diff options
| author | Liu Bo <bo.li.liu@oracle.com> | 2016-05-02 11:18:55 -0700 |
|---|---|---|
| committer | David Sterba <dsterba@suse.com> | 2016-05-11 16:37:48 +0200 |
| commit | f2873c47d74c5972cec555620716a3753c02cb2b (patch) | |
| tree | 2c7fe0e4899631bd37d8dd8dbff84f531e06e1ea /tests | |
| parent | e58105df6086d1d13466981c9f28ecea9c08b749 (diff) | |
btrfs-progs: add fuzzed testing images, superblock and chunks
This adds 4 fuzz testing images, btrfsck either doesn't detect errors
in them or crashes immediately.
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Reported-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/fuzz-tests/images/superblock-stripsize-bogus.raw.txt | 32 | ||||
| -rw-r--r-- | tests/fuzz-tests/images/superblock-stripsize-bogus.raw.xz | bin | 0 -> 41512 bytes | |||
| -rw-r--r-- | tests/fuzz-tests/images/superblock-total-bytes-0.raw.txt | 50 | ||||
| -rw-r--r-- | tests/fuzz-tests/images/superblock-total-bytes-0.raw.xz | bin | 0 -> 41424 bytes | |||
| -rw-r--r-- | tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.txt | 54 | ||||
| -rw-r--r-- | tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.xz | bin | 0 -> 41440 bytes | |||
| -rw-r--r-- | tests/fuzz-tests/images/sys-chunk-type-bogus.raw.txt | 55 | ||||
| -rw-r--r-- | tests/fuzz-tests/images/sys-chunk-type-bogus.raw.xz | bin | 0 -> 41524 bytes |
8 files changed, 191 insertions, 0 deletions
diff --git a/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.txt b/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.txt new file mode 100644 index 00000000..80e073f6 --- /dev/null +++ b/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.txt @@ -0,0 +1,32 @@ +[ 125.415910] BTRFS info (device loop0): disk space caching is enabled +[ 125.550479] ------------[ cut here ]------------ +[ 125.551145] WARNING: CPU: 6 PID: 1496 at fs/btrfs/locking.c:251 btrfs_tree_lock+0x22e/0x250 +[ 125.552292] Modules linked in: +[ 125.552602] CPU: 6 PID: 1496 Comm: btrfs.exe Tainted: G W 4.6.0-rc5 #130 +[ 125.553138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014 +[ 125.553775] 0000000000000286 000000009b4bdd50 ffff88006a7478e0 ffffffff8157e563 +[ 125.554299] 0000000000000000 0000000000000000 ffff88006a747920 ffffffff810a74ab +[ 125.554825] 000000fb8146c531 ffff88006bfec460 ffff88006bc63000 0000000000000000 +[ 125.555373] Call Trace: +[ 125.555545] [<ffffffff8157e563>] dump_stack+0x85/0xc2 +[ 125.555892] [<ffffffff810a74ab>] __warn+0xcb/0xf0 +[ 125.556226] [<ffffffff810a75dd>] warn_slowpath_null+0x1d/0x20 +[ 125.556654] [<ffffffff814871ee>] btrfs_tree_lock+0x22e/0x250 +[ 125.557041] [<ffffffff81423831>] btrfs_init_new_buffer+0x81/0x160 +[ 125.557458] [<ffffffff8143472a>] btrfs_alloc_tree_block+0x22a/0x430 +[ 125.557883] [<ffffffff8141ae61>] __btrfs_cow_block+0x141/0x590 +[ 125.558279] [<ffffffff8141b44f>] btrfs_cow_block+0x11f/0x1f0 +[ 125.558666] [<ffffffff8141f09e>] btrfs_search_slot+0x1fe/0xa30 +[ 125.559063] [<ffffffff81247c9d>] ? kmem_cache_alloc+0xfd/0x240 +[ 125.559482] [<ffffffff8143b1f0>] btrfs_del_inode_ref+0x80/0x380 +[ 125.559884] [<ffffffff8148e11a>] ? btrfs_del_inode_ref_in_log+0x8a/0x160 +[ 125.560340] [<ffffffff8148e14d>] btrfs_del_inode_ref_in_log+0xbd/0x160 +[ 125.560776] [<ffffffff814507f7>] __btrfs_unlink_inode+0x1d7/0x470 +[ 125.561188] [<ffffffff814567a7>] btrfs_rename2+0x327/0x790 +[ 125.561568] [<ffffffff8127b398>] vfs_rename+0x4d8/0x840 +[ 125.561928] [<ffffffff81281b21>] SyS_rename+0x371/0x390 +[ 125.562289] [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd +[ 125.562743] ---[ end trace 3b751f511705fb90 ]--- + +--------------------------------------------------------------------------- +Fixed by patch: diff --git a/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.xz b/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.xz Binary files differnew file mode 100644 index 00000000..f8b3bf54 --- /dev/null +++ b/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.xz diff --git a/tests/fuzz-tests/images/superblock-total-bytes-0.raw.txt b/tests/fuzz-tests/images/superblock-total-bytes-0.raw.txt new file mode 100644 index 00000000..d5e1f936 --- /dev/null +++ b/tests/fuzz-tests/images/superblock-total-bytes-0.raw.txt @@ -0,0 +1,50 @@ +[342246.846031] BTRFS info (device loop0): disk space caching is enabled +[342246.862115] ------------[ cut here ]------------ +[342246.862500] kernel BUG at fs/btrfs/inode.c:978! +[342246.862861] invalid opcode: 0000 [#1] SMP +[342246.863176] Modules linked in: +[342246.863410] CPU: 2 PID: 14504 Comm: btrfs.exe Tainted: G W 4.6.0-rc5 #130 +[342246.864010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014 +[342246.864674] task: ffff88006fdf0000 ti: ffff8800702e0000 task.ti: ffff8800702e0000 +[342246.865186] RIP: 0010:[<ffffffff8144e9c7>] [<ffffffff8144e9c7>] cow_file_range+0x3f7/0x440 +[342246.865770] RSP: 0018:ffff8800702e39e0 EFLAGS: 00010206 +[342246.866157] RAX: ffff88006bb23000 RBX: 0000000000000001 RCX: 0000000000010000 +[342246.866687] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000010000 +[342246.867191] RBP: ffff8800702e3a70 R08: 0000000000000000 R09: 0000000000000000 +[342246.867682] R10: 000000000000ffff R11: 0000000000010000 R12: ffff8800702e3bc0 +[342246.868170] R13: ffff8800702e3b3c R14: 0000000000000000 R15: ffff880075369c10 +[342246.868660] FS: 00007f96f5a38700(0000) GS:ffff88007ca00000(0000) knlGS:0000000000000000 +[342246.869212] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[342246.869642] CR2: 000000000060f4bf CR3: 000000006fc9f000 CR4: 00000000000006e0 +[342246.870146] Stack: +[342246.870295] 0000000000000000 0000000000000001 000000000000ffff ffffea00010c08c0 +[342246.870838] ffff8800753698e8 0000000000010000 ffff88006fe0f000 000000000000ffff +[342246.871397] 000000000000ffff ffffffff814683e5 ffff8800753698c8 ffff8800753698e8 +[342246.871944] Call Trace: +[342246.872124] [<ffffffff814683e5>] ? test_range_bit+0xe5/0x130 +[342246.872522] [<ffffffff8144f906>] run_delalloc_range+0x396/0x3d0 +[342246.872975] [<ffffffff8146873f>] writepage_delalloc.isra.42+0x10f/0x170 +[342246.873437] [<ffffffff8146a674>] __extent_writepage+0xf4/0x370 +[342246.873848] [<ffffffff8146abf4>] extent_write_cache_pages.isra.39.constprop.57+0x304/0x3f0 +[342246.874419] [<ffffffff8146beec>] extent_writepages+0x5c/0x90 +[342246.874818] [<ffffffff8144c870>] ? btrfs_real_readdir+0x5f0/0x5f0 +[342246.875245] [<ffffffff814498f8>] btrfs_writepages+0x28/0x30 +[342246.875641] [<ffffffff811ebc61>] do_writepages+0x21/0x30 +[342246.876031] [<ffffffff811dc1a6>] __filemap_fdatawrite_range+0xc6/0x100 +[342246.876487] [<ffffffff811dc2b3>] filemap_fdatawrite_range+0x13/0x20 +[342246.876949] [<ffffffff8145eae0>] btrfs_fdatawrite_range+0x20/0x50 +[342246.877375] [<ffffffff8145eb29>] start_ordered_ops+0x19/0x30 +[342246.877774] [<ffffffff8145ebc2>] btrfs_sync_file+0x82/0x3f0 +[342246.878166] [<ffffffff810fb717>] ? update_fast_ctr+0x17/0x30 +[342246.878564] [<ffffffff812a848b>] vfs_fsync_range+0x4b/0xb0 +[342246.878987] [<ffffffff8128fce6>] ? __fget_light+0x66/0x90 +[342246.879368] [<ffffffff812a854d>] do_fsync+0x3d/0x70 +[342246.879708] [<ffffffff812a8823>] SyS_fdatasync+0x13/0x20 +[342246.880099] [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd +[342246.880554] Code: 03 00 00 48 c7 c7 00 b3 c9 81 c6 05 54 b6 b1 00 01 e8 0e 8c c5 ff e9 e5 fe ff ff 49 8b 57 40 e9 c0 fe ff ff bb f4 ff ff ff eb a1 <0f> 0b 48 8b 55 80 41 b9 0f 00 00 00 41 b8 68 00 00 00 31 c9 31 +[342246.882394] RIP [<ffffffff8144e9c7>] cow_file_range+0x3f7/0x440 +[342246.882810] RSP <ffff8800702e39e0> +[342246.883076] ---[ end trace 094193b6df6e45e7 ]--- + +-------------------------------------------------------- +Fixed by patch: diff --git a/tests/fuzz-tests/images/superblock-total-bytes-0.raw.xz b/tests/fuzz-tests/images/superblock-total-bytes-0.raw.xz Binary files differnew file mode 100644 index 00000000..4b25020e --- /dev/null +++ b/tests/fuzz-tests/images/superblock-total-bytes-0.raw.xz diff --git a/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.txt b/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.txt new file mode 100644 index 00000000..d3dcb0a4 --- /dev/null +++ b/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.txt @@ -0,0 +1,54 @@ +[ 135.166891] BTRFS info (device loop0): disk space caching is enabled +[ 135.169199] divide error: 0000 [#1] SMP +[ 135.169581] Modules linked in: +[ 135.169819] CPU: 2 PID: 1512 Comm: btrfs.exe Tainted: G W 4.6.0-rc5 #130 +[ 135.170285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014 +[ 135.170958] task: ffff880074925180 ti: ffff880077fa4000 task.ti: ffff880077fa4000 +[ 135.171583] RIP: 0010:[<ffffffff81475ba0>] [<ffffffff81475ba0>] __btrfs_map_block+0xc0/0x11b0 +[ 135.172096] RSP: 0000:ffff880077fa77b0 EFLAGS: 00010206 +[ 135.172374] RAX: 0000000000020000 RBX: 0000000000020000 RCX: 0000000000000000 +[ 135.172754] RDX: 0000000000000000 RSI: 0000000000400000 RDI: ffff880076258270 +[ 135.173143] RBP: ffff880077fa7898 R08: 0000000000400000 R09: 0000000000000000 +[ 135.173523] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000 +[ 135.173916] R13: ffff880076258270 R14: ffff880077fa78e0 R15: ffff88006bb3b000 +[ 135.174290] FS: 00007fd8267dc700(0000) GS:ffff88007ca00000(0000) knlGS:0000000000000000 +[ 135.174718] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 135.175019] CR2: 00007ffe9c378df7 CR3: 0000000078788000 CR4: 00000000000006e0 +[ 135.175392] Stack: +[ 135.175503] ffff88007cbe2c40 0000000000000000 ffff88007cbe2c50 ffff880074925180 +[ 135.175924] ffff880074926560 ffff880074925180 0000000200000000 0000000000000000 +[ 135.176340] ffffffffffffffff 0007ffffffffffff ffffffff8143eb18 0240004000000000 +[ 135.176778] Call Trace: +[ 135.176913] [<ffffffff8143eb18>] ? btrfs_bio_wq_end_io+0x28/0x70 +[ 135.177234] [<ffffffff81477218>] btrfs_map_bio+0x88/0x350 +[ 135.177522] [<ffffffff8143eb18>] ? btrfs_bio_wq_end_io+0x28/0x70 +[ 135.177960] [<ffffffff8143ed9d>] btree_submit_bio_hook+0x6d/0x110 +[ 135.178410] [<ffffffff81464d1d>] submit_one_bio+0x6d/0xa0 +[ 135.178814] [<ffffffff8146d6f1>] read_extent_buffer_pages+0x1c1/0x350 +[ 135.179276] [<ffffffff8143cd60>] ? free_root_pointers+0x70/0x70 +[ 135.179708] [<ffffffff8143e12c>] btree_read_extent_buffer_pages.constprop.55+0xac/0x110 +[ 135.180261] [<ffffffff8143f036>] read_tree_block+0x36/0x60 +[ 135.180647] [<ffffffff81443b52>] open_ctree+0x17a2/0x2900 +[ 135.181027] [<ffffffff81417225>] btrfs_mount+0xd05/0xe60 +[ 135.181400] [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0 +[ 135.181850] [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710 +[ 135.182241] [<ffffffff81272918>] mount_fs+0x38/0x170 +[ 135.182609] [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150 +[ 135.182998] [<ffffffff814166e6>] btrfs_mount+0x1c6/0xe60 +[ 135.183372] [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0 +[ 135.183825] [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710 +[ 135.184233] [<ffffffff81272918>] mount_fs+0x38/0x170 +[ 135.184583] [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150 +[ 135.184971] [<ffffffff812958c6>] do_mount+0x256/0xeb0 +[ 135.185318] [<ffffffff8124bb33>] ? __kmalloc_track_caller+0x113/0x290 +[ 135.185759] [<ffffffff812b0b63>] ? block_ioctl+0x43/0x50 +[ 135.186124] [<ffffffff811ff023>] ? memdup_user+0x53/0x80 +[ 135.186488] [<ffffffff81296865>] SyS_mount+0x95/0xe0 +[ 135.186877] [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd +[ 135.187308] Code: 8b 70 20 4c 8d 04 31 4c 39 c3 0f 87 2f 0b 00 00 48 8b 45 a8 49 89 dc 31 d2 49 29 cc 48 8b 40 70 48 63 48 10 48 89 45 a0 4c 89 e0 <48> f7 f1 49 89 cf 48 89 45 b8 48 0f af c1 49 39 c4 0f 82 c3 0a +[ 135.189097] RIP [<ffffffff81475ba0>] __btrfs_map_block+0xc0/0x11b0 +[ 135.189527] RSP <ffff880077fa77b0> +[ 135.189819] ---[ end trace ea21fae64670799a ]--- + +--------------------------------------------------------------------------- +Fixed by patch: diff --git a/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.xz b/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.xz Binary files differnew file mode 100644 index 00000000..57d2a72f --- /dev/null +++ b/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.xz diff --git a/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.txt b/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.txt new file mode 100644 index 00000000..2559924d --- /dev/null +++ b/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.txt @@ -0,0 +1,55 @@ +[ 145.676440] BTRFS error (device loop0): bad tree block start 0 131072 +[ 145.677032] ------------[ cut here ]------------ +[ 145.677307] kernel BUG at fs/btrfs/raid56.c:2142! +[ 145.677627] invalid opcode: 0000 [#1] SMP +[ 145.677955] Modules linked in: +[ 145.678182] CPU: 3 PID: 1538 Comm: btrfs.exe Tainted: G W 4.6.0-rc5 #130 +[ 145.678734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014 +[ 145.679402] task: ffff88006c830000 ti: ffff88006fc74000 task.ti: ffff88006fc74000 +[ 145.679919] RIP: 0010:[<ffffffff814c5794>] [<ffffffff814c5794>] raid56_parity_recover+0xc4/0x160 +[ 145.680514] RSP: 0018:ffff88006fc77868 EFLAGS: 00010286 +[ 145.680865] RAX: ffff88006f725280 RBX: ffff880070ba0a68 RCX: 0000000000020000 +[ 145.681373] RDX: 0000000000000100 RSI: 00000000ffffffff RDI: ffffffff831229e8 +[ 145.681866] RBP: ffff88006fc77898 R08: 0000000000010000 R09: ffff8800768ff400 +[ 145.682380] R10: ffff88007c003180 R11: 0000000000030000 R12: ffff88006f725280 +[ 145.682870] R13: ffff88007b449000 R14: 0000000000000001 R15: ffff8800768ff400 +[ 145.683363] FS: 00007f68b95a8700(0000) GS:ffff88007cc00000(0000) knlGS:0000000000000000 +[ 145.683941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 145.684340] CR2: 00007fff0d130f98 CR3: 000000006bfd7000 CR4: 00000000000006e0 +[ 145.684832] Stack: +[ 145.684977] 00000002e6816dd1 ffff880070ba0a68 ffff88007b449000 0000000000000001 +[ 145.685541] 0000000000020000 0000000000000002 ffff88006fc77920 ffffffff814773cd +[ 145.686082] ffff880000000001 0000000002400040 ffff88006fc778f8 0000000081247c9d +[ 145.686654] Call Trace: +[ 145.686831] [<ffffffff814773cd>] btrfs_map_bio+0x23d/0x350 +[ 145.687217] [<ffffffff8143ed9d>] btree_submit_bio_hook+0x6d/0x110 +[ 145.687649] [<ffffffff81464d1d>] submit_one_bio+0x6d/0xa0 +[ 145.688028] [<ffffffff8146d6f1>] read_extent_buffer_pages+0x1c1/0x350 +[ 145.688501] [<ffffffff8143cd60>] ? free_root_pointers+0x70/0x70 +[ 145.688916] [<ffffffff8143e12c>] btree_read_extent_buffer_pages.constprop.55+0xac/0x110 +[ 145.689474] [<ffffffff8143f036>] read_tree_block+0x36/0x60 +[ 145.689861] [<ffffffff81443b52>] open_ctree+0x17a2/0x2900 +[ 145.690242] [<ffffffff81417225>] btrfs_mount+0xd05/0xe60 +[ 145.690623] [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0 +[ 145.691064] [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710 +[ 145.691510] [<ffffffff81272918>] mount_fs+0x38/0x170 +[ 145.691852] [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150 +[ 145.692227] [<ffffffff814166e6>] btrfs_mount+0x1c6/0xe60 +[ 145.692594] [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0 +[ 145.693032] [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710 +[ 145.693453] [<ffffffff81272918>] mount_fs+0x38/0x170 +[ 145.693793] [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150 +[ 145.694168] [<ffffffff812958c6>] do_mount+0x256/0xeb0 +[ 145.694537] [<ffffffff8124bb33>] ? __kmalloc_track_caller+0x113/0x290 +[ 145.694974] [<ffffffff812b0b63>] ? block_ioctl+0x43/0x50 +[ 145.695338] [<ffffffff811ff023>] ? memdup_user+0x53/0x80 +[ 145.695703] [<ffffffff81296865>] SyS_mount+0x95/0xe0 +[ 145.696046] [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd +[ 145.696480] Code: 1f 48 8b 78 58 31 c0 48 8b 14 c7 48 39 d1 72 08 4c 01 c2 48 39 d1 72 15 48 83 c0 01 39 c6 7f e7 41 c7 87 3c 01 00 00 ff ff ff ff <0f> 0b 45 85 f6 41 89 87 3c 01 00 00 75 35 4c 89 e7 e8 e6 02 fb +[ 145.698326] RIP [<ffffffff814c5794>] raid56_parity_recover+0xc4/0x160 +[ 145.698771] RSP <ffff88006fc77868> +[ 145.699047] ---[ end trace 22f39f01df276367 ]--- + +----------------------------------------------------- +Fixed by patch: + diff --git a/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.xz b/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.xz Binary files differnew file mode 100644 index 00000000..ef971ca3 --- /dev/null +++ b/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.xz |