In lowmem mode, we check fs roots and free space cache by iterating
each root item and inode item, using btrfs_next_item() and a path
pointing to the root tree.
However in repair mode, check_fs_root() can modify the fs root, thus
CoWs the tree root, and the old path in check_fs
It could lead to strange behavior, e.g. after repairing a fs tree, the
path can point to a fs tree.
Since no ROOT_ITEM exists in fs tree, all remaining trees are skipped in
repair mode.
This bug exists from the early time of lowmem mode repair, and is only
exposed by recent free space inode check code. (Fs tree inodes are
passed to free space inode check, causing false alerts and repair
failure).
Signed-off-by: Qu Wenruo <w...@suse.com>
---
check/mode-lowmem.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/check/mode-lowmem.c b/check/mode-lowmem.c
index 6d7ae2bc0549..808d6be8db30 100644
--- a/check/mode-lowmem.c
+++ b/check/mode-lowmem.c
@@ -5184,6 +5184,28 @@ int check_fs_roots_lowmem(struct btrfs_fs_info *fs_info)
err |= ret;
}
next:
+ /*
+ * In repair mode, our path is no longer reliable as CoW can
+ * happen.
+ * We need to reset our path.
+ */
+ if (repair) {
+ btrfs_release_path(&path);
+ ret = btrfs_search_slot(NULL, tree_root, &key, &path,
+ 0, 0);
+ if (ret < 0) {
+ if (!err)
+ err = ret;
+ goto out;
+ }
+ if (ret > 0) {
+ /* Key not found, but already at next item */
+ if (path.slots[0] <
+ btrfs_header_nritems(path.nodes[0]))
+ continue;
+ /* falls through to next leaf */
+ }
+ }
ret = btrfs_next_item(tree_root, &path);
if (ret > 0)
goto out;
--
2.21.0
