On Sun, Nov 15, 2015 at 07:21:17PM +0100, Vegard Nossum wrote:
> With the attached btrfs image, I get the following splat when mounting:
>
> """
> # mount -o loop -t btrfs ./btrfs.0 /mnt/0/
> BTRFS: device fsid 9006933e-2a9a-44f0-917f-514252aeec2c devid 1 transid
> 7 /dev/loop0
> BTRFS info (device loop0): disk space caching is enabled
> BUG: failure at fs/btrfs/ctree.h:337/btrfs_chunk_item_size()!
Looks like a fuzzed image, it blows when num_stripes is 0
335 static inline unsigned long btrfs_chunk_item_size(int num_stripes)
336 {
337 BUG_ON(num_stripes == 0);
338 return sizeof(struct btrfs_chunk) +
339 sizeof(struct btrfs_stripe) * (num_stripes - 1);
340 }
called from btrfs_read_sys_array. The check for num_stripes == 0 seems to be
missing from kernel code, 'btrfs check' detects that and does not crash.
The userspace code has some more validations so I'll port them to kernel
and this should fix the mount crash.
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
