On Tue, Mar 07, 2017 at 06:32:23PM +0100, David Sterba wrote: > On Mon, Mar 06, 2017 at 11:19:32PM +0000, Filipe Manana wrote: > > On Mon, Mar 6, 2017 at 2:55 AM, Qu Wenruo <quwenruo@xxxxxxxxxxxxxx> wrote: > > > [BUG] > > > When btrfs_reloc_clone_csum() reports error, it can underflow metadata > > > and leads to kernel assertion on outstanding extents in > > > run_delalloc_nocow() and cow_file_range(). > > > > > > BTRFS info (device vdb5): relocating block group 12582912 flags data > > > BTRFS info (device vdb5): found 1 extents > > > assertion failed: inode->outstanding_extents >= num_extents, file: fs/btrfs//extent-tree.c, line: 5858 > > > > > > Currently, due to another bug blocking ordered extents, the bug is only > > > reproducible under certain block group layout and using error injection. > > > > > > a) Create one data block group with one 4K extent in it. > > > To avoid the bug that hangs btrfs due to ordered extent which never > > > finishes > > > b) Make btrfs_reloc_clone_csum() always fail > > > c) Relocate that block group > > > > > > [CAUSE] > > > run_delalloc_nocow() and cow_file_range() handles error from > > > btrfs_reloc_clone_csum() wrongly: > > > > > > (The ascii chart shows a more generic case of this bug other than the > > > bug mentioned above) > > > > > > |<------------------ delalloc range --------------------------->| > > > | OE 1 | OE 2 | ... | OE n | > > > |<----------- cleanup range --------------->| > > > |<----------- ----------->| > > > \/ > > > btrfs_finish_ordered_io() range > > > > > > So error handler, which calls extent_clear_unlock_delalloc() with > > > EXTENT_DELALLOC and EXTENT_DO_ACCOUNT bits, and btrfs_finish_ordered_io() > > > will both cover OE n, and free its metadata, causing metadata under flow. > > > > > > [Fix] > > > The fix is to ensure after calling btrfs_add_ordered_extent(), we only > > > call error handler after increasing the iteration offset, so that > > > cleanup range won't cover any created ordered extent. > > > > > > |<------------------ delalloc range --------------------------->| > > > | OE 1 | OE 2 | ... | OE n | > > > |<----------- ----------->|<---------- cleanup range --------->| > > > \/ > > > btrfs_finish_ordered_io() range > > > > > > Signed-off-by: Qu Wenruo <quwenruo@xxxxxxxxxxxxxx> > > > > Reviewed-by: Filipe Manana <fdmanana@xxxxxxxx> > > 1-2 added to for-next and queued for 4.11. Thanks. I'm afraid that patch 1 has a problem, please take a look at the thread. Thanks, -liubo -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
