On Mon, May 15, 2017 at 07:00:23PM +0200, Philipp Hahn wrote:
> Running "btrfsck --repair /dev/sdd2" crashed as it can happen in
> (corrupted) file systems, that slot > nritems:
> > (gdb) bt full
> > #0 0x00007ffff7020e71 in __memmove_sse2_unaligned_erms () from /lib/x86_64-linux-gnu/libc.so.6
> > #1 0x0000000000438764 in btrfs_del_ptr (trans=<optimized out>, root=0x6e4fe0, path=0x1d17880, level=0, slot=7)
> > at ctree.c:2611
> > parent = 0xcd96980
> > nritems = <optimized out>
> > __func__ = "btrfs_del_ptr"
> > #2 0x0000000000421b15 in repair_btree (corrupt_blocks=<optimized out>, root=<optimized out>) at cmds-check.c:3539
> > key = {objectid = 77990592512, type = 168 '\250', offset = 16384}
> > trans = 0x8f48c0
> > path = 0x1d17880
> > level = 0
> > #3 check_fs_root (wc=<optimized out>, root_cache=<optimized out>, root=<optimized out>) at cmds-check.c:3703
> > corrupt = 0x1d17880
> > corrupt_blocks = {root = {rb_node = 0x6e80c60}}
> > path = {nodes = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, slots = {0, 0, 0, 0, 0, 0, 0, 0}, locks = {0, 0,
> > 0, 0, 0, 0, 0, 0}, reada = 0, lowest_level = 0, search_for_split = 0, skip_check_block = 0}
> > nrefs = {bytenr = {271663104, 271646720, 560021504, 0, 0, 0, 0, 0}, refs = {1, 1, 1, 0, 0, 0, 0, 0}}
> > wret = 215575372
> > root_node = {cache = {rb_node = {__rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, objectid = 0,
> > start = 0, size = 0}, root_cache = {root = {rb_node = 0x0}}, inode_cache = {root = {
> > rb_node = 0x781c80}}, current = 0x819530, refs = 0}
> > status = 215575372
> > rec = 0x1
> > #4 check_fs_roots (root_cache=0xcd96b6d, root=<optimized out>) at cmds-check.c:3809
> > path = {nodes = {0x6eed90, 0x6a2f40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, slots = {18, 2, 0, 0, 0, 0, 0, 0},
> > locks = {0, 0, 0, 0, 0, 0, 0, 0}, reada = 0, lowest_level = 0, search_for_split = 0,
> > skip_check_block = 0}
> > key = {objectid = 323, type = 132 '\204', offset = 18446744073709551615}
> > wc = {shared = {root = {rb_node = 0x0}}, nodes = {0x0, 0x0, 0x7fffffffe428, 0x0, 0x0, 0x0, 0x0, 0x0},
> > active_node = 2, root_level = 2}
> > leaf = 0x6e4fe0
> > tmp_root = 0x6e4fe0
> > #5 0x00000000004287c3 in cmd_check (argc=215575372, argv=0x1d17880) at cmds-check.c:11521
> > root_cache = {root = {rb_node = 0x98c2940}}
> > info = 0x6927b0
> > bytenr = 6891440
> > tree_root_bytenr = 0
> > uuidbuf = "f65ff1a1-76ef-456e-beb5-c6c3841e7534"
> > num = 215575372
> > readonly = 218080104
> > qgroups_repaired = 0
> > #6 0x000000000040a41f in main (argc=3, argv=0x7fffffffebe8) at btrfs.c:243
> > cmd = 0x689868
> > bname = <optimized out>
> > ret = <optimized out>
>
> in that case the count of remaining items (nritems - slot - 1) gets
> negative. That is then casted to (unsigned long len), which leads to the
> observed crash.
>
> Change the tests before the move to handle only the non-corrupted case,
> were slow < nritems.
>
> This does not fix the corruption, but allows btrfsck to finish without
> crashing.
>
> Signed-off-by: Philipp Hahn <hahn@xxxxxxxxxxxxx>
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
