1 files changed, 94 insertions, 0 deletions

diff --git a/tests/fuzz-tests/images/bko-156811-bad-parent-ref-qgroup-verify.raw.txt b/tests/fuzz-tests/images/bko-156811-bad-parent-ref-qgroup-verify.raw.txt
new file mode 100644
index 00000000..6e4a5418
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-156811-bad-parent-ref-qgroup-verify.raw.txt
@@ -0,0 +1,94 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=156811
+Lukas Lueg 2016-09-14 19:19:46 UTC
+
+More news from the fuzzer. The attached image causes btrfsck to engage in
+undefined behavior; using btrfs-progs v4.7-42-g56e9586. You need to compile
+with UBSAN in order to reproduce.
+
+The juicy parts:
+
+qgroup-verify.c:333:15: runtime error: member access within null pointer of type 'struct ref'
+    #0 0x88684f in find_parent_roots /home/lukas/dev/btrfsfuzz/src-ubsan/qgroup-verify.c:333:15
+    #1 0x877a71 in account_all_refs /home/lukas/dev/btrfsfuzz/src-ubsan/qgroup-verify.c:525:11
+    #2 0x87513b in qgroup_verify_all /home/lukas/dev/btrfsfuzz/src-ubsan/qgroup-verify.c:1372:8
+    #3 0x536d3a in cmd_check /home/lukas/dev/btrfsfuzz/src-ubsan/cmds-check.c:11637:9
+    #4 0x490560 in main /home/lukas/dev/btrfsfuzz/src-ubsan/btrfs.c:243:8
+    #5 0x7f35b46ab730 in __libc_start_main (/lib64/libc.so.6+0x20730)
+    #6 0x422188 in _start (/home/lukas/dev/btrfsfuzz/bin-ubsan/bin/btrfs+0x422188)
+
+
+We don't strictly need UBSAN as the error can be spotted by naked eye in
+find_parent_root(): The line "node = &ref->bytenr_node" gets a reference to a
+member of a NULL pointer before the pointer is checked against being NULL on
+the next line. It should be the other way around...
+
+crc32c.c:75:19: runtime error: load of misaligned address 0x74200001cc9c for type 'unsigned long', which requires 8 byte alignment
+0x74200001cc9c: note: pointer points here
+  00 00 00 00 b7 0e 65 6c  64 61 40 4b a5 0d 0f ba  33 0c 75 27 00 00 02 00  00 00 00 00 01 00 00 00
+              ^ 
+    #0 0x907c52 in crc32c_intel /home/lukas/dev/btrfsfuzz/src-ubsan/crc32c.c:75:19
+    #1 0x6f9845 in __csum_tree_block_size /home/lukas/dev/btrfsfuzz/src-ubsan/disk-io.c:139:8
+    #2 0x6f96b8 in csum_tree_block_size /home/lukas/dev/btrfsfuzz/src-ubsan/disk-io.c:159:9
+    #3 0x6fda28 in read_tree_block_fs_info /home/lukas/dev/btrfsfuzz/src-ubsan/disk-io.c:348:19
+    #4 0x71669f in btrfs_setup_chunk_tree_and_device_map /home/lukas/dev/btrfsfuzz/src-ubsan/disk-io.c:1210:30
+    #5 0x7187e4 in __open_ctree_fd /home/lukas/dev/btrfsfuzz/src-ubsan/disk-io.c:1322:8
+    #6 0x717a6d in open_ctree_fs_info /home/lukas/dev/btrfsfuzz/src-ubsan/disk-io.c:1381:9
+    #7 0x533791 in cmd_check /home/lukas/dev/btrfsfuzz/src-ubsan/cmds-check.c:11449:9
+    #8 0x490560 in main /home/lukas/dev/btrfsfuzz/src-ubsan/btrfs.c:243:8
+    #9 0x7f35b46ab730 in __libc_start_main (/lib64/libc.so.6+0x20730)
+    #10 0x422188 in _start (/home/lukas/dev/btrfsfuzz/bin-ubsan/bin/btrfs+0x422188)
+
+SUMMARY: MemorySanitizer: undefined-behavior crc32c.c:75:19 in 
+checking extents
+Chunk[256, 228, 0]: length(4194304), offset(0), type(2) is not found in block group
+Chunk[256, 228, 0] stripe[1, 0] is not found in dev extent
+Chunk[256, 228, 4194304]: length(1638400), offset(4194304), type(5) is not found in block group
+Chunk[256, 228, 4194304] stripe[1, 4194304] is not found in dev extent
+Chunk[256, 228, 5832704]: length(1638400), offset(5832704), type(5) is not found in block group
+Chunk[256, 228, 5832704] stripe[1, 5832704] is not found in dev extent
+ref mismatch on [131072 4096] extent item 0, found 1
+Backref 131072 parent 3 root 3 not found in extent tree
+backpointer mismatch on [131072 4096]
+ref mismatch on [4194304 4096] extent item 0, found 1
+Backref 4194304 parent 5 root 5 not found in extent tree
+backpointer mismatch on [4194304 4096]
+ref mismatch on [4198400 4096] extent item 0, found 1
+Backref 4198400 parent 1 root 1 not found in extent tree
+backpointer mismatch on [4198400 4096]
+ref mismatch on [4231168 4096] extent item 0, found 1
+Backref 4231168 parent 7 root 7 not found in extent tree
+backpointer mismatch on [4231168 4096]
+ref mismatch on [3472328296227680304 3472328296227680304] extent item 0, found 1
+Backref 3472328296227680304 root 1 owner 2 offset 0 num_refs 0 not found in extent tree
+Incorrect local backref count on 3472328296227680304 root 1 owner 2 offset 0 found 1 wanted 0 back 0x70c00000ed00
+backpointer mismatch on [3472328296227680304 3472328296227680304]
+Dev extent's total-byte(0) is not equal to byte-used(7471104) in dev[1, 216, 1]
+Errors found in extent allocation tree or chunk allocation
+checking free space cache
+checking fs roots
+checking csums
+checking root refs
+checking quota groups
+qgroup-verify.c:333:15: runtime error: member access within null pointer of type 'struct ref'
+    #0 0x88684f in find_parent_roots /home/lukas/dev/btrfsfuzz/src-ubsan/qgroup-verify.c:333:15
+    #1 0x877a71 in account_all_refs /home/lukas/dev/btrfsfuzz/src-ubsan/qgroup-verify.c:525:11
+    #2 0x87513b in qgroup_verify_all /home/lukas/dev/btrfsfuzz/src-ubsan/qgroup-verify.c:1372:8
+    #3 0x536d3a in cmd_check /home/lukas/dev/btrfsfuzz/src-ubsan/cmds-check.c:11637:9
+    #4 0x490560 in main /home/lukas/dev/btrfsfuzz/src-ubsan/btrfs.c:243:8
+    #5 0x7f35b46ab730 in __libc_start_main (/lib64/libc.so.6+0x20730)
+    #6 0x422188 in _start (/home/lukas/dev/btrfsfuzz/bin-ubsan/bin/btrfs+0x422188)
+
+SUMMARY: MemorySanitizer: undefined-behavior qgroup-verify.c:333:15 in 
+qgroup-verify.c:334: find_parent_roots: Assertion `ref == NULL` failed.
+btrfs check(backtrace+0x51)[0x43f6d1]
+btrfs check[0x883611]
+btrfs check[0x880ce9]
+btrfs check[0x8868b1]
+btrfs check[0x877a72]
+btrfs check(qgroup_verify_all+0x26c)[0x87513c]
+btrfs check(cmd_check+0x457b)[0x536d3b]
+btrfs check(main+0x6a1)[0x490561]
+/lib64/libc.so.6(__libc_start_main+0xf1)[0x7f35b46ab731]
+btrfs check(_start+0x29)[0x422189]
+Checking filesystem on ubsan_logs/id:002289,src:001702+002037,op:splice,rep:4.img
+UUID: b70e656c-6461-404b-a50d-0fba330c7527