btrfs: send: handle path ref underflow in header iterate_inode_ref()

Change BUG_ON to proper error handling if building the path buffer
fails. The pointers are not printed so we don't accidentally leak kernel
addresses.

Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
index 3b3f38a76b005cfeef294149ff9c872d842ae3c3..5b7ec4f99aad4d942d8f27af67f38c6cddacf1eb 100644 (file)
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -1074,7 +1074,15 @@ static int iterate_inode_ref(struct btrfs_root *root, struct btrfs_path *path,
                                        ret = PTR_ERR(start);
                                        goto out;
                                }
-                               BUG_ON(start < p->buf);
+                               if (unlikely(start < p->buf)) {
+                                       btrfs_err(root->fs_info,
+                       "send: path ref buffer underflow for key (%llu %u %llu)",
+                                                 found_key->objectid,
+                                                 found_key->type,
+                                                 found_key->offset);
+                                       ret = -EINVAL;
+                                       goto out;
+                               }
                        }
                        p->start = start;
                } else {