Hi, I've now spent around 160 hours of fuzzing BTRFS, here are the crashes I found so far. Every type of crash is reported only once although there are usually multiple locations where they show up (especially heap-use-after-free and calls to abort()).
The following bug reports have attached to them images of ±18kb which expand to 16mb and reproduce a crash when running btrfsck; they all have been revirginized so CRC- and FSID-checks pass by a vanilla btrfsck. Use-after-free, shows up all over the place: https://bugzilla.kernel.org/show_bug.cgi?id=153641 Segfault in memcpy, yeah: https://bugzilla.kernel.org/show_bug.cgi?id=154021 Run-off-the-mill buffer-overflow: https://bugzilla.kernel.org/show_bug.cgi?id=154961 Endless loop in btrfsck: https://bugzilla.kernel.org/show_bug.cgi?id=155151 Calls to abort() by lack of error paths: https://bugzilla.kernel.org/show_bug.cgi?id=155181 Division by zero, the old problem of computing stripe_size: https://bugzilla.kernel.org/show_bug.cgi?id=155201 There are many more crashes like the above; how do you guys want them to be reported? Best regards -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
