summaryrefslogtreecommitdiff
path: root/tests/fuzz-tests/images
diff options
context:
space:
mode:
Diffstat (limited to 'tests/fuzz-tests/images')
-rw-r--r--tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.txt33
-rw-r--r--tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.xzbin0 -> 3852 bytes
-rw-r--r--tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.txt30
-rw-r--r--tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.xzbin0 -> 3788 bytes
-rw-r--r--tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.txt21
-rw-r--r--tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.xzbin0 -> 3692 bytes
-rw-r--r--tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.txt8
-rw-r--r--tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.xzbin0 -> 3684 bytes
-rw-r--r--tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.txt35
-rw-r--r--tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.xzbin0 -> 3696 bytes
-rw-r--r--tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.txt41
-rw-r--r--tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.xzbin0 -> 6472 bytes
-rw-r--r--tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt58
-rw-r--r--tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xzbin0 -> 7128 bytes
-rw-r--r--tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt50
-rw-r--r--tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xzbin0 -> 6476 bytes
16 files changed, 276 insertions, 0 deletions
diff --git a/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.txt b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.txt
new file mode 100644
index 00000000..05cf3928
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.txt
@@ -0,0 +1,33 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=153641
+Lukas Lueg 2016-08-23 19:54:45 UTC
+
+Created attachment 229941 [details]
+Image triggering btrfsck into asan error
+
+The filesystem-image attached to this bug drives btrfsck from btrfs-progs
+v4.7-42-g56e9586 into a heap-use-after-free. The src was from kdave's mirror,
+devel branch. CFLAGS='-DNDEBUG -O1 -g -fsanitize=address
+-fno-omit-frame-pointer -fno-optimize-sibling-calls'
+
+
+The juicy parts:
+==32639==ERROR: AddressSanitizer: heap-use-after-free on address
+0x621000019170 at pc 0x0000005c046e bp 0x7fff631e48d0 sp 0x7fff631e48c8
+READ of size 4 at 0x621000019170 thread T0
+ #0 0x5c046d in free_extent_buffer
+/home/lukas/dev/btrfsprogs_fuzz/src/extent_io.c:579:10
+ #1 0x59356c in btrfs_release_all_roots
+/home/lukas/dev/btrfsprogs_fuzz/src/disk-io.c:1084:3
+ #2 0x5949a7 in __open_ctree_fd
+/home/lukas/dev/btrfsprogs_fuzz/src/disk-io.c:1325:2
+ #3 0x594325 in open_ctree_fs_info
+/home/lukas/dev/btrfsprogs_fuzz/src/disk-io.c:1363:9
+ #4 0x51e717 in cmd_check
+/home/lukas/dev/btrfsprogs_fuzz/src/cmds-check.c:11320:9
+ #5 0x4f0f81 in main /home/lukas/dev/btrfsprogs_fuzz/src/btrfs.c:243:8
+ #6 0x7f5ce75ee730 in __libc_start_main (/lib64/libc.so.6+0x20730)
+ #7 0x4213f8 in _start (/home/lukas/dev/btrfsfuzz/bin/bin/btrfs+0x4213f8)
+
+
+Note that the bug happens within core itself. The kernel may be vulnerable as
+well, I didn't check, though.
diff --git a/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.xz b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.xz
new file mode 100644
index 00000000..d37b1a2d
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-153641-unaligned-tree-block-bytenr.raw.xz
Binary files differ
diff --git a/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.txt b/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.txt
new file mode 100644
index 00000000..dab91dcc
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.txt
@@ -0,0 +1,30 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=154021
+Lukas Lueg 2016-08-26 22:53:42 UTC
+
+Created attachment 230361 [details]
+Image triggering btrfsck to segv
+
+The fuzzer hit again:
+
+==32522==ERROR: AddressSanitizer: SEGV on unknown address 0x00027fff801c (pc
+0x0000004a952e bp 0x7fff5222ce70 sp 0x7fff5222c600 T0)
+ #0 0x4a952d in __asan_memcpy
+(/home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfs+0x4a952d)
+ #1 0x66a323 in read_extent_buffer
+/home/lukas/dev/btrfsfuzz/src-asan/extent_io.c:867:2
+ #2 0x55ad25 in btrfs_node_key
+/home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:1668:2
+ #3 0x58573b in check_fs_root
+/home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:3748:3
+ #4 0x544136 in check_fs_roots
+/home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:3896:10
+ #5 0x53d8c5 in cmd_check
+/home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:11470:8
+ #6 0x4f105f in main /home/lukas/dev/btrfsfuzz/src-asan/btrfs.c:243:8
+ #7 0x7fea1bcb7730 in __libc_start_main (/lib64/libc.so.6+0x20730)
+ #8 0x421238 in _start
+(/home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfs+0x421238)
+
+
+See the attached image to reproduce using btrfs-progs btrfs-progs
+v4.7-42-g56e9586.
diff --git a/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.xz b/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.xz
new file mode 100644
index 00000000..76c58dce
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-154021-invalid-drop-level.raw.xz
Binary files differ
diff --git a/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.txt b/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.txt
new file mode 100644
index 00000000..f41eac60
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.txt
@@ -0,0 +1,21 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=154961
+Lukas Lueg 2016-08-27 17:29:35 UTC
+
+More news from the fuzzer. See the attached image to reproduce using
+btrfs-progs btrfs-progs v4.7-42-g56e9586. You may need to compile with ASAN,
+could not reproduce without...
+
+
+==2572==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000018d86 at pc 0x000000547c3c bp 0x7ffd60ec5ef0 sp 0x7ffd60ec5ee8
+READ of size 8 at 0x621000018d86 thread T0
+ #0 0x547c3b in btrfs_stripe_offset /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:1357:1
+ #1 0x5391f7 in btrfs_stripe_offset_nr /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:1399:9
+ #2 0x538790 in btrfs_new_chunk_record /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:5209:4
+ #3 0x56c55d in process_chunk_item /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:5225:8
+ #4 0x5634e7 in run_next_block /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:6290:5
+ #5 0x55c489 in deal_root_from_list /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:8338:10
+ #6 0x541d53 in check_chunks_and_extents /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:8505:8
+ #7 0x53d565 in cmd_check /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:11430:9
+ #8 0x4f105f in main /home/lukas/dev/btrfsfuzz/src-asan/btrfs.c:243:8
+ #9 0x7f40dcd8b730 in __libc_start_main (/lib64/libc.so.6+0x20730)
+ #10 0x421238 in _start (/home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfs+0x421238)
diff --git a/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.xz b/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.xz
new file mode 100644
index 00000000..dfd01ca2
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-154961-heap-overflow-chunk-items.raw.xz
Binary files differ
diff --git a/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.txt b/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.txt
new file mode 100644
index 00000000..7f0b8045
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.txt
@@ -0,0 +1,8 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=155181
+Lukas Lueg 2016-08-28 10:52:32 UTC
+
+Created attachment 230891 [details]
+BTRFS-image that reaches abort() in btrfsck
+
+More news from the fuzzer. The attached image causes btrfsck to reach abort()
+in in cmds-check.c:add_tree_backref(); using btrfs-progs v4.7-42-g56e9586.
diff --git a/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.xz b/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.xz
new file mode 100644
index 00000000..c401f2e5
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-155181-unaligned-extent-item.raw.xz
Binary files differ
diff --git a/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.txt b/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.txt
new file mode 100644
index 00000000..9097e49d
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.txt
@@ -0,0 +1,35 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=155201
+Lukas Lueg 2016-08-28 19:15:53 UTC
+
+Created attachment 230921 [details]
+Image causing SIGFPE in btrfsck
+
+News from the fuzzer. See the attached image to reproduce using btrfs-progs
+v4.7-42-g56e9586.
+
+
+[Thread debugging using libthread_db enabled]
+Using host libthread_db library "/lib64/libthread_db.so.1".
+checking extents
+Chunk[0, 4194304] existed.
+Chunk[18446744073709551607, 228, 0]: length(1), offset(0), type(4160) mismatch
+with block group[0, 192, 4194304]: offset(4194304), objectid(0), flags(2)
+
+Program received signal SIGFPE, Arithmetic exception.
+0x000000000042b178 in calc_stripe_length (type=4160, length=1, num_stripes=0)
+at cmds-check.c:8018
+8018 stripe_size /= num_stripes;
+#0 0x000000000042b178 in calc_stripe_length (type=4160, length=1,
+num_stripes=0) at cmds-check.c:8018
+#1 0x000000000042b56d in check_chunk_refs (silent=0,
+dev_extent_cache=0x7fffffffdd30, block_group_cache=0x7fffffffdd60,
+chunk_rec=0x6b92c0) at cmds-check.c:8101
+#2 check_chunks (chunk_cache=chunk_cache@entry=0x7fffffffdd80,
+block_group_cache=block_group_cache@entry=0x7fffffffdd60,
+dev_extent_cache=dev_extent_cache@entry=0x7fffffffdd30, good=good@entry=0x0,
+bad=bad@entry=0x0, rebuild=rebuild@entry=0x0, silent=0) at cmds-check.c:8165
+#3 0x000000000042bbdd in check_chunks_and_extents (root=root@entry=0x6b2cf0)
+at cmds-check.c:8524
+#4 0x000000000042e3cb in cmd_check (argc=<optimized out>, argv=<optimized
+out>) at cmds-check.c:11430
+#5 0x000000000040a416 in main (argc=2, argv=0x7fffffffe218) at btrfs.c:243
diff --git a/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.xz b/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.xz
new file mode 100644
index 00000000..5bc2d3b9
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-155201-wrong-chunk-item-in-root-tree.raw.xz
Binary files differ
diff --git a/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.txt b/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.txt
new file mode 100644
index 00000000..fb098411
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.txt
@@ -0,0 +1,41 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=97021
+Lukas Lueg 2015-04-21 21:36:31 UTC
+
+The btrfs-image attached to this bug causes the userland tools v3.19.1 to crash
+by reaching a call to abort().
+
+(gdb) run check btrfs_fukked_abort_cmds-check:5919.bin
+Starting program: /usr/sbin/btrfs check btrfs_fukked_abort_cmds-check:5919.bin
+[Thread debugging using libthread_db enabled]
+Using host libthread_db library "/lib64/libthread_db.so.1".
+Checking filesystem on btrfs_fukked_abort_cmds-check:5919.bin
+UUID: cdd8684f-9eb1-40a4-91ec-1ed7c3cb444c
+checking extents
+
+Program received signal SIGABRT, Aborted.
+0x00000032626348d7 in __GI_raise (sig=sig@entry=6)
+ at ../sysdeps/unix/sysv/linux/raise.c:55
+55 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
+(gdb) bt
+#0 0x00000032626348d7 in __GI_raise (sig=sig@entry=6)
+ at ../sysdeps/unix/sysv/linux/raise.c:55
+#1 0x000000326263653a in __GI_abort () at abort.c:89
+#2 0x0000000000425038 in run_next_block (root=root@entry=0x894b20,
+ bits=bits@entry=0x896960, last=last@entry=0x7fffffffd470,
+ pending=pending@entry=0x7fffffffd5f0, seen=seen@entry=0x7fffffffd5e0,
+ reada=reada@entry=0x7fffffffd600, nodes=0x7fffffffd610,
+ extent_cache=0x7fffffffd5d0, chunk_cache=0x7fffffffd5c0, dev_cache=0x7fffffffd5b0,
+ block_group_cache=0x7fffffffd6a0, dev_extent_cache=0x7fffffffd6c0, ri=0x894e20,
+ bits_nr=1024) at cmds-check.c:5908
+#3 0x000000000042523d in deal_root_from_list (list=list@entry=0x7fffffffd640,
+ root=root@entry=0x894b20, bits=bits@entry=0x896960,
+ pending=pending@entry=0x7fffffffd5f0, seen=seen@entry=0x7fffffffd5e0,
+ reada=reada@entry=0x7fffffffd600, nodes=0x7fffffffd610,
+ extent_cache=0x7fffffffd5d0, chunk_cache=0x7fffffffd5c0, dev_cache=0x7fffffffd5b0,
+ block_group_cache=0x7fffffffd6a0, dev_extent_cache=0x7fffffffd6c0, bits_nr=1024)
+ at cmds-check.c:7838
+#4 0x0000000000425f3d in check_chunks_and_extents (root=root@entry=0x894b20)
+ at cmds-check.c:8000
+#5 0x0000000000428144 in cmd_check (argc=<optimized out>, argv=<optimized out>)
+ at cmds-check.c:9431
+#6 0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245
diff --git a/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.xz b/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.xz
new file mode 100644
index 00000000..4e9ff538
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-97021-invalid-chunk-sectorsize.raw.xz
Binary files differ
diff --git a/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt
new file mode 100644
index 00000000..2dc51b21
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt
@@ -0,0 +1,58 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=97031
+Lukas Lueg 2015-04-21 21:47:18 UTC
+
+The btrfs-image attached to this bug causes the userland tools v3.19.1 to crash
+with a SIGFPE. The problem is that map->stripe_len in __btrfs_map_block() is
+allowed to be 0 before entering a division.
+
+The userland tool crashes.
+The kernel fails to mount with
+> BTRFS: failed to read the system array on loop0
+> BTRFS: open_ctree_failed
+
+
+
+(gdb) run check btrfs_fukked_sigfpe_volumes:1372.bin
+....
+warning, device 0 is missing
+warning, device 4294967295 is missing
+warning, device 0 is missing
+warning, device 0 is missing
+warning, device 0 is missing
+warning, device 0 is missing
+warning, device 4294967295 is missing
+
+Program received signal SIGFPE, Arithmetic exception.
+0x000000000044d56f in __btrfs_map_block (map_tree=map_tree@entry=0x88c170,
+ rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0,
+ type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0,
+ raid_map_ret=0x0) at volumes.c:1372
+1372 stripe_nr = stripe_nr / map->stripe_len;
+(gdb) bt
+#0 0x000000000044d56f in __btrfs_map_block (map_tree=map_tree@entry=0x88c170,
+ rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0,
+ type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0,
+ raid_map_ret=0x0) at volumes.c:1372
+#1 0x000000000044db45 in btrfs_map_block (map_tree=map_tree@entry=0x88c170,
+ rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0,
+ multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=mirror_num@entry=0,
+ raid_map_ret=0x0) at volumes.c:1291
+#2 0x000000000043b22d in read_whole_eb (info=0x88c010, eb=eb@entry=0x88f400,
+ mirror=mirror@entry=0) at disk-io.c:232
+#3 0x000000000043caa2 in read_tree_block (root=root@entry=0x88c710,
+ bytenr=<optimized out>, blocksize=<optimized out>, parent_transid=5)
+ at disk-io.c:295
+#4 0x000000000043d5df in btrfs_setup_chunk_tree_and_device_map (
+ fs_info=fs_info@entry=0x88c010) at disk-io.c:1106
+#5 0x000000000043d7d1 in __open_ctree_fd (fp=fp@entry=3,
+ path=path@entry=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1372.bin",
+ sb_bytenr=65536, sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0,
+ flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1190
+#6 0x000000000043d965 in open_ctree_fs_info (
+ filename=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1372.bin",
+ sb_bytenr=sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0,
+ flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1231
+#7 0x0000000000427bf5 in cmd_check (argc=1, argv=0x7fffffffde90) at cmds-check.c:9326
+#8 0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245
+(gdb) p map->stripe_len
+$1 = 0
diff --git a/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz
new file mode 100644
index 00000000..8680fa34
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz
Binary files differ
diff --git a/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt
new file mode 100644
index 00000000..5f631646
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.txt
@@ -0,0 +1,50 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=97041
+ Lukas Lueg 2015-04-21 21:53:14 UTC
+
+The btrfs-image attached to this bug causes the userland tools v3.19.1 to
+crash with a SIGFPE. The problem is that map->sub_stripes in
+__btrfs_map_block() is allowed to be 0 before entering a division.
+
+The userland tool crashes. The kernel reports a "divide error: 0000 ..."
+with a traceback from __btrfs_map_block()
+
+
+(gdb) run check btrfs_fukked_sigfpe_volumes:1404.bin
+Starting program: /usr/sbin/btrfs check btrfs_fukked_sigfpe_volumes:1404.bin
+[Thread debugging using libthread_db enabled]
+Using host libthread_db library "/lib64/libthread_db.so.1".
+
+Program received signal SIGFPE, Arithmetic exception.
+0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170,
+ rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0,
+ type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0,
+ raid_map_ret=0x0) at volumes.c:1404
+1404 int factor = map->num_stripes / map->sub_stripes;
+(gdb) bt
+#0 0x000000000044d7b6 in __btrfs_map_block (map_tree=map_tree@entry=0x88c170,
+ rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0,
+ type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0,
+ raid_map_ret=0x0) at volumes.c:1404
+#1 0x000000000044db45 in btrfs_map_block (map_tree=map_tree@entry=0x88c170,
+ rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0,
+ multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=mirror_num@entry=0,
+ raid_map_ret=0x0) at volumes.c:1291
+#2 0x000000000043b22d in read_whole_eb (info=0x88c010, eb=eb@entry=0x88f400,
+ mirror=mirror@entry=0) at disk-io.c:232
+#3 0x000000000043caa2 in read_tree_block (root=root@entry=0x88c710,
+ bytenr=<optimized out>, blocksize=<optimized out>, parent_transid=5)
+ at disk-io.c:295
+#4 0x000000000043d5df in btrfs_setup_chunk_tree_and_device_map (
+ fs_info=fs_info@entry=0x88c010) at disk-io.c:1106
+#5 0x000000000043d7d1 in __open_ctree_fd (fp=fp@entry=3,
+ path=path@entry=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin",
+ sb_bytenr=65536, sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0,
+ flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1190
+#6 0x000000000043d965 in open_ctree_fs_info (
+ filename=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1404.bin",
+ sb_bytenr=sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0,
+ flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1231
+#7 0x0000000000427bf5 in cmd_check (argc=1, argv=0x7fffffffde90) at cmds-check.c:9326
+#8 0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245
+(gdb) p map->sub_stripes
+$1 = 0
diff --git a/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz
new file mode 100644
index 00000000..b8e23eb7
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-97041-invalid-sub-stripes-zero-FPE.raw.xz
Binary files differ