155181 – Fuzzed image reaches abort() in cmds-check.c:add_tree_backref()

Bug 155181 - Fuzzed image reaches abort() in cmds-check.c:add_tree_backref()

Summary: Fuzzed image reaches abort() in cmds-check.c:add_tree_backref()

Status:	RESOLVED CODE_FIX

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	btrfs (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	Josef Bacik

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-08-28 10:52 UTC by Lukas Lueg
Modified:	2016-09-08 12:14 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	4.6.6-300.fc24-x86_64
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
BTRFS-image that reaches abort() in btrfsck (17.60 KB, application/x-gzip) 2016-08-28 10:52 UTC, Lukas Lueg	Details
mildly useful stacktrace from gdb (1.91 KB, application/octet-stream) 2016-08-28 10:52 UTC, Lukas Lueg	Details
Add an attachment (proposed patch, testcase, etc.)

Description Lukas Lueg 2016-08-28 10:52:32 UTC

Created attachment 230891 [details]
BTRFS-image that reaches abort() in btrfsck

More news from the fuzzer. The attached image causes btrfsck to reach abort() in in cmds-check.c:add_tree_backref(); using btrfs-progs v4.7-42-g56e9586.

Comment 1 Lukas Lueg 2016-08-28 10:52:59 UTC

Created attachment 230901 [details]
mildly useful stacktrace from gdb

Comment 2 Qu Wenruo 2016-08-30 07:26:59 UTC

Btrfsck fix, to check validation of drop_level to fix it:
https://patchwork.kernel.org/patch/9304941/

Comment 3 David Sterba 2016-09-08 12:14:49 UTC

Image added to testsuite, closing.

Note You need to log in before you can comment on or make changes to this bug.