btrfs-progs: add fuzzed testing images, superblock and chunks

This adds 4 fuzz testing images, btrfsck either doesn't detect errors
in them or crashes immediately.

Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Reported-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.txt b/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.txt
new file mode 100644 (file)
index 0000000..80e073f
--- /dev/null
+++ b/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.txt
@@ -0,0 +1,32 @@
+[  125.415910] BTRFS info (device loop0): disk space caching is enabled
+[  125.550479] ------------[ cut here ]------------
+[  125.551145] WARNING: CPU: 6 PID: 1496 at fs/btrfs/locking.c:251 btrfs_tree_lock+0x22e/0x250
+[  125.552292] Modules linked in:
+[  125.552602] CPU: 6 PID: 1496 Comm: btrfs.exe Tainted: G        W       4.6.0-rc5 #130
+[  125.553138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014
+[  125.553775]  0000000000000286 000000009b4bdd50 ffff88006a7478e0 ffffffff8157e563
+[  125.554299]  0000000000000000 0000000000000000 ffff88006a747920 ffffffff810a74ab
+[  125.554825]  000000fb8146c531 ffff88006bfec460 ffff88006bc63000 0000000000000000
+[  125.555373] Call Trace:
+[  125.555545]  [<ffffffff8157e563>] dump_stack+0x85/0xc2
+[  125.555892]  [<ffffffff810a74ab>] __warn+0xcb/0xf0
+[  125.556226]  [<ffffffff810a75dd>] warn_slowpath_null+0x1d/0x20
+[  125.556654]  [<ffffffff814871ee>] btrfs_tree_lock+0x22e/0x250
+[  125.557041]  [<ffffffff81423831>] btrfs_init_new_buffer+0x81/0x160
+[  125.557458]  [<ffffffff8143472a>] btrfs_alloc_tree_block+0x22a/0x430
+[  125.557883]  [<ffffffff8141ae61>] __btrfs_cow_block+0x141/0x590
+[  125.558279]  [<ffffffff8141b44f>] btrfs_cow_block+0x11f/0x1f0
+[  125.558666]  [<ffffffff8141f09e>] btrfs_search_slot+0x1fe/0xa30
+[  125.559063]  [<ffffffff81247c9d>] ? kmem_cache_alloc+0xfd/0x240
+[  125.559482]  [<ffffffff8143b1f0>] btrfs_del_inode_ref+0x80/0x380
+[  125.559884]  [<ffffffff8148e11a>] ? btrfs_del_inode_ref_in_log+0x8a/0x160
+[  125.560340]  [<ffffffff8148e14d>] btrfs_del_inode_ref_in_log+0xbd/0x160
+[  125.560776]  [<ffffffff814507f7>] __btrfs_unlink_inode+0x1d7/0x470
+[  125.561188]  [<ffffffff814567a7>] btrfs_rename2+0x327/0x790
+[  125.561568]  [<ffffffff8127b398>] vfs_rename+0x4d8/0x840
+[  125.561928]  [<ffffffff81281b21>] SyS_rename+0x371/0x390
+[  125.562289]  [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd
+[  125.562743] ---[ end trace 3b751f511705fb90 ]---
+
+---------------------------------------------------------------------------
+Fixed by patch:

diff --git a/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.xz b/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.xz
new file mode 100644 (file)
index 0000000..f8b3bf5
Binary files /dev/null and b/tests/fuzz-tests/images/superblock-stripsize-bogus.raw.xz differ

diff --git a/tests/fuzz-tests/images/superblock-total-bytes-0.raw.txt b/tests/fuzz-tests/images/superblock-total-bytes-0.raw.txt
new file mode 100644 (file)
index 0000000..d5e1f93
--- /dev/null
+++ b/tests/fuzz-tests/images/superblock-total-bytes-0.raw.txt
@@ -0,0 +1,50 @@
+[342246.846031] BTRFS info (device loop0): disk space caching is enabled
+[342246.862115] ------------[ cut here ]------------
+[342246.862500] kernel BUG at fs/btrfs/inode.c:978!
+[342246.862861] invalid opcode: 0000 [#1] SMP 
+[342246.863176] Modules linked in:
+[342246.863410] CPU: 2 PID: 14504 Comm: btrfs.exe Tainted: G        W       4.6.0-rc5 #130
+[342246.864010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014
+[342246.864674] task: ffff88006fdf0000 ti: ffff8800702e0000 task.ti: ffff8800702e0000
+[342246.865186] RIP: 0010:[<ffffffff8144e9c7>]  [<ffffffff8144e9c7>] cow_file_range+0x3f7/0x440
+[342246.865770] RSP: 0018:ffff8800702e39e0  EFLAGS: 00010206
+[342246.866157] RAX: ffff88006bb23000 RBX: 0000000000000001 RCX: 0000000000010000
+[342246.866687] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000010000
+[342246.867191] RBP: ffff8800702e3a70 R08: 0000000000000000 R09: 0000000000000000
+[342246.867682] R10: 000000000000ffff R11: 0000000000010000 R12: ffff8800702e3bc0
+[342246.868170] R13: ffff8800702e3b3c R14: 0000000000000000 R15: ffff880075369c10
+[342246.868660] FS:  00007f96f5a38700(0000) GS:ffff88007ca00000(0000) knlGS:0000000000000000
+[342246.869212] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[342246.869642] CR2: 000000000060f4bf CR3: 000000006fc9f000 CR4: 00000000000006e0
+[342246.870146] Stack:
+[342246.870295]  0000000000000000 0000000000000001 000000000000ffff ffffea00010c08c0
+[342246.870838]  ffff8800753698e8 0000000000010000 ffff88006fe0f000 000000000000ffff
+[342246.871397]  000000000000ffff ffffffff814683e5 ffff8800753698c8 ffff8800753698e8
+[342246.871944] Call Trace:
+[342246.872124]  [<ffffffff814683e5>] ? test_range_bit+0xe5/0x130
+[342246.872522]  [<ffffffff8144f906>] run_delalloc_range+0x396/0x3d0
+[342246.872975]  [<ffffffff8146873f>] writepage_delalloc.isra.42+0x10f/0x170
+[342246.873437]  [<ffffffff8146a674>] __extent_writepage+0xf4/0x370
+[342246.873848]  [<ffffffff8146abf4>] extent_write_cache_pages.isra.39.constprop.57+0x304/0x3f0
+[342246.874419]  [<ffffffff8146beec>] extent_writepages+0x5c/0x90
+[342246.874818]  [<ffffffff8144c870>] ? btrfs_real_readdir+0x5f0/0x5f0
+[342246.875245]  [<ffffffff814498f8>] btrfs_writepages+0x28/0x30
+[342246.875641]  [<ffffffff811ebc61>] do_writepages+0x21/0x30
+[342246.876031]  [<ffffffff811dc1a6>] __filemap_fdatawrite_range+0xc6/0x100
+[342246.876487]  [<ffffffff811dc2b3>] filemap_fdatawrite_range+0x13/0x20
+[342246.876949]  [<ffffffff8145eae0>] btrfs_fdatawrite_range+0x20/0x50
+[342246.877375]  [<ffffffff8145eb29>] start_ordered_ops+0x19/0x30
+[342246.877774]  [<ffffffff8145ebc2>] btrfs_sync_file+0x82/0x3f0
+[342246.878166]  [<ffffffff810fb717>] ? update_fast_ctr+0x17/0x30
+[342246.878564]  [<ffffffff812a848b>] vfs_fsync_range+0x4b/0xb0
+[342246.878987]  [<ffffffff8128fce6>] ? __fget_light+0x66/0x90
+[342246.879368]  [<ffffffff812a854d>] do_fsync+0x3d/0x70
+[342246.879708]  [<ffffffff812a8823>] SyS_fdatasync+0x13/0x20
+[342246.880099]  [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd
+[342246.880554] Code: 03 00 00 48 c7 c7 00 b3 c9 81 c6 05 54 b6 b1 00 01 e8 0e 8c c5 ff e9 e5 fe ff ff 49 8b 57 40 e9 c0 fe ff ff bb f4 ff ff ff eb a1 <0f> 0b 48 8b 55 80 41 b9 0f 00 00 00 41 b8 68 00 00 00 31 c9 31 
+[342246.882394] RIP  [<ffffffff8144e9c7>] cow_file_range+0x3f7/0x440
+[342246.882810]  RSP <ffff8800702e39e0>
+[342246.883076] ---[ end trace 094193b6df6e45e7 ]---
+
+--------------------------------------------------------
+Fixed by patch: 

diff --git a/tests/fuzz-tests/images/superblock-total-bytes-0.raw.xz b/tests/fuzz-tests/images/superblock-total-bytes-0.raw.xz
new file mode 100644 (file)
index 0000000..4b25020
Binary files /dev/null and b/tests/fuzz-tests/images/superblock-total-bytes-0.raw.xz differ

diff --git a/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.txt b/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.txt
new file mode 100644 (file)
index 0000000..d3dcb0a
--- /dev/null
+++ b/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.txt
@@ -0,0 +1,54 @@
+[  135.166891] BTRFS info (device loop0): disk space caching is enabled
+[  135.169199] divide error: 0000 [#1] SMP 
+[  135.169581] Modules linked in:
+[  135.169819] CPU: 2 PID: 1512 Comm: btrfs.exe Tainted: G        W       4.6.0-rc5 #130
+[  135.170285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014
+[  135.170958] task: ffff880074925180 ti: ffff880077fa4000 task.ti: ffff880077fa4000
+[  135.171583] RIP: 0010:[<ffffffff81475ba0>]  [<ffffffff81475ba0>] __btrfs_map_block+0xc0/0x11b0
+[  135.172096] RSP: 0000:ffff880077fa77b0  EFLAGS: 00010206
+[  135.172374] RAX: 0000000000020000 RBX: 0000000000020000 RCX: 0000000000000000
+[  135.172754] RDX: 0000000000000000 RSI: 0000000000400000 RDI: ffff880076258270
+[  135.173143] RBP: ffff880077fa7898 R08: 0000000000400000 R09: 0000000000000000
+[  135.173523] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000
+[  135.173916] R13: ffff880076258270 R14: ffff880077fa78e0 R15: ffff88006bb3b000
+[  135.174290] FS:  00007fd8267dc700(0000) GS:ffff88007ca00000(0000) knlGS:0000000000000000
+[  135.174718] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[  135.175019] CR2: 00007ffe9c378df7 CR3: 0000000078788000 CR4: 00000000000006e0
+[  135.175392] Stack:
+[  135.175503]  ffff88007cbe2c40 0000000000000000 ffff88007cbe2c50 ffff880074925180
+[  135.175924]  ffff880074926560 ffff880074925180 0000000200000000 0000000000000000
+[  135.176340]  ffffffffffffffff 0007ffffffffffff ffffffff8143eb18 0240004000000000
+[  135.176778] Call Trace:
+[  135.176913]  [<ffffffff8143eb18>] ? btrfs_bio_wq_end_io+0x28/0x70
+[  135.177234]  [<ffffffff81477218>] btrfs_map_bio+0x88/0x350
+[  135.177522]  [<ffffffff8143eb18>] ? btrfs_bio_wq_end_io+0x28/0x70
+[  135.177960]  [<ffffffff8143ed9d>] btree_submit_bio_hook+0x6d/0x110
+[  135.178410]  [<ffffffff81464d1d>] submit_one_bio+0x6d/0xa0
+[  135.178814]  [<ffffffff8146d6f1>] read_extent_buffer_pages+0x1c1/0x350
+[  135.179276]  [<ffffffff8143cd60>] ? free_root_pointers+0x70/0x70
+[  135.179708]  [<ffffffff8143e12c>] btree_read_extent_buffer_pages.constprop.55+0xac/0x110
+[  135.180261]  [<ffffffff8143f036>] read_tree_block+0x36/0x60
+[  135.180647]  [<ffffffff81443b52>] open_ctree+0x17a2/0x2900
+[  135.181027]  [<ffffffff81417225>] btrfs_mount+0xd05/0xe60
+[  135.181400]  [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0
+[  135.181850]  [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710
+[  135.182241]  [<ffffffff81272918>] mount_fs+0x38/0x170
+[  135.182609]  [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150
+[  135.182998]  [<ffffffff814166e6>] btrfs_mount+0x1c6/0xe60
+[  135.183372]  [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0
+[  135.183825]  [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710
+[  135.184233]  [<ffffffff81272918>] mount_fs+0x38/0x170
+[  135.184583]  [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150
+[  135.184971]  [<ffffffff812958c6>] do_mount+0x256/0xeb0
+[  135.185318]  [<ffffffff8124bb33>] ? __kmalloc_track_caller+0x113/0x290
+[  135.185759]  [<ffffffff812b0b63>] ? block_ioctl+0x43/0x50
+[  135.186124]  [<ffffffff811ff023>] ? memdup_user+0x53/0x80
+[  135.186488]  [<ffffffff81296865>] SyS_mount+0x95/0xe0
+[  135.186877]  [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd
+[  135.187308] Code: 8b 70 20 4c 8d 04 31 4c 39 c3 0f 87 2f 0b 00 00 48 8b 45 a8 49 89 dc 31 d2 49 29 cc 48 8b 40 70 48 63 48 10 48 89 45 a0 4c 89 e0 <48> f7 f1 49 89 cf 48 89 45 b8 48 0f af c1 49 39 c4 0f 82 c3 0a 
+[  135.189097] RIP  [<ffffffff81475ba0>] __btrfs_map_block+0xc0/0x11b0
+[  135.189527]  RSP <ffff880077fa77b0>
+[  135.189819] ---[ end trace ea21fae64670799a ]---
+
+---------------------------------------------------------------------------
+Fixed by patch:

diff --git a/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.xz b/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.xz
new file mode 100644 (file)
index 0000000..57d2a72
Binary files /dev/null and b/tests/fuzz-tests/images/sys-chunk-stripe-len-bogus.raw.xz differ

diff --git a/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.txt b/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.txt
new file mode 100644 (file)
index 0000000..2559924
--- /dev/null
+++ b/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.txt
@@ -0,0 +1,55 @@
+[  145.676440] BTRFS error (device loop0): bad tree block start 0 131072
+[  145.677032] ------------[ cut here ]------------
+[  145.677307] kernel BUG at fs/btrfs/raid56.c:2142!
+[  145.677627] invalid opcode: 0000 [#1] SMP 
+[  145.677955] Modules linked in:
+[  145.678182] CPU: 3 PID: 1538 Comm: btrfs.exe Tainted: G        W       4.6.0-rc5 #130
+[  145.678734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014
+[  145.679402] task: ffff88006c830000 ti: ffff88006fc74000 task.ti: ffff88006fc74000
+[  145.679919] RIP: 0010:[<ffffffff814c5794>]  [<ffffffff814c5794>] raid56_parity_recover+0xc4/0x160
+[  145.680514] RSP: 0018:ffff88006fc77868  EFLAGS: 00010286
+[  145.680865] RAX: ffff88006f725280 RBX: ffff880070ba0a68 RCX: 0000000000020000
+[  145.681373] RDX: 0000000000000100 RSI: 00000000ffffffff RDI: ffffffff831229e8
+[  145.681866] RBP: ffff88006fc77898 R08: 0000000000010000 R09: ffff8800768ff400
+[  145.682380] R10: ffff88007c003180 R11: 0000000000030000 R12: ffff88006f725280
+[  145.682870] R13: ffff88007b449000 R14: 0000000000000001 R15: ffff8800768ff400
+[  145.683363] FS:  00007f68b95a8700(0000) GS:ffff88007cc00000(0000) knlGS:0000000000000000
+[  145.683941] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[  145.684340] CR2: 00007fff0d130f98 CR3: 000000006bfd7000 CR4: 00000000000006e0
+[  145.684832] Stack:
+[  145.684977]  00000002e6816dd1 ffff880070ba0a68 ffff88007b449000 0000000000000001
+[  145.685541]  0000000000020000 0000000000000002 ffff88006fc77920 ffffffff814773cd
+[  145.686082]  ffff880000000001 0000000002400040 ffff88006fc778f8 0000000081247c9d
+[  145.686654] Call Trace:
+[  145.686831]  [<ffffffff814773cd>] btrfs_map_bio+0x23d/0x350
+[  145.687217]  [<ffffffff8143ed9d>] btree_submit_bio_hook+0x6d/0x110
+[  145.687649]  [<ffffffff81464d1d>] submit_one_bio+0x6d/0xa0
+[  145.688028]  [<ffffffff8146d6f1>] read_extent_buffer_pages+0x1c1/0x350
+[  145.688501]  [<ffffffff8143cd60>] ? free_root_pointers+0x70/0x70
+[  145.688916]  [<ffffffff8143e12c>] btree_read_extent_buffer_pages.constprop.55+0xac/0x110
+[  145.689474]  [<ffffffff8143f036>] read_tree_block+0x36/0x60
+[  145.689861]  [<ffffffff81443b52>] open_ctree+0x17a2/0x2900
+[  145.690242]  [<ffffffff81417225>] btrfs_mount+0xd05/0xe60
+[  145.690623]  [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0
+[  145.691064]  [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710
+[  145.691510]  [<ffffffff81272918>] mount_fs+0x38/0x170
+[  145.691852]  [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150
+[  145.692227]  [<ffffffff814166e6>] btrfs_mount+0x1c6/0xe60
+[  145.692594]  [<ffffffff819cd15a>] ? __mutex_unlock_slowpath+0xfa/0x1c0
+[  145.693032]  [<ffffffff810fd3e4>] ? lockdep_init_map+0x64/0x710
+[  145.693453]  [<ffffffff81272918>] mount_fs+0x38/0x170
+[  145.693793]  [<ffffffff81292b7b>] vfs_kern_mount+0x6b/0x150
+[  145.694168]  [<ffffffff812958c6>] do_mount+0x256/0xeb0
+[  145.694537]  [<ffffffff8124bb33>] ? __kmalloc_track_caller+0x113/0x290
+[  145.694974]  [<ffffffff812b0b63>] ? block_ioctl+0x43/0x50
+[  145.695338]  [<ffffffff811ff023>] ? memdup_user+0x53/0x80
+[  145.695703]  [<ffffffff81296865>] SyS_mount+0x95/0xe0
+[  145.696046]  [<ffffffff819cfd3c>] entry_SYSCALL_64_fastpath+0x1f/0xbd
+[  145.696480] Code: 1f 48 8b 78 58 31 c0 48 8b 14 c7 48 39 d1 72 08 4c 01 c2 48 39 d1 72 15 48 83 c0 01 39 c6 7f e7 41 c7 87 3c 01 00 00 ff ff ff ff <0f> 0b 45 85 f6 41 89 87 3c 01 00 00 75 35 4c 89 e7 e8 e6 02 fb 
+[  145.698326] RIP  [<ffffffff814c5794>] raid56_parity_recover+0xc4/0x160
+[  145.698771]  RSP <ffff88006fc77868>
+[  145.699047] ---[ end trace 22f39f01df276367 ]---
+
+-----------------------------------------------------
+Fixed by patch: 
+

diff --git a/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.xz b/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.xz
new file mode 100644 (file)
index 0000000..ef971ca
Binary files /dev/null and b/tests/fuzz-tests/images/sys-chunk-type-bogus.raw.xz differ