path: root/tests
diff options
authorQu Wenruo <>2016-08-30 11:29:33 +0800
committerDavid Sterba <>2016-09-05 10:04:27 +0200
commitba23b7679fb85e55cb28239e65a58a4f47e9f739 (patch)
tree0d0e0bf6294320e885c4fd4332f5795b84ee7b99 /tests
parent245cf06dfaec144fac3423e91d0bbb2b686b5ed1 (diff)
btrfs-progs: fuzz-test: Add image for unaligned tree block ptr
Add test case image for unaligned tree block ptr. It should lead to BUG_ON in free_extent_buffer(). Reported-by: Lukas Lueg <> Signed-off-by: Qu Wenruo <> [ added bko-NNN- prefix to the files ] Signed-off-by: David Sterba <>
Diffstat (limited to 'tests')
-rw-r--r--tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.xzbin0 -> 3852 bytes
2 files changed, 33 insertions, 0 deletions
diff --git a/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.txt b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.txt
new file mode 100644
index 00000000..05cf3928
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.txt
@@ -0,0 +1,33 @@
+Lukas Lueg 2016-08-23 19:54:45 UTC
+Created attachment 229941 [details]
+Image triggering btrfsck into asan error
+The filesystem-image attached to this bug drives btrfsck from btrfs-progs
+v4.7-42-g56e9586 into a heap-use-after-free. The src was from kdave's mirror,
+devel branch. CFLAGS='-DNDEBUG -O1 -g -fsanitize=address
+-fno-omit-frame-pointer -fno-optimize-sibling-calls'
+The juicy parts:
+==32639==ERROR: AddressSanitizer: heap-use-after-free on address
+0x621000019170 at pc 0x0000005c046e bp 0x7fff631e48d0 sp 0x7fff631e48c8
+READ of size 4 at 0x621000019170 thread T0
+ #0 0x5c046d in free_extent_buffer
+ #1 0x59356c in btrfs_release_all_roots
+ #2 0x5949a7 in __open_ctree_fd
+ #3 0x594325 in open_ctree_fs_info
+ #4 0x51e717 in cmd_check
+ #5 0x4f0f81 in main /home/lukas/dev/btrfsprogs_fuzz/src/btrfs.c:243:8
+ #6 0x7f5ce75ee730 in __libc_start_main (/lib64/
+ #7 0x4213f8 in _start (/home/lukas/dev/btrfsfuzz/bin/bin/btrfs+0x4213f8)
+Note that the bug happens within core itself. The kernel may be vulnerable as
+well, I didn't check, though.
diff --git a/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.xz b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.xz
new file mode 100644
index 00000000..d37b1a2d
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.xz
Binary files differ