path: root/extent-tree.c
diff options
authorQu Wenruo <>2017-09-11 15:36:07 +0900
committerDavid Sterba <>2017-09-25 15:17:52 +0200
commita7e555d706c85b9d80160640ca338e85c9056a06 (patch)
treee9370189c25e630466a0cf1856373de82bf729b1 /extent-tree.c
parent02b58051e60658abb0387bec7063e77d2941923b (diff)
btrfs-progs: Fix one-byte overlap bug in free_block_group_cache
free_block_group_cache() calls clear_extent_bits() with wrong end, which is one byte larger than the correct range. This will cause the next adjacent cache state to be split. And due to the split, private pointer (which points to block group cache) will be reset to NULL. This is very hard to detect as this function only gets called in cleanup_temp_chunks() which is just before mkfs finishes. This bug only gets exposed when reworking --rootdir option. Signed-off-by: Qu Wenruo <> Signed-off-by: David Sterba <>
Diffstat (limited to 'extent-tree.c')
1 files changed, 1 insertions, 1 deletions
diff --git a/extent-tree.c b/extent-tree.c
index eed56886..525a237e 100644
--- a/extent-tree.c
+++ b/extent-tree.c
@@ -3724,7 +3724,7 @@ static int free_block_group_cache(struct btrfs_trans_handle *trans,
- clear_extent_bits(&fs_info->block_group_cache, bytenr, bytenr + len,
+ clear_extent_bits(&fs_info->block_group_cache, bytenr, bytenr + len - 1,
(unsigned int)-1);
ret = free_space_info(fs_info, flags, len, 0, NULL);
if (ret < 0)