From 083721de5c0c056a1699a70ec7a75a4e17d748ee Mon Sep 17 00:00:00 2001 From: David Sterba Date: Sat, 3 Sep 2016 20:52:18 +0200 Subject: [PATCH] btrfs-progs: tests: add fuzzed image for invalid sys_array and stripe_len Reported-by: Lukas Lueg Signed-off-by: David Sterba --- .../bko-97031-invalid-stripe-len-sys-array.raw.txt | 58 +++++++++++++++++++++ .../bko-97031-invalid-stripe-len-sys-array.raw.xz | Bin 0 -> 7128 bytes 2 files changed, 58 insertions(+) create mode 100644 tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt create mode 100644 tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz diff --git a/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt new file mode 100644 index 0000000..2dc51b2 --- /dev/null +++ b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.txt @@ -0,0 +1,58 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=97031 +Lukas Lueg 2015-04-21 21:47:18 UTC + +The btrfs-image attached to this bug causes the userland tools v3.19.1 to crash +with a SIGFPE. The problem is that map->stripe_len in __btrfs_map_block() is +allowed to be 0 before entering a division. + +The userland tool crashes. +The kernel fails to mount with +> BTRFS: failed to read the system array on loop0 +> BTRFS: open_ctree_failed + + + +(gdb) run check btrfs_fukked_sigfpe_volumes:1372.bin +.... +warning, device 0 is missing +warning, device 4294967295 is missing +warning, device 0 is missing +warning, device 0 is missing +warning, device 0 is missing +warning, device 0 is missing +warning, device 4294967295 is missing + +Program received signal SIGFPE, Arithmetic exception. +0x000000000044d56f in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=, length=length@entry=0x7fffffffd8f0, + type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, + raid_map_ret=0x0) at volumes.c:1372 +1372 stripe_nr = stripe_nr / map->stripe_len; +(gdb) bt +#0 0x000000000044d56f in __btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=, length=length@entry=0x7fffffffd8f0, + type=type@entry=0x0, multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=0, + raid_map_ret=0x0) at volumes.c:1372 +#1 0x000000000044db45 in btrfs_map_block (map_tree=map_tree@entry=0x88c170, + rw=rw@entry=0, logical=, length=length@entry=0x7fffffffd8f0, + multi_ret=multi_ret@entry=0x7fffffffd8e8, mirror_num=mirror_num@entry=0, + raid_map_ret=0x0) at volumes.c:1291 +#2 0x000000000043b22d in read_whole_eb (info=0x88c010, eb=eb@entry=0x88f400, + mirror=mirror@entry=0) at disk-io.c:232 +#3 0x000000000043caa2 in read_tree_block (root=root@entry=0x88c710, + bytenr=, blocksize=, parent_transid=5) + at disk-io.c:295 +#4 0x000000000043d5df in btrfs_setup_chunk_tree_and_device_map ( + fs_info=fs_info@entry=0x88c010) at disk-io.c:1106 +#5 0x000000000043d7d1 in __open_ctree_fd (fp=fp@entry=3, + path=path@entry=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1372.bin", + sb_bytenr=65536, sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, + flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1190 +#6 0x000000000043d965 in open_ctree_fs_info ( + filename=0x7fffffffe1fa "btrfs_fukked_sigfpe_volumes:1372.bin", + sb_bytenr=sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, + flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1231 +#7 0x0000000000427bf5 in cmd_check (argc=1, argv=0x7fffffffde90) at cmds-check.c:9326 +#8 0x000000000040e5a2 in main (argc=2, argv=0x7fffffffde90) at btrfs.c:245 +(gdb) p map->stripe_len +$1 = 0 diff --git a/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz b/tests/fuzz-tests/images/bko-97031-invalid-stripe-len-sys-array.raw.xz new file mode 100644 index 0000000000000000000000000000000000000000..8680fa34792359f7c937ad127957e66221feecc4 GIT binary patch literal 7128 zcmeI%MNk~vng-y;J-7yIv~joKZows3umlJMhsJ3nxCeI#F2SAPP8tmsv~jm!X$a6W zQ+IhcbN`xuYNqP0&*D_Q-*?X9d7ni5j7$Ik)cwU~C1d~)i5dU^5KJ3QAP~f;Yi|Jn zmnQ_GxDBB!r9$d1W~I}f4B9V_z_>r(r460q8Ga>!q}~7-kBQOXDaKn4D%*);B-Gn9 zrWgjtY>K=nt8bHPEr}v{+Au<*mwz(^E1hAJyS9I3;_)RC{b|<;JpL9y04u7zhO`rGu zwi+%~fQBBI>lzi;Zw?iEm5+EgYXmkf4}I#R_ehHBNR^RdD-_E{h}@_k-WHr*<*R|s z8cE8GwH*wFXtwr>euaq)!N@C7Ngpp0{JR_Nx6{>7zen}R_sc)n~7zOE3s8X z<3kBjl)qPG?2Ynx0iZL9WWLAyRRJMLJl_X;V- zHzyAAdQE08!xS)jdWpMTEtvBSz9-~nCqwi5H-V@1ymMPg*vc!R4=9bFC<@$2@eUYo zb*?{CJbSw`Eepd82X69AYrj82)(>YVaA7_yIS^U{oz@Okzz`&=)n?T};DJ@y$7$<| zt8om*=slkY3*wT+$7;2}#`sNQm;yA6@rw=J^U0$kW6TIA33^7 z!tldPRthuYh$CBFqn;zLug1H3rf8V= zqboI!e{?xKCuvRTxf?hC7rQh#;OTyngI* zm2@R>Xk+~u}bWF~l7R`Q3{<2e^l z#I{l*$*xqc*bFi>7!%y~c4m1b4^kPm(4xKK2b=Op{RC$D`8@sNPwYk&%^;$Ou*Dfp zo*rcwnPu9B2x608FjYSpP>)P8ji$59Uos`_sVAcw zM7ji~LpH1dhCen6a2hn1z#UtV%kS@I;!YZhtisU0D^Mw)S6m^jv1~L6NIc@urB9Ae zc}~6Ugb4W8UR@!1*xju+td_b)$y^w@PnL?Y1KAp29{1|uT72JPy<^MT$vR2Ps=!>F zpcinh2ddLGZc7_@m(rWC=ZY-2QoVpULQcFF+6=aR5#|^va)lY6Jc^H&Z+q%I*kj5x*Sj=C-K9mr}QtOCo-OAV`6``541- zCJ|{MCH%_AfQ>)dyxfL;iQ(6uLi%j}M;^sry;=ufy0HMEiEjgt-OjW`kk({8jBwhPDLwK54WxNNwS8aaA7jv6WYFH6qE9xQUe zE=~H(zEbmbJF*8@=PX><{1aJ@=6?I>gi#5HdS^XL%flg2t3a8fJM-`5xO9Q_OZE3r z3^ZhUlBbN+g@Kor=>@u~iKnW`t_Q>wmp%zByP%i6xHCVg1=X~2Kr}8otQSo9Nq-bz zI%Mln!H$4Vozi>WCgm+fQ z6)vKkt3)p@ybT4OQv{axJ&i48ph2G5PEyKCLaTC~afjw3#D55b=`ZC3tI;YioLg?t z{IW(PaV9cM`RQV&CKYejmA*YnJ92Dlky5+#26Fk{u&#bcQj~RICTa!Obg-q5bCe*w z5Hp8uLX&z<8ha6=Lb<#@nmRNK?KIxpKD!__C#YNd+?kX4p$KXgZ5bi2t2N*yP2|{R z28Iuphx$J9g{w@}mDgS@Rhb1NJWIbN+cqBMhvpDxsle z`c_#&=Kh+D;p!e%*)=oZR)R?BeBEX{m{rhAkj)+3x4voeEk8!BNS6|e*O<&2V;bvMC8Y47%(wL<%iQPF^AO^Py5$ZiL8~jx*Icor&&EGW z#K~Q_rHr;In|r#*e=fe9lpTm1%NbhZDK$=lmC~vwx}PEB`MoJ)TJ7^~(_uQWxT)1& zK)Y_E+|lOUhH}0=D3g8g*SS;fn)!__ zOu1y(P-8N!>N*UhCA98s^_M$*j9j93?~5_As3f>9(;~?DhArPlz`#9=Q`50jyHK`# zSJ@zZ=k3%a?F%%VoY~+N%`n}h0q)Vtka?k}PB*w6eak@n&IvXwG{PCeBR0tvYT7Yc zS^b2nd03jaX!c&)PuzLS!rS~OwBEWNXl9K!)$O5E>1PQG=#LlS=|zIpSserUg+4|5 zOn3$IhXsYIwxLkK=1fen_hLia6R@87csdS1c?m^h%DE=y6uL#u?Ux`XVacrEoPbhc z&j>MwcZo4PFk3{$10y`8({i)X@S#QA-$q;gFfa^sCK@<`FReA2*3fK7Gd6(@U^A#2 z8{`U4&y3sh(F4xg5JCg}(^TjcVMm$Ul$o+o&R?8&$M|jFl;_@fX}#c*a-mIjd;Zyp zhfZE@s*dV$#xR{~mc1q{(gUR$m%2ykiq_{TYunbtCW@)x&)0dGHyATfYQ>0H@$FdRFJ=_0o$F8v{aJ}m*~c&3f~eG@9x zhp*QZc^oCf34LotPb>eV>PnF#;Cd| zTCi3tDURZ_^5v56a)3Ti*(AWKE1h(+-&k?FSShy1CRY^z zJv+YFfYLu;l%N03=Om3u9eQ%r*p*AgMkWR$2Q=0sqyb<(6^nD;y6#Iweif==N%m6l z@#35g=TRH-9y2j(m)c0Tipb(GZBs*jIt2vSM&QKDS$3a(vDlXRIYGP_hus(TlWmdA zb*+LcZO^13N~oJ{R*>}Zh1z%q4AQJE_=9>SLvD00Lp5R0MtO!|;pjY z+h23u3h##`Bua+qG&tI;Q+)QsY0lPi)(dKvd$JTc0JM_>kmUo>? z;QeU1&M4WosEO&E~cOkX53y(!}Awt-=kmoS8F*_l`7Jznq!Vfwh>QFB9rD`w> zYf^UzpvMrsys@C;l4yMb=D8otly=_118_u9?Qx${0*k#AF{b_d9~Uh8NPP1RmV+e1 z?g1w2^k>E!hef_ljS3dV$P_29r$1Od#5ITX6JB++7$m=K(smq`jk7bWRVp6&R4h%E zkJ_j`&!l_mMXH#(K+;bnG-;s3E99MUBmN92CU*e6W76ze>~g+(zj%tFx+RnUdtzP& zo+9b@s4%-|q4mrGTu|laI>$RZ9OdV6jF{;kdBe?Bbq9u`Ki@|S8%!%&ViQ$%AtYha__DM&ug9_IcW{aMIu z>u)sMIub26SX~>aWIH>ZNo=M&*g-8%mMlT-EZ^T1!;$HQa&bC0-C9; z3*=XZW(It>F;P|x=Hz0z_5oXxcXD$w2a8=VLzjnjH!kRVpv3QD2rRm)edf>Fj zZ2AJFt@&yAQraCI5r1I7Wf%_NyVytXa(2gJn1HV^A#$-{3#lRhH{Wfg6Js2<@G zsSsZO&m6%_%|2~45mqSNO`uLN9zTHDSu1*atga^xs^5Dvq(ruNFx~yBie$>(J;LOng07s-cM7uL#0ZK3Z&F z85=3>HL`Hj!<0fAwLZDr6k8#4&cPLt(Dy;AX0S4`+s4y-ly_6+JCt z+8)j=O)ZFQy0vS1$Lt*>aElxq+XJ%Ccdsw!PSnGav6ms6d^Ocf_FVSLZhX%O`K@OE9oZe2HS>p zV+)o(#ZiiBDCz;^eHRdrwY;Vq<01}T7+dV{@W|G z2x<#2LCpRvj$#DzN0kmK|$49IeTN`0dxj2E)dg7G?#4;x=4S<=|a)*T|-I&S*DQ8kw$?oLWu+s$av8?-J`Hjb@y~B5{LW(s%Jn9G3W2v=%f9nabPxng@InXs+ViSpeGcKDS7~>SV`Q zOQ5fL>rL)PiqqI3lAcc3wALpBQ3rLxdtn5Yq|t$_K6g^k>p`zh-uo9rI=(zrAu00< zZ|J>wMb(@|)1$qi$z7)Sl$aFaAbpVT+O+lamQ)2J`b)db%5ihE%z@8==!p!%d=2a%z_CHShc zH?R|vcb4*H!6|t@Va0Y!^H?%Vm5d|pUim@uKzBPC-H(1sgBrGEW3={xPIaIdp z$;F*)bYe$vXd%&MK8v2=_$B>jSw)K}l8Ue-8fVvE!K~5^e~bb|3=;qU6Pxf<2j5W7 z^(I+#1Jp%g!JldC{3UNkV#N#nzZWRLMYt^2Puv^-{^`H2l`d5Kx9R)~ob(UV`8R_7 zxBczkf&GhM`H#R%k$C?Pd}X+n<*^(OsEtDn(Vq4usQie7Vm75t) z!%w-W&J*3shcPu7TnO%y?0>0l_^Yz|PfbTsR$g#?$f6s7?4MH0>oDT*82-