From: Darrick J. Wong Date: Fri, 21 Mar 2025 16:32:17 +0000 (-0700) Subject: xfs_repair: fix stupid argument error in verify_inode_chunk X-Git-Tag: v6.14.0~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=06adb3cb38beb304b7b1f002de95e59cfa9098fb;p=thirdparty%2Fxfsprogs-dev.git xfs_repair: fix stupid argument error in verify_inode_chunk An arm64 VM running fstests with 64k fsblock size blew up the test filesystem when the OOM killer whacked xfs_repair as it was rebuilding a sample filesystem. A subsequent attempt by fstests to repair the filesystem printed stuff like this: inode rec for ino 39144576 (1/5590144) overlaps existing rec (start 1/5590144) inode rec for ino 39144640 (1/5590208) overlaps existing rec (start 1/5590208) followed by a lot of errors such as: cannot read agbno (1/5590208), disk block 734257664 xfs_repair: error - read only 0 of 65536 bytes Here we're feeding per-AG inode numbers into a block reading function as if it were a per-AG block number. This is wrong by a factor of 128x so we read past the end of the filesystem. Worse yet, the buffer cache fills up memory and thus the second repair process is also OOM killed. The filesystem is not fixed. Cc: linux-xfs@vger.kernel.org # v3.1.8 Fixes: 0553a94f522c17 ("repair: kill check_inode_block") Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- diff --git a/repair/dino_chunks.c b/repair/dino_chunks.c index 250985ec..932eaf63 100644 --- a/repair/dino_chunks.c +++ b/repair/dino_chunks.c @@ -132,7 +132,7 @@ verify_inode_chunk(xfs_mount_t *mp, if (igeo->ialloc_blks == 1) { if (agbno > max_agbno) return 0; - if (check_aginode_block(mp, agno, agino) == 0) + if (check_aginode_block(mp, agno, agbno) == 0) return 0; lock_ag(agno);