From 05b6d8b187dba66d92d2d7d7f48ca26090c1aac8 Mon Sep 17 00:00:00 2001
From: David Sterba <dsterba@suse.com>
Date: Thu, 8 Sep 2016 14:12:25 +0200
Subject: [PATCH] btrfs-progs: tests: add fuzzed image for a bad backref

Reported-by: Lukas Lueg <lukas.lueg@gmail.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---
 .../images/bko-155181-bad-backref.raw.txt     |  22 ++++++++++++++++++
 .../images/bko-155181-bad-backref.raw.xz      | Bin 0 -> 3684 bytes
 2 files changed, 22 insertions(+)
 create mode 100644 tests/fuzz-tests/images/bko-155181-bad-backref.raw.txt
 create mode 100644 tests/fuzz-tests/images/bko-155181-bad-backref.raw.xz

diff --git a/tests/fuzz-tests/images/bko-155181-bad-backref.raw.txt b/tests/fuzz-tests/images/bko-155181-bad-backref.raw.txt
new file mode 100644
index 00000000..440641e9
--- /dev/null
+++ b/tests/fuzz-tests/images/bko-155181-bad-backref.raw.txt
@@ -0,0 +1,22 @@
+ULR: https://bugzilla.kernel.org/show_bug.cgi?id=155181
+Lukas Lueg 2016-08-28 10:52:32 UTC
+
+More news from the fuzzer. The attached image causes btrfsck to reach abort()
+in in cmds-check.c:add_tree_backref(); using btrfs-progs v4.7-42-g56e9586.
+
+[Thread debugging using libthread_db enabled]
+Using host libthread_db library "/lib64/libthread_db.so.1".
+Checking filesystem on crash2.bin
+UUID: 5cb33553-6f6d-4ce8-83fd-20af5a2f8181
+
+Program received signal SIGABRT, Aborted.
+0x00007ffff6fae6f5 in raise () from /lib64/libc.so.6
+#0  0x00007ffff6fae6f5 in raise () from /lib64/libc.so.6
+#1  0x00007ffff6fb02fa in abort () from /lib64/libc.so.6
+#2  0x000000000041fbe1 in add_tree_backref (extent_cache=extent_cache@entry=0x7fffffffdd20, bytenr=bytenr@entry=131200, parent=parent@entry=0, root=3, found_ref=found_ref@entry=0) at cmds-check.c:4869
+#3  0x0000000000423538 in process_extent_item (root=root@entry=0x6b2cf0, extent_cache=extent_cache@entry=0x7fffffffdd20, eb=eb@entry=0x6af7c0, slot=slot@entry=1) at cmds-check.c:5452
+#4  0x000000000042a605 in run_next_block (root=root@entry=0x6b2cf0, bits=bits@entry=0x6b4ff0, bits_nr=bits_nr@entry=1024, last=last@entry=0x7fffffffd878, pending=pending@entry=0x7fffffffdd00, seen=seen@entry=0x7fffffffdd10, reada=0x7fffffffdcf0, nodes=0x7fffffffdce0, extent_cache=0x7fffffffdd20, chunk_cache=0x7fffffffdd80, dev_cache=0x7fffffffdd90, block_group_cache=0x7fffffffdd60, dev_extent_cache=0x7fffffffdd30, ri=0x6b9000) at cmds-check.c:6280
+#5  0x000000000042afb6 in deal_root_from_list (list=list@entry=0x7fffffffda10, root=root@entry=0x6b2cf0, bits=bits@entry=0x6b4ff0, bits_nr=bits_nr@entry=1024, pending=pending@entry=0x7fffffffdd00, seen=seen@entry=0x7fffffffdd10, reada=0x7fffffffdcf0, nodes=0x7fffffffdce0, extent_cache=0x7fffffffdd20, chunk_cache=0x7fffffffdd80, dev_cache=0x7fffffffdd90, block_group_cache=0x7fffffffdd60, dev_extent_cache=0x7fffffffdd30) at cmds-check.c:8338
+#6  0x000000000042bb15 in check_chunks_and_extents (root=root@entry=0x6b2cf0) at cmds-check.c:8505
+#7  0x000000000042e3cb in cmd_check (argc=<optimized out>, argv=<optimized out>) at cmds-check.c:11430
+#8  0x000000000040a416 in main (argc=2, argv=0x7fffffffe218) at btrfs.c:243
diff --git a/tests/fuzz-tests/images/bko-155181-bad-backref.raw.xz b/tests/fuzz-tests/images/bko-155181-bad-backref.raw.xz
new file mode 100644
index 0000000000000000000000000000000000000000..ff5fe8599ee815ffe095285c9a083d1c9fe36a74
GIT binary patch
literal 3684
zcmeH~X*ApU8pr>My_PVRi)(G{H1@qHHP+gyrLoqYC?d8RR6{YLT05z+HdUpSim|oU
z5sDK_jpbTOxs9z&nNcJ}<lZ^=zP_iOd*;l%=<DajbI#}YeLm0gV;Ux1^8x_&jk#7E
zFdz?-0sug8^4b`Sg<|XS1ppM2#lm;6Y|ZUNV~hjbItx`c@L60(I~1ApY0V*%^B_lJ
z>S#`mlO~>j;r8QqxlkeZRk-+2e9k{_(%Xw~^M&`X#MuY?Jf!G4l7w^}PRGzLh+r?+
zOCx@~N}4;Q+xwMXh#Q_*9cFf|S#Cr#b~Qg}h(m5)yvVP@jUHQ15_w9Tl#PKuQAQ*H
zKv1*aA<*C}wv$s?6LsURyXTYd!KMWkXBpuB^FMF${2aZt&n1iT2+?Oh)gmaJ?IUVa
z(@4~TGoWs+*-U$RoUebsI)UnEj8M;$%Tgg}yKEV?A9I|`&yXbtk0?0{Ey_P<6c^%<
z^ALV@Vbh}k(%X0ch%9`sn<(u_VN8O?b!d)a1_cTod`6Ckup?@u?Y&6|yvn?g%f|BU
z1%cBzy?50M@bYXMB7wi+Qnspjp34h4&Kvdy3a$M7x+X2+bOEtbv50wzJ?1oR-@57G
zM}t;(J~m6^{5O@7LNCwsCc|N3x2ouzZ&9Ax+&&G`zjBOM=LU}Y)){(>3uSj+_Xv7V
zdVJijxU{_R(JqMc-a$E(b!zM9h=dMD5t*)*S362QpS3%!A*E3aN339k6&Y*c1LVDS
zey*fajFvUaQ&@|xs)zbhRmhoBCAgeawSqn6c$!2%C(a4SoPR!>4;fT+rymp;Xmivx
z@1TB)cCzK0DiCUHx-R{4f~YL+1JBwHy?m{AJK-6evhK~neKfq-bi!~Ogq4OX@04vT
z7>cFSSkN=HZhqnouHfBT{|W~jQU9r5dPqq8xQj@4c$`igi3u)sw_#aBymLOOvQ}&*
z1D00%uxADv%7#nRHN>J{DB`{=A6^hw?YPchv~swn2kLlE2{a?1ywhzPJqA*2P7kN1
z^jhxLf1EOyB*D!=$-3mqy@k@e0NE~L?lB54&&7^gG8xBq-%2emf#Jsn8>Fz(?c}KY
zw=1(#x)jSZ38=nGwFeuu&_(*iTIS}(*|}Y9{0z$yZF0-Rm2kt%T>ka+My6IGf+{+w
zKP|Bsp9Z`^1K)m{ojLSDYRU*i-217VU>eaWt@3w`EY1AUxnp5D;qRx<hwV}#K%|<R
z)Nklu*B$4Yk7UrXHQn&s_2mySEfkx>E5BglHMEunT(1<IE#qYKAB{E@>DMvD)ro@Y
zw(vY^)JB$<(z6&ovBLUZ<NxQeUTB^aSF;2`8o)<oJp3?J+@K{*F2!K6sO)e?lsrJz
z>k8K)rlM`o+)z-Yu&17jOm#0IMO(7E<DPcZ9}<zv>T%;T-f~t)%kE}$)nFb|3|TGW
zZJX&YgFP_+Mu@p%s8znO086llj!uNrdB<5LDmIXYlav)kxfaZ$KQHssowWXt-<8hK
zYR$`%h^%I9v7H0VDOOZX-gSC>UT>Y1mb*pd^sI|;&a7rGLk$Mm@t^zV2TliTehSYz
zRs%CpU60s$ny}7mZc5)q(1K{&aSLHXl*WK4>E+99mmU<B%~3W&u}_SxI>S}K`;DX@
z2kuArv}y%GBvZnc1V!+jRU;87A)N7!^-2{2xg79#as5LNl!=OW{hLllztPJv+#PC0
z7eO#42?;?sJY|&n9!S?7bzfa;%5Vc)`_6SC^S7HHhck~74z73vo3M?{INC5T2Kj9+
zY^$EQnHsgP6XGhA?QZHOZSsmh{ibv5ue9xQWuL}d=r_xBX{Xxj-(^E|R_Mg>#;X-;
zk1t!g$;Zigl-8Q_mlccOf8{8dAX8a0Ht8m2RN!zG!>NVcS)G6m49Qm9TtZ4cKXFaH
zpPZsduuJfKB)aFx#ZIN4JTl}nL)k0wAazU{GEBW#txgHHjNyW8EwsKMz&^5_D#*_J
z=3Ssu2zh7A<a8D0Rne!<3$g!}W~i=#OY~Bd&qIu1CJD9^0kZWnm9v{BRTIOV$$FJI
z)Qn`|9tJW`IW=1>UqE{X7t{>*GIUC#(pLA9e42)2LY?W&+-g}?Nu-|2Q_V>0E#<Kc
zFc=dWFxr^QLyVdeoOhlmI#DJEMwdvhr&?1Ii=tY&jNgkI9(fVwVrk-~KZGuKs5}@z
z9@woZQc?N=@*|g06wU^IxAg0)Lwtqj3KEjnCgF9}c&+E5xkpH<-Tv!1k2@9YQDZ#|
zTRBZ-=UA{0<^R)@pOwTvaR|Pwb<15W^*@rK#=6%t{~`h@i51F1^Rs0CU|)P0s{bxh
zfn*x`H)86*Uy0bCrQFXz=mxQ9`3md{*5g-TUwBV^1@=3DVK^@U9KfT^%-swB{w@Nm
h4eHPbDh_=Bs7DHe!EhT2D;^OC!x-S-itKQ&e*tZLBLx5e

literal 0
HcmV?d00001