btrfs-progs: tests: add fuzzed image for invalid sys_array and stripe_len

Reported-by: Lukas Lueg <lukas.lueg@gmail.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt
new file mode 100644 (file)
index 0000000..2dc51b2
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt
@@ -0,0 +1,58 @@
+URL: https://bugzilla.kernel.org/show_bug.cgi?id=97031
+Lukas Lueg 2015-04-21 21:47:18 UTC
+
+The btrfs-image attached to this bug causes the userland tools v3.19.1 to crash
+with a SIGFPE. The problem is that map->stripe_len in __btrfs_map_block() is
+allowed to be 0 before entering a division.
+
+The userland tool crashes.
+The kernel fails to mount with
+> BTRFS: failed to read the system array on loop0
+> BTRFS: open_ctree_failed
+
+
+
+(gdb) run check btrfs_fukked_sigfpe_volumes:1372.bin
+....
+warning, device 0 is missing
+warning, device 4294967295 is missing
+warning, device 0 is missing
+warning, device 0 is missing
+warning, device 0 is missing
+warning, device 0 is missing
+warning, device 4294967295 is missing
+
+Program received signal SIGFPE, Arithmetic exception.
+0x000000000044d56f in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, 
+    rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, 
+    type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, 
+    raid_map_ret=0x0) at volumes.c:1372
+1372           stripe_nr = stripe_nr / map->stripe_len;
+(gdb) bt
+#0  0x000000000044d56f in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, 
+    rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, 
+    type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, 
+    raid_map_ret=0x0) at volumes.c:1372
+#1  0x000000000044db45 in btrfs_map_block (map_tree=map_tree@entry=0x88c170, 
+    rw=rw@entry=0, logical=<optimized out>, length=length@entry=0x7fffffffd8f0, 
+    multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=mirror_num@entry=0, 
+    raid_map_ret=0x0) at volumes.c:1291
+#2  0x000000000043b22d in read_whole_eb (info=0x88c010, eb=eb@entry=0x88f400, 
+    mirror=mirror@entry=0) at disk-io.c:232
+#3  0x000000000043caa2 in read_tree_block (root=root@entry=0x88c710, 
+    bytenr=<optimized out>, blocksize=<optimized out>, parent_transid=5)
+    at disk-io.c:295
+#4  0x000000000043d5df in btrfs_setup_chunk_tree_and_device_map (
+    fs_info=fs_info@entry=0x88c010) at disk-io.c:1106
+#5  0x000000000043d7d1 in __open_ctree_fd (fp=fp@entry=3, 
+    path=path@entry=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1372.bin", 
+    sb_bytenr=65536, sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, 
+    flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1190
+#6  0x000000000043d965 in open_ctree_fs_info (
+    filename=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1372.bin", 
+    sb_bytenr=sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, 
+    flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1231
+#7  0x0000000000427bf5 in cmd_check (argc=1, argv=0x7fffffffde90) at cmds-check.c:9326
+#8  0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245
+(gdb) p map->stripe_len
+$1 = 0

diff --git a/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz
new file mode 100644 (file)
index 0000000..8680fa3
Binary files /dev/null and b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz differ