Hello community, here is the log from the commit of package btrfsprogs for openSUSE:Factory checked in at 2015-09-24 07:18:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/btrfsprogs (Old) and /work/SRC/openSUSE:Factory/.btrfsprogs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "btrfsprogs" Changes: -------- --- /work/SRC/openSUSE:Factory/btrfsprogs/btrfsprogs.changes 2015-09-08 17:38:14.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.btrfsprogs.new/btrfsprogs.changes 2015-09-24 07:18:08.000000000 +0200 @@ -1,0 +2,19 @@ +Tue Sep 22 00:00:00 CEST 2015 - dste...@suse.cz + +- update to 4.2.1 + - fix an off-by-one error in cross-stripe boundary check + - convert: don't write uninitialized data to image + - image: don't loop with option -t0 + - image: don't create threads if compression is not requested +- Removed patches: + * 0001-btrfs-progs-fix-cross-stripe-boundary-check.patch + +------------------------------------------------------------------- +Thu Sep 17 00:00:00 CEST 2015 - dste...@suse.cz + +- make mkfs work with 64k nodesize again, notably fixes mkfs on ppc64 + (bsc#945229) +- Added patch: + * 0001-btrfs-progs-fix-cross-stripe-boundary-check.patch + +------------------------------------------------------------------- Old: ---- btrfs-progs-v4.2.tar.gz New: ---- btrfs-progs-v4.2.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ btrfsprogs.spec ++++++ --- /var/tmp/diff_new_pack.1RUMsi/_old 2015-09-24 07:18:09.000000000 +0200 +++ /var/tmp/diff_new_pack.1RUMsi/_new 2015-09-24 07:18:09.000000000 +0200 @@ -17,7 +17,7 @@ Name: btrfsprogs -Version: 4.2 +Version: 4.2.1 Release: 0 Summary: Utilities for the Btrfs filesystem License: GPL-2.0 ++++++ btrfs-progs-v4.2.tar.gz -> btrfs-progs-v4.2.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/Documentation/btrfs-mount.asciidoc new/btrfs-progs-v4.2.1/Documentation/btrfs-mount.asciidoc --- old/btrfs-progs-v4.2/Documentation/btrfs-mount.asciidoc 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/Documentation/btrfs-mount.asciidoc 2015-09-20 14:50:06.000000000 +0200 @@ -20,12 +20,17 @@ Default is 1MB. *autodefrag*:: +*noautodefrag*:: + (since: 3.0, default: off) + Disable/enable auto defragmentation. Auto defragmentation detects small random writes into files and queue them up for the defrag process. Works best for small files; Not well suited for large database workloads. -*check_int*|*check_int_data*|*check_int_print_mask='value'*:: +*check_int*:: +*check_int_data*:: +*check_int_print_mask='value'*:: + (since: 3.0, default: off) + These debugging options control the behavior of the integrity checking module (the BTRFS_FS_CHECK_INTEGRITY config option required). + + @@ -44,19 +49,25 @@ for more info. *commit='seconds'*:: - Set the interval of periodic commit, 30 seconds by default. Higher + (since: 3.12, default: 30) + + Set the interval of periodic commit. Higher values defer data being synced to permanent storage with obvious consequences when the system crashes. The upper bound is not forced, but a warning is printed if it's more than 300 seconds (5 minutes). -*compress*|*compress='type'*|*compress-force*|*compress-force='type'*:: - Control BTRFS file data compression. Type may be specified as "zlib" - "lzo" or "no" (for no compression, used for remounting). If no type - is specified, zlib is used. If compress-force is specified, +*compress*:: +*compress='type'*:: +*compress-force*:: +*compress-force='type'*:: + (default: off) + + Control BTRFS file data compression. Type may be specified as 'zlib', + 'lzo' or 'no' (for no compression, used for remounting). If no type + is specified, 'zlib' is used. If compress-force is specified, all files will be compressed, whether or not they compress well. - If compression is enabled, nodatacow and nodatasum are disabled. + NOTE: If compression is enabled, 'nodatacow' and 'nodatasum' are disabled. *degraded*:: + (default: off) + Allow mounts to continue with missing devices. A read-write mount may fail with too many devices missing, for example if a stripe member is completely missing. @@ -67,6 +78,8 @@ setup as root. May be specified multiple times for multiple devices. *discard*:: +*nodiscard*:: + (default: off) + Disable/enable discard mount option. Discard issues frequent commands to let the block device reclaim space freed by the filesystem. @@ -76,14 +89,18 @@ initiate batch trims from userspace). *enospc_debug*:: + (default: off) + Disable/enable debugging option to be more verbose in some ENOSPC conditions. *fatal_errors='action'*:: + (since: 3.4, default: bug) + Action to take when encountering a fatal error. + - "bug" - BUG() on a fatal error. This is the default. + + "bug" - BUG() on a fatal error. + "panic" - panic() on a fatal error. *flushoncommit*:: +*noflushoncommit*:: + (default: on) + The `flushoncommit` mount option forces any data dirtied by a write in a prior transaction to commit as part of the current commit. This makes the committed state a fully consistent view of the file system from the @@ -92,10 +109,13 @@ created. *inode_cache*:: +*noinode_cache*:: + (since: 3.0, default: off) + Enable free inode number caching. Defaults to off due to an overflow problem when the free space crcs don't fit inside a single page. *max_inline='bytes'*:: + (default: min(8192, page size) ) Specify the maximum amount of space, in bytes, that can be inlined in a metadata B-tree leaf. The value is specified in bytes, optionally with a K, M, or G suffix, case insensitive. In practice, this value @@ -106,48 +126,64 @@ Specify that 1 metadata chunk should be allocated after every 'value' data chunks. Off by default. +*acl*:: *noacl*:: + (default: on) + Enable/disable support for Posix Access Control Lists (ACLs). See the `acl`(5) manual page for more information about ACLs. +*barrier*:: *nobarrier*:: + (default: on) + ensure that certain IOs make it through the device cache and are on persistent storage. If disabled on a device with a volatile (non-battery-backed) write-back cache, nobarrier option will lead to filesystem corruption on a system crash or power loss. +*datacow*:: *nodatacow*:: + (default: on) + Enable/disable data copy-on-write for newly created files. Nodatacow implies nodatasum, and disables all compression. +*datasum*:: *nodatasum*:: + (default: on) + Enable/disable data checksumming for newly created files. Datasum implies datacow. +*treelog*:: *notreelog*:: + (default: on) + Enable/disable the tree logging used for fsync and O_SYNC writes. *recovery*:: + (since: 3.2, default: off) + Enable autorecovery attempts if a bad tree root is found at mount time. Currently this scans a list of several previous tree roots and tries to use the first readable. *rescan_uuid_tree*:: + (since: 3.12, default: off) + Force check and rebuild procedure of the UUID tree. This should not normally be needed. *skip_balance*:: + (since: 3.3, default: off) + Skip automatic resume of interrupted balance operation after mount. May be resumed with "btrfs balance resume." *nospace_cache*:: + (since: 3.2) + Disable freespace cache loading without clearing the cache. *clear_cache*:: Force clearing and rebuilding of the disk space cache if something has gone wrong. -*ssd*|*nossd*|*ssd_spread*:: +*ssd*:: +*nossd*:: +*ssd_spread*:: Options to control ssd allocation schemes. By default, BTRFS will enable or disable ssd allocation heuristics depending on whether a rotational or nonrotational disk is in use. The ssd and nossd options @@ -166,7 +202,8 @@ filesystem. You can use "btrfs subvolume list" to see subvolume ID numbers. -*subvolrootid='objectid' (deprecated)*:: +*subvolrootid='objectid'*:: + (deprecated) + Mount subvolume specified by 'objectid' rather than the root subvolume. This allows mounting of subvolumes which are not in the root of the mounted filesystem. @@ -177,6 +214,7 @@ to the number of CPUs + 2, or 8, whichever is smaller. *user_subvol_rm_allowed*:: + (default: off) + Allow subvolumes to be deleted by a non-root user. Use with caution. FILE ATTRIBUTES diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/INSTALL new/btrfs-progs-v4.2.1/INSTALL --- old/btrfs-progs-v4.2/INSTALL 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/INSTALL 2015-09-20 14:50:06.000000000 +0200 @@ -24,6 +24,10 @@ Please note that the package names may differ according to the distribution. See https://btrfs.wiki.kernel.org/index.php/Btrfs_source_repositories#Dependencies . + +Building from sources +--------------------- + To build from git sources you need to generate the configure script using the autotools: @@ -48,5 +52,28 @@ $ make EXTRA_CFLAGS=-ggdb3 +The build utilizes autotools, dependencies for generating the configure +scripts are: + +* autconf, autoheader +* automake, aclocal +* pkg-config + + +Staticly built binaries +----------------------- + +The makefiles are ready to let you build static binaries of the utilities. This +may be handy in rescue environments. Your system has to provide static version +of the libraries. + +$ make static +$ make btrfs.static +$ make btrfs-convert.static + +The resulting static binaries have the '.static' suffix, the intermediate object +files do not conflict with the normal (dynamic) build. + + References: * https://btrfs.wiki.kernel.org diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/Makefile.in new/btrfs-progs-v4.2.1/Makefile.in --- old/btrfs-progs-v4.2/Makefile.in 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/Makefile.in 2015-09-20 14:50:06.000000000 +0200 @@ -199,7 +199,7 @@ $(libs_static): $(libbtrfs_objects) @echo " [AR] $@" - $(Q)$(AR) cru libbtrfs.a $(libbtrfs_objects) + $(Q)$(AR) cr libbtrfs.a $(libbtrfs_objects) $(lib_links): @echo " [LN] $@" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/autogen.sh new/btrfs-progs-v4.2.1/autogen.sh --- old/btrfs-progs-v4.2/autogen.sh 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/autogen.sh 2015-09-20 14:50:06.000000000 +0200 @@ -37,10 +37,19 @@ (automake --version) < /dev/null > /dev/null 2>&1 || { echo echo "You must have automake installed to generate btrfs-progs build system." - echo + echo DIE=1 } +(pkg-config --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "You must have pkg-config installed to use btrfs-progs build system." + echo "The pkg-config utility was not found in the standard location, set" + echo "the PKG_CONFIG/PKG_CONFIG_PATH/PKG_CONFIG_LIBDIR variables at the" + echo "configure time." + echo +} + if test "$DIE" -eq 1; then exit 1 fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/btrfs-calc-size.c new/btrfs-progs-v4.2.1/btrfs-calc-size.c --- old/btrfs-progs-v4.2/btrfs-calc-size.c 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/btrfs-calc-size.c 2015-09-20 14:50:06.000000000 +0200 @@ -421,7 +421,7 @@ return ret; } -static void usage() +static void usage(void) { fprintf(stderr, "Usage: calc-size [-v] [-b] <device>\n"); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/btrfs-convert.c new/btrfs-progs-v4.2.1/btrfs-convert.c --- old/btrfs-progs-v4.2/btrfs-convert.c 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/btrfs-convert.c 2015-09-20 14:50:06.000000000 +0200 @@ -1016,6 +1016,8 @@ struct ext2_inode *src, u32 blocksize) { btrfs_set_stack_inode_generation(dst, 1); + btrfs_set_stack_inode_sequence(dst, 0); + btrfs_set_stack_inode_transid(dst, 1); btrfs_set_stack_inode_size(dst, src->i_size); btrfs_set_stack_inode_nbytes(dst, 0); btrfs_set_stack_inode_block_group(dst, 0); @@ -1052,6 +1054,8 @@ new_decode_dev(src->i_block[1])); } } + memset(&dst->reserved, 0, sizeof(dst->reserved)); + return 0; } @@ -1182,6 +1186,7 @@ } ret = btrfs_commit_transaction(trans, root); BUG_ON(ret); + ext2fs_close_inode_scan(ext2_scan); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/btrfs-corrupt-block.c new/btrfs-progs-v4.2.1/btrfs-corrupt-block.c --- old/btrfs-progs-v4.2/btrfs-corrupt-block.c 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/btrfs-corrupt-block.c 2015-09-20 14:50:06.000000000 +0200 @@ -33,8 +33,8 @@ #define FIELD_BUF_LEN 80 -struct extent_buffer *debug_corrupt_block(struct btrfs_root *root, u64 bytenr, - u32 blocksize, u64 copy) +static struct extent_buffer *debug_corrupt_block(struct btrfs_root *root, + u64 bytenr, u32 blocksize, u64 copy) { int ret; struct extent_buffer *eb; @@ -880,7 +880,7 @@ * If using COW, chunk recover will use the old item to recover, * which is still OK but we want to check the ability to rebuild chunk * not only restore the old ones */ -int corrupt_item_nocow(struct btrfs_trans_handle *trans, +static int corrupt_item_nocow(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, int del) { @@ -913,7 +913,7 @@ } return ret; } -int corrupt_chunk_tree(struct btrfs_trans_handle *trans, +static int corrupt_chunk_tree(struct btrfs_trans_handle *trans, struct btrfs_root *root) { int ret; @@ -986,7 +986,7 @@ btrfs_free_path(path); return ret; } -int find_chunk_offset(struct btrfs_root *root, +static int find_chunk_offset(struct btrfs_root *root, struct btrfs_path *path, u64 offset) { struct btrfs_key key; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/btrfs-image.c new/btrfs-progs-v4.2.1/btrfs-image.c --- old/btrfs-progs-v4.2/btrfs-image.c 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/btrfs-image.c 2015-09-20 14:50:06.000000000 +0200 @@ -2690,7 +2690,7 @@ { char *source; char *target; - u64 num_threads = 1; + u64 num_threads = 0; u64 compress_level = 0; int create = 1; int old_restore = 0; @@ -2786,10 +2786,14 @@ } } - if (num_threads == 1 && compress_level > 0) { - num_threads = sysconf(_SC_NPROCESSORS_ONLN); - if (num_threads <= 0) - num_threads = 1; + if (compress_level > 0 || create == 0) { + if (num_threads == 0) { + num_threads = sysconf(_SC_NPROCESSORS_ONLN); + if (num_threads <= 0) + num_threads = 1; + } + } else { + num_threads = 0; } if (create) { @@ -2877,5 +2881,7 @@ } } + btrfs_close_all_devices(); + return !!ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/cmds-check.c new/btrfs-progs-v4.2.1/cmds-check.c --- old/btrfs-progs-v4.2/cmds-check.c 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/cmds-check.c 2015-09-20 14:50:06.000000000 +0200 @@ -186,7 +186,7 @@ return hole->start; } -int compare_hole(struct rb_node *node1, struct rb_node *node2) +static int compare_hole(struct rb_node *node1, struct rb_node *node2) { struct file_extent_hole *hole1; struct file_extent_hole *hole2; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/cmds-device.c new/btrfs-progs-v4.2.1/cmds-device.c --- old/btrfs-progs-v4.2/cmds-device.c 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/cmds-device.c 2015-09-20 14:50:06.000000000 +0200 @@ -471,7 +471,7 @@ return err; } -const char * const cmd_device_usage_usage[] = { +static const char * const cmd_device_usage_usage[] = { "btrfs device usage [options] <path> [<path>..]", "Show detailed information about internal allocations in devices.", HELPINFO_OUTPUT_UNIT_DF, @@ -507,7 +507,7 @@ return ret; } -int cmd_device_usage(int argc, char **argv) +static int cmd_device_usage(int argc, char **argv) { unsigned unit_mode; int ret = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/cmds-rescue.c new/btrfs-progs-v4.2.1/cmds-rescue.c --- old/btrfs-progs-v4.2/cmds-rescue.c 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/cmds-rescue.c 2015-09-20 14:50:06.000000000 +0200 @@ -33,7 +33,7 @@ int btrfs_recover_chunk_tree(char *path, int verbose, int yes); int btrfs_recover_superblocks(char *path, int verbose, int yes); -const char * const cmd_rescue_chunk_recover_usage[] = { +static const char * const cmd_rescue_chunk_recover_usage[] = { "btrfs rescue chunk-recover [options] <device>", "Recover the chunk tree by scanning the devices one by one.", "", @@ -43,7 +43,7 @@ NULL }; -const char * const cmd_rescue_super_recover_usage[] = { +static const char * const cmd_rescue_super_recover_usage[] = { "btrfs rescue super-recover [options] <device>", "Recover bad superblocks from good copies", "", @@ -52,7 +52,7 @@ NULL }; -int cmd_rescue_chunk_recover(int argc, char *argv[]) +static int cmd_rescue_chunk_recover(int argc, char *argv[]) { int ret = 0; char *file; @@ -112,7 +112,7 @@ * 3 : Fail to Recover bad supeblocks * 4 : Abort to recover bad superblocks */ -int cmd_rescue_super_recover(int argc, char **argv) +static int cmd_rescue_super_recover(int argc, char **argv) { int ret; int verbose = 0; @@ -152,14 +152,14 @@ return ret; } -const char * const cmd_rescue_zero_log_usage[] = { +static const char * const cmd_rescue_zero_log_usage[] = { "btrfs rescue zero-log <device>", "Clear the tree log. Usable if it's corrupted and prevents mount.", "", NULL }; -int cmd_rescue_zero_log(int argc, char **argv) +static int cmd_rescue_zero_log(int argc, char **argv) { struct btrfs_root *root; struct btrfs_trans_handle *trans; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/configure new/btrfs-progs-v4.2.1/configure --- old/btrfs-progs-v4.2/configure 2015-09-03 14:30:29.000000000 +0200 +++ new/btrfs-progs-v4.2.1/configure 2015-09-20 14:51:42.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for btrfs-progs v4.2. +# Generated by GNU Autoconf 2.69 for btrfs-progs v4.2.1. # # Report bugs to <linux-bt...@vger.kernel.org>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='btrfs-progs' PACKAGE_TARNAME='btrfs-progs' -PACKAGE_VERSION='v4.2' -PACKAGE_STRING='btrfs-progs v4.2' +PACKAGE_VERSION='v4.2.1' +PACKAGE_STRING='btrfs-progs v4.2.1' PACKAGE_BUGREPORT='linux-bt...@vger.kernel.org' PACKAGE_URL='http://btrfs.wiki.kernel.org' @@ -1287,7 +1287,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures btrfs-progs v4.2 to adapt to many kinds of systems. +\`configure' configures btrfs-progs v4.2.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1352,7 +1352,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of btrfs-progs v4.2:";; + short | recursive ) echo "Configuration of btrfs-progs v4.2.1:";; esac cat <<\_ACEOF @@ -1461,7 +1461,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -btrfs-progs configure v4.2 +btrfs-progs configure v4.2.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1830,7 +1830,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by btrfs-progs $as_me v4.2, which was +It was created by btrfs-progs $as_me v4.2.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -6375,7 +6375,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by btrfs-progs $as_me v4.2, which was +This file was extended by btrfs-progs $as_me v4.2.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6438,7 +6438,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -btrfs-progs config.status v4.2 +btrfs-progs config.status v4.2.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/ctree.h new/btrfs-progs-v4.2.1/ctree.h --- old/btrfs-progs-v4.2/ctree.h 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/ctree.h 2015-09-20 14:50:06.000000000 +0200 @@ -1423,7 +1423,9 @@ BTRFS_SETGET_STACK_FUNCS(stack_inode_generation, struct btrfs_inode_item, generation, 64); BTRFS_SETGET_STACK_FUNCS(stack_inode_sequence, - struct btrfs_inode_item, generation, 64); + struct btrfs_inode_item, sequence, 64); +BTRFS_SETGET_STACK_FUNCS(stack_inode_transid, + struct btrfs_inode_item, transid, 64); BTRFS_SETGET_STACK_FUNCS(stack_inode_size, struct btrfs_inode_item, size, 64); BTRFS_SETGET_STACK_FUNCS(stack_inode_nbytes, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/dir-item.c new/btrfs-progs-v4.2.1/dir-item.c --- old/btrfs-progs-v4.2/dir-item.c 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/dir-item.c 2015-09-20 14:50:06.000000000 +0200 @@ -277,7 +277,7 @@ return ret; } -int verify_dir_item(struct btrfs_root *root, +static int verify_dir_item(struct btrfs_root *root, struct extent_buffer *leaf, struct btrfs_dir_item *dir_item) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/disk-io.c new/btrfs-progs-v4.2.1/disk-io.c --- old/btrfs-progs-v4.2/disk-io.c 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/disk-io.c 2015-09-20 14:50:06.000000000 +0200 @@ -833,13 +833,13 @@ memset(fs_info, 0, sizeof(struct btrfs_fs_info)); - fs_info->tree_root = malloc(sizeof(struct btrfs_root)); - fs_info->extent_root = malloc(sizeof(struct btrfs_root)); - fs_info->chunk_root = malloc(sizeof(struct btrfs_root)); - fs_info->dev_root = malloc(sizeof(struct btrfs_root)); - fs_info->csum_root = malloc(sizeof(struct btrfs_root)); - fs_info->quota_root = malloc(sizeof(struct btrfs_root)); - fs_info->super_copy = malloc(BTRFS_SUPER_INFO_SIZE); + fs_info->tree_root = calloc(1, sizeof(struct btrfs_root)); + fs_info->extent_root = calloc(1, sizeof(struct btrfs_root)); + fs_info->chunk_root = calloc(1, sizeof(struct btrfs_root)); + fs_info->dev_root = calloc(1, sizeof(struct btrfs_root)); + fs_info->csum_root = calloc(1, sizeof(struct btrfs_root)); + fs_info->quota_root = calloc(1, sizeof(struct btrfs_root)); + fs_info->super_copy = calloc(1, BTRFS_SUPER_INFO_SIZE); if (!fs_info->tree_root || !fs_info->extent_root || !fs_info->chunk_root || !fs_info->dev_root || @@ -847,14 +847,6 @@ !fs_info->super_copy) goto free_all; - memset(fs_info->super_copy, 0, BTRFS_SUPER_INFO_SIZE); - memset(fs_info->tree_root, 0, sizeof(struct btrfs_root)); - memset(fs_info->extent_root, 0, sizeof(struct btrfs_root)); - memset(fs_info->chunk_root, 0, sizeof(struct btrfs_root)); - memset(fs_info->dev_root, 0, sizeof(struct btrfs_root)); - memset(fs_info->csum_root, 0, sizeof(struct btrfs_root)); - memset(fs_info->quota_root, 0, sizeof(struct btrfs_root)); - extent_io_tree_init(&fs_info->extent_cache); extent_io_tree_init(&fs_info->free_space_cache); extent_io_tree_init(&fs_info->block_group_cache); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/qgroup.c new/btrfs-progs-v4.2.1/qgroup.c --- old/btrfs-progs-v4.2/qgroup.c 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/qgroup.c 2015-09-20 14:50:06.000000000 +0200 @@ -272,7 +272,7 @@ printf("\n"); } -static void print_table_head() +static void print_table_head(void) { int i; int len; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/tests/convert-tests.sh new/btrfs-progs-v4.2.1/tests/convert-tests.sh --- old/btrfs-progs-v4.2/tests/convert-tests.sh 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/tests/convert-tests.sh 2015-09-20 14:50:06.000000000 +0200 @@ -42,7 +42,7 @@ # create a file to check btrfs-convert can convert regular file # correct - run_check $SUDO_HELPER mount $IMAGE $TEST_MNT + run_check $SUDO_HELPER mount -o loop $IMAGE $TEST_MNT run_check $SUDO_HELPER dd if=/dev/zero of=$TEST_MNT/test bs=$nodesize \ count=1 1>/dev/null 2>&1 run_check $SUDO_HELPER umount $TEST_MNT Files old/btrfs-progs-v4.2/tests/fuzz-tests/images/bad-superblock-1.raw.xz and new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bad-superblock-1.raw.xz differ Files old/btrfs-progs-v4.2/tests/fuzz-tests/images/bad-superblock-2.raw.xz and new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bad-superblock-2.raw.xz differ Files old/btrfs-progs-v4.2/tests/fuzz-tests/images/bad-superblock-3.raw.xz and new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bad-superblock-3.raw.xz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/tests/fuzz-tests/images/bad-superblock.txt new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bad-superblock.txt --- old/btrfs-progs-v4.2/tests/fuzz-tests/images/bad-superblock.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bad-superblock.txt 2015-09-20 14:50:06.000000000 +0200 @@ -0,0 +1,17 @@ +bad-superblock-*.txt + +Crafted images from Jiri Slaby, produced by some symbolic execution framework +that finds unhandled cases at mount time. + +Relevant kernel patches to backport: + +e3540eab29e1b2260bc4b9b3979a49a00e3e3af8 +btrfs: add more checks to btrfs_read_sys_array + +ce7fca5f57ed0fcd7e7b3d7b1a3e1791f8e56fa3 +btrfs: add checks for sys_chunk_array sizes + +75d6ad382bb91f363452119d34238e156589ca2d +btrfs: more superblock checks, lower bounds on devices and sectorsize/nodesize + +(and more from fs/btrfs/super.c) Files old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-104131-fsck-oob-read.raw.xz and new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-104131-fsck-oob-read.raw.xz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-104131-fsck-oob-read.txt new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-104131-fsck-oob-read.txt --- old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-104131-fsck-oob-read.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-104131-fsck-oob-read.txt 2015-09-20 14:50:06.000000000 +0200 @@ -0,0 +1,31 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=104131 +Hanno Boeck 2015-09-07 07:24:32 UTC + +Created attachment 186941 [details] +malformed btrfs filesystem causing oob read + +The attached malformed filesystem image will cause an invalid heap out of bounds memory read in btrfsck. + +This was found while fuzzing btrfs-progs with american fuzzy lop. + +Stack trace from Address Sanitizer: +==31289==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60f00000f003 at pc 0x0000005d0dbb bp 0x7ffdf444c180 sp 0x7ffdf444c178 +READ of size 8 at 0x60f00000f003 thread T0 + #0 0x5d0dba in btrfs_header_bytenr /mnt/ram/btrfs-progs-v4.1.2/./ctree.h:1797:1 + #1 0x5d0dba in check_tree_block /mnt/ram/btrfs-progs-v4.1.2/disk-io.c:60 + #2 0x5d0dba in read_tree_block /mnt/ram/btrfs-progs-v4.1.2/disk-io.c:337 + #3 0x5dc00e in btrfs_setup_chunk_tree_and_device_map /mnt/ram/btrfs-progs-v4.1.2/disk-io.c:1169:30 + #4 0x5dcf89 in __open_ctree_fd /mnt/ram/btrfs-progs-v4.1.2/disk-io.c:1261:8 + #5 0x5dc50a in open_ctree_fs_info /mnt/ram/btrfs-progs-v4.1.2/disk-io.c:1302:9 + #6 0x52f22f in cmd_check /mnt/ram/btrfs-progs-v4.1.2/cmds-check.c:9333:9 + #7 0x4e7bcc in main /mnt/ram/btrfs-progs-v4.1.2/btrfs.c:245:7 + #8 0x7f98bb101f9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289 + #9 0x41f748 in _start (/mnt/ram/btrfs/btrfs+0x41f748) + +0x60f00000f003 is located 3 bytes to the right of 176-byte region [0x60f00000ef50,0x60f00000f000) +allocated by thread T0 here: + #0 0x4bade8 in malloc (/mnt/ram/btrfs/btrfs+0x4bade8) + #1 0x622c24 in __alloc_extent_buffer /mnt/ram/btrfs-progs-v4.1.2/extent_io.c:541:7 + #2 0x622c24 in alloc_extent_buffer /mnt/ram/btrfs-progs-v4.1.2/extent_io.c:648 + #3 0x5cf436 in btrfs_find_create_tree_block /mnt/ram/btrfs-progs-v4.1.2/disk-io.c:186:9 + #4 0x5cf436 in read_tree_block /mnt/ram/btrfs-progs-v4.1.2/disk-io.c:314 Files old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-104141-fsck-exception.raw.xz and new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-104141-fsck-exception.raw.xz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-104141-fsck-exception.txt new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-104141-fsck-exception.txt --- old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-104141-fsck-exception.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-104141-fsck-exception.txt 2015-09-20 14:50:06.000000000 +0200 @@ -0,0 +1,9 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=104141 +Hanno Boeck 2015-09-07 07:27:58 UTC + +Created attachment 186951 [details] +malformed filesystem causing floating point exception + +The attacked file will cause a floating point exception in btrfsck. + +This was found while fuzzing btrfs-progs with american fuzzy lop. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-97191-btrfs-image.raw.txt new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-97191-btrfs-image.raw.txt --- old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-97191-btrfs-image.raw.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-97191-btrfs-image.raw.txt 2015-09-20 14:50:06.000000000 +0200 @@ -0,0 +1,137 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=97191 +Lukas Lueg 2015-04-23 22:20:35 UTC + +Running btrfs-progs v3.19.1 + +The btrfs-image attached to this bug causes the btrfs-userland tool to +overflow some data structures, leading to unallocated memory being written to +and read from. A segfault results shortly after. Reproduced on x86-64 and +i686. + +The kernel seems to be less affected and fails to mount the image. I didn't +investigate whether the reads/writes could be used to gain control over $EIP. +Since the first invalid write of 8 bytes seems to run into adjacent heap +blocks (crash in unlink()), it may be possible though. + +gdb output: + +Program received signal SIGSEGV, Segmentation fault. +malloc_consolidate (av=av@entry=0x32629b7cc0 <main_arena>) at malloc.c:4151 +4151 unlink(av, p, bck, fwd); +(gdb) bt +#0 malloc_consolidate (av=av@entry=0x32629b7cc0 <main_arena>) at malloc.c:4151 +#1 0x0000003262680628 in _int_malloc (av=av@entry=0x32629b7cc0 <main_arena>, bytes=bytes@entry=4224) at malloc.c:3420 +#2 0x000000326268315e in __GI___libc_malloc (bytes=4224) at malloc.c:2896 +#3 0x0000000000449d15 in __alloc_extent_buffer (tree=0x88c078, bytenr=4288512, blocksize=4096) at extent_io.c:541 +#4 0x000000000044a8b4 in alloc_extent_buffer (tree=0x88c078, bytenr=4288512, blocksize=4096) at extent_io.c:648 +#5 0x000000000043b1a0 in btrfs_find_create_tree_block (root=root@entry=0x895840, bytenr=<optimized out>, + blocksize=<optimized out>) at disk-io.c:159 +#6 0x000000000043ca4e in read_tree_block (root=root@entry=0x895840, bytenr=<optimized out>, blocksize=<optimized out>, + parent_transid=13) at disk-io.c:287 +#7 0x000000000043ccb7 in find_and_setup_root (tree_root=0x88c250, fs_info=<optimized out>, objectid=5, root=0x895840) + at disk-io.c:557 +#8 0x000000000043ce92 in btrfs_read_fs_root_no_cache (fs_info=fs_info@entry=0x88c010, location=location@entry=0x7fffffffd960) + at disk-io.c:640 +#9 0x000000000043d060 in btrfs_read_fs_root (fs_info=fs_info@entry=0x88c010, location=location@entry=0x7fffffffd960) + at disk-io.c:739 +#10 0x000000000043d48c in btrfs_setup_all_roots (fs_info=fs_info@entry=0x88c010, root_tree_bytenr=<optimized out>, + root_tree_bytenr@entry=0, flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:988 +#11 0x000000000043d802 in __open_ctree_fd (fp=fp@entry=3, path=path@entry=0x7fffffffe20d "ramdisk/btrfs_fukked.bin", + sb_bytenr=65536, sb_bytenr@entry=0, root_tree_bytenr=root_tree_bytenr@entry=0, flags=flags@entry=OPEN_CTREE_EXCLUSIVE) + at disk-io.c:1199 +#12 0x000000000043d965 in open_ctree_fs_info (filename=0x7fffffffe20d "ramdisk/btrfs_fukked.bin", sb_bytenr=sb_bytenr@entry=0, + root_tree_bytenr=root_tree_bytenr@entry=0, flags=flags@entry=OPEN_CTREE_EXCLUSIVE) at disk-io.c:1231 +#13 0x0000000000427bf5 in cmd_check (argc=1, argv=0x7fffffffdea0) at cmds-check.c:9326 +#14 0x000000000040e5a2 in main (argc=2, argv=0x7fffffffdea0) at btrfs.c:245 + + +valgrind output: + +==32463== Memcheck, a memory error detector +==32463== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. +==32463== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info +==32463== Command: btrfs check ramdisk/btrfs_fukked.bin +==32463== +==32463== Invalid write of size 8 +==32463== at 0x4386FB: btrfs_search_slot (ctree.c:1119) +==32463== by 0x4427F7: UnknownInlinedFun (extent-tree.c:3117) +==32463== by 0x4427F7: btrfs_read_block_groups (extent-tree.c:3167) +==32463== by 0x43D4F2: btrfs_setup_all_roots (disk-io.c:983) +==32463== by 0x43D801: __open_ctree_fd (disk-io.c:1199) +==32463== by 0x43D964: open_ctree_fs_info (disk-io.c:1231) +==32463== by 0x427BF4: cmd_check (cmds-check.c:9326) +==32463== by 0x40E5A1: main (btrfs.c:245) +==32463== Address 0x4c409f0 is 16 bytes after a block of size 144 alloc'd +==32463== at 0x4A08946: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) +==32463== by 0x4427AB: btrfs_read_block_groups (extent-tree.c:3162) +==32463== by 0x43D4F2: btrfs_setup_all_roots (disk-io.c:983) +==32463== by 0x43D801: __open_ctree_fd (disk-io.c:1199) +==32463== by 0x43D964: open_ctree_fs_info (disk-io.c:1231) +==32463== by 0x427BF4: cmd_check (cmds-check.c:9326) +==32463== by 0x40E5A1: main (btrfs.c:245) +==32463== +==32463== Invalid read of size 8 +==32463== at 0x436E70: check_block.part.14 (ctree.c:548) +==32463== by 0x438954: UnknownInlinedFun (kerncompat.h:91) +==32463== by 0x438954: btrfs_search_slot (ctree.c:1120) +==32463== by 0x4427F7: UnknownInlinedFun (extent-tree.c:3117) +==32463== by 0x4427F7: btrfs_read_block_groups (extent-tree.c:3167) +==32463== by 0x43D4F2: btrfs_setup_all_roots (disk-io.c:983) +==32463== by 0x43D801: __open_ctree_fd (disk-io.c:1199) +==32463== by 0x43D964: open_ctree_fs_info (disk-io.c:1231) +==32463== by 0x427BF4: cmd_check (cmds-check.c:9326) +==32463== by 0x40E5A1: main (btrfs.c:245) +==32463== Address 0x4c409f8 is 24 bytes after a block of size 144 in arena "client" +==32463== +==32463== Invalid read of size 4 +==32463== at 0x436E84: UnknownInlinedFun (ctree.h:1605) +==32463== by 0x436E84: UnknownInlinedFun (ctree.h:1612) +==32463== by 0x436E84: check_block.part.14 (ctree.c:550) +==32463== by 0x438954: UnknownInlinedFun (kerncompat.h:91) +==32463== by 0x438954: btrfs_search_slot (ctree.c:1120) +==32463== by 0x4427F7: UnknownInlinedFun (extent-tree.c:3117) +==32463== by 0x4427F7: btrfs_read_block_groups (extent-tree.c:3167) +==32463== by 0x43D4F2: btrfs_setup_all_roots (disk-io.c:983) +==32463== by 0x43D801: __open_ctree_fd (disk-io.c:1199) +==32463== by 0x43D964: open_ctree_fs_info (disk-io.c:1231) +==32463== by 0x427BF4: cmd_check (cmds-check.c:9326) +==32463== by 0x40E5A1: main (btrfs.c:245) +==32463== Address 0x4c409e4 is 4 bytes after a block of size 144 alloc'd +==32463== at 0x4A08946: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) +==32463== by 0x4427AB: btrfs_read_block_groups (extent-tree.c:3162) +==32463== by 0x43D4F2: btrfs_setup_all_roots (disk-io.c:983) +==32463== by 0x43D801: __open_ctree_fd (disk-io.c:1199) +==32463== by 0x43D964: open_ctree_fs_info (disk-io.c:1231) +==32463== by 0x427BF4: cmd_check (cmds-check.c:9326) +==32463== by 0x40E5A1: main (btrfs.c:245) +==32463== +==32463== Invalid read of size 1 +==32463== at 0x4A0B3A0: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) +==32463== by 0x436E99: UnknownInlinedFun (ctree.h:1613) +==32463== by 0x436E99: check_block.part.14 (ctree.c:550) +==32463== by 0x438954: UnknownInlinedFun (kerncompat.h:91) +==32463== by 0x438954: btrfs_search_slot (ctree.c:1120) +==32463== by 0x4427F7: UnknownInlinedFun (extent-tree.c:3117) +==32463== by 0x4427F7: btrfs_read_block_groups (extent-tree.c:3167) +==32463== by 0x43D4F2: btrfs_setup_all_roots (disk-io.c:983) +==32463== by 0x43D801: __open_ctree_fd (disk-io.c:1199) +==32463== by 0x43D964: open_ctree_fs_info (disk-io.c:1231) +==32463== by 0x427BF4: cmd_check (cmds-check.c:9326) +==32463== by 0x40E5A1: main (btrfs.c:245) +==32463== Address 0x1b1 is not stack'd, malloc'd or (recently) free'd +==32463== +==32463== +==32463== Process terminating with default action of signal 11 (SIGSEGV) +==32463== Access not within mapped region at address 0x1B1 +==32463== at 0x4A0B3A0: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) +==32463== by 0x436E99: UnknownInlinedFun (ctree.h:1613) +==32463== by 0x436E99: check_block.part.14 (ctree.c:550) +==32463== by 0x438954: UnknownInlinedFun (kerncompat.h:91) +==32463== by 0x438954: btrfs_search_slot (ctree.c:1120) +==32463== by 0x4427F7: UnknownInlinedFun (extent-tree.c:3117) +==32463== by 0x4427F7: btrfs_read_block_groups (extent-tree.c:3167) +==32463== by 0x43D4F2: btrfs_setup_all_roots (disk-io.c:983) +==32463== by 0x43D801: __open_ctree_fd (disk-io.c:1199) +==32463== by 0x43D964: open_ctree_fs_info (disk-io.c:1231) +==32463== by 0x427BF4: cmd_check (cmds-check.c:9326) +==32463== by 0x40E5A1: main (btrfs.c:245) Files old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-97191-btrfs-image.raw.xz and new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-97191-btrfs-image.raw.xz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-97271-btrfs-image.raw.txt new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-97271-btrfs-image.raw.txt --- old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-97271-btrfs-image.raw.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-97271-btrfs-image.raw.txt 2015-09-20 14:50:06.000000000 +0200 @@ -0,0 +1,54 @@ +URL: https://bugzilla.kernel.org/show_bug.cgi?id=97271 +Lukas Lueg 2015-04-25 20:34:39 UTC + +The attached btrfs-image causes "btrfs check" to write outside of allocated +memory locations and ultimately die due to a segfault. An adjacent heap block's +control structure is overwritten with a `struct extent_buffer *`, which is not +controllable by the user. + +"btrfs version" is v3.19.1. Running "btrfs check" immediately dies with + +*** Error in `btrfs': double free or corruption (!prev): 0x0000000002396ec0 *** +*** Error in `btrfs': malloc(): memory corruption: 0x0000000002396f60 *** + +Debugging with valgrind and gdb gives + +==11670== Invalid write of size 8 +==11670== at 0x4386FB: btrfs_search_slot (ctree.c:1119) +==11670== by 0x44E16E: btrfs_read_chunk_tree (volumes.c:1814) +==11670== by 0x43D654: btrfs_setup_chunk_tree_and_device_map (disk-io.c:1115) +==11670== by 0x43D7D0: __open_ctree_fd (disk-io.c:1190) +==11670== by 0x43D964: open_ctree_fs_info (disk-io.c:1231) +==11670== by 0x427BF4: cmd_check (cmds-check.c:9326) +==11670== by 0x40E5A1: main (btrfs.c:245) +==11670== Address 0x4c3bb98 is 8 bytes after a block of size 144 alloc'd +==11670== at 0x4A08946: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) +==11670== by 0x44E133: btrfs_read_chunk_tree (volumes.c:1801) +==11670== by 0x43D654: btrfs_setup_chunk_tree_and_device_map (disk-io.c:1115) +==11670== by 0x43D7D0: __open_ctree_fd (disk-io.c:1190) +==11670== by 0x43D964: open_ctree_fs_info (disk-io.c:1231) +==11670== by 0x427BF4: cmd_check (cmds-check.c:9326) +==11670== by 0x40E5A1: main (btrfs.c:245) + +Program received signal SIGTRAP, Trace/breakpoint trap. +btrfs_search_slot (trans=trans@entry=0x0, root=root@entry=0x4c36d30, key=key@entry=0xffefff830, p=p@entry=0x4c3bb00, + ins_len=ins_len@entry=0, cow=cow@entry=0) at ctree.c:1119 +1119 p->nodes[level] = b; +(gdb) p p->nodes +$1 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0} +(gdb) p p +$2 = (struct btrfs_path *) 0x4c3bb00 +(gdb) p b +$3 = (struct extent_buffer *) 0x4c3a990 + + +The corresponding part in ctree.c:btrfs_search_slot() seems to fail to check if `level` overflows outside of `node`: + +level = btrfs_header_level(b); +... +if (level != btrfs_header_level(b)) + WARN_ON(1); +level = btrfs_header_level(b); +p->nodes[level] = b; // <- Illegal write + +Maybe the repeated calls to btrfs_header_level() were meant to do something once, they seem to be noise. Files old/btrfs-progs-v4.2/tests/fuzz-tests/images/bko-97271-btrfs-image.raw.xz and new/btrfs-progs-v4.2.1/tests/fuzz-tests/images/bko-97271-btrfs-image.raw.xz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/utils.c new/btrfs-progs-v4.2.1/utils.c --- old/btrfs-progs-v4.2/utils.c 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/utils.c 2015-09-20 14:50:06.000000000 +0200 @@ -2550,7 +2550,7 @@ return 0; } -int btrfs_scan_lblkid() +int btrfs_scan_lblkid(void) { int fd = -1; int ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/version.sh new/btrfs-progs-v4.2.1/version.sh --- old/btrfs-progs-v4.2/version.sh 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/version.sh 2015-09-20 14:50:06.000000000 +0200 @@ -6,7 +6,7 @@ # Copyright 2008, Oracle # Released under the GNU GPLv2 -v="v4.2" +v="v4.2.1" opt=$1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/btrfs-progs-v4.2/volumes.h new/btrfs-progs-v4.2.1/volumes.h --- old/btrfs-progs-v4.2/volumes.h 2015-09-03 14:29:20.000000000 +0200 +++ new/btrfs-progs-v4.2.1/volumes.h 2015-09-20 14:50:06.000000000 +0200 @@ -156,7 +156,7 @@ static inline int check_crossing_stripes(u64 start, u64 len) { return (start / BTRFS_STRIPE_LEN) != - ((start + len) / BTRFS_STRIPE_LEN); + ((start + len - 1) / BTRFS_STRIPE_LEN); } int __btrfs_map_block(struct btrfs_mapping_tree *map_tree, int rw, ++++++ local-version-override.patch ++++++ --- /var/tmp/diff_new_pack.1RUMsi/_old 2015-09-24 07:18:09.000000000 +0200 +++ /var/tmp/diff_new_pack.1RUMsi/_new 2015-09-24 07:18:09.000000000 +0200 @@ -6,8 +6,8 @@ # Copyright 2008, Oracle # Released under the GNU GPLv2 --v="v4.2" -+v="v4.2+20150903" +-v="v4.2.1" ++v="v4.2+20150922" opt=$1