marko10_000
/
btrfs-progs
forked from Mirrors/btrfs-progs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

btrfs-progs: add fuzzed testing images, superblock and chunks 

This adds 4 fuzz testing images, btrfsck either doesn't detect errors
in them or crashes immediately.

Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Reported-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
master
Liu Bo 2016-05-02 11:18:55 -07:00 committed by David Sterba
parent e58105df60
commit f2873c47d7
8 changed files with 191 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
tests/fuzz-tests/images/superblock-stripsize-bogus.raw.txt 100644
View File

@ -0,0 +1,32 @@
[ 125.415910] BTRFS info (device loop0): disk space caching is enabled
[ 125.550479] ------------[ cut here ]------------
[ 125.551145] WARNING: CPU: 6 PID: 1496 at fs/btrfs/locking.c:251 btrfs_tree_lock+0x22e/0x250
[ 125.552292] Modules linked in:
[ 125.552602] CPU: 6 PID: 1496 Comm: btrfs.exe Tainted: G W 4.6.0-rc5 #130
[ 125.553138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014
[ 125.553775] 0000000000000286 000000009b4bdd50 ffff88006a7478e0 ffffffff8157e563
[ 125.554299] 0000000000000000 0000000000000000 ffff88006a747920 ffffffff810a74ab
[ 125.554825] 000000fb8146c531 ffff88006bfec460 ffff88006bc63000 0000000000000000
[ 125.555373] Call Trace:
[ 125.555545] [<ffffffff8157e563>] dump_stack+0x85/0xc2
[ 125.555892] [<ffffffff810a74ab>] __warn+0xcb/0xf0
[ 125.556226] [<ffffffff810a75dd>] warn_slowpath_null+0x1d/0x20
[ 125.556654] [<ffffffff814871ee>] btrfs_tree_lock+0x22e/0x250
[ 125.557041] [<ffffffff81423831>] btrfs_init_new_buffer+0x81/0x160
[ 125.557458] [<ffffffff8143472a>] btrfs_alloc_tree_block+0x22a/0x430
[ 125.557883] [<ffffffff8141ae61>] __btrfs_cow_block+0x141/0x590
[ 125.558279] [<ffffffff8141b44f>] btrfs_cow_block+0x11f/0x1f0
[ 125.558666] [<ffffffff8141f09e>] btrfs_search_slot+0x1fe/0xa30
[ 125.559063] [<ffffffff81247c9d>] ? kmem_cache_alloc+0xfd/0x240
[ 125.559482] [<ffffffff8143b1f0>] btrfs_del_inode_ref+0x80/0x380
[ 125.559884] [<ffffffff8148e11a>] ? btrfs_del_inode_ref_in_log+0x8a/0x160
[ 125.560340] [<ffffffff8148e14d>] btrfs_del_inode_ref_in_log+0xbd/0x160
[ 125.560776] [<ffffffff814507f7>] __btrfs_unlink_inode+0x1d7/0x470
[ 125.561188] [<ffffffff814567a7>] btrfs_rename2+0x327/0x790
[ 125.561568] [<ffffffff8127b398>] vfs_rename+0x4d8/0x840
[ 125.561928] [<ffffffff81281b21>] SyS_rename+0x371/0x390
[ 125.562289] [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd
[ 125.562743] ---[ end trace 3b751f511705fb90 ]---
---------------------------------------------------------------------------
Fixed by patch:

BIN
tests/fuzz-tests/images/superblock-stripsize-bogus.raw.xz 100644
View File

Binary file not shown.

50
tests/fuzz-tests/images/superblock-total-bytes-0.raw.txt 100644
View File

@ -0,0 +1,50 @@
[342246.846031] BTRFS info (device loop0): disk space caching is enabled
[342246.862115] ------------[ cut here ]------------
[342246.862500] kernel BUG at fs/btrfs/inode.c:978!
[342246.862861] invalid opcode: 0000 [#1] SMP
[342246.863176] Modules linked in:
[342246.863410] CPU: 2 PID: 14504 Comm: btrfs.exe Tainted: G W 4.6.0-rc5 #130
[342246.864010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014
[342246.864674] task: ffff88006fdf0000 ti: ffff8800702e0000 task.ti: ffff8800702e0000
[342246.865186] RIP: 0010:[<ffffffff8144e9c7>] [<ffffffff8144e9c7>] cow_file_range+0x3f7/0x440
[342246.865770] RSP: 0018:ffff8800702e39e0 EFLAGS: 00010206
[342246.866157] RAX: ffff88006bb23000 RBX: 0000000000000001 RCX: 0000000000010000
[342246.866687] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000010000
[342246.867191] RBP: ffff8800702e3a70 R08: 0000000000000000 R09: 0000000000000000
[342246.867682] R10: 000000000000ffff R11: 0000000000010000 R12: ffff8800702e3bc0
[342246.868170] R13: ffff8800702e3b3c R14: 0000000000000000 R15: ffff880075369c10
[342246.868660] FS: 00007f96f5a38700(0000) GS:ffff88007ca00000(0000) knlGS:0000000000000000
[342246.869212] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[342246.869642] CR2: 000000000060f4bf CR3: 000000006fc9f000 CR4: 00000000000006e0
[342246.870146] Stack:
[342246.870295] 0000000000000000 0000000000000001 000000000000ffff ffffea00010c08c0
[342246.870838] ffff8800753698e8 0000000000010000 ffff88006fe0f000 000000000000ffff
[342246.871397] 000000000000ffff ffffffff814683e5 ffff8800753698c8 ffff8800753698e8
[342246.871944] Call Trace:
[342246.872124] [<ffffffff814683e5>] ? test_range_bit+0xe5/0x130
[342246.872522] [<ffffffff8144f906>] run_delalloc_range+0x396/0x3d0
[342246.872975] [<ffffffff8146873f>] writepage_delalloc.isra.42+0x10f/0x170
[342246.873437] [<ffffffff8146a674>] __extent_writepage+0xf4/0x370
[342246.873848] [<ffffffff8146abf4>] extent_write_cache_pages.isra.39.constprop.57+0x304/0x3f0
[342246.874419] [<ffffffff8146beec>] extent_writepages+0x5c/0x90
[342246.874818] [<ffffffff8144c870>] ? btrfs_real_readdir+0x5f0/0x5f0
[342246.875245] [<ffffffff814498f8>] btrfs_writepages+0x28/0x30
[342246.875641] [<ffffffff811ebc61>] do_writepages+0x21/0x30
[342246.876031] [<ffffffff811dc1a6>] __filemap_fdatawrite_range+0xc6/0x100
[342246.876487] [<ffffffff811dc2b3>] filemap_fdatawrite_range+0x13/0x20
[342246.876949] [<ffffffff8145eae0>] btrfs_fdatawrite_range+0x20/0x50
[342246.877375] [<ffffffff8145eb29>] start_ordered_ops+0x19/0x30
[342246.877774] [<ffffffff8145ebc2>] btrfs_sync_file+0x82/0x3f0
[342246.878166] [<ffffffff810fb717>] ? update_fast_ctr+0x17/0x30
[342246.878564] [<ffffffff812a848b>] vfs_fsync_range+0x4b/0xb0
[342246.878987] [<ffffffff8128fce6>] ? __fget_light+0x66/0x90
[342246.879368] [<ffffffff812a854d>] do_fsync+0x3d/0x70
[342246.879708] [<ffffffff812a8823>] SyS_fdatasync+0x13/0x20
[342246.880099] [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd
[342246.880554] Code: 03 00 00 48 c7 c7 00 b3 c9 81 c6 05 54 b6 b1 00 01 e8 0e 8c c5 ff e9 e5 fe ff ff 49 8b 57 40 e9 c0 fe ff ff bb f4 ff ff ff eb a1 <0f> 0b 48 8b 55 80 41 b9 0f 00 00 00 41 b8 68 00 00 00 31 c9 31
[342246.882394] RIP [<ffffffff8144e9c7>] cow_file_range+0x3f7/0x440
[342246.882810] RSP <ffff8800702e39e0>
[342246.883076] ---[ end trace 094193b6df6e45e7 ]---
--------------------------------------------------------
Fixed by patch:

BIN
tests/fuzz-tests/images/superblock-total-bytes-0.raw.xz 100644
View File

Binary file not shown.

54
tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.txt 100644
View File

@ -0,0 +1,54 @@
[ 135.166891] BTRFS info (device loop0): disk space caching is enabled
[ 135.169199] divide error: 0000 [#1] SMP
[ 135.169581] Modules linked in:
[ 135.169819] CPU: 2 PID: 1512 Comm: btrfs.exe Tainted: G W 4.6.0-rc5 #130
[ 135.170285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014
[ 135.170958] task: ffff880074925180 ti: ffff880077fa4000 task.ti: ffff880077fa4000
[ 135.171583] RIP: 0010:[<ffffffff81475ba0>] [<ffffffff81475ba0>] __btrfs_map_block+0xc0/0x11b0
[ 135.172096] RSP: 0000:ffff880077fa77b0 EFLAGS: 00010206
[ 135.172374] RAX: 0000000000020000 RBX: 0000000000020000 RCX: 0000000000000000
[ 135.172754] RDX: 0000000000000000 RSI: 0000000000400000 RDI: ffff880076258270
[ 135.173143] RBP: ffff880077fa7898 R08: 0000000000400000 R09: 0000000000000000
[ 135.173523] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000
[ 135.173916] R13: ffff880076258270 R14: ffff880077fa78e0 R15: ffff88006bb3b000
[ 135.174290] FS: 00007fd8267dc700(0000) GS:ffff88007ca00000(0000) knlGS:0000000000000000
[ 135.174718] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 135.175019] CR2: 00007ffe9c378df7 CR3: 0000000078788000 CR4: 00000000000006e0
[ 135.175392] Stack:
[ 135.175503] ffff88007cbe2c40 0000000000000000 ffff88007cbe2c50 ffff880074925180
[ 135.175924] ffff880074926560 ffff880074925180 0000000200000000 0000000000000000
[ 135.176340] ffffffffffffffff 0007ffffffffffff ffffffff8143eb18 0240004000000000
[ 135.176778] Call Trace:
[ 135.176913] [<ffffffff8143eb18>] ? btrfs_bio_wq_end_io+0x28/0x70
[ 135.177234] [<ffffffff81477218>] btrfs_map_bio+0x88/0x350
[ 135.177522] [<ffffffff8143eb18>] ? btrfs_bio_wq_end_io+0x28/0x70
[ 135.177960] [<ffffffff8143ed9d>] btree_submit_bio_hook+0x6d/0x110
[ 135.178410] [<ffffffff81464d1d>] submit_one_bio+0x6d/0xa0
[ 135.178814] [<ffffffff8146d6f1>] read_extent_buffer_pages+0x1c1/0x350
[ 135.179276] [<ffffffff8143cd60>] ? free_root_pointers+0x70/0x70
[ 135.179708] [<ffffffff8143e12c>] btree_read_extent_buffer_pages.constprop.55+0xac/0x110
[ 135.180261] [<ffffffff8143f036>] read_tree_block+0x36/0x60
[ 135.180647] [<ffffffff81443b52>] open_ctree+0x17a2/0x2900
[ 135.181027] [<ffffffff81417225>] btrfs_mount+0xd05/0xe60
[ 135.181400] [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0
[ 135.181850] [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710
[ 135.182241] [<ffffffff81272918>] mount_fs+0x38/0x170
[ 135.182609] [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150
[ 135.182998] [<ffffffff814166e6>] btrfs_mount+0x1c6/0xe60
[ 135.183372] [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0
[ 135.183825] [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710
[ 135.184233] [<ffffffff81272918>] mount_fs+0x38/0x170
[ 135.184583] [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150
[ 135.184971] [<ffffffff812958c6>] do_mount+0x256/0xeb0
[ 135.185318] [<ffffffff8124bb33>] ? __kmalloc_track_caller+0x113/0x290
[ 135.185759] [<ffffffff812b0b63>] ? block_ioctl+0x43/0x50
[ 135.186124] [<ffffffff811ff023>] ? memdup_user+0x53/0x80
[ 135.186488] [<ffffffff81296865>] SyS_mount+0x95/0xe0
[ 135.186877] [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd
[ 135.187308] Code: 8b 70 20 4c 8d 04 31 4c 39 c3 0f 87 2f 0b 00 00 48 8b 45 a8 49 89 dc 31 d2 49 29 cc 48 8b 40 70 48 63 48 10 48 89 45 a0 4c 89 e0 <48> f7 f1 49 89 cf 48 89 45 b8 48 0f af c1 49 39 c4 0f 82 c3 0a
[ 135.189097] RIP [<ffffffff81475ba0>] __btrfs_map_block+0xc0/0x11b0
[ 135.189527] RSP <ffff880077fa77b0>
[ 135.189819] ---[ end trace ea21fae64670799a ]---
---------------------------------------------------------------------------
Fixed by patch:

BIN
tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.xz 100644
View File

Binary file not shown.

55
tests/fuzz-tests/images/sys-chunk-type-bogus.raw.txt 100644
View File

@ -0,0 +1,55 @@
[ 145.676440] BTRFS error (device loop0): bad tree block start 0 131072
[ 145.677032] ------------[ cut here ]------------
[ 145.677307] kernel BUG at fs/btrfs/raid56.c:2142!
[ 145.677627] invalid opcode: 0000 [#1] SMP
[ 145.677955] Modules linked in:
[ 145.678182] CPU: 3 PID: 1538 Comm: btrfs.exe Tainted: G W 4.6.0-rc5 #130
[ 145.678734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014
[ 145.679402] task: ffff88006c830000 ti: ffff88006fc74000 task.ti: ffff88006fc74000
[ 145.679919] RIP: 0010:[<ffffffff814c5794>] [<ffffffff814c5794>] raid56_parity_recover+0xc4/0x160
[ 145.680514] RSP: 0018:ffff88006fc77868 EFLAGS: 00010286
[ 145.680865] RAX: ffff88006f725280 RBX: ffff880070ba0a68 RCX: 0000000000020000
[ 145.681373] RDX: 0000000000000100 RSI: 00000000ffffffff RDI: ffffffff831229e8
[ 145.681866] RBP: ffff88006fc77898 R08: 0000000000010000 R09: ffff8800768ff400
[ 145.682380] R10: ffff88007c003180 R11: 0000000000030000 R12: ffff88006f725280
[ 145.682870] R13: ffff88007b449000 R14: 0000000000000001 R15: ffff8800768ff400
[ 145.683363] FS: 00007f68b95a8700(0000) GS:ffff88007cc00000(0000) knlGS:0000000000000000
[ 145.683941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 145.684340] CR2: 00007fff0d130f98 CR3: 000000006bfd7000 CR4: 00000000000006e0
[ 145.684832] Stack:
[ 145.684977] 00000002e6816dd1 ffff880070ba0a68 ffff88007b449000 0000000000000001
[ 145.685541] 0000000000020000 0000000000000002 ffff88006fc77920 ffffffff814773cd
[ 145.686082] ffff880000000001 0000000002400040 ffff88006fc778f8 0000000081247c9d
[ 145.686654] Call Trace:
[ 145.686831] [<ffffffff814773cd>] btrfs_map_bio+0x23d/0x350
[ 145.687217] [<ffffffff8143ed9d>] btree_submit_bio_hook+0x6d/0x110
[ 145.687649] [<ffffffff81464d1d>] submit_one_bio+0x6d/0xa0
[ 145.688028] [<ffffffff8146d6f1>] read_extent_buffer_pages+0x1c1/0x350
[ 145.688501] [<ffffffff8143cd60>] ? free_root_pointers+0x70/0x70
[ 145.688916] [<ffffffff8143e12c>] btree_read_extent_buffer_pages.constprop.55+0xac/0x110
[ 145.689474] [<ffffffff8143f036>] read_tree_block+0x36/0x60
[ 145.689861] [<ffffffff81443b52>] open_ctree+0x17a2/0x2900
[ 145.690242] [<ffffffff81417225>] btrfs_mount+0xd05/0xe60
[ 145.690623] [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0
[ 145.691064] [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710
[ 145.691510] [<ffffffff81272918>] mount_fs+0x38/0x170
[ 145.691852] [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150
[ 145.692227] [<ffffffff814166e6>] btrfs_mount+0x1c6/0xe60
[ 145.692594] [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0
[ 145.693032] [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710
[ 145.693453] [<ffffffff81272918>] mount_fs+0x38/0x170
[ 145.693793] [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150
[ 145.694168] [<ffffffff812958c6>] do_mount+0x256/0xeb0
[ 145.694537] [<ffffffff8124bb33>] ? __kmalloc_track_caller+0x113/0x290
[ 145.694974] [<ffffffff812b0b63>] ? block_ioctl+0x43/0x50
[ 145.695338] [<ffffffff811ff023>] ? memdup_user+0x53/0x80
[ 145.695703] [<ffffffff81296865>] SyS_mount+0x95/0xe0
[ 145.696046] [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd
[ 145.696480] Code: 1f 48 8b 78 58 31 c0 48 8b 14 c7 48 39 d1 72 08 4c 01 c2 48 39 d1 72 15 48 83 c0 01 39 c6 7f e7 41 c7 87 3c 01 00 00 ff ff ff ff <0f> 0b 45 85 f6 41 89 87 3c 01 00 00 75 35 4c 89 e7 e8 e6 02 fb
[ 145.698326] RIP [<ffffffff814c5794>] raid56_parity_recover+0xc4/0x160
[ 145.698771] RSP <ffff88006fc77868>
[ 145.699047] ---[ end trace 22f39f01df276367 ]---
-----------------------------------------------------
Fixed by patch:

BIN
tests/fuzz-tests/images/sys-chunk-type-bogus.raw.xz 100644
View File

Binary file not shown.