From patchwork Mon Sep  4 06:41:06 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Qu Wenruo <quwenruo.btrfs@gmx.com>
X-Patchwork-Id: 9936731
Return-Path: <linux-btrfs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	A617760237 for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Mon,  4 Sep 2017 06:41:36 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 97B812871E
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Mon,  4 Sep 2017 06:41:36 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 8CCD92872D; Mon,  4 Sep 2017 06:41:36 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.4 required=2.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_HI,RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3CC582871E
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Mon,  4 Sep 2017 06:41:36 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753212AbdIDGlV (ORCPT
	<rfc822;patchwork-linux-btrfs@patchwork.kernel.org>);
	Mon, 4 Sep 2017 02:41:21 -0400
Received: from mout.gmx.net ([212.227.15.15]:51790 "EHLO mout.gmx.net"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752064AbdIDGlT (ORCPT <rfc822;linux-btrfs@vger.kernel.org>);
	Mon, 4 Sep 2017 02:41:19 -0400
Received: from localhost.localdomain ([45.32.39.184]) by mail.gmx.com
	(mrgmx002 [212.227.17.184]) with ESMTPSA (Nemesis) id
	0LbM2k-1d4ww21ajy-00l0T7; Mon, 04 Sep 2017 08:41:17 +0200
From: Qu Wenruo <quwenruo.btrfs@gmx.com>
To: linux-btrfs@vger.kernel.org
Cc: dsterba@suse.cz
Subject: [PATCH 1/5] btrfs-progs: Fix one-byte overlap bug in
	free_block_group_cache
Date: Mon,  4 Sep 2017 15:41:06 +0900
Message-Id: <20170904064110.25951-2-quwenruo.btrfs@gmx.com>
X-Mailer: git-send-email 2.13.3
In-Reply-To: <20170904064110.25951-1-quwenruo.btrfs@gmx.com>
References: <20170904064110.25951-1-quwenruo.btrfs@gmx.com>
X-Provags-ID: V03:K0:JETCwnzumfzDChqyOwQQzFtrUpOQKpHyBi6t88nTWyF06UYA8w+
	D9LQHeJMfa6B2sc663DpytuN7xGv6i6H/9JvbQN2yP4Le5X8I3t5qntIhcUFoDUkcFohDXa
	BUL3By3raQsZbnlnTAUSRaYrWesLBK0Ex4Bj2Zn/HoszO9LoJP3fN/GE7DeegMzl+joBnZV
	I48tMPhM6inLIpbLSfe8Q==
X-UI-Out-Filterresults: notjunk:1; V01:K0:0e19lqTR8+Y=:OF8ivxEYMGMJdcnGA+arCK
	TMYEnDPs5f5qx9mogCgMEkYl/BQG4BpHjTfeYyQyWCSgleZLu4wFmV/mmHNVRXyPUJHdux+6d
	CMPrJqeMgKo/+DcKR7Iv+6+WQTHB0Km//6ieqRbKJ7XXOe3RsbXZoWwiIo7nlwLiT/RavWmJ7
	+12sfDol7Mj7biOMZZDD+VDtN+lel8faXfuPy1l2ublLOOCrXb5/t+d9DnkSvXyjz8L7vmKgl
	VusiQRDroxfsL7thBpwS1fCFB4ighXAAGeLOW3gWpF5KT0hTecUH/iXaA7y3DJy9/JMm9ELCM
	cpAqBalBWC8lBBMTM0392dSKDuGTR98C0vyBH6hLE5L+sCF6XHRbMMNlZIS6d29/2SNXyegDd
	KC0JYjZhdhOhQ6BiQyfnDLP7L9ranqxftA85YvFzgaEpTdUucV+rrO5RvWrNuZqHSrHSHWOHR
	hxleF1hd97kZlq+TW7B2qEcpqAqWNcXeEQSZVUdDyFx3okOi6xS4JXVo/YVjzDPIpVT9z2Vi4
	mPt27EVNBMnVyzHEXbJ189SUWzE0xfkKIVAygIhmTX/yy06MllsDK4DIW2rW1bug2EHeSxe62
	8a6xIAzd6gUysQHvgUKBIDVg/KiJ+dkBVwnB++XdeMRTgtxX5m7fok/SntiyadPP4uc3drwo0
	zhUUoVdYdYehe4qBVFfPYKHeHnajhr4XEUvnfLx+uqP4gvtchM5dJcCIuKsnlXUp969/+JsEZ
	o5GwjOwp9qeTWQ+S+ZV1fgXxxTCO/yCPMcxe9A7N/cx3MoSVhQ0YWIhq2P3UvpRylAI52quko
	vzItZIJV8Ev/gZgr0j5pjWNGcAvpQ==
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

free_block_group_cache() calls clear_extent_bits() with wrong end, which
is one byte larger than the correct range.

This will cause the next adjacent cache state be split.
And due to the split, private pointer (which points to block group
cache) will be reset to NULL.

This is very hard to detect as this function only gets called in
cleanup_temp_chunks() which is just before mkfs finishes.
This bug only get exposed when reworking --rootdir option.

Signed-off-by: Qu Wenruo <quwenruo.btrfs@gmx.com>
---
 extent-tree.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extent-tree.c b/extent-tree.c
index 46b8a05c..3039d254 100644
--- a/extent-tree.c
+++ b/extent-tree.c
@@ -3726,7 +3726,7 @@ static int free_block_group_cache(struct btrfs_trans_handle *trans,
 		btrfs_remove_free_space_cache(cache);
 		kfree(cache->free_space_ctl);
 	}
-	clear_extent_bits(&fs_info->block_group_cache, bytenr, bytenr + len,
+	clear_extent_bits(&fs_info->block_group_cache, bytenr, bytenr + len - 1,
 			  (unsigned int)-1);
 	ret = free_space_info(fs_info, flags, len, 0, NULL);
 	if (ret < 0)