Re: [PATCH v2] Btrfs: fix invalid extent maps due to hole punching

[Filipe Manana]

On Wed, May 31, 2017 at 9:32 PM, Liu Bo  wrote:
> On Sun, May 28, 2017 at 10:31:05PM +0100, fdman...@kernel.org wrote:
>> From: Filipe Manana 
>>
>> While punching a hole in a range that is not aligned with the sector size
>> (currently the same as the page size) we can end up leaving an extent map
>> in memory with a length that is smaller then the sector size, which is
>> not expected and can lead to problems. This issue is easily detected
>> after the patch from commit a7e3b975a0f9 ("Btrfs: fix reported number of
>> inode blocks"), introduced in kernel 4.12-rc1, in a scenario like the
>> following for example:
>>
>>   $ mkfs.btrfs -f /dev/sdb
>>   $ mount /dev/sdb /mnt
>>   $ xfs_io -c "pwrite -S 0xaa -b 100K 0 100K" /mnt/foo
>>   $ xfs_io -c "fpunch 60K 90K" /mnt/foo
>>   $ xfs_io -c "pwrite -S 0xbb -b 100K 50K 100K" /mnt/foo
>>   $ xfs_io -c "pwrite -S 0xcc -b 50K 100K 50K" /mnt/foo
>>   $ umount /mnt
>>
>> After the unmount operation we can see several warnings emmitted due to
>> underflows related to space reservation counters:
>>
>> [ 2837.443299] [ cut here ]
>> [ 2837.447395] WARNING: CPU: 8 PID: 2474 at fs/btrfs/inode.c:9444 
>> btrfs_destroy_inode+0xe8/0x27e [btrfs]
>> [ 2837.452108] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse 
>> parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev 
>> tpm button se
>> rio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs raid10 raid456 
>> async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq 
>> libcrc32c crc32c_gene
>> ric raid1 raid0 multipath linear md_mod sr_mod cdrom sd_mod ata_generic 
>> virtio_scsi ata_piix libata virtio_pci virtio_ring virtio e1000 scsi_mod 
>> floppy
>> [ 2837.458389] CPU: 8 PID: 2474 Comm: umount Tainted: GW   
>> 4.10.0-rc8-btrfs-next-43+ #1
>> [ 2837.459754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
>> rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
>> [ 2837.462379] Call Trace:
>> [ 2837.462379]  dump_stack+0x68/0x92
>> [ 2837.462379]  __warn+0xc2/0xdd
>> [ 2837.462379]  warn_slowpath_null+0x1d/0x1f
>> [ 2837.462379]  btrfs_destroy_inode+0xe8/0x27e [btrfs]
>> [ 2837.462379]  destroy_inode+0x3d/0x55
>> [ 2837.462379]  evict+0x177/0x17e
>> [ 2837.462379]  dispose_list+0x50/0x71
>> [ 2837.462379]  evict_inodes+0x132/0x141
>> [ 2837.462379]  generic_shutdown_super+0x3f/0xeb
>> [ 2837.462379]  kill_anon_super+0x12/0x1c
>> [ 2837.462379]  btrfs_kill_super+0x16/0x21 [btrfs]
>> [ 2837.462379]  deactivate_locked_super+0x30/0x68
>> [ 2837.462379]  deactivate_super+0x36/0x39
>> [ 2837.462379]  cleanup_mnt+0x58/0x76
>> [ 2837.462379]  __cleanup_mnt+0x12/0x14
>> [ 2837.462379]  task_work_run+0x77/0x9b
>> [ 2837.462379]  prepare_exit_to_usermode+0x9d/0xc5
>> [ 2837.462379]  syscall_return_slowpath+0x196/0x1b9
>> [ 2837.462379]  entry_SYSCALL_64_fastpath+0xab/0xad
>> [ 2837.462379] RIP: 0033:0x7f3ef3e6b9a7
>> [ 2837.462379] RSP: 002b:7ffdd0d8de58 EFLAGS: 0246 ORIG_RAX: 
>> 00a6
>> [ 2837.462379] RAX:  RBX: 556f76a39060 RCX: 
>> 7f3ef3e6b9a7
>> [ 2837.462379] RDX: 0001 RSI:  RDI: 
>> 556f76a3f910
>> [ 2837.462379] RBP: 556f76a3f910 R08: 556f76a3e670 R09: 
>> 0015
>> [ 2837.462379] R10: 06b4 R11: 0246 R12: 
>> 7f3ef436ce64
>> [ 2837.462379] R13:  R14: 556f76a39240 R15: 
>> 7ffdd0d8e0e0
>> [ 2837.519355] ---[ end trace e79345fe24b30b8d ]---
>> [ 2837.596256] [ cut here ]
>> [ 2837.597625] WARNING: CPU: 8 PID: 2474 at fs/btrfs/extent-tree.c:5699 
>> btrfs_free_block_groups+0x246/0x3eb [btrfs]
>> [ 2837.603547] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse 
>> parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev 
>> tpm button serio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs 
>> raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx 
>> xor raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod 
>> sr_mod cdrom sd_mod ata_generic virtio_scsi ata_piix libata virtio_pci 
>> virtio_ring virtio e1000 scsi_mod floppy
>> [ 2837.659372] CPU: 8 PID: 2474 Comm: umount Tainted: GW   
>> 4.10.0-rc8-btrfs-next-43+ #1
>> [ 2837.663359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
>> rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
>> [ 2837.663359] Call Trace:
>> [ 2837.663359]  dump_stack+0x68/0x92
>> [ 2837.663359]  __warn+0xc2/0xdd
>> [ 2837.663359]  warn_slowpath_null+0x1d/0x1f
>> [ 2837.663359]  btrfs_free_block_groups+0x246/0x3eb [btrfs]
>> [ 2837.663359]  close_ctree+0x1dd/0x2e1 [btrfs]
>> [ 2837.663359]  ? evict_inodes+0x132/0x141
>> [ 2837.663359]  btrfs_put_super+0x15/0x17 [btrfs]
>> [ 2837.663359]  generic_shutdown_super+0x6a/0xeb
>> [ 2837.663359]  kill_anon_super+0x12/0x1c
>> [ 2837.663359]  

Re: [PATCH v2] Btrfs: fix invalid extent maps due to hole punching

[Liu Bo]

On Sun, May 28, 2017 at 10:31:05PM +0100, fdman...@kernel.org wrote:
> From: Filipe Manana 
> 
> While punching a hole in a range that is not aligned with the sector size
> (currently the same as the page size) we can end up leaving an extent map
> in memory with a length that is smaller then the sector size, which is
> not expected and can lead to problems. This issue is easily detected
> after the patch from commit a7e3b975a0f9 ("Btrfs: fix reported number of
> inode blocks"), introduced in kernel 4.12-rc1, in a scenario like the
> following for example:
> 
>   $ mkfs.btrfs -f /dev/sdb
>   $ mount /dev/sdb /mnt
>   $ xfs_io -c "pwrite -S 0xaa -b 100K 0 100K" /mnt/foo
>   $ xfs_io -c "fpunch 60K 90K" /mnt/foo
>   $ xfs_io -c "pwrite -S 0xbb -b 100K 50K 100K" /mnt/foo
>   $ xfs_io -c "pwrite -S 0xcc -b 50K 100K 50K" /mnt/foo
>   $ umount /mnt
> 
> After the unmount operation we can see several warnings emmitted due to
> underflows related to space reservation counters:
> 
> [ 2837.443299] [ cut here ]
> [ 2837.447395] WARNING: CPU: 8 PID: 2474 at fs/btrfs/inode.c:9444 
> btrfs_destroy_inode+0xe8/0x27e [btrfs]
> [ 2837.452108] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse 
> parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev 
> tpm button se
> rio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs raid10 raid456 
> async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq 
> libcrc32c crc32c_gene
> ric raid1 raid0 multipath linear md_mod sr_mod cdrom sd_mod ata_generic 
> virtio_scsi ata_piix libata virtio_pci virtio_ring virtio e1000 scsi_mod 
> floppy
> [ 2837.458389] CPU: 8 PID: 2474 Comm: umount Tainted: GW   
> 4.10.0-rc8-btrfs-next-43+ #1
> [ 2837.459754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
> rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
> [ 2837.462379] Call Trace:
> [ 2837.462379]  dump_stack+0x68/0x92
> [ 2837.462379]  __warn+0xc2/0xdd
> [ 2837.462379]  warn_slowpath_null+0x1d/0x1f
> [ 2837.462379]  btrfs_destroy_inode+0xe8/0x27e [btrfs]
> [ 2837.462379]  destroy_inode+0x3d/0x55
> [ 2837.462379]  evict+0x177/0x17e
> [ 2837.462379]  dispose_list+0x50/0x71
> [ 2837.462379]  evict_inodes+0x132/0x141
> [ 2837.462379]  generic_shutdown_super+0x3f/0xeb
> [ 2837.462379]  kill_anon_super+0x12/0x1c
> [ 2837.462379]  btrfs_kill_super+0x16/0x21 [btrfs]
> [ 2837.462379]  deactivate_locked_super+0x30/0x68
> [ 2837.462379]  deactivate_super+0x36/0x39
> [ 2837.462379]  cleanup_mnt+0x58/0x76
> [ 2837.462379]  __cleanup_mnt+0x12/0x14
> [ 2837.462379]  task_work_run+0x77/0x9b
> [ 2837.462379]  prepare_exit_to_usermode+0x9d/0xc5
> [ 2837.462379]  syscall_return_slowpath+0x196/0x1b9
> [ 2837.462379]  entry_SYSCALL_64_fastpath+0xab/0xad
> [ 2837.462379] RIP: 0033:0x7f3ef3e6b9a7
> [ 2837.462379] RSP: 002b:7ffdd0d8de58 EFLAGS: 0246 ORIG_RAX: 
> 00a6
> [ 2837.462379] RAX:  RBX: 556f76a39060 RCX: 
> 7f3ef3e6b9a7
> [ 2837.462379] RDX: 0001 RSI:  RDI: 
> 556f76a3f910
> [ 2837.462379] RBP: 556f76a3f910 R08: 556f76a3e670 R09: 
> 0015
> [ 2837.462379] R10: 06b4 R11: 0246 R12: 
> 7f3ef436ce64
> [ 2837.462379] R13:  R14: 556f76a39240 R15: 
> 7ffdd0d8e0e0
> [ 2837.519355] ---[ end trace e79345fe24b30b8d ]---
> [ 2837.596256] [ cut here ]
> [ 2837.597625] WARNING: CPU: 8 PID: 2474 at fs/btrfs/extent-tree.c:5699 
> btrfs_free_block_groups+0x246/0x3eb [btrfs]
> [ 2837.603547] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse 
> parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev 
> tpm button serio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs raid10 
> raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor 
> raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod sr_mod 
> cdrom sd_mod ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring 
> virtio e1000 scsi_mod floppy
> [ 2837.659372] CPU: 8 PID: 2474 Comm: umount Tainted: GW   
> 4.10.0-rc8-btrfs-next-43+ #1
> [ 2837.663359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
> rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
> [ 2837.663359] Call Trace:
> [ 2837.663359]  dump_stack+0x68/0x92
> [ 2837.663359]  __warn+0xc2/0xdd
> [ 2837.663359]  warn_slowpath_null+0x1d/0x1f
> [ 2837.663359]  btrfs_free_block_groups+0x246/0x3eb [btrfs]
> [ 2837.663359]  close_ctree+0x1dd/0x2e1 [btrfs]
> [ 2837.663359]  ? evict_inodes+0x132/0x141
> [ 2837.663359]  btrfs_put_super+0x15/0x17 [btrfs]
> [ 2837.663359]  generic_shutdown_super+0x6a/0xeb
> [ 2837.663359]  kill_anon_super+0x12/0x1c
> [ 2837.663359]  btrfs_kill_super+0x16/0x21 [btrfs]
> [ 2837.663359]  deactivate_locked_super+0x30/0x68
> [ 2837.663359]  deactivate_super+0x36/0x39
> [ 2837.663359]  

[PATCH v2] Btrfs: fix invalid extent maps due to hole punching

[fdmanana]

From: Filipe Manana 

While punching a hole in a range that is not aligned with the sector size
(currently the same as the page size) we can end up leaving an extent map
in memory with a length that is smaller then the sector size, which is
not expected and can lead to problems. This issue is easily detected
after the patch from commit a7e3b975a0f9 ("Btrfs: fix reported number of
inode blocks"), introduced in kernel 4.12-rc1, in a scenario like the
following for example:

  $ mkfs.btrfs -f /dev/sdb
  $ mount /dev/sdb /mnt
  $ xfs_io -c "pwrite -S 0xaa -b 100K 0 100K" /mnt/foo
  $ xfs_io -c "fpunch 60K 90K" /mnt/foo
  $ xfs_io -c "pwrite -S 0xbb -b 100K 50K 100K" /mnt/foo
  $ xfs_io -c "pwrite -S 0xcc -b 50K 100K 50K" /mnt/foo
  $ umount /mnt

After the unmount operation we can see several warnings emmitted due to
underflows related to space reservation counters:

[ 2837.443299] [ cut here ]
[ 2837.447395] WARNING: CPU: 8 PID: 2474 at fs/btrfs/inode.c:9444 
btrfs_destroy_inode+0xe8/0x27e [btrfs]
[ 2837.452108] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse 
parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev 
tpm button se
rio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs raid10 raid456 
async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq 
libcrc32c crc32c_gene
ric raid1 raid0 multipath linear md_mod sr_mod cdrom sd_mod ata_generic 
virtio_scsi ata_piix libata virtio_pci virtio_ring virtio e1000 scsi_mod floppy
[ 2837.458389] CPU: 8 PID: 2474 Comm: umount Tainted: GW   
4.10.0-rc8-btrfs-next-43+ #1
[ 2837.459754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
[ 2837.462379] Call Trace:
[ 2837.462379]  dump_stack+0x68/0x92
[ 2837.462379]  __warn+0xc2/0xdd
[ 2837.462379]  warn_slowpath_null+0x1d/0x1f
[ 2837.462379]  btrfs_destroy_inode+0xe8/0x27e [btrfs]
[ 2837.462379]  destroy_inode+0x3d/0x55
[ 2837.462379]  evict+0x177/0x17e
[ 2837.462379]  dispose_list+0x50/0x71
[ 2837.462379]  evict_inodes+0x132/0x141
[ 2837.462379]  generic_shutdown_super+0x3f/0xeb
[ 2837.462379]  kill_anon_super+0x12/0x1c
[ 2837.462379]  btrfs_kill_super+0x16/0x21 [btrfs]
[ 2837.462379]  deactivate_locked_super+0x30/0x68
[ 2837.462379]  deactivate_super+0x36/0x39
[ 2837.462379]  cleanup_mnt+0x58/0x76
[ 2837.462379]  __cleanup_mnt+0x12/0x14
[ 2837.462379]  task_work_run+0x77/0x9b
[ 2837.462379]  prepare_exit_to_usermode+0x9d/0xc5
[ 2837.462379]  syscall_return_slowpath+0x196/0x1b9
[ 2837.462379]  entry_SYSCALL_64_fastpath+0xab/0xad
[ 2837.462379] RIP: 0033:0x7f3ef3e6b9a7
[ 2837.462379] RSP: 002b:7ffdd0d8de58 EFLAGS: 0246 ORIG_RAX: 
00a6
[ 2837.462379] RAX:  RBX: 556f76a39060 RCX: 7f3ef3e6b9a7
[ 2837.462379] RDX: 0001 RSI:  RDI: 556f76a3f910
[ 2837.462379] RBP: 556f76a3f910 R08: 556f76a3e670 R09: 0015
[ 2837.462379] R10: 06b4 R11: 0246 R12: 7f3ef436ce64
[ 2837.462379] R13:  R14: 556f76a39240 R15: 7ffdd0d8e0e0
[ 2837.519355] ---[ end trace e79345fe24b30b8d ]---
[ 2837.596256] [ cut here ]
[ 2837.597625] WARNING: CPU: 8 PID: 2474 at fs/btrfs/extent-tree.c:5699 
btrfs_free_block_groups+0x246/0x3eb [btrfs]
[ 2837.603547] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse 
parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev 
tpm button serio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs raid10 
raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq 
libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod sr_mod cdrom 
sd_mod ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring virtio 
e1000 scsi_mod floppy
[ 2837.659372] CPU: 8 PID: 2474 Comm: umount Tainted: GW   
4.10.0-rc8-btrfs-next-43+ #1
[ 2837.663359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
[ 2837.663359] Call Trace:
[ 2837.663359]  dump_stack+0x68/0x92
[ 2837.663359]  __warn+0xc2/0xdd
[ 2837.663359]  warn_slowpath_null+0x1d/0x1f
[ 2837.663359]  btrfs_free_block_groups+0x246/0x3eb [btrfs]
[ 2837.663359]  close_ctree+0x1dd/0x2e1 [btrfs]
[ 2837.663359]  ? evict_inodes+0x132/0x141
[ 2837.663359]  btrfs_put_super+0x15/0x17 [btrfs]
[ 2837.663359]  generic_shutdown_super+0x6a/0xeb
[ 2837.663359]  kill_anon_super+0x12/0x1c
[ 2837.663359]  btrfs_kill_super+0x16/0x21 [btrfs]
[ 2837.663359]  deactivate_locked_super+0x30/0x68
[ 2837.663359]  deactivate_super+0x36/0x39
[ 2837.663359]  cleanup_mnt+0x58/0x76
[ 2837.663359]  __cleanup_mnt+0x12/0x14
[ 2837.663359]  task_work_run+0x77/0x9b
[ 2837.663359]  prepare_exit_to_usermode+0x9d/0xc5
[ 2837.663359]  syscall_return_slowpath+0x196/0x1b9
[ 2837.663359]  entry_SYSCALL_64_fastpath+0xab/0xad
[ 2837.663359] RIP: