Created attachment 233391 [details]
Image exposing undefined behavior

More news from the fuzzer. The attached image causes btrfsck to engage in undefined behavior; using btrfs-progs v4.7-42-g56e9586. You need to compile with UBSAN in order to reproduce.

The juicy parts:

qgroup-verify.c:333:15: runtime error: member access within null pointer of type 'struct ref'
    #0 0x88684f in find_parent_roots /home/lukas/dev/btrfsfuzz/src-ubsan/qgroup-verify.c:333:15
    #1 0x877a71 in account_all_refs /home/lukas/dev/btrfsfuzz/src-ubsan/qgroup-verify.c:525:11
    #2 0x87513b in qgroup_verify_all /home/lukas/dev/btrfsfuzz/src-ubsan/qgroup-verify.c:1372:8
    #3 0x536d3a in cmd_check /home/lukas/dev/btrfsfuzz/src-ubsan/cmds-check.c:11637:9
    #4 0x490560 in main /home/lukas/dev/btrfsfuzz/src-ubsan/btrfs.c:243:8
    #5 0x7f35b46ab730 in __libc_start_main (/lib64/libc.so.6+0x20730)
    #6 0x422188 in _start (/home/lukas/dev/btrfsfuzz/bin-ubsan/bin/btrfs+0x422188)


We don't strictly need UBSAN as the error can be spotted by naked eye in find_parent_root(): The line "node = &ref->bytenr_node" gets a reference to a member of a NULL pointer before the pointer is checked against being NULL on the next line. It should be the other way around...