Btrfs-progs: check return value of read_tree_block() in check_chunks_and_extents()

The following steps could trigger btrfs segfault:

mkfs -t btrfs -m raid5 -d raid5 /dev/loop{0..3}
losetup -d /dev/loop2
btrfs check /dev/loop0

The reason is that read_tree_block() returns NULL and
add_root_to_pending() dereferences it without checking it first.

Also replace a BUG_ON with proper error checking.

Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Chris Mason <clm@fb.com>

diff --git a/cmds-check.c b/cmds-check.c
index 1569d6f..b518a6b 100644 (file)
--- a/cmds-check.c
+++ b/cmds-check.c
@@ -5759,6 +5759,10 @@ again:
                                                      btrfs_level_size(root,
                                                      btrfs_root_level(&ri)),
                                                      0);
+                               if (!buf) {
+                                       ret = -EIO;
+                                       goto out;
+                               }
                                add_root_to_pending(buf, &extent_cache,
                                                    &pending, &seen, &nodes,
                                                    &found_key);
@@ -5803,6 +5807,10 @@ again:
                                      btrfs_root_bytenr(&rec->ri),
                                      btrfs_level_size(root,
                                      btrfs_root_level(&rec->ri)), 0);
+               if (!buf) {
+                       ret = -EIO;
+                       goto out;
+               }
                add_root_to_pending(buf, &extent_cache, &pending,
                                    &seen, &nodes, &rec->found_key);
                while (1) {

diff --git a/disk-io.c b/disk-io.c
index 7eda2e1..8009b94 100644 (file)
--- a/disk-io.c
+++ b/disk-io.c
@@ -644,7 +644,10 @@ out:
        blocksize = btrfs_level_size(root, btrfs_root_level(&root->root_item));
        root->node = read_tree_block(root, btrfs_root_bytenr(&root->root_item),
                                     blocksize, generation);
-       BUG_ON(!root->node);
+       if (!root->node) {
+               free(root);
+               return ERR_PTR(-EIO);
+       }
 insert:
        root->ref_cows = 1;
        return root;

diff --git a/free-space-cache.c b/free-space-cache.c
index 1ca7980..55d7318 100644 (file)
--- a/free-space-cache.c
+++ b/free-space-cache.c
@@ -435,7 +435,7 @@ int load_free_space_cache(struct btrfs_fs_info *fs_info,
        if (ret < 0) {
                ret = 0;
 
-               printf("failed to load free space cache for block group %llu",
+               printf("failed to load free space cache for block group %llu\n",
                        block_group->key.objectid);
        }