@@ -5513,7 +5513,11 @@ again:
buf = read_tree_block(root->fs_info->tree_root,
btrfs_root_bytenr(&ri),
btrfs_level_size(root,
- btrfs_root_level(&ri)), 0);
+ btrfs_root_level(&ri)), 0);
+ if (!buf) {
+ ret = -EIO;
+ goto out;
+ }
add_root_to_pending(buf, &extent_cache, &pending,
&seen, &nodes, &found_key);
free_extent_buffer(buf);
@@ -644,7 +644,10 @@ out:
blocksize = btrfs_level_size(root, btrfs_root_level(&root->root_item));
root->node = read_tree_block(root, btrfs_root_bytenr(&root->root_item),
blocksize, generation);
- BUG_ON(!root->node);
+ if (!root->node) {
+ free(root);
+ return ERR_PTR(-EIO);
+ }
insert:
root->ref_cows = 1;
return root;
@@ -435,7 +435,7 @@ int load_free_space_cache(struct btrfs_fs_info *fs_info,
if (ret < 0) {
ret = 0;
- printf("failed to load free space cache for block group %llu",
+ printf("failed to load free space cache for block group %llu\n",
block_group->key.objectid);
}
The following steps could trigger btrfs segfault: mkfs -t btrfs -m raid5 -d raid5 /dev/loop{0..3} losetup -d /dev/loop2 btrfs check /dev/loop0 The reason is that read_tree_block() returns NULL and add_root_to_pending() dereferences it without checking it first. Also replace a BUG_ON with proper error checking. Signed-off-by: Eryu Guan <guaneryu@gmail.com> --- cmds-check.c | 6 +++++- disk-io.c | 5 ++++- free-space-cache.c | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-)