8 R08: 0000000000400000 R09: 0000000000000000
R10: ffff880015fde1c0 R11: 0000000000000001 R12: 0000000000400000
R13: 0000000000021000 R14: 0000000000000000 R15: ffff8800156f7170
FS:  00007f387f51c880(0000) GS:ffff880016e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f387eca3540 CR3: 000000000005d000 CR4: 00000000001406b0
Stack:
  ffffffff81224300 ffff8800156f6f48 ffffffff8101af95 ffff8800156f6f48
  ffffffff810ad7fe 0000000000000000 ffff8800156f6fa8 ffffffff8100b5cb
  ffff8800156f7ff8 ffff8800156f0000 00000000c0ed0001 ffff8800156f71b0
Call Trace:
  [<ffffffff814ccdd8>] btrfs_map_bio+0x128/0x600
  [<ffffffff8147b369>] btree_submit_bio_hook+0x179/0x190
  [<ffffffff814b388e>] submit_one_bio+0xee/0x120
  [<ffffffff814beecf>] read_extent_buffer_pages+0x2cf/0x4a0
  [<ffffffff81479bfe>] 
btree_read_extent_buffer_pages.constprop.51+0x12e/0x190
  [<ffffffff8147b63b>] read_tree_block+0x4b/0x80
  [<ffffffff81482b19>] open_ctree+0x2489/0x3770
  [<ffffffff81440883>] btrfs_mount+0xf43/0x10c0
  [<ffffffff812328e6>] mount_fs+0x56/0x1b0
  [<ffffffff8125e116>] vfs_kern_mount+0x66/0x190
  [<ffffffff8143fbbe>] btrfs_mount+0x27e/0x10c0
  [<ffffffff812328e6>] mount_fs+0x56/0x1b0
  [<ffffffff8125e116>] vfs_kern_mount+0x66/0x190
  [<ffffffff8125fc32>] do_mount+0x362/0x16b0
  [<ffffffff812614b6>] SyS_mount+0xf6/0x160
  [<ffffffff81f7d82e>] entry_SYSCALL_64_fastpath+0x12/0x71
Code: 29 da 48 89 d3 49 89 c6 48 89 85 e8 fe ff ff 48 83 c0 10 48 89 c7 
48 89 85 30 ff ff ff e8 54 95 d5 ff 4d 63 76 10 31 d2 48 89 d8 <49> f7 
f6 44 89 b5 20 ff ff ff 48 89 85 10 ff ff ff 49 0f af c6
RIP  [<ffffffff814cabf5>] __btrfs_map_block+0x175/0x1b30
  RSP <ffff8800156f6f18>
---[ end trace c42185c4a2495b9c ]---
mount (955) used greatest stack depth: 25200 bytes left
Segmentation fault

It seems to be this line:

/*
  * stripe_nr counts the total number of stripes we have to stride
  * to get to this block
  */
stripe_nr = div64_u64(stripe_nr, stripe_len);

I can test patches. Thanks,


Vegard

[-- Attachment #2: btrfs.2.bz2 --]
[-- Type: application/x-bzip, Size: 7119 bytes --]

                 reply	other threads:[~2015-12-01 11:12 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=565D8098.5080200@oracle.com \
    --to=vegard.nossum@oracle.com \
    --cc=clm@fb.com \
    --cc=dsterba@suse.cz \
    --cc=jbacik@fb.com \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=quwenruo@cn.fujitsu.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.