Re: [PATCH v2] Btrfs: fix invalid extent maps due to hole punching
On Wed, May 31, 2017 at 9:32 PM, Liu Bowrote: > On Sun, May 28, 2017 at 10:31:05PM +0100, fdman...@kernel.org wrote: >> From: Filipe Manana >> >> While punching a hole in a range that is not aligned with the sector size >> (currently the same as the page size) we can end up leaving an extent map >> in memory with a length that is smaller then the sector size, which is >> not expected and can lead to problems. This issue is easily detected >> after the patch from commit a7e3b975a0f9 ("Btrfs: fix reported number of >> inode blocks"), introduced in kernel 4.12-rc1, in a scenario like the >> following for example: >> >> $ mkfs.btrfs -f /dev/sdb >> $ mount /dev/sdb /mnt >> $ xfs_io -c "pwrite -S 0xaa -b 100K 0 100K" /mnt/foo >> $ xfs_io -c "fpunch 60K 90K" /mnt/foo >> $ xfs_io -c "pwrite -S 0xbb -b 100K 50K 100K" /mnt/foo >> $ xfs_io -c "pwrite -S 0xcc -b 50K 100K 50K" /mnt/foo >> $ umount /mnt >> >> After the unmount operation we can see several warnings emmitted due to >> underflows related to space reservation counters: >> >> [ 2837.443299] [ cut here ] >> [ 2837.447395] WARNING: CPU: 8 PID: 2474 at fs/btrfs/inode.c:9444 >> btrfs_destroy_inode+0xe8/0x27e [btrfs] >> [ 2837.452108] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse >> parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev >> tpm button se >> rio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs raid10 raid456 >> async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq >> libcrc32c crc32c_gene >> ric raid1 raid0 multipath linear md_mod sr_mod cdrom sd_mod ata_generic >> virtio_scsi ata_piix libata virtio_pci virtio_ring virtio e1000 scsi_mod >> floppy >> [ 2837.458389] CPU: 8 PID: 2474 Comm: umount Tainted: GW >> 4.10.0-rc8-btrfs-next-43+ #1 >> [ 2837.459754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS >> rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 >> [ 2837.462379] Call Trace: >> [ 2837.462379] dump_stack+0x68/0x92 >> [ 2837.462379] __warn+0xc2/0xdd >> [ 2837.462379] warn_slowpath_null+0x1d/0x1f >> [ 2837.462379] btrfs_destroy_inode+0xe8/0x27e [btrfs] >> [ 2837.462379] destroy_inode+0x3d/0x55 >> [ 2837.462379] evict+0x177/0x17e >> [ 2837.462379] dispose_list+0x50/0x71 >> [ 2837.462379] evict_inodes+0x132/0x141 >> [ 2837.462379] generic_shutdown_super+0x3f/0xeb >> [ 2837.462379] kill_anon_super+0x12/0x1c >> [ 2837.462379] btrfs_kill_super+0x16/0x21 [btrfs] >> [ 2837.462379] deactivate_locked_super+0x30/0x68 >> [ 2837.462379] deactivate_super+0x36/0x39 >> [ 2837.462379] cleanup_mnt+0x58/0x76 >> [ 2837.462379] __cleanup_mnt+0x12/0x14 >> [ 2837.462379] task_work_run+0x77/0x9b >> [ 2837.462379] prepare_exit_to_usermode+0x9d/0xc5 >> [ 2837.462379] syscall_return_slowpath+0x196/0x1b9 >> [ 2837.462379] entry_SYSCALL_64_fastpath+0xab/0xad >> [ 2837.462379] RIP: 0033:0x7f3ef3e6b9a7 >> [ 2837.462379] RSP: 002b:7ffdd0d8de58 EFLAGS: 0246 ORIG_RAX: >> 00a6 >> [ 2837.462379] RAX: RBX: 556f76a39060 RCX: >> 7f3ef3e6b9a7 >> [ 2837.462379] RDX: 0001 RSI: RDI: >> 556f76a3f910 >> [ 2837.462379] RBP: 556f76a3f910 R08: 556f76a3e670 R09: >> 0015 >> [ 2837.462379] R10: 06b4 R11: 0246 R12: >> 7f3ef436ce64 >> [ 2837.462379] R13: R14: 556f76a39240 R15: >> 7ffdd0d8e0e0 >> [ 2837.519355] ---[ end trace e79345fe24b30b8d ]--- >> [ 2837.596256] [ cut here ] >> [ 2837.597625] WARNING: CPU: 8 PID: 2474 at fs/btrfs/extent-tree.c:5699 >> btrfs_free_block_groups+0x246/0x3eb [btrfs] >> [ 2837.603547] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse >> parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev >> tpm button serio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs >> raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx >> xor raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod >> sr_mod cdrom sd_mod ata_generic virtio_scsi ata_piix libata virtio_pci >> virtio_ring virtio e1000 scsi_mod floppy >> [ 2837.659372] CPU: 8 PID: 2474 Comm: umount Tainted: GW >> 4.10.0-rc8-btrfs-next-43+ #1 >> [ 2837.663359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS >> rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 >> [ 2837.663359] Call Trace: >> [ 2837.663359] dump_stack+0x68/0x92 >> [ 2837.663359] __warn+0xc2/0xdd >> [ 2837.663359] warn_slowpath_null+0x1d/0x1f >> [ 2837.663359] btrfs_free_block_groups+0x246/0x3eb [btrfs] >> [ 2837.663359] close_ctree+0x1dd/0x2e1 [btrfs] >> [ 2837.663359] ? evict_inodes+0x132/0x141 >> [ 2837.663359] btrfs_put_super+0x15/0x17 [btrfs] >> [ 2837.663359] generic_shutdown_super+0x6a/0xeb >> [ 2837.663359] kill_anon_super+0x12/0x1c >> [ 2837.663359]
Re: [PATCH v2] Btrfs: fix invalid extent maps due to hole punching
On Sun, May 28, 2017 at 10:31:05PM +0100, fdman...@kernel.org wrote: > From: Filipe Manana> > While punching a hole in a range that is not aligned with the sector size > (currently the same as the page size) we can end up leaving an extent map > in memory with a length that is smaller then the sector size, which is > not expected and can lead to problems. This issue is easily detected > after the patch from commit a7e3b975a0f9 ("Btrfs: fix reported number of > inode blocks"), introduced in kernel 4.12-rc1, in a scenario like the > following for example: > > $ mkfs.btrfs -f /dev/sdb > $ mount /dev/sdb /mnt > $ xfs_io -c "pwrite -S 0xaa -b 100K 0 100K" /mnt/foo > $ xfs_io -c "fpunch 60K 90K" /mnt/foo > $ xfs_io -c "pwrite -S 0xbb -b 100K 50K 100K" /mnt/foo > $ xfs_io -c "pwrite -S 0xcc -b 50K 100K 50K" /mnt/foo > $ umount /mnt > > After the unmount operation we can see several warnings emmitted due to > underflows related to space reservation counters: > > [ 2837.443299] [ cut here ] > [ 2837.447395] WARNING: CPU: 8 PID: 2474 at fs/btrfs/inode.c:9444 > btrfs_destroy_inode+0xe8/0x27e [btrfs] > [ 2837.452108] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse > parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev > tpm button se > rio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs raid10 raid456 > async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq > libcrc32c crc32c_gene > ric raid1 raid0 multipath linear md_mod sr_mod cdrom sd_mod ata_generic > virtio_scsi ata_piix libata virtio_pci virtio_ring virtio e1000 scsi_mod > floppy > [ 2837.458389] CPU: 8 PID: 2474 Comm: umount Tainted: GW > 4.10.0-rc8-btrfs-next-43+ #1 > [ 2837.459754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 > [ 2837.462379] Call Trace: > [ 2837.462379] dump_stack+0x68/0x92 > [ 2837.462379] __warn+0xc2/0xdd > [ 2837.462379] warn_slowpath_null+0x1d/0x1f > [ 2837.462379] btrfs_destroy_inode+0xe8/0x27e [btrfs] > [ 2837.462379] destroy_inode+0x3d/0x55 > [ 2837.462379] evict+0x177/0x17e > [ 2837.462379] dispose_list+0x50/0x71 > [ 2837.462379] evict_inodes+0x132/0x141 > [ 2837.462379] generic_shutdown_super+0x3f/0xeb > [ 2837.462379] kill_anon_super+0x12/0x1c > [ 2837.462379] btrfs_kill_super+0x16/0x21 [btrfs] > [ 2837.462379] deactivate_locked_super+0x30/0x68 > [ 2837.462379] deactivate_super+0x36/0x39 > [ 2837.462379] cleanup_mnt+0x58/0x76 > [ 2837.462379] __cleanup_mnt+0x12/0x14 > [ 2837.462379] task_work_run+0x77/0x9b > [ 2837.462379] prepare_exit_to_usermode+0x9d/0xc5 > [ 2837.462379] syscall_return_slowpath+0x196/0x1b9 > [ 2837.462379] entry_SYSCALL_64_fastpath+0xab/0xad > [ 2837.462379] RIP: 0033:0x7f3ef3e6b9a7 > [ 2837.462379] RSP: 002b:7ffdd0d8de58 EFLAGS: 0246 ORIG_RAX: > 00a6 > [ 2837.462379] RAX: RBX: 556f76a39060 RCX: > 7f3ef3e6b9a7 > [ 2837.462379] RDX: 0001 RSI: RDI: > 556f76a3f910 > [ 2837.462379] RBP: 556f76a3f910 R08: 556f76a3e670 R09: > 0015 > [ 2837.462379] R10: 06b4 R11: 0246 R12: > 7f3ef436ce64 > [ 2837.462379] R13: R14: 556f76a39240 R15: > 7ffdd0d8e0e0 > [ 2837.519355] ---[ end trace e79345fe24b30b8d ]--- > [ 2837.596256] [ cut here ] > [ 2837.597625] WARNING: CPU: 8 PID: 2474 at fs/btrfs/extent-tree.c:5699 > btrfs_free_block_groups+0x246/0x3eb [btrfs] > [ 2837.603547] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse > parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev > tpm button serio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs raid10 > raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor > raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod sr_mod > cdrom sd_mod ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring > virtio e1000 scsi_mod floppy > [ 2837.659372] CPU: 8 PID: 2474 Comm: umount Tainted: GW > 4.10.0-rc8-btrfs-next-43+ #1 > [ 2837.663359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 > [ 2837.663359] Call Trace: > [ 2837.663359] dump_stack+0x68/0x92 > [ 2837.663359] __warn+0xc2/0xdd > [ 2837.663359] warn_slowpath_null+0x1d/0x1f > [ 2837.663359] btrfs_free_block_groups+0x246/0x3eb [btrfs] > [ 2837.663359] close_ctree+0x1dd/0x2e1 [btrfs] > [ 2837.663359] ? evict_inodes+0x132/0x141 > [ 2837.663359] btrfs_put_super+0x15/0x17 [btrfs] > [ 2837.663359] generic_shutdown_super+0x6a/0xeb > [ 2837.663359] kill_anon_super+0x12/0x1c > [ 2837.663359] btrfs_kill_super+0x16/0x21 [btrfs] > [ 2837.663359] deactivate_locked_super+0x30/0x68 > [ 2837.663359] deactivate_super+0x36/0x39 > [ 2837.663359]
[PATCH v2] Btrfs: fix invalid extent maps due to hole punching
From: Filipe MananaWhile punching a hole in a range that is not aligned with the sector size (currently the same as the page size) we can end up leaving an extent map in memory with a length that is smaller then the sector size, which is not expected and can lead to problems. This issue is easily detected after the patch from commit a7e3b975a0f9 ("Btrfs: fix reported number of inode blocks"), introduced in kernel 4.12-rc1, in a scenario like the following for example: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ xfs_io -c "pwrite -S 0xaa -b 100K 0 100K" /mnt/foo $ xfs_io -c "fpunch 60K 90K" /mnt/foo $ xfs_io -c "pwrite -S 0xbb -b 100K 50K 100K" /mnt/foo $ xfs_io -c "pwrite -S 0xcc -b 50K 100K 50K" /mnt/foo $ umount /mnt After the unmount operation we can see several warnings emmitted due to underflows related to space reservation counters: [ 2837.443299] [ cut here ] [ 2837.447395] WARNING: CPU: 8 PID: 2474 at fs/btrfs/inode.c:9444 btrfs_destroy_inode+0xe8/0x27e [btrfs] [ 2837.452108] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev tpm button se rio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c crc32c_gene ric raid1 raid0 multipath linear md_mod sr_mod cdrom sd_mod ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring virtio e1000 scsi_mod floppy [ 2837.458389] CPU: 8 PID: 2474 Comm: umount Tainted: GW 4.10.0-rc8-btrfs-next-43+ #1 [ 2837.459754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 [ 2837.462379] Call Trace: [ 2837.462379] dump_stack+0x68/0x92 [ 2837.462379] __warn+0xc2/0xdd [ 2837.462379] warn_slowpath_null+0x1d/0x1f [ 2837.462379] btrfs_destroy_inode+0xe8/0x27e [btrfs] [ 2837.462379] destroy_inode+0x3d/0x55 [ 2837.462379] evict+0x177/0x17e [ 2837.462379] dispose_list+0x50/0x71 [ 2837.462379] evict_inodes+0x132/0x141 [ 2837.462379] generic_shutdown_super+0x3f/0xeb [ 2837.462379] kill_anon_super+0x12/0x1c [ 2837.462379] btrfs_kill_super+0x16/0x21 [btrfs] [ 2837.462379] deactivate_locked_super+0x30/0x68 [ 2837.462379] deactivate_super+0x36/0x39 [ 2837.462379] cleanup_mnt+0x58/0x76 [ 2837.462379] __cleanup_mnt+0x12/0x14 [ 2837.462379] task_work_run+0x77/0x9b [ 2837.462379] prepare_exit_to_usermode+0x9d/0xc5 [ 2837.462379] syscall_return_slowpath+0x196/0x1b9 [ 2837.462379] entry_SYSCALL_64_fastpath+0xab/0xad [ 2837.462379] RIP: 0033:0x7f3ef3e6b9a7 [ 2837.462379] RSP: 002b:7ffdd0d8de58 EFLAGS: 0246 ORIG_RAX: 00a6 [ 2837.462379] RAX: RBX: 556f76a39060 RCX: 7f3ef3e6b9a7 [ 2837.462379] RDX: 0001 RSI: RDI: 556f76a3f910 [ 2837.462379] RBP: 556f76a3f910 R08: 556f76a3e670 R09: 0015 [ 2837.462379] R10: 06b4 R11: 0246 R12: 7f3ef436ce64 [ 2837.462379] R13: R14: 556f76a39240 R15: 7ffdd0d8e0e0 [ 2837.519355] ---[ end trace e79345fe24b30b8d ]--- [ 2837.596256] [ cut here ] [ 2837.597625] WARNING: CPU: 8 PID: 2474 at fs/btrfs/extent-tree.c:5699 btrfs_free_block_groups+0x246/0x3eb [btrfs] [ 2837.603547] Modules linked in: dm_flakey dm_mod ppdev parport_pc psmouse parport sg pcspkr acpi_cpufreq tpm_tis tpm_tis_core i2c_piix4 i2c_core evdev tpm button serio_raw sunrpc loop autofs4 ext4 crc16 jbd2 mbcache btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod sr_mod cdrom sd_mod ata_generic virtio_scsi ata_piix libata virtio_pci virtio_ring virtio e1000 scsi_mod floppy [ 2837.659372] CPU: 8 PID: 2474 Comm: umount Tainted: GW 4.10.0-rc8-btrfs-next-43+ #1 [ 2837.663359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 [ 2837.663359] Call Trace: [ 2837.663359] dump_stack+0x68/0x92 [ 2837.663359] __warn+0xc2/0xdd [ 2837.663359] warn_slowpath_null+0x1d/0x1f [ 2837.663359] btrfs_free_block_groups+0x246/0x3eb [btrfs] [ 2837.663359] close_ctree+0x1dd/0x2e1 [btrfs] [ 2837.663359] ? evict_inodes+0x132/0x141 [ 2837.663359] btrfs_put_super+0x15/0x17 [btrfs] [ 2837.663359] generic_shutdown_super+0x6a/0xeb [ 2837.663359] kill_anon_super+0x12/0x1c [ 2837.663359] btrfs_kill_super+0x16/0x21 [btrfs] [ 2837.663359] deactivate_locked_super+0x30/0x68 [ 2837.663359] deactivate_super+0x36/0x39 [ 2837.663359] cleanup_mnt+0x58/0x76 [ 2837.663359] __cleanup_mnt+0x12/0x14 [ 2837.663359] task_work_run+0x77/0x9b [ 2837.663359] prepare_exit_to_usermode+0x9d/0xc5 [ 2837.663359] syscall_return_slowpath+0x196/0x1b9 [ 2837.663359] entry_SYSCALL_64_fastpath+0xab/0xad [ 2837.663359] RIP: