URL: https://bugzilla.kernel.org/show_bug.cgi?id=168301 Lukas Lueg 2016-09-17 20:00:11 UTC More news from the fuzzer. The attached image causes a call to abort() when running btrfsck over it; using btrfs-progs v4.7.2-55-g2b7c507 Program received signal SIGABRT, Aborted. 0x00007ffff6fae6f5 in raise () from /lib64/libc.so.6 #0 0x00007ffff6fae6f5 in raise () from /lib64/libc.so.6 #1 0x00007ffff6fb02fa in abort () from /lib64/libc.so.6 #2 0x0000000000424fc7 in add_data_backref (extent_cache=0x7fffffffdfe0, bytenr=18446744073709551615, parent=, root=, owner=, offset=, num_refs=, found_ref=, max_size=4096) at cmds-check.c:4856 #3 0x00000000004234bd in run_next_block (root=, bits=, bits_nr=1024, last=, pending=, seen=, reada=, nodes=, extent_cache=, chunk_cache=, dev_cache=, block_group_cache=, dev_extent_cache=, ri=) at cmds-check.c:6388 #4 0x0000000000421d9b in deal_root_from_list (list=, root=, bits=, bits_nr=1024, pending=, seen=, reada=, nodes=, extent_cache=, chunk_cache=, dev_cache=, block_group_cache=, dev_extent_cache=) at cmds-check.c:8391 #5 0x000000000041d160 in check_chunks_and_extents (root=) at cmds-check.c:8558 #6 0x000000000041bf0b in cmd_check (argc=, argv=) at cmds-check.c:11493 #7 0x000000000040a10d in main (argc=, argv=0x7fffffffe218) at btrfs.c:243 Checking filesystem on crashing_images/id:000170,sig:06,src:001268,op:havoc,rep:8.img UUID: 056b0872-c0a7-4121-8ac9-2263ffbee306 checking extents/bin/sh: line 3: 4644 Aborted LD_LIBRARY_PATH=/home/lukas/dev/btrfsfuzz/bin-asan/lib LD_PRELOAD=/home/lukas/dev/afl_git/libdislocator/libdislocator.so ASAN_OPTIONS=detect_leaks=0 /home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfsck crashing_images/id:000170,sig:06,src:001268,op:havoc,rep:8.img Starting program: /home/lukas/dev/btrfsfuzz/bin/bin/btrfsck crash000170.img [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGABRT, Aborted. 0x00007ffff6fae6f5 in raise () from /lib64/libc.so.6 #0 0x00007ffff6fae6f5 in raise () from /lib64/libc.so.6 #1 0x00007ffff6fb02fa in abort () from /lib64/libc.so.6 #2 0x0000000000424fc7 in add_data_backref (extent_cache=0x7fffffffdfe0, bytenr=18446744073709551615, parent=, root=, owner=, offset=, num_refs=, found_ref=, max_size=4096) at cmds-check.c:4856 #3 0x00000000004234bd in run_next_block (root=, bits=, bits_nr=1024, last=, pending=, seen=, reada=, nodes=, extent_cache=, chunk_cache=, dev_cache=, block_group_cache=, dev_extent_cache=, ri=) at cmds-check.c:6388 #4 0x0000000000421d9b in deal_root_from_list (list=, root=, bits=, bits_nr=1024, pending=, seen=, reada=, nodes=, extent_cache=, chunk_cache=, dev_cache=, block_group_cache=, dev_extent_cache=) at cmds-check.c:8391 #5 0x000000000041d160 in check_chunks_and_extents (root=) at cmds-check.c:8558 #6 0x000000000041bf0b in cmd_check (argc=, argv=) at cmds-check.c:11493 #7 0x000000000040a10d in main (argc=, argv=0x7fffffffe218) at btrfs.c:243 quit