URL: https://bugzilla.kernel.org/show_bug.cgi?id=166361 Lukas Lueg 2016-09-17 16:45:53 UTC More news from the fuzzer. The attached image causes a segmentation fault when running btrfsck over it; using btrfs-progs v4.7.1-17-g2076992 The juicy parts: ==30530==ERROR: AddressSanitizer: SEGV on unknown address 0x62103031ae21 (pc 0x0000005f19b9 bp 0x7ffd4aa30a90 sp 0x7ffd4aa30a90 T0) #0 0x5f19b8 in btrfs_qgroup_status_flags /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:2136:1 #1 0x5f16f5 in read_qgroup_status /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:885:10 #2 0x5ef38a in load_quota_info /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:949:5 #3 0x5eeefc in qgroup_verify_all /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:1351:8 #4 0x51f08f in cmd_check /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:11637:9 #5 0x4f0f81 in main /home/lukas/dev/btrfsfuzz/src-asan/btrfs.c:243:8 #6 0x7f7eb11aa730 in __libc_start_main (/lib64/libc.so.6+0x20730) #7 0x4213f8 in _start (/home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfs+0x4213f8) parent transid verify failed on 4198400 wanted 4 found 5 Ignoring transid failure parent transid verify failed on 0 wanted 3472328296227680304 found 0 parent transid verify failed on 0 wanted 3472328296227680304 found 0 Ignoring transid failure parent transid verify failed on 4198400 wanted 26388280060160 found 5 Ignoring transid failure parent transid verify failed on 0 wanted 3472328296227680304 found 0 Ignoring transid failure checking extents parent transid verify failed on 0 wanted 3472328296227680304 found 0 Ignoring transid failure parent transid verify failed on 0 wanted 3472328296227680304 found 0 Ignoring transid failure parent transid verify failed on 0 wanted 3472328296227680304 found 0 Ignoring transid failure parent transid verify failed on 0 wanted 3472328296227680304 found 0 Ignoring transid failure parent transid verify failed on 0 wanted 3472328296227680304 found 0 Ignoring transid failure parent transid verify failed on 0 wanted 3472328296227680304 found 0 Ignoring transid failure parent transid verify failed on 0 wanted 3472328296227680304 found 0 Ignoring transid failure parent transid verify failed on 0 wanted 3472328296227680304 found 0 Ignoring transid failure Chunk[256, 228, 0]: length(4194304), offset(0), type(2) is not found in block group Chunk[256, 228, 0] stripe[1, 0] is not found in dev extent Chunk[256, 228, 4194304]: length(1638400), offset(4194304), type(5) is not found in block group Chunk[256, 228, 4194304] stripe[1, 4194304] is not found in dev extent Chunk[256, 228, 5832704]: length(1638400), offset(5832704), type(5) is not found in block group Chunk[256, 228, 5832704] stripe[1, 5832704] is not found in dev extent ref mismatch on [0 4096] extent item 0, found 1 Backref 0 parent 0 root 0 not found in extent tree backpointer mismatch on [0 4096] ref mismatch on [131072 4096] extent item 0, found 1 Backref 131072 parent 3 root 3 not found in extent tree backpointer mismatch on [131072 4096] ref mismatch on [4198400 4096] extent item 0, found 1 Backref 4198400 parent 1 root 1 not found in extent tree backpointer mismatch on [4198400 4096] ref mismatch on [4231168 4096] extent item 0, found 1 Backref 4231168 parent 7 root 7 not found in extent tree backpointer mismatch on [4231168 4096] ref mismatch on [3472328296227680304 3472328296227680304] extent item 0, found 1 Backref 3472328296227680304 root 1 owner 2 offset 0 num_refs 0 not found in extent tree Incorrect local backref count on 3472328296227680304 root 1 owner 2 offset 0 found 1 wanted 0 back 0x60800000bda0 backpointer mismatch on [3472328296227680304 3472328296227680304] Dev extent's total-byte(0) is not equal to byte-used(7471104) in dev[1, 216, 1] Errors found in extent allocation tree or chunk allocation parent transid verify failed on 0 wanted 3472328296227680304 found 0 Ignoring transid failure parent transid verify failed on 4198400 wanted 26388280060160 found 5 Ignoring transid failure checking free space cache checking fs roots root 5 root dir 3472328296227680304 not found checking csums checking root refs checking quota groups ASAN:DEADLYSIGNAL ================================================================= ==30530==ERROR: AddressSanitizer: SEGV on unknown address 0x62103031ae21 (pc 0x0000005f19b9 bp 0x7ffd4aa30a90 sp 0x7ffd4aa30a90 T0) #0 0x5f19b8 in btrfs_qgroup_status_flags /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:2136:1 #1 0x5f16f5 in read_qgroup_status /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:885:10 #2 0x5ef38a in load_quota_info /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:949:5 #3 0x5eeefc in qgroup_verify_all /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:1351:8 #4 0x51f08f in cmd_check /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:11637:9 #5 0x4f0f81 in main /home/lukas/dev/btrfsfuzz/src-asan/btrfs.c:243:8 #6 0x7f7eb11aa730 in __libc_start_main (/lib64/libc.so.6+0x20730) #7 0x4213f8 in _start (/home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfs+0x4213f8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:2136:1 in btrfs_qgroup_status_flags ==30530==ABORTING