Re: fs corruption report

Mon, 01 Sep 2014 01:48:07 -0700 

Guy,

Am Donnerstag 28 August 2014, 10:28:02 schrieb Gui Hecheng:
> On Mon, 2014-08-25 at 05:08 +0000, Zooko Wilcox-OHearn wrote:
> > Aha. When it is run under valgrind it consistently stops (killing
> > valgrind, in fact!) in the same way on every run.
> > 
> > Here's the tail of stdout and stderr when it aborted when run under
> > valgrind:
> > 
> > Restoring
> > ./sda6-btrfs-restore-3/@home/zooko/.mozilla/firefox/ltjwtkwe.ketotic.org/
> > thumbnails/188888af64f6d2871b0f24e325d8a298.png Restoring
> > ./sda6-btrfs-restofailed to inflate: -6
> > 
> > Full valgrind outputs from such a run is attached to this letter.
> > 
> > I've spent a little time looking at the stack traces in the valgrind
> > log, and I *guess* that there is corruption such that the
> > decompression fails, and I guess it would be possible to make
> > cmds-restore handle corrupted compressedtext better, so that it would
> > end up skipping whatever files and directories were unrestorable due
> > to corruption. However, I don't immediately see how to proceed.
> > 
> > Regards,
> 
> Hi Zooko,
> Here are some pieces for your information:
> 
> For the first:
> ==5569== Syscall param pwrite64(buf) points to uninitialised byte(s)
> ==5569==    at 0x56ABD03: __pwrite_nocancel (syscall-template.S:81)
> ==5569==    by 0x41F346: search_dir (cmds-restore.c:392)
> 
> It is handled by
> https://patchwork.kernel.org/patch/4755441/
> 
> For the second:
> ==5569== Invalid read of size 1
> ==5569==    at 0x4C2F95E: memcpy@@GLIBC_2.14
> ==5569==    by 0x4388E6: read_extent_buffer (string3.h:51)
> ==5569==    by 0x41ED6C: search_dir (cmds-restore.c:233)
> 
> It should be handled by
> https://patchwork.kernel.org/patch/4792381/
> And it handles Marc's similar problem too.

I can confirm that this patch really cures these memleaks, but ....

> 
> And for the last one and the crucial one...
> ==5569== Invalid read of size 4
> ==5569==    at 0x41E394: decompress (cmds-restore.c:93)
> ==5569==    by 0x41F291: search_dir (cmds-restore.c:378)
> along with
> ==5569== Invalid read of size 1
> ==5569==    at 0x548DDB6: lzo1x_decompress_safe
> ==5569==    by 0x41E3BD: decompress (cmds-restore.c:122)
> ==5569==    by 0x41F291: search_dir (cmds-restore.c:378)
> 
> Sorry, I'm not able to reproduce it yet, it may be just what you've
> guessed that corruption happens. But I am sure that there are bugs
> around the decompress routine, because I've got "failed to inflate"s too
> with a non-corrupted btrfs. I'm going to track it down.

this one still exists. It took me a while to reproduce this (actually, find 
the file which causes it). So we have:

==27292== Invalid read of size 8
==27292==    at 0x57A10D2: lzo1x_decompress_safe (in 
/usr/lib64/liblzo2.so.2.0.0)
==27292==    by 0x41E9ED: decompress (cmds-restore.c:129)
==27292==    by 0x41F8A7: search_dir (cmds-restore.c:386)
==27292==    by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292==    by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292==    by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292==    by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292==    by 0x420C6F: cmd_restore (cmds-restore.c:1319)
==27292==    by 0x4042FC: main (btrfs.c:247)
==27292==  Address 0x6280afc is 24,572 bytes inside a block of size 24,576 
alloc'd
==27292==    at 0x4C277AB: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-
amd64-linux.so)
==27292==    by 0x41F577: search_dir (cmds-restore.c:317)
==27292==    by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292==    by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292==    by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292==    by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292==    by 0x420C6F: cmd_restore (cmds-restore.c:1319)
==27292==    by 0x4042FC: main (btrfs.c:247)
==27292== 
==27292== (action on error) vgdb me ... 

and the attached debug backtrace is (I attached the full bt):

Program received signal SIGTRAP, Trace/breakpoint trap.
0x00000000057a10d2 in lzo1x_decompress_safe () from /usr/lib64/liblzo2.so.2
(gdb) bt
#0  0x00000000057a10d2 in lzo1x_decompress_safe () from 
/usr/lib64/liblzo2.so.2
#1  0x000000000041e9ee in decompress_lzo (decompress_len=0x7feff9f60, 
compress_len=417, 
    outbuf=0x63229a0 "ource/core/dom/webcore_dom.StaticNodeList.o", 
inbuf=0x6280a6d "\017ource/core/dom/webl\001") at cmds-restore.c:129
#2  decompress (inbuf=inbuf@entry=0x627ab00 "zU\001", 
outbuf=outbuf@entry=0x631a9a0 "<X", compress_len=compress_len@entry=24576, 
    decompress_len=decompress_len@entry=0x7feff9f60, 
compress=compress@entry=2) at cmds-restore.c:155
#3  0x000000000041f8a8 in copy_one_extent (pos=4063232, fi=<optimized out>, 
leaf=0x5fb58d0, fd=4, root=0x61405c0) at cmds-restore.c:386
#4  copy_file (file=0x66a700 <path_name> 
"/work/chromium/src/out/Release/.ninja_deps", key=0x7feffb080, fd=4, 
root=0x61405c0)
    at cmds-restore.c:659
#5  search_dir (root=root@entry=0x61405c0, key=key@entry=0x7feffc2d0, 
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", 
    in_dir=in_dir@entry=0x6602d70 "/chromium/src/out/Release", 
mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:840
#6  0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, 
key=key@entry=0x7feffd520, 
    output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", 
in_dir=in_dir@entry=0x6df4d90 "/chromium/src/out", 
    mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:916
#7  0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, 
key=key@entry=0x7feffe770, 
    output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", 
in_dir=in_dir@entry=0x65d7080 "/chromium/src", mreg=mreg@entry=0x7fefffd60)
    at cmds-restore.c:916
#8  0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, 
key=key@entry=0x7fefff9c0, 
    output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", 
in_dir=in_dir@entry=0x6f35ac0 "/chromium", mreg=mreg@entry=0x7fefffd60)
    at cmds-restore.c:916
#9  0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, 
key=key@entry=0x7fefffe30, 
    output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", 
in_dir=in_dir@entry=0x45ab43 "", mreg=mreg@entry=0x7fefffd60)
    at cmds-restore.c:916
#10 0x0000000000420c70 in cmd_restore (argc=<optimized out>, argv=<optimized 
out>) at cmds-restore.c:1319
#11 0x00000000004042fd in main (argc=8, argv=0x7feffffa0) at btrfs.c:247


Hope that helps

Marc

(gdb) bt full

#0  0x00000000057a10d2 in lzo1x_decompress_safe () from /usr/lib64/liblzo2.so.2
No symbol table info available.
#1  0x000000000041e9ee in decompress_lzo (decompress_len=0x7feff9f60, 
compress_len=417, 
    outbuf=0x63229a0 "ource/core/dom/webcore_dom.StaticNodeList.o", 
inbuf=0x6280a6d "\017ource/core/dom/webl\001") at cmds-restore.c:129
        ret = <optimized out>
        new_len = 0
        out_len = 32768
        tot_in = 24429
#2  decompress (inbuf=inbuf@entry=0x627ab00 "zU\001", 
outbuf=outbuf@entry=0x631a9a0 "<X", compress_len=compress_len@entry=24576, 
    decompress_len=decompress_len@entry=0x7feff9f60, compress=compress@entry=2) 
at cmds-restore.c:155
No locals.
#3  0x000000000041f8a8 in copy_one_extent (pos=4063232, fi=<optimized out>, 
leaf=0x5fb58d0, fd=4, root=0x61405c0) at cmds-restore.c:386
        device = <optimized out>
        dev_fd = 5
        mirror_num = 1
        num_copies = <optimized out>
        inbuf = 0x627ab00 "zU\001"
        done = <optimized out>
        ram_size = 126976
        multi = 0x67fa250
        outbuf = 0x631a9a0 "<X"
        total = 0
        dev_bytenr = 317671178240
        compress = 2
        length = 24576
        ret = <optimized out>
        bytenr = 390685646848
        size_left = 0
        count = 24576
#4  copy_file (file=0x66a700 <path_name> 
"/work/chromium/src/out/Release/.ninja_deps", key=0x7feffb080, fd=4, 
root=0x61405c0)
    at cmds-restore.c:659
        fi = <optimized out>
        ret = <optimized out>
        compression = 2
        found_size = 11632652
        leaf = 0x5fb58d0
        path = <optimized out>
        inode_item = <optimized out>
        extent_type = <optimized out>
        loops = 33
#5  search_dir (root=root@entry=0x61405c0, key=key@entry=0x7feffc2d0, 
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", 
    in_dir=in_dir@entry=0x6602d70 "/chromium/src/out/Release", 
mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:840
        path = <optimized out>
        leaf = 0x6daaa50
        dir_item = <optimized out>
        location = {objectid = 27472733, type = 108 'l', offset = 0}
        filename = ".ninja_deps", '\000' <repeats 29 times>, 
"\021\000\000\000\b\000\000\000\b\000\000\000\020\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\360\225\023\006\000\000\000\000\360M\337\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\340\260\377\376\a\000\000\000\---Type
 <return> to continue, or q <return> to quit---
020\260\377\376\a", '\000' <repeats 20 times>, 
"\247f\000\000\000\000\000src/out/Release\000\000T\367\005\000\000\000\000\230\260\377\376\a\000\000\000"...
        name_ptr = <optimized out>
        name_len = <optimized out>
        ret = <optimized out>
        loops = 0
#6  0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, 
key=key@entry=0x7feffd520, 
    output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", 
in_dir=in_dir@entry=0x6df4d90 "/chromium/src/out", 
    mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:916
        search_root = <optimized out>
        dir = 0x6602d70 "/chromium/src/out/Release"
        path = <optimized out>
        leaf = 0x61395f0
        dir_item = <optimized out>
        location = {objectid = 27470610, type = 96 '`', offset = 0}
        filename = "Release\000\000\267f", '\000' <repeats 29 times>, 
"\r\000\000\000\004\000\000\000\004\000\000\000\020\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\020\017\a\006\000\000\000\000\200\234e\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\060\303\377\376\a\000\000\000`\302\377\376\a",
 '\000' <repeats 20 times>, 
"\247f\000\000\000\000\000hromium/src/out\000\000T\367\005\000\000\000\000\002\021\000\000\000\000\000\000"...
        name_ptr = <optimized out>
        name_len = <optimized out>
        ret = <optimized out>
        loops = 0
#7  0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, 
key=key@entry=0x7feffe770, 
    output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", 
in_dir=in_dir@entry=0x65d7080 "/chromium/src", mreg=mreg@entry=0x7fefffd60)
    at cmds-restore.c:916
        search_root = <optimized out>
        dir = 0x6df4d90 "/chromium/src/out"
        path = <optimized out>
        leaf = 0x6070f10
        dir_item = <optimized out>
        location = {objectid = 27469314, type = 96 '`', offset = 0}
        filename = "out\000\000gnore\000settings", '\000' <repeats 21 times>, 
"\t\000\000\000\004\000\000\000\004\000\000\000\016\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\000\303\027\a\000\000\000\000\300\226:\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\200\325\377\376\a\000\000\000\260\324\377\376\a",
 '\000' <repeats 20 times>, 
"\247f\000\000\000\000\000ium/src\000\000\000\000\000\000\000\000\000\000T\367\005\000\000\000\000\002\021\000\000\000\000\000\000"...
        name_ptr = <optimized out>
        name_len = <optimized out>
        ret = <optimized out>
        loops = 0
#8  0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, 
key=key@entry=0x7fefff9c0, 
    output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", 
in_dir=in_dir@entry=0x6f35ac0 "/chromium", mreg=mreg@entry=0x7fefffd60)
    at cmds-restore.c:916
        search_root = <optimized out>
        dir = 0x65d7080 "/chromium/src"
        path = <optimized out>
        leaf = 0x717c300
---Type <return> to continue, or q <return> to quit---
        dir_item = <optimized out>
        location = {objectid = 26833838, type = 96 '`', offset = 0}
        filename = "src\000ient\000ls", '\000' <repeats 33 times>, 
"\t\000\000\000\t\000\000\000\n\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\340ȓ\006\000\000\000\000\240N\024\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\320\347\377\376\a\000\000\000\000\347\377\376\a",
 '\000' <repeats 20 times>, 
"\247f\000\000\000\000\000hromium\000\000\000\000\000\000\000\000\000\000T\367\005\000\000\000\000\260\060\375\005\000\000\000\000@"...
        name_ptr = <optimized out>
        name_len = <optimized out>
        ret = <optimized out>
        loops = 0
#9  0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, 
key=key@entry=0x7fefffe30, 
    output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", 
in_dir=in_dir@entry=0x45ab43 "", mreg=mreg@entry=0x7fefffd60)
    at cmds-restore.c:916
        search_root = <optimized out>
        dir = 0x6f35ac0 "/chromium"
        path = <optimized out>
        leaf = 0x693c8e0
        dir_item = <optimized out>
        location = {objectid = 26832818, type = 96 '`', offset = 0}
        filename = 
"chromium\000.6.5\000\000\000r_2012_r2_x64_dvd_2707952.iso\000ER_EVAL_DE-DE-IRM_SSS_X64FREE_DE-DE_DV5.ISO\000\000ISO\000\000\002\000\000\000\002\000\000\000\260E\024\006\000\000\000\000\317\003\000\377\a\000\000\000\317\003\000\377\a",
 '\000' <repeats 31 times>, 
"\021\000\000\000\021\000\000\000\021\000\000\000\020\000\000\000\020\000\000\000\020\000\000\000\020\000\000\000\020",
 '\000' <repeats 15 times>...
        name_ptr = <optimized out>
        name_len = <optimized out>
        ret = <optimized out>
        loops = 0
#10 0x0000000000420c70 in cmd_restore (argc=<optimized out>, argv=<optimized 
out>) at cmds-restore.c:1319
        root = 0x61405c0
        key = {objectid = 256, type = 96 '`', offset = 0}
        dir_name = "/work", '\000' <repeats 122 times>
        tree_location = <optimized out>
        fs_location = 0
        root_objectid = 0
        len = <optimized out>
        ret = <optimized out>
        opt = <optimized out>
        option_index = 0
        super_mirror = <optimized out>
        find_dir = 0
        list_roots = 0
        match_regstr = 0x7ff0003cf "^/(|temp(|/.*))$"
        match_cflags = 13
        match_reg = {buffer = 0x6142d40 "`.\024\006", allocated = 224, used = 
224, syntax = 242620, fastmap = 0x6142c00 "", 
          translate = 0x0, re_nsub = 2, can_be_null = 0, regs_allocated = 0, 
fastmap_accurate = 1, no_sub = 1, not_bol = 0, not_eol = 0, 
          newline_anchor = 1}
        mreg = 0x7fefffd60
        reg_err = "\377\232f", '\000' <repeats 45 times>, 
"\370\375\377\376\004\000\000\000H\021\"\004", '\000' <repeats 28 times>, 
"@\277\0---Type <return> to continue, or q <return> to quit---
05\004\000\000\000\000\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000H\021\"\004\000\000\000\000\377\377\377\377\a\000\000\000\000\375\377\376\a\000\000\000\314?\f\257\000\000\000\000\000T\367\005",
 '\000' <repeats 12 times>, 
"\240\024\"\004\000\000\000\000@\375\377\376\a\000\000\000\060\375\377\376\a\000\000\000L\353:}\000\000\000\000"...
#11 0x00000000004042fd in main (argc=8, argv=0x7feffffa0) at btrfs.c:247
        cmd = 0x6689c8
        bname = <optimized out>

Reply via email to