From 1e4ef75053e05cef19f3ba41eef80d2dabbb49ce Mon Sep 17 00:00:00 2001
From: David Sterba <dsterba@suse.com>
Date: Sat, 3 Sep 2016 20:47:21 +0200
Subject: btrfs-progs: tests: add fuzzed image for invalid sub_stripe value

Reported-by: Lukas Lueg <lukas.lueg@gmail.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---
 .../bko-97041-invalid-sub-stripes-zero-FPE.raw.txt |  50 +++++++++++++++++++++
 .../bko-97041-invalid-sub-stripes-zero-FPE.raw.xz  | Bin 0 -> 6476 bytes
 2 files changed, 50 insertions(+)
 create mode 100644 tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt
 create mode 100644 tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz

(limited to 'tests/fuzz-tests')

diff --git a/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt
new file mode 100644
index 00000000..5f631646
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt
@@ -0,0 +1,50 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=97041
+ Lukas Lueg 2015-04-21 21:53:14 UTC
+
+The btrfs-image attached to this bug causes the userland tools v3.19.1 to
+crash with a SIGFPE. The problem is that map->sub_stripes in
+__btrfs_map_block() is allowed to be 0 before entering a division.
+
+The userland tool crashes. The kernel reports a "divide error: 0000 ..."
+with a traceback from __btrfs_map_block()
+
+
+(gdb) run check btrfs_fukked_sigfpe_volumes:1404.bin
+Starting program: /usr/sbin/btrfs check btrfs_fukked_sigfpe_volumes:1404.bin
+[Thread debugging using libthread_db enabled]
+Using host libthread_db library "/lib64/libthread_db.so.1".
+
+Program received signal SIGFPE, Arithmetic exception.
+0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, 
+    rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, 
+    type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, 
+    raid_map_ret=0x0) at volumes.c:1404
+1404			int factor = map->num_stripes / map->sub_stripes;
+(gdb) bt
+#0  0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, 
+    rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, 
+    type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, 
+    raid_map_ret=0x0) at volumes.c:1404
+#1  0x000000000044db45 in btrfs_map_block (map_tree=map_tree@entry=0x88c170, 
+    rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, 
+    multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=mirror_num@entry=0, 
+    raid_map_ret=0x0) at volumes.c:1291
+#2  0x000000000043b22d in read_whole_eb (info=0x88c010, eb=eb@entry=0x88f400, 
+    mirror=mirror@entry=0) at disk-io.c:232
+#3  0x000000000043caa2 in read_tree_block (root=root@entry=0x88c710, 
+    bytenr=<optimized out>, blocksize=<optimized out>, parent_transid=5)
+    at disk-io.c:295
+#4  0x000000000043d5df in btrfs_setup_chunk_tree_and_device_map (
+    fs_info=fs_info@entry=0x88c010) at disk-io.c:1106
+#5  0x000000000043d7d1 in __open_ctree_fd (fp=fp@entry=3, 
+    path=path@entry=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin", 
+    sb_bytenr=65536, sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, 
+    flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1190
+#6  0x000000000043d965 in open_ctree_fs_info (
+    filename=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin", 
+    sb_bytenr=sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, 
+    flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1231
+#7  0x0000000000427bf5 in cmd_check (argc=1, argv=0x7fffffffde90) at cmds-check.c:9326
+#8  0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245
+(gdb) p map->sub_stripes
+$1 = 0
diff --git a/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz
new file mode 100644
index 00000000..b8e23eb7
Binary files /dev/null and b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz differ
-- 
cgit v1.2.3