Re: [PATCH v2 3/5] btrfs-progs: Record and report every file extent hole.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Mar 25, 2015 at 3:36 AM, Qu Wenruo <quwenruo@xxxxxxxxxxxxxx> wrote:
> Thanks, I'll investigate it soon.
>
> Thanks,
> Qu

Qu, did you end up finding anything?

Just upgraded to btrfs-progs 4.0 and getting pretty much the same as
Eric all the time I run btrfs/078.
Valgrind should give you some nice clues.

E.g.

(...)
checking free space cache
checking fs roots
==11808== Invalid read of size 8
==11808==    at 0x4611C2: rb_first (rbtree.c:420)
==11808==    by 0x41B694: first_extent_gap (cmds-check.c:184)
==11808==    by 0x42020E: merge_inode_recs (cmds-check.c:954)
==11808==    by 0x42020E: splice_shared_node (cmds-check.c:1036)
==11808==    by 0x4205B8: enter_shared_node (cmds-check.c:1142)
==11808==    by 0x420F6E: walk_down_tree (cmds-check.c:1758)
==11808==    by 0x429555: check_fs_root (cmds-check.c:3382)
==11808==    by 0x429555: check_fs_roots (cmds-check.c:3518)
==11808==    by 0x429555: cmd_check (cmds-check.c:9465)
==11808==    by 0x409BEC: main (btrfs.c:245)
==11808==  Address 0x6057d10 is 16 bytes inside a block of size 40 free'd
==11808==    at 0x4C29E90: free (vg_replace_malloc.c:473)
==11808==    by 0x41C118: free_file_extent_holes (cmds-check.c:363)
==11808==    by 0x41C118: free_inode_rec (cmds-check.c:722)
==11808==    by 0x41F9CA: maybe_free_inode_rec (cmds-check.c:790)
==11808==    by 0x42036C: splice_shared_node (cmds-check.c:1042)
==11808==    by 0x4205B8: enter_shared_node (cmds-check.c:1142)
==11808==    by 0x420F6E: walk_down_tree (cmds-check.c:1758)
==11808==    by 0x429555: check_fs_root (cmds-check.c:3382)
==11808==    by 0x429555: check_fs_roots (cmds-check.c:3518)
==11808==    by 0x429555: cmd_check (cmds-check.c:9465)
==11808==    by 0x409BEC: main (btrfs.c:245)
==11808==
==11808==
==11808== Process terminating with default action of signal 11 (SIGSEGV)
==11808==  General Protection Fault
==11808==    at 0x4611C2: rb_first (rbtree.c:420)
==11808==    by 0x41B694: first_extent_gap (cmds-check.c:184)
==11808==    by 0x42020E: merge_inode_recs (cmds-check.c:954)
==11808==    by 0x42020E: splice_shared_node (cmds-check.c:1036)
==11808==    by 0x4205B8: enter_shared_node (cmds-check.c:1142)
==11808==    by 0x420F6E: walk_down_tree (cmds-check.c:1758)
==11808==    by 0x429555: check_fs_root (cmds-check.c:3382)
==11808==    by 0x429555: check_fs_roots (cmds-check.c:3518)
==11808==    by 0x429555: cmd_check (cmds-check.c:9465)
==11808==    by 0x409BEC: main (btrfs.c:245)
(....)

Thanks.


>
>
>> On 1/2/15 1:12 AM, Qu Wenruo wrote:
>>>
>>> Record every file extent discontinuous hole in inode_record using a
>>> rb_tree member.
>>>
>>> Before the patch, btrfsck will only record the first file extent hole by
>>> using first_extent_gap, that's good for detecting error, but not
>>> suitable for fixing it.
>>>
>>> This patch provides the ability to record every file extent hole and
>>> report it.
>>
>>
>> This is causing use after free and segfaults in my testing, running
>> xfstests btrfs/078 with multiple devices defined:
>>
>> SCRATCH_DEV_POOL="/dev/sdc5 /dev/sdc6 /dev/sdc7 /dev/sdc8 /dev/sdc9
>> /dev/sdc10 /dev/sdc11 /dev/sdc12"
>>
>> -Eric
>>
>> # valgrind ./btrfsck /dev/sdc5
>> ==31620== Memcheck, a memory error detector
>> ==31620== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
>> ==31620== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright
>> info
>> ==31620== Command: ./btrfsck /dev/sdc5
>> ==31620==
>> Checking filesystem on /dev/sdc5
>> UUID: ab91fc96-549b-4048-a68b-73c5190e6265
>> checking extents
>> checking free space cache
>> checking fs roots
>> ==31620== Invalid read of size 8
>> ==31620==    at 0x4C257C3: rb_first (rbtree.c:420)
>> ==31620==    by 0x41E609: first_extent_gap (cmds-check.c:182)
>> ==31620==    by 0x427D43: merge_inode_recs (cmds-check.c:950)
>> ==31620==    by 0x42827B: splice_shared_node (cmds-check.c:1032)
>> ==31620==    by 0x428827: enter_shared_node (cmds-check.c:1138)
>> ==31620==    by 0x428BCF: walk_down_tree (cmds-check.c:1745)
>> ==31620==    by 0x42CA64: check_fs_root (cmds-check.c:3360)
>> ==31620==    by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
>> ==31620==    by 0x42E342: cmd_check (cmds-check.c:9161)
>> ==31620==    by 0x40C089: main (btrfs.c:245)
>> ==31620==  Address 0x4e5dc60 is 16 bytes inside a block of size 40 free'd
>> ==31620==    at 0x4A063F0: free (vg_replace_malloc.c:446)
>> ==31620==    by 0x421887: free_file_extent_holes (cmds-check.c:359)
>> ==31620==    by 0x4218FB: free_inode_rec (cmds-check.c:718)
>> ==31620==    by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
>> ==31620==    by 0x4282A5: splice_shared_node (cmds-check.c:1038)
>> ==31620==    by 0x42849E: leave_shared_node (cmds-check.c:1170)
>> ==31620==    by 0x42869F: walk_up_tree (cmds-check.c:1817)
>> ==31620==    by 0x42CA82: check_fs_root (cmds-check.c:3366)
>> ==31620==    by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
>> ==31620==    by 0x42E342: cmd_check (cmds-check.c:9161)
>> ==31620==    by 0x40C089: main (btrfs.c:245)
>> ==31620==
>> ==31620== Invalid read of size 8
>> ==31620==    at 0x41E60A: first_extent_gap (cmds-check.c:183)
>> ==31620==    by 0x427D43: merge_inode_recs (cmds-check.c:950)
>> ==31620==    by 0x42827B: splice_shared_node (cmds-check.c:1032)
>> ==31620==    by 0x428827: enter_shared_node (cmds-check.c:1138)
>> ==31620==    by 0x428BCF: walk_down_tree (cmds-check.c:1745)
>> ==31620==    by 0x42CA64: check_fs_root (cmds-check.c:3360)
>> ==31620==    by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
>> ==31620==    by 0x42E342: cmd_check (cmds-check.c:9161)
>> ==31620==    by 0x40C089: main (btrfs.c:245)
>> ==31620==  Address 0x4e5dc68 is 24 bytes inside a block of size 40 free'd
>> ==31620==    at 0x4A063F0: free (vg_replace_malloc.c:446)
>> ==31620==    by 0x421887: free_file_extent_holes (cmds-check.c:359)
>> ==31620==    by 0x4218FB: free_inode_rec (cmds-check.c:718)
>> ==31620==    by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
>> ==31620==    by 0x4282A5: splice_shared_node (cmds-check.c:1038)
>> ==31620==    by 0x42849E: leave_shared_node (cmds-check.c:1170)
>> ==31620==    by 0x42869F: walk_up_tree (cmds-check.c:1817)
>> ==31620==    by 0x42CA82: check_fs_root (cmds-check.c:3366)
>> ==31620==    by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
>> ==31620==    by 0x42E342: cmd_check (cmds-check.c:9161)
>> ==31620==    by 0x40C089: main (btrfs.c:245)
>> ==31620==
>> ==31620== Invalid read of size 8
>> ==31620==    at 0x4C257C3: rb_first (rbtree.c:420)
>> ==31620==    by 0x41E609: first_extent_gap (cmds-check.c:182)
>> ==31620==    by 0x427421: maybe_free_inode_rec (cmds-check.c:768)
>> ==31620==    by 0x4282A5: splice_shared_node (cmds-check.c:1038)
>> ==31620==    by 0x428827: enter_shared_node (cmds-check.c:1138)
>> ==31620==    by 0x428BCF: walk_down_tree (cmds-check.c:1745)
>> ==31620==    by 0x42CA64: check_fs_root (cmds-check.c:3360)
>> ==31620==    by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
>> ==31620==    by 0x42E342: cmd_check (cmds-check.c:9161)
>> ==31620==    by 0x40C089: main (btrfs.c:245)
>> ==31620==  Address 0x4e5dc60 is 16 bytes inside a block of size 40 free'd
>> ==31620==    at 0x4A063F0: free (vg_replace_malloc.c:446)
>> ==31620==    by 0x421887: free_file_extent_holes (cmds-check.c:359)
>> ==31620==    by 0x4218FB: free_inode_rec (cmds-check.c:718)
>> ==31620==    by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
>> ==31620==    by 0x4282A5: splice_shared_node (cmds-check.c:1038)
>> ==31620==    by 0x42849E: leave_shared_node (cmds-check.c:1170)
>> ==31620==    by 0x42869F: walk_up_tree (cmds-check.c:1817)
>> ==31620==    by 0x42CA82: check_fs_root (cmds-check.c:3366)
>> ==31620==    by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
>> ==31620==    by 0x42E342: cmd_check (cmds-check.c:9161)
>> ==31620==    by 0x40C089: main (btrfs.c:245)
>> ==31620==
>> ==31620== Invalid read of size 8
>> ==31620==    at 0x41E60A: first_extent_gap (cmds-check.c:183)
>> ==31620==    by 0x427421: maybe_free_inode_rec (cmds-check.c:768)
>> ==31620==    by 0x4282A5: splice_shared_node (cmds-check.c:1038)
>> ==31620==    by 0x428827: enter_shared_node (cmds-check.c:1138)
>> ==31620==    by 0x428BCF: walk_down_tree (cmds-check.c:1745)
>> ==31620==    by 0x42CA64: check_fs_root (cmds-check.c:3360)
>> ==31620==    by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
>> ==31620==    by 0x42E342: cmd_check (cmds-check.c:9161)
>> ==31620==    by 0x40C089: main (btrfs.c:245)
>> ==31620==  Address 0x4e5dc68 is 24 bytes inside a block of size 40 free'd
>> ==31620==    at 0x4A063F0: free (vg_replace_malloc.c:446)
>> ==31620==    by 0x421887: free_file_extent_holes (cmds-check.c:359)
>> ==31620==    by 0x4218FB: free_inode_rec (cmds-check.c:718)
>> ==31620==    by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
>> ==31620==    by 0x4282A5: splice_shared_node (cmds-check.c:1038)
>> ==31620==    by 0x42849E: leave_shared_node (cmds-check.c:1170)
>> ==31620==    by 0x42869F: walk_up_tree (cmds-check.c:1817)
>> ==31620==    by 0x42CA82: check_fs_root (cmds-check.c:3366)
>> ==31620==    by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
>> ==31620==    by 0x42E342: cmd_check (cmds-check.c:9161)
>> ==31620==    by 0x40C089: main (btrfs.c:245)
>> ==31620==
>> ==31620== Invalid read of size 8
>> ==31620==    at 0x4C257C3: rb_first (rbtree.c:420)
>> ==31620==    by 0x42186C: free_file_extent_holes (cmds-check.c:355)
>> ==31620==    by 0x4218FB: free_inode_rec (cmds-check.c:718)
>> ==31620==    by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
>> ==31620==    by 0x4282A5: splice_shared_node (cmds-check.c:1038)
>> ==31620==    by 0x428827: enter_shared_node (cmds-check.c:1138)
>> ==31620==    by 0x428BCF: walk_down_tree (cmds-check.c:1745)
>> ==31620==    by 0x42CA64: check_fs_root (cmds-check.c:3360)
>> ==31620==    by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
>> ==31620==    by 0x42E342: cmd_check (cmds-check.c:9161)
>> ==31620==    by 0x40C089: main (btrfs.c:245)
>> ==31620==  Address 0x4e5dc60 is 16 bytes inside a block of size 40 free'd
>> ==31620==    at 0x4A063F0: free (vg_replace_malloc.c:446)
>> ==31620==    by 0x421887: free_file_extent_holes (cmds-check.c:359)
>> ==31620==    by 0x4218FB: free_inode_rec (cmds-check.c:718)
>> ==31620==    by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
>> ==31620==    by 0x4282A5: splice_shared_node (cmds-check.c:1038)
>> ==31620==    by 0x42849E: leave_shared_node (cmds-check.c:1170)
>> ==31620==    by 0x42869F: walk_up_tree (cmds-check.c:1817)
>> ==31620==    by 0x42CA82: check_fs_root (cmds-check.c:3366)
>> ==31620==    by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
>> ==31620==    by 0x42E342: cmd_check (cmds-check.c:9161)
>> ==31620==    by 0x40C089: main (btrfs.c:245)
>>
>> ... etc ...
>>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html



-- 
Filipe David Manana,

"Reasonable men adapt themselves to the world.
 Unreasonable men adapt the world to themselves.
 That's why all progress depends on unreasonable men."
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux