URL: https://bugzilla.kernel.org/show_bug.cgi?id=172861
Lukas Lueg 2016-09-24 15:40:54 UTC

More news from the fuzzer. The attached image causes a segmentation fault when
running btrfsck over it; using btrfs-progs v4.7.2-55-g2b7c507

The juicy parts:

==12279==ERROR: AddressSanitizer: SEGV on unknown address 0x6210010719f9 (pc 0x0000005f30bd bp 0x7ffcf39cc670 sp 0x7ffcf39cc670 T0)
    #0 0x5f30bc in btrfs_file_extent_type /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:2083:1
    #1 0x5f2f49 in add_refs_for_leaf_items /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:664:17
    #2 0x5f2ba9 in travel_tree /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:704:9
    #3 0x5f2c0a in travel_tree /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:719:9
    #4 0x5f299b in add_refs_for_implied /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:748:8
    #5 0x5efd39 in map_implied_refs /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:766:9
    #6 0x5eed89 in qgroup_verify_all /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:1366:8
    #7 0x51ea14 in cmd_check /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:11571:9
    #8 0x4f0ee1 in main /home/lukas/dev/btrfsfuzz/src-asan/btrfs.c:243:8
    #9 0x7f811e227730 in __libc_start_main (/lib64/libc.so.6+0x20730)
    #10 0x421358 in _start (/home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfs+0x421358)

Extent back ref already exists for 0 parent 0 root 0 
Extent back ref already exists for 0 parent 0 root 0 
Extent back ref already exists for 0 parent 0 root 0 
Chunk[256, 228, 0]: length(4194304), offset(0), type(2) is not found in block group
Chunk[256, 228, 0] stripe[1, 0] is not found in dev extent
Chunk[256, 228, 4194304]: length(1638400), offset(4194304), type(5) is not found in block group
Chunk[256, 228, 4194304] stripe[1, 4194304] is not found in dev extent
Chunk[256, 228, 5832704]: length(1638400), offset(5832704), type(5) is not found in block group
Chunk[256, 228, 5832704] stripe[1, 5832704] is not found in dev extent
Chunk[256, 228, 7471104]: length(9306112), offset(7471104), type(5) is not found in block group
Chunk[256, 228, 7471104] stripe[1, 7471104] is not found in dev extent
ref mismatch on [0 4096] extent item 0, found 4
Backref 0 parent 0 root 0 not found in extent tree
Incorrect global backref count on 0 found 1 wanted 4
backpointer mismatch on [0 4096]
bad extent [0, 4096), type mismatch with chunk
ref mismatch on [135168 4096] extent item 0, found 1
Backref 135168 parent 3 root 3 not found in extent tree
backpointer mismatch on [135168 4096]
ref mismatch on [4202496 4096] extent item 0, found 1
Backref 4202496 parent 1 root 1 not found in extent tree
backpointer mismatch on [4202496 4096]
Dev extent's total-byte(0) is not equal to byte-used(16777216) in dev[1, 216, 1]
checking free space cache
checking fs roots
root 5 root dir 0 not found
checking csums
checking root refs
checking quota groups
ASAN:DEADLYSIGNAL
=================================================================
==12279==ERROR: AddressSanitizer: SEGV on unknown address 0x6210010719f9 (pc 0x0000005f30bd bp 0x7ffcf39cc670 sp 0x7ffcf39cc670 T0)
    #0 0x5f30bc in btrfs_file_extent_type /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:2083:1
    #1 0x5f2f49 in add_refs_for_leaf_items /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:664:17
    #2 0x5f2ba9 in travel_tree /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:704:9
    #3 0x5f2c0a in travel_tree /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:719:9
    #4 0x5f299b in add_refs_for_implied /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:748:8
    #5 0x5efd39 in map_implied_refs /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:766:9
    #6 0x5eed89 in qgroup_verify_all /home/lukas/dev/btrfsfuzz/src-asan/qgroup-verify.c:1366:8
    #7 0x51ea14 in cmd_check /home/lukas/dev/btrfsfuzz/src-asan/cmds-check.c:11571:9
    #8 0x4f0ee1 in main /home/lukas/dev/btrfsfuzz/src-asan/btrfs.c:243:8
    #9 0x7f811e227730 in __libc_start_main (/lib64/libc.so.6+0x20730)
    #10 0x421358 in _start (/home/lukas/dev/btrfsfuzz/bin-asan/bin/btrfs+0x421358)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/lukas/dev/btrfsfuzz/src-asan/./ctree.h:2083:1 in btrfs_file_extent_type
==12279==ABORTING