diff options
author | Dimitri John Ledkov <xnox@ubuntu.com> | 2016-09-08 12:29:10 +0100 |
---|---|---|
committer | Dimitri John Ledkov <xnox@ubuntu.com> | 2016-09-08 12:29:10 +0100 |
commit | 249a3592d5dfdec0e52b5e9e712339364ea758ed (patch) | |
tree | 54a81f37cfdccbb5ba1d3c925e6fd9261311550e /tests | |
parent | ca0dc13dd212ef8ca19fa6128115fe933b055437 (diff) |
New upstream release. (Closes: #836778)debian/4.7.2-1
Diffstat (limited to 'tests')
18 files changed, 304 insertions, 0 deletions
diff --git a/tests/README.md b/tests/README.md index 6bb3de49..ca45cf6f 100644 --- a/tests/README.md +++ b/tests/README.md @@ -159,3 +159,14 @@ $ TEST=012\* ./misc-tests.sh # from tests/ 6. The commit changelog should reference a commit that either introduced or fixed the bug (or both). Subject line of the shall mention the name of the new directory for ease of search, eg. `btrfs-progs: tests: add 012-subvolume-sync-must-wait` + +### Crafted/fuzzed images + +Images that are create by fuzzing or specially crafted to trigger some error +conditions should be added to the directory *fuzz-tests/images*, accompanied by +a textual description of the source (bugzilla, mail), the reporter, brief +description of the problem or the stack trace. + +If you have a fix for the problem, please submit it prior to the test image, so +the fuzz tests always succeed when run on random checked out. This helps +bisectability. diff --git a/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.txt b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.txt new file mode 100644 index 00000000..05cf3928 --- /dev/null +++ b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.txt @@ -0,0 +1,33 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=153641 +Lukas Lueg 2016-08-23 19:54:45 UTC + +Created attachment 229941 [details] +Image triggering btrfsck into asan error + +The filesystem-image attached to this bug drives btrfsck from btrfs-progs +v4.7-42-g56e9586 into a heap-use-after-free. The src was from kdave's mirror, +devel branch. CFLAGS='-DNDEBUG -O1 -g -fsanitize=address +-fno-omit-frame-pointer -fno-optimize-sibling-calls' + + +The juicy parts: +==32639==ERROR: AddressSanitizer: heap-use-after-free on address +0x621000019170 at pc 0x0000005c046e bp 0x7fff631e48d0 sp 0x7fff631e48c8 +READ of size 4 at 0x621000019170 thread T0 + #0 0x5c046d in free_extent_buffer +/home/lukas/dev/btrfsprogs_fuzz/src/extent_io.c:579:10 + #1 0x59356c in btrfs_release_all_roots +/home/lukas/dev/btrfsprogs_fuzz/src/disk-io.c:1084:3 + #2 0x5949a7 in __open_ctree_fd +/home/lukas/dev/btrfsprogs_fuzz/src/disk-io.c:1325:2 + #3 0x594325 in open_ctree_fs_info +/home/lukas/dev/btrfsprogs_fuzz/src/disk-io.c:1363:9 + #4 0x51e717 in cmd_check +/home/lukas/dev/btrfsprogs_fuzz/src/cmds-check.c:11320:9 + #5 0x4f0f81 in main /home/lukas/dev/btrfsprogs_fuzz/src/btrfs.c:243:8 + #6 0x7f5ce75ee730 in __libc_start_main (/lib64/libc.so.6+0x20730) + #7 0x4213f8 in _start (/home/lukas/dev/btrfsfuzz/bin/bin/btrfs+0x4213f8) + + +Note that the bug happens within core itself. The kernel may be vulnerable as +well, I didn't check, though. diff --git a/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.xz b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.xz Binary files differnew file mode 100644 index 00000000..d37b1a2d --- /dev/null +++ b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.xz diff --git a/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.txt b/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.txt new file mode 100644 index 00000000..dab91dcc --- /dev/null +++ b/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.txt @@ -0,0 +1,30 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=154021 +Lukas Lueg 2016-08-26 22:53:42 UTC + +Created attachment 230361 [details] +Image triggering btrfsck to segv + +The fuzzer hit again: + +==32522==ERROR: AddressSanitizer: SEGV on unknown address 0x00027fff801c (pc +0x0000004a952e bp 0x7fff5222ce70 sp 0x7fff5222c600 T0) + #0 0x4a952d in __asan_memcpy +(/home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfs+0x4a952d) + #1 0x66a323 in read_extent_buffer +/home/lukas/dev/btrfsfuzz/src-asan/extent_io.c:867:2 + #2 0x55ad25 in btrfs_node_key +/home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:1668:2 + #3 0x58573b in check_fs_root +/home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:3748:3 + #4 0x544136 in check_fs_roots +/home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:3896:10 + #5 0x53d8c5 in cmd_check +/home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:11470:8 + #6 0x4f105f in main /home/lukas/dev/btrfsfuzz/src-asan/btrfs.c:243:8 + #7 0x7fea1bcb7730 in __libc_start_main (/lib64/libc.so.6+0x20730) + #8 0x421238 in _start +(/home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfs+0x421238) + + +See the attached image to reproduce using btrfs-progs btrfs-progs +v4.7-42-g56e9586. diff --git a/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.xz b/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.xz Binary files differnew file mode 100644 index 00000000..76c58dce --- /dev/null +++ b/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.xz diff --git a/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.txt b/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.txt new file mode 100644 index 00000000..f41eac60 --- /dev/null +++ b/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.txt @@ -0,0 +1,21 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=154961 +Lukas Lueg 2016-08-27 17:29:35 UTC + +More news from the fuzzer. See the attached image to reproduce using +btrfs-progs btrfs-progs v4.7-42-g56e9586. You may need to compile with ASAN, +could not reproduce without... + + +==2572==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000018d86 at pc 0x000000547c3c bp 0x7ffd60ec5ef0 sp 0x7ffd60ec5ee8 +READ of size 8 at 0x621000018d86 thread T0 + #0 0x547c3b in btrfs_stripe_offset /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:1357:1 + #1 0x5391f7 in btrfs_stripe_offset_nr /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:1399:9 + #2 0x538790 in btrfs_new_chunk_record /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:5209:4 + #3 0x56c55d in process_chunk_item /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:5225:8 + #4 0x5634e7 in run_next_block /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:6290:5 + #5 0x55c489 in deal_root_from_list /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:8338:10 + #6 0x541d53 in check_chunks_and_extents /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:8505:8 + #7 0x53d565 in cmd_check /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:11430:9 + #8 0x4f105f in main /home/lukas/dev/btrfsfuzz/src-asan/btrfs.c:243:8 + #9 0x7f40dcd8b730 in __libc_start_main (/lib64/libc.so.6+0x20730) + #10 0x421238 in _start (/home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfs+0x421238) diff --git a/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.xz b/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.xz Binary files differnew file mode 100644 index 00000000..dfd01ca2 --- /dev/null +++ b/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.xz diff --git a/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.txt b/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.txt new file mode 100644 index 00000000..7f0b8045 --- /dev/null +++ b/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.txt @@ -0,0 +1,8 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=155181 +Lukas Lueg 2016-08-28 10:52:32 UTC + +Created attachment 230891 [details] +BTRFS-image that reaches abort() in btrfsck + +More news from the fuzzer. The attached image causes btrfsck to reach abort() +in in cmds-check.c:add_tree_backref(); using btrfs-progs v4.7-42-g56e9586. diff --git a/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.xz b/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.xz Binary files differnew file mode 100644 index 00000000..c401f2e5 --- /dev/null +++ b/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.xz diff --git a/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.txt b/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.txt new file mode 100644 index 00000000..9097e49d --- /dev/null +++ b/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.txt @@ -0,0 +1,35 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=155201 +Lukas Lueg 2016-08-28 19:15:53 UTC + +Created attachment 230921 [details] +Image causing SIGFPE in btrfsck + +News from the fuzzer. See the attached image to reproduce using btrfs-progs +v4.7-42-g56e9586. + + +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/lib64/libthread_db.so.1". +checking extents +Chunk[0, 4194304] existed. +Chunk[18446744073709551607, 228, 0]: length(1), offset(0), type(4160) mismatch +with block group[0, 192, 4194304]: offset(4194304), objectid(0), flags(2) + +Program received signal SIGFPE, Arithmetic exception. +0x000000000042b178 in calc_stripe_length (type=4160, length=1, num_stripes=0) +at cmds-check.c:8018 +8018 stripe_size /= num_stripes; +#0 0x000000000042b178 in calc_stripe_length (type=4160, length=1, +num_stripes=0) at cmds-check.c:8018 +#1 0x000000000042b56d in check_chunk_refs (silent=0, +dev_extent_cache=0x7fffffffdd30, block_group_cache=0x7fffffffdd60, +chunk_rec=0x6b92c0) at cmds-check.c:8101 +#2 check_chunks (chunk_cache=chunk_cache@entry=0x7fffffffdd80, +block_group_cache=block_group_cache@entry=0x7fffffffdd60, +dev_extent_cache=dev_extent_cache@entry=0x7fffffffdd30, good=good@entry=0x0, +bad=bad@entry=0x0, rebuild=rebuild@entry=0x0, silent=0) at cmds-check.c:8165 +#3 0x000000000042bbdd in check_chunks_and_extents (root=root@entry=0x6b2cf0) +at cmds-check.c:8524 +#4 0x000000000042e3cb in cmd_check (argc=<optimized out>, argv=<optimized +out>) at cmds-check.c:11430 +#5 0x000000000040a416 in main (argc=2, argv=0x7fffffffe218) at btrfs.c:243 diff --git a/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.xz b/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.xz Binary files differnew file mode 100644 index 00000000..5bc2d3b9 --- /dev/null +++ b/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.xz diff --git a/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.txt b/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.txt new file mode 100644 index 00000000..fb098411 --- /dev/null +++ b/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.txt @@ -0,0 +1,41 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=97021 +Lukas Lueg 2015-04-21 21:36:31 UTC + +The btrfs-image attached to this bug causes the userland tools v3.19.1 to crash +by reaching a call to abort(). + +(gdb) run check btrfs_fukked_abort_cmds-check:5919.bin +Starting program: /usr/sbin/btrfs check btrfs_fukked_abort_cmds-check:5919.bin +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/lib64/libthread_db.so.1". +Checking filesystem on btrfs_fukked_abort_cmds-check:5919.bin +UUID: cdd8684f-9eb1-40a4-91ec-1ed7c3cb444c +checking extents + +Program received signal SIGABRT, Aborted. +0x00000032626348d7 in __GI_raise (sig=sig@entry=6) + at ../sysdeps/unix/sysv/linux/raise.c:55 +55 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); +(gdb) bt +#0 0x00000032626348d7 in __GI_raise (sig=sig@entry=6) + at ../sysdeps/unix/sysv/linux/raise.c:55 +#1 0x000000326263653a in __GI_abort () at abort.c:89 +#2 0x0000000000425038 in run_next_block (root=root@entry=0x894b20, + bits=bits@entry=0x896960, last=last@entry=0x7fffffffd470, + pending=pending@entry=0x7fffffffd5f0, seen=seen@entry=0x7fffffffd5e0, + reada=reada@entry=0x7fffffffd600, nodes=0x7fffffffd610, + extent_cache=0x7fffffffd5d0, chunk_cache=0x7fffffffd5c0, dev_cache=0x7fffffffd5b0, + block_group_cache=0x7fffffffd6a0, dev_extent_cache=0x7fffffffd6c0, ri=0x894e20, + bits_nr=1024) at cmds-check.c:5908 +#3 0x000000000042523d in deal_root_from_list (list=list@entry=0x7fffffffd640, + root=root@entry=0x894b20, bits=bits@entry=0x896960, + pending=pending@entry=0x7fffffffd5f0, seen=seen@entry=0x7fffffffd5e0, + reada=reada@entry=0x7fffffffd600, nodes=0x7fffffffd610, + extent_cache=0x7fffffffd5d0, chunk_cache=0x7fffffffd5c0, dev_cache=0x7fffffffd5b0, + block_group_cache=0x7fffffffd6a0, dev_extent_cache=0x7fffffffd6c0, bits_nr=1024) + at cmds-check.c:7838 +#4 0x0000000000425f3d in check_chunks_and_extents (root=root@entry=0x894b20) + at cmds-check.c:8000 +#5 0x0000000000428144 in cmd_check (argc=<optimized out>, argv=<optimized out>) + at cmds-check.c:9431 +#6 0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245 diff --git a/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.xz b/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.xz Binary files differnew file mode 100644 index 00000000..4e9ff538 --- /dev/null +++ b/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.xz diff --git a/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt new file mode 100644 index 00000000..2dc51b21 --- /dev/null +++ b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt @@ -0,0 +1,58 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=97031 +Lukas Lueg 2015-04-21 21:47:18 UTC + +The btrfs-image attached to this bug causes the userland tools v3.19.1 to crash +with a SIGFPE. The problem is that map->stripe_len in __btrfs_map_block() is +allowed to be 0 before entering a division. + +The userland tool crashes. +The kernel fails to mount with +> BTRFS: failed to read the system array on loop0 +> BTRFS: open_ctree_failed + + + +(gdb) run check btrfs_fukked_sigfpe_volumes:1372.bin +.... +warning, device 0 is missing +warning, device 4294967295 is missing +warning, device 0 is missing +warning, device 0 is missing +warning, device 0 is missing +warning, device 0 is missing +warning, device 4294967295 is missing + +Program received signal SIGFPE, Arithmetic exception. +0x000000000044d56f in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, + type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, + raid_map_ret=0x0) at volumes.c:1372 +1372 stripe_nr = stripe_nr / map->stripe_len; +(gdb) bt +#0 0x000000000044d56f in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, + type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, + raid_map_ret=0x0) at volumes.c:1372 +#1 0x000000000044db45 in btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, + multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=mirror_num@entry=0, + raid_map_ret=0x0) at volumes.c:1291 +#2 0x000000000043b22d in read_whole_eb (info=0x88c010, eb=eb@entry=0x88f400, + mirror=mirror@entry=0) at disk-io.c:232 +#3 0x000000000043caa2 in read_tree_block (root=root@entry=0x88c710, + bytenr=<optimized out>, blocksize=<optimized out>, parent_transid=5) + at disk-io.c:295 +#4 0x000000000043d5df in btrfs_setup_chunk_tree_and_device_map ( + fs_info=fs_info@entry=0x88c010) at disk-io.c:1106 +#5 0x000000000043d7d1 in __open_ctree_fd (fp=fp@entry=3, + path=path@entry=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1372.bin", + sb_bytenr=65536, sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, + flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1190 +#6 0x000000000043d965 in open_ctree_fs_info ( + filename=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1372.bin", + sb_bytenr=sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, + flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1231 +#7 0x0000000000427bf5 in cmd_check (argc=1, argv=0x7fffffffde90) at cmds-check.c:9326 +#8 0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245 +(gdb) p map->stripe_len +$1 = 0 diff --git a/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz Binary files differnew file mode 100644 index 00000000..8680fa34 --- /dev/null +++ b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz diff --git a/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt new file mode 100644 index 00000000..5f631646 --- /dev/null +++ b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt @@ -0,0 +1,50 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=97041 + Lukas Lueg 2015-04-21 21:53:14 UTC + +The btrfs-image attached to this bug causes the userland tools v3.19.1 to +crash with a SIGFPE. The problem is that map->sub_stripes in +__btrfs_map_block() is allowed to be 0 before entering a division. + +The userland tool crashes. The kernel reports a "divide error: 0000 ..." +with a traceback from __btrfs_map_block() + + +(gdb) run check btrfs_fukked_sigfpe_volumes:1404.bin +Starting program: /usr/sbin/btrfs check btrfs_fukked_sigfpe_volumes:1404.bin +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/lib64/libthread_db.so.1". + +Program received signal SIGFPE, Arithmetic exception. +0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, + type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, + raid_map_ret=0x0) at volumes.c:1404 +1404 int factor = map->num_stripes / map->sub_stripes; +(gdb) bt +#0 0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, + type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, + raid_map_ret=0x0) at volumes.c:1404 +#1 0x000000000044db45 in btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, + multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=mirror_num@entry=0, + raid_map_ret=0x0) at volumes.c:1291 +#2 0x000000000043b22d in read_whole_eb (info=0x88c010, eb=eb@entry=0x88f400, + mirror=mirror@entry=0) at disk-io.c:232 +#3 0x000000000043caa2 in read_tree_block (root=root@entry=0x88c710, + bytenr=<optimized out>, blocksize=<optimized out>, parent_transid=5) + at disk-io.c:295 +#4 0x000000000043d5df in btrfs_setup_chunk_tree_and_device_map ( + fs_info=fs_info@entry=0x88c010) at disk-io.c:1106 +#5 0x000000000043d7d1 in __open_ctree_fd (fp=fp@entry=3, + path=path@entry=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin", + sb_bytenr=65536, sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, + flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1190 +#6 0x000000000043d965 in open_ctree_fs_info ( + filename=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin", + sb_bytenr=sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, + flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1231 +#7 0x0000000000427bf5 in cmd_check (argc=1, argv=0x7fffffffde90) at cmds-check.c:9326 +#8 0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245 +(gdb) p map->sub_stripes +$1 = 0 diff --git a/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz Binary files differnew file mode 100644 index 00000000..b8e23eb7 --- /dev/null +++ b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz diff --git a/tests/misc-tests/015-dump-super-garbage/test.sh b/tests/misc-tests/015-dump-super-garbage/test.sh new file mode 100755 index 00000000..33fc8332 --- /dev/null +++ b/tests/misc-tests/015-dump-super-garbage/test.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# +# let dump-super dump random data, must not crash + +source $TOP/tests/common + +check_prereq btrfs + +run_check $TOP/btrfs inspect-internal dump-super /dev/urandom +run_check $TOP/btrfs inspect-internal dump-super -a /dev/urandom +run_check $TOP/btrfs inspect-internal dump-super -fa /dev/urandom +run_check $TOP/btrfs inspect-internal dump-super -Ffa /dev/urandom +run_check $TOP/btrfs inspect-internal dump-super -Ffa /dev/urandom +run_check $TOP/btrfs inspect-internal dump-super -Ffa /dev/urandom +run_check $TOP/btrfs inspect-internal dump-super -Ffa /dev/urandom +run_check $TOP/btrfs inspect-internal dump-super -Ffa /dev/urandom +run_check $TOP/btrfs inspect-internal dump-super -Ffa /dev/urandom |