On Wed, Oct 12, 2016 at 10:23:52PM +0100, Filipe Manana wrote:
> On Tue, Sep 6, 2016 at 10:51 PM, Liu Bo <bo.li....@oracle.com> wrote:
> > Hi Filipe,
> >
> > On Mon, Sep 05, 2016 at 04:28:09PM +0100, Filipe Manana wrote:
> >> On Fri, Sep 2, 2016 at 8:35 PM, Liu Bo <bo.li....@oracle.com> wrote:
> >> > This can only happen with CONFIG_BTRFS_FS_CHECK_INTEGRITY=y.
> >> >
> >> > Commit 1ba98d0 ("Btrfs: detect corruption when non-root leaf has zero 
> >> > item")
> >> > assumes that a leaf is its root when leaf->bytenr == 
> >> > btrfs_root_bytenr(root),
> >> > however, we should not use btrfs_root_bytenr(root) since it's mainly got
> >> > updated during committing transaction.  So the check can fail when doing
> >> > COW on this leaf while it is a root.
> >> >
> >> > This changes to use "if (leaf == btrfs_root_node(root))" instead, just 
> >> > like
> >> > how we check whether leaf is a root in __btrfs_cow_block().
> >> >
> >> > Reported-by: Jeff Mahoney <je...@suse.com>
> >> > Signed-off-by: Liu Bo <bo.li....@oracle.com>
> >>
> >> Hi Bo,
> >>
> >> Even with this patch applied against latest branch for-linus-4.8, at
> >> least on a build with CONFIG_BTRFS_FS_CHECK_INTEGRITY=y,
> >> the issue still happens for me when running fsstress with balance in 
> >> parallel:
> >
> > Thanks for the report.
> >
> > This panic shows that we can have non-root btree leaf with 0 nritems during
> > split_leaf(), but a btrfs_search_slot which calls split_leaf() like this is
> > inserting an item, and while we set @right's nritems to 0, we also assign 
> > @disk_key
> > associated with @right in the parent node, so I think we're actually having
> >  nritem 0 temporarily and we can remove this btrfs_mark_buffer_dirty() like 
> > the
> > following quick patch.
> >
> > Thanks,
> >
> > -liubo
> >
> > diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
> > index d1c56c9..5e5ceb5 100644
> > --- a/fs/btrfs/ctree.c
> > +++ b/fs/btrfs/ctree.c
> > @@ -4341,7 +4341,11 @@ again:
> >                         if (path->slots[1] == 0)
> >                                 fixup_low_keys(fs_info, path, &disk_key, 1);
> >                 }
> > -               btrfs_mark_buffer_dirty(right);
> > +               /*
> > +                * We create a new leaf 'right' for the required ins_len and
> > +                * we'll do btrfs_mark_buffer_dirty() on this leaf after 
> > copying
> > +                * the content of ins_len to 'right'.
> > +                */
> >                 return ret;
> >         }
> 
> Bo, there's yet another case:
> 
> [25120.107171] BTRFS critical (device sdb): corrupt leaf, non-root
> leaf's nritems is 0: block=29556736, root=1, slot=0
> [25120.108641] BTRFS info (device sdb): leaf 29556736 total ptrs 0
> free space 16283
> [25120.109935] assertion failed: 0, file: fs/btrfs/disk-io.c, line: 4065
> [25120.111092] ------------[ cut here ]------------
> [25120.111875] kernel BUG at fs/btrfs/ctree.h:3418!
> [25120.112615] invalid opcode: 0000 [#1] PREEMPT SMP
> [25120.112615] Modules linked in: crc32c_generic btrfs xor raid6_pq
> acpi_cpufreq tpm_tis tpm_tis_core ppdev tpm sg i2c_piix4 evdev psmouse
> parport_pc parport i2c_core processor serio_raw button pcspkr loop
> autofs4 ext4 crc16 jbd2 mbcache sr_mod cdrom sd_mod ata_generic
> virtio_scsi ata_piix libata virtio_pci virtio_ring floppy virtio
> scsi_mod e1000
> [25120.112615] CPU: 0 PID: 2678 Comm: umount Not tainted
> 4.8.0-rc8-btrfs-next-35+ #1

Hi Filipe,

Since the crash is similar to the call chains from Jeff's report,
ie.
btrfs_del_csums
  -> btrfs_search_slot
     -> btrfs_cow_block
        -> btrfs_mark_buffer_dirty

I just wonder that whether 4.8.0-rc8-btrfs-next-35+ has

"[PATCH] Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty" ?

Thanks,

-liubo

> [25120.112615] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
> [25120.112615] task: ffff8802150bda80 task.stack: ffff88021ba5c000
> [25120.112615] RIP: 0010:[<ffffffffa03764c4>]  [<ffffffffa03764c4>]
> assfail.constprop.41+0x1c/0x1e [btrfs]
> [25120.112615] RSP: 0018:ffff88021ba5f898  EFLAGS: 00010292
> [25120.112615] RAX: 0000000000000039 RBX: ffff8802262f1928 RCX: 
> 0000000000000001
> [25120.112615] RDX: 0000000000000006 RSI: ffffffff817daf3c RDI: 
> 00000000ffffffff
> [25120.112615] RBP: ffff88021ba5f898 R08: 0000000000000001 R09: 
> 0000000000000000
> [25120.112615] R10: ffff880233868d90 R11: ffffffff82f3c5ed R12: 
> ffff88021ed5c000
> [25120.112615] R13: ffff880225643498 R14: ffff88023339db88 R15: 
> 0000000000000000
> [25120.112615] FS:  00007f5728238840(0000) GS:ffff88023f200000(0000)
> knlGS:0000000000000000
> [25120.112615] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [25120.112615] CR2: 0000000002535868 CR3: 0000000217a1f000 CR4: 
> 00000000000006f0
> [25120.112615] Stack:
> [25120.112615]  ffff88021ba5f8c0 ffffffffa02fa521 0000000000000007
> ffff8802196bb000
> [25120.112615]  ffff8802262f1928 ffff88021ba5f930 ffffffffa02dbb51
> ffff880225643498
> [25120.112615]  ffff88021ba5f9e0 0000000000643530 0000000000000000
> 0000000500000001
> [25120.112615] Call Trace:
> [25120.112615]  [<ffffffffa02fa521>] btrfs_mark_buffer_dirty+0xdf/0xe5 [btrfs]
> [25120.112615]  [<ffffffffa02dbb51>] __btrfs_cow_block+0x3ce/0x414 [btrfs]
> [25120.112615]  [<ffffffffa02dbce0>] btrfs_cow_block+0xe9/0x236 [btrfs]
> [25120.112615]  [<ffffffffa02de869>] btrfs_search_slot+0x287/0x755 [btrfs]
> [25120.112615]  [<ffffffffa02dae85>] ? btrfs_alloc_path+0x1a/0x1c [btrfs]
> [25120.112615]  [<ffffffffa02f47de>] btrfs_del_csums+0xa6/0x254 [btrfs]
> [25120.112615]  [<ffffffff814b8e8f>] ? _raw_spin_unlock+0x31/0x44
> [25120.112615]  [<ffffffffa02e6ab8>] __btrfs_free_extent+0x7fd/0x953 [btrfs]
> [25120.112615]  [<ffffffffa02eadc1>]
> __btrfs_run_delayed_refs+0xd25/0xff3 [btrfs]
> [25120.112615]  [<ffffffff810b1797>] ? call_rcu+0x17/0x19
> [25120.112615]  [<ffffffff81184e0a>] ? put_object+0x3e/0x41
> [25120.112615]  [<ffffffffa02daf06>] ?
> btrfs_clear_path_blocking+0x2c/0xa4 [btrfs]
> [25120.112615]  [<ffffffff810917d1>] ? __lock_is_held+0x3c/0x57
> [25120.112615]  [<ffffffffa02ec9ae>] btrfs_run_delayed_refs+0x8a/0x1e2 [btrfs]
> [25120.112615]  [<ffffffffa02fe0d5>] commit_cowonly_roots+0xee/0x263 [btrfs]
> [25120.112615]  [<ffffffffa030074b>]
> btrfs_commit_transaction+0x4a8/0x96b [btrfs]
> [25120.112615]  [<ffffffffa02f98c3>] btrfs_commit_super+0x91/0x94 [btrfs]
> [25120.112615]  [<ffffffffa02fb7f1>] close_ctree+0xfd/0x336 [btrfs]
> [25120.112615]  [<ffffffff811a29a8>] ? evict_inodes+0x13b/0x14a
> [25120.112615]  [<ffffffffa02d56e5>] btrfs_put_super+0x19/0x1b [btrfs]
> [25120.112615]  [<ffffffff8118c5f7>] generic_shutdown_super+0x6a/0xeb
> [25120.112615]  [<ffffffff8118ca24>] kill_anon_super+0x12/0x1c
> [25120.112615]  [<ffffffffa02d54e4>] btrfs_kill_super+0x16/0x21 [btrfs]
> [25120.112615]  [<ffffffff8118c496>] deactivate_locked_super+0x3b/0x68
> [25120.112615]  [<ffffffff8118c4f9>] deactivate_super+0x36/0x39
> [25120.112615]  [<ffffffff811a5fed>] cleanup_mnt+0x58/0x76
> [25120.112615]  [<ffffffff811a6049>] __cleanup_mnt+0x12/0x14
> [25120.112615]  [<ffffffff8107068d>] task_work_run+0x6f/0x9a
> [25120.112615]  [<ffffffff810018b0>] prepare_exit_to_usermode+0xaa/0xc8
> [25120.112615]  [<ffffffff81001a37>] syscall_return_slowpath+0x169/0x1cd
> [25120.112615]  [<ffffffff814b95f3>] entry_SYSCALL_64_fastpath+0xa6/0xa8
> 
> thanks
> 
> >
> >
> >
> >>
> >> [  366.998044] BTRFS: device fsid 69759b3a-96ae-467d-aa63-364144e73a28
> >> devid 1 transid 3 /dev/sdc
> >> [  367.023652] BTRFS info (device sdc): turning on discard
> >> [  367.025036] BTRFS info (device sdc): disk space caching is enabled
> >> [  367.026360] BTRFS info (device sdc): has skinny extents
> >> [  367.069415] BTRFS info (device sdc): creating UUID tree
> >> [  367.133704] BTRFS info (device sdc): relocating block group 29360128 
> >> flags 36
> >> [  367.142196] BTRFS info (device sdc): found 2 extents
> >> [  367.147932] BTRFS info (device sdc): relocating block group 20971520 
> >> flags 34
> >> [  367.157947] BTRFS info (device sdc): found 1 extents
> >> [  367.162649] BTRFS info (device sdc): relocating block group 12582912 
> >> flags 1
> >> [  367.182872] BTRFS info (device sdc): found 1 extents
> >> [  367.189932] BTRFS info (device sdc): found 1 extents
> >> [  367.200983] BTRFS info (device sdc): relocating block group
> >> 1270874112 flags 1
> >> [  367.235862] BTRFS critical (device sdc): corrupt leaf, non-root
> >> leaf's nritems is 0: block=1103937536,root=5, slot=0
> >> [  367.238223] BTRFS info (device sdc): leaf 1103937536 total ptrs 0
> >> free space 3995
> >> [  367.239371] BTRFS: assertion failed: 0, file: fs/btrfs/disk-io.c, line: 
> >> 4059
> >> [  367.240321] ------------[ cut here ]------------
> >> [  367.241245] kernel BUG at fs/btrfs/ctree.h:3367!
> >> [  367.241961] invalid opcode: 0000 [#1] PREEMPT SMP
> >> [  367.242685] Modules linked in: btrfs crc32c_generic xor raid6_pq
> >> acpi_cpufreq tpm_tis tpm sg i2c_piix4 i2c_core psmouse ppdev processor
> >> evdev parport_pc parport serio_raw pcspkr button loop autofs4 ext4
> >> crc16 jbd2 mbcache sr_mod cdrom sd_mod ata_generic virtio_scsi
> >> ata_piix libata virtio_pci virtio_ring e1000 virtio scsi_mod floppy
> >> [last unloaded: btrfs]
> >> [  367.244302] CPU: 11 PID: 3451 Comm: fdm-stress Not tainted
> >> 4.7.0-rc6-btrfs-next-34+ #1
> >> [  367.244302] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> >> BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
> >> [  367.244302] task: ffff880183ef8bc0 ti: ffff880183fe0000 task.ti:
> >> ffff880183fe0000
> >> [  367.244302] RIP: 0010:[<ffffffffa04601d5>]  [<ffffffffa04601d5>]
> >> assfail.constprop.42+0x1c/0x1e [btrfs]
> >> [  367.244302] RSP: 0018:ffff880183fe3c78  EFLAGS: 00010296
> >> [  367.244302] RAX: 0000000000000040 RBX: ffff880222a66ab0 RCX: 
> >> 0000000000000001
> >> [  367.244302] RDX: ffffffff810a0a23 RSI: ffffffff814a82cb RDI: 
> >> 00000000ffffffff
> >> [  367.244302] RBP: ffff880183fe3c78 R08: 0000000000000001 R09: 
> >> 0000000000000000
> >> [  367.244302] R10: ffff880183fe3b70 R11: ffffffff82f3650d R12: 
> >> ffff880183e8e000
> >> [  367.244302] R13: ffff8800b3e7d000 R14: 0000000000000a59 R15: 
> >> 0000000000000017
> >> [  367.244302] FS:  00007f0b85310700(0000) GS:ffff88023f4c0000(0000)
> >> knlGS:0000000000000000
> >> [  367.244302] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> >> [  367.244302] CR2: 00007f0b7800ea28 CR3: 000000022da9b000 CR4: 
> >> 00000000000006e0
> >> [  367.244302] Stack:
> >> [  367.244302]  ffff880183fe3ca0 ffffffffa03e51e3 0000000000000023
> >> ffff880222a66ab0
> >> [  367.244302]  ffff880183885bb8 ffff880183fe3d38 ffffffffa03c9540
> >> 0000000083fe3d08
> >> [  367.244302]  ffff8800b3e7d2d8 0000000000001000 ffff880183fe3e7f
> >> ffff880183ff8000
> >> [  367.244302] Call Trace:
> >> [  367.244302]  [<ffffffffa03e51e3>] btrfs_mark_buffer_dirty+0xdf/0xe5 
> >> [btrfs]
> >> [  367.244302]  [<ffffffffa03c9540>] split_leaf+0x47c/0x566 [btrfs]
> >> [  367.244302]  [<ffffffffa03c9c09>] btrfs_search_slot+0x5df/0x755 [btrfs]
> >> [  367.244302]  [<ffffffff8116daf7>] ? slab_post_alloc_hook+0x42/0x52
> >> [  367.244302]  [<ffffffffa03caf5a>] btrfs_insert_empty_items+0x5d/0xa6 
> >> [btrfs]
> >> [  367.244302]  [<ffffffffa03f783b>] btrfs_symlink+0x17f/0x34f [btrfs]
> >> [  367.244302]  [<ffffffff8118bcf5>] vfs_symlink+0x51/0x6e
> >> [  367.244302]  [<ffffffff8118fc4c>] SYSC_symlinkat+0x6d/0xb2
> >> [  367.244302]  [<ffffffff8100101a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
> >> [  367.244302]  [<ffffffff811904b6>] SyS_symlink+0x16/0x18
> >> [  367.244302]  [<ffffffff814a88e5>] entry_SYSCALL_64_fastpath+0x18/0xa8
> >> [  367.244302]  [<ffffffff81102507>] ? time_hardirqs_off+0x9/0x14
> >> [  367.244302]  [<ffffffff8108f019>] ? trace_hardirqs_off_caller+0x1f/0xaa
> >> [  367.244302] Code: 89 83 88 00 00 00 31 c0 5b 41 5c 41 5d 5d c3 55
> >> 89 f1 48 c7 c2 14 8b 46 a0 48 89 fe 48 c7 c7 27 8c 46 a0 48 89 e5 e8
> >> e5 2f cc e0 <0f> 0b 55 89 f1 48 c7 c2 03 a2 46 a0 48 89 fe 48 c7 c7 dc
> >> a3 46
> >> [  367.244302] RIP  [<ffffffffa04601d5>] assfail.constprop.42+0x1c/0x1e 
> >> [btrfs]
> >> [  367.244302]  RSP <ffff880183fe3c78>
> >> [  367.289039] ---[ end trace a3e4ce9819ed383b ]---
> >>
> >>
> >> thanks
> >>
> >> > ---
> >> >  fs/btrfs/disk-io.c | 10 +++++++---
> >> >  1 file changed, 7 insertions(+), 3 deletions(-)
> >> >
> >> > diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
> >> > index 9367c31..b401e6d 100644
> >> > --- a/fs/btrfs/disk-io.c
> >> > +++ b/fs/btrfs/disk-io.c
> >> > @@ -572,13 +572,17 @@ static noinline int check_leaf(struct btrfs_root 
> >> > *root,
> >> >                  * open_ctree() some roots has not yet been set up.
> >> >                  */
> >> >                 if (!IS_ERR_OR_NULL(check_root)) {
> >> > +                       struct extent_buffer *eb;
> >> > +
> >> > +                       eb = btrfs_root_node(check_root);
> >> >                         /* if leaf is the root, then it's fine */
> >> > -                       if (leaf->start !=
> >> > -                           btrfs_root_bytenr(&check_root->root_item)) {
> >> > +                       if (leaf != eb) {
> >> >                                 CORRUPT("non-root leaf's nritems is 0",
> >> > -                                       leaf, root, 0);
> >> > +                                       leaf, check_root, 0);
> >> > +                               free_extent_buffer(eb);
> >> >                                 return -EIO;
> >> >                         }
> >> > +                       free_extent_buffer(eb);
> >> >                 }
> >> >                 return 0;
> >> >         }
> >> > --
> >> > 2.5.5
> >> >
> >> > --
> >> > To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> >> > the body of a message to majord...@vger.kernel.org
> >> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> >>
> >>
> >>
> >> --
> >> Filipe David Manana,
> >>
> >> "People will forget what you said,
> >>  people will forget what you did,
> >>  but people will never forget how you made them feel."
> 
> 
> 
> -- 
> Filipe David Manana,
> 
> "People will forget what you said,
>  people will forget what you did,
>  but people will never forget how you made them feel."
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to