On Tue, Sep 6, 2016 at 10:51 PM, Liu Bo <bo.li....@oracle.com> wrote:
> Hi Filipe,
>
> On Mon, Sep 05, 2016 at 04:28:09PM +0100, Filipe Manana wrote:
>> On Fri, Sep 2, 2016 at 8:35 PM, Liu Bo <bo.li....@oracle.com> wrote:
>> > This can only happen with CONFIG_BTRFS_FS_CHECK_INTEGRITY=y.
>> >
>> > Commit 1ba98d0 ("Btrfs: detect corruption when non-root leaf has zero
>> > item")
>> > assumes that a leaf is its root when leaf->bytenr ==
>> > btrfs_root_bytenr(root),
>> > however, we should not use btrfs_root_bytenr(root) since it's mainly got
>> > updated during committing transaction. So the check can fail when doing
>> > COW on this leaf while it is a root.
>> >
>> > This changes to use "if (leaf == btrfs_root_node(root))" instead, just like
>> > how we check whether leaf is a root in __btrfs_cow_block().
>> >
>> > Reported-by: Jeff Mahoney <je...@suse.com>
>> > Signed-off-by: Liu Bo <bo.li....@oracle.com>
>>
>> Hi Bo,
>>
>> Even with this patch applied against latest branch for-linus-4.8, at
>> least on a build with CONFIG_BTRFS_FS_CHECK_INTEGRITY=y,
>> the issue still happens for me when running fsstress with balance in
>> parallel:
>
> Thanks for the report.
>
> This panic shows that we can have non-root btree leaf with 0 nritems during
> split_leaf(), but a btrfs_search_slot which calls split_leaf() like this is
> inserting an item, and while we set @right's nritems to 0, we also assign
> @disk_key
> associated with @right in the parent node, so I think we're actually having
> nritem 0 temporarily and we can remove this btrfs_mark_buffer_dirty() like
> the
> following quick patch.
>
> Thanks,
>
> -liubo
>
> diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
> index d1c56c9..5e5ceb5 100644
> --- a/fs/btrfs/ctree.c
> +++ b/fs/btrfs/ctree.c
> @@ -4341,7 +4341,11 @@ again:
> if (path->slots[1] == 0)
> fixup_low_keys(fs_info, path, &disk_key, 1);
> }
> - btrfs_mark_buffer_dirty(right);
> + /*
> + * We create a new leaf 'right' for the required ins_len and
> + * we'll do btrfs_mark_buffer_dirty() on this leaf after
> copying
> + * the content of ins_len to 'right'.
> + */
> return ret;
> }
Bo, there's yet another case:
[25120.107171] BTRFS critical (device sdb): corrupt leaf, non-root
leaf's nritems is 0: block=29556736, root=1, slot=0
[25120.108641] BTRFS info (device sdb): leaf 29556736 total ptrs 0
free space 16283
[25120.109935] assertion failed: 0, file: fs/btrfs/disk-io.c, line: 4065
[25120.111092] ------------[ cut here ]------------
[25120.111875] kernel BUG at fs/btrfs/ctree.h:3418!
[25120.112615] invalid opcode: 0000 [#1] PREEMPT SMP
[25120.112615] Modules linked in: crc32c_generic btrfs xor raid6_pq
acpi_cpufreq tpm_tis tpm_tis_core ppdev tpm sg i2c_piix4 evdev psmouse
parport_pc parport i2c_core processor serio_raw button pcspkr loop
autofs4 ext4 crc16 jbd2 mbcache sr_mod cdrom sd_mod ata_generic
virtio_scsi ata_piix libata virtio_pci virtio_ring floppy virtio
scsi_mod e1000
[25120.112615] CPU: 0 PID: 2678 Comm: umount Not tainted
4.8.0-rc8-btrfs-next-35+ #1
[25120.112615] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
[25120.112615] task: ffff8802150bda80 task.stack: ffff88021ba5c000
[25120.112615] RIP: 0010:[<ffffffffa03764c4>] [<ffffffffa03764c4>]
assfail.constprop.41+0x1c/0x1e [btrfs]
[25120.112615] RSP: 0018:ffff88021ba5f898 EFLAGS: 00010292
[25120.112615] RAX: 0000000000000039 RBX: ffff8802262f1928 RCX: 0000000000000001
[25120.112615] RDX: 0000000000000006 RSI: ffffffff817daf3c RDI: 00000000ffffffff
[25120.112615] RBP: ffff88021ba5f898 R08: 0000000000000001 R09: 0000000000000000
[25120.112615] R10: ffff880233868d90 R11: ffffffff82f3c5ed R12: ffff88021ed5c000
[25120.112615] R13: ffff880225643498 R14: ffff88023339db88 R15: 0000000000000000
[25120.112615] FS: 00007f5728238840(0000) GS:ffff88023f200000(0000)
knlGS:0000000000000000
[25120.112615] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[25120.112615] CR2: 0000000002535868 CR3: 0000000217a1f000 CR4: 00000000000006f0
[25120.112615] Stack:
[25120.112615] ffff88021ba5f8c0 ffffffffa02fa521 0000000000000007
ffff8802196bb000
[25120.112615] ffff8802262f1928 ffff88021ba5f930 ffffffffa02dbb51
ffff880225643498
[25120.112615] ffff88021ba5f9e0 0000000000643530 0000000000000000
0000000500000001
[25120.112615] Call Trace:
[25120.112615] [<ffffffffa02fa521>] btrfs_mark_buffer_dirty+0xdf/0xe5 [btrfs]
[25120.112615] [<ffffffffa02dbb51>] __btrfs_cow_block+0x3ce/0x414 [btrfs]
[25120.112615] [<ffffffffa02dbce0>] btrfs_cow_block+0xe9/0x236 [btrfs]
[25120.112615] [<ffffffffa02de869>] btrfs_search_slot+0x287/0x755 [btrfs]
[25120.112615] [<ffffffffa02dae85>] ? btrfs_alloc_path+0x1a/0x1c [btrfs]
[25120.112615] [<ffffffffa02f47de>] btrfs_del_csums+0xa6/0x254 [btrfs]
[25120.112615] [<ffffffff814b8e8f>] ? _raw_spin_unlock+0x31/0x44
[25120.112615] [<ffffffffa02e6ab8>] __btrfs_free_extent+0x7fd/0x953 [btrfs]
[25120.112615] [<ffffffffa02eadc1>]
__btrfs_run_delayed_refs+0xd25/0xff3 [btrfs]
[25120.112615] [<ffffffff810b1797>] ? call_rcu+0x17/0x19
[25120.112615] [<ffffffff81184e0a>] ? put_object+0x3e/0x41
[25120.112615] [<ffffffffa02daf06>] ?
btrfs_clear_path_blocking+0x2c/0xa4 [btrfs]
[25120.112615] [<ffffffff810917d1>] ? __lock_is_held+0x3c/0x57
[25120.112615] [<ffffffffa02ec9ae>] btrfs_run_delayed_refs+0x8a/0x1e2 [btrfs]
[25120.112615] [<ffffffffa02fe0d5>] commit_cowonly_roots+0xee/0x263 [btrfs]
[25120.112615] [<ffffffffa030074b>]
btrfs_commit_transaction+0x4a8/0x96b [btrfs]
[25120.112615] [<ffffffffa02f98c3>] btrfs_commit_super+0x91/0x94 [btrfs]
[25120.112615] [<ffffffffa02fb7f1>] close_ctree+0xfd/0x336 [btrfs]
[25120.112615] [<ffffffff811a29a8>] ? evict_inodes+0x13b/0x14a
[25120.112615] [<ffffffffa02d56e5>] btrfs_put_super+0x19/0x1b [btrfs]
[25120.112615] [<ffffffff8118c5f7>] generic_shutdown_super+0x6a/0xeb
[25120.112615] [<ffffffff8118ca24>] kill_anon_super+0x12/0x1c
[25120.112615] [<ffffffffa02d54e4>] btrfs_kill_super+0x16/0x21 [btrfs]
[25120.112615] [<ffffffff8118c496>] deactivate_locked_super+0x3b/0x68
[25120.112615] [<ffffffff8118c4f9>] deactivate_super+0x36/0x39
[25120.112615] [<ffffffff811a5fed>] cleanup_mnt+0x58/0x76
[25120.112615] [<ffffffff811a6049>] __cleanup_mnt+0x12/0x14
[25120.112615] [<ffffffff8107068d>] task_work_run+0x6f/0x9a
[25120.112615] [<ffffffff810018b0>] prepare_exit_to_usermode+0xaa/0xc8
[25120.112615] [<ffffffff81001a37>] syscall_return_slowpath+0x169/0x1cd
[25120.112615] [<ffffffff814b95f3>] entry_SYSCALL_64_fastpath+0xa6/0xa8
thanks
>
>
>
>>
>> [ 366.998044] BTRFS: device fsid 69759b3a-96ae-467d-aa63-364144e73a28
>> devid 1 transid 3 /dev/sdc
>> [ 367.023652] BTRFS info (device sdc): turning on discard
>> [ 367.025036] BTRFS info (device sdc): disk space caching is enabled
>> [ 367.026360] BTRFS info (device sdc): has skinny extents
>> [ 367.069415] BTRFS info (device sdc): creating UUID tree
>> [ 367.133704] BTRFS info (device sdc): relocating block group 29360128
>> flags 36
>> [ 367.142196] BTRFS info (device sdc): found 2 extents
>> [ 367.147932] BTRFS info (device sdc): relocating block group 20971520
>> flags 34
>> [ 367.157947] BTRFS info (device sdc): found 1 extents
>> [ 367.162649] BTRFS info (device sdc): relocating block group 12582912
>> flags 1
>> [ 367.182872] BTRFS info (device sdc): found 1 extents
>> [ 367.189932] BTRFS info (device sdc): found 1 extents
>> [ 367.200983] BTRFS info (device sdc): relocating block group
>> 1270874112 flags 1
>> [ 367.235862] BTRFS critical (device sdc): corrupt leaf, non-root
>> leaf's nritems is 0: block=1103937536,root=5, slot=0
>> [ 367.238223] BTRFS info (device sdc): leaf 1103937536 total ptrs 0
>> free space 3995
>> [ 367.239371] BTRFS: assertion failed: 0, file: fs/btrfs/disk-io.c, line:
>> 4059
>> [ 367.240321] ------------[ cut here ]------------
>> [ 367.241245] kernel BUG at fs/btrfs/ctree.h:3367!
>> [ 367.241961] invalid opcode: 0000 [#1] PREEMPT SMP
>> [ 367.242685] Modules linked in: btrfs crc32c_generic xor raid6_pq
>> acpi_cpufreq tpm_tis tpm sg i2c_piix4 i2c_core psmouse ppdev processor
>> evdev parport_pc parport serio_raw pcspkr button loop autofs4 ext4
>> crc16 jbd2 mbcache sr_mod cdrom sd_mod ata_generic virtio_scsi
>> ata_piix libata virtio_pci virtio_ring e1000 virtio scsi_mod floppy
>> [last unloaded: btrfs]
>> [ 367.244302] CPU: 11 PID: 3451 Comm: fdm-stress Not tainted
>> 4.7.0-rc6-btrfs-next-34+ #1
>> [ 367.244302] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
>> BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
>> [ 367.244302] task: ffff880183ef8bc0 ti: ffff880183fe0000 task.ti:
>> ffff880183fe0000
>> [ 367.244302] RIP: 0010:[<ffffffffa04601d5>] [<ffffffffa04601d5>]
>> assfail.constprop.42+0x1c/0x1e [btrfs]
>> [ 367.244302] RSP: 0018:ffff880183fe3c78 EFLAGS: 00010296
>> [ 367.244302] RAX: 0000000000000040 RBX: ffff880222a66ab0 RCX:
>> 0000000000000001
>> [ 367.244302] RDX: ffffffff810a0a23 RSI: ffffffff814a82cb RDI:
>> 00000000ffffffff
>> [ 367.244302] RBP: ffff880183fe3c78 R08: 0000000000000001 R09:
>> 0000000000000000
>> [ 367.244302] R10: ffff880183fe3b70 R11: ffffffff82f3650d R12:
>> ffff880183e8e000
>> [ 367.244302] R13: ffff8800b3e7d000 R14: 0000000000000a59 R15:
>> 0000000000000017
>> [ 367.244302] FS: 00007f0b85310700(0000) GS:ffff88023f4c0000(0000)
>> knlGS:0000000000000000
>> [ 367.244302] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 367.244302] CR2: 00007f0b7800ea28 CR3: 000000022da9b000 CR4:
>> 00000000000006e0
>> [ 367.244302] Stack:
>> [ 367.244302] ffff880183fe3ca0 ffffffffa03e51e3 0000000000000023
>> ffff880222a66ab0
>> [ 367.244302] ffff880183885bb8 ffff880183fe3d38 ffffffffa03c9540
>> 0000000083fe3d08
>> [ 367.244302] ffff8800b3e7d2d8 0000000000001000 ffff880183fe3e7f
>> ffff880183ff8000
>> [ 367.244302] Call Trace:
>> [ 367.244302] [<ffffffffa03e51e3>] btrfs_mark_buffer_dirty+0xdf/0xe5
>> [btrfs]
>> [ 367.244302] [<ffffffffa03c9540>] split_leaf+0x47c/0x566 [btrfs]
>> [ 367.244302] [<ffffffffa03c9c09>] btrfs_search_slot+0x5df/0x755 [btrfs]
>> [ 367.244302] [<ffffffff8116daf7>] ? slab_post_alloc_hook+0x42/0x52
>> [ 367.244302] [<ffffffffa03caf5a>] btrfs_insert_empty_items+0x5d/0xa6
>> [btrfs]
>> [ 367.244302] [<ffffffffa03f783b>] btrfs_symlink+0x17f/0x34f [btrfs]
>> [ 367.244302] [<ffffffff8118bcf5>] vfs_symlink+0x51/0x6e
>> [ 367.244302] [<ffffffff8118fc4c>] SYSC_symlinkat+0x6d/0xb2
>> [ 367.244302] [<ffffffff8100101a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
>> [ 367.244302] [<ffffffff811904b6>] SyS_symlink+0x16/0x18
>> [ 367.244302] [<ffffffff814a88e5>] entry_SYSCALL_64_fastpath+0x18/0xa8
>> [ 367.244302] [<ffffffff81102507>] ? time_hardirqs_off+0x9/0x14
>> [ 367.244302] [<ffffffff8108f019>] ? trace_hardirqs_off_caller+0x1f/0xaa
>> [ 367.244302] Code: 89 83 88 00 00 00 31 c0 5b 41 5c 41 5d 5d c3 55
>> 89 f1 48 c7 c2 14 8b 46 a0 48 89 fe 48 c7 c7 27 8c 46 a0 48 89 e5 e8
>> e5 2f cc e0 <0f> 0b 55 89 f1 48 c7 c2 03 a2 46 a0 48 89 fe 48 c7 c7 dc
>> a3 46
>> [ 367.244302] RIP [<ffffffffa04601d5>] assfail.constprop.42+0x1c/0x1e
>> [btrfs]
>> [ 367.244302] RSP <ffff880183fe3c78>
>> [ 367.289039] ---[ end trace a3e4ce9819ed383b ]---
>>
>>
>> thanks
>>
>> > ---
>> > fs/btrfs/disk-io.c | 10 +++++++---
>> > 1 file changed, 7 insertions(+), 3 deletions(-)
>> >
>> > diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
>> > index 9367c31..b401e6d 100644
>> > --- a/fs/btrfs/disk-io.c
>> > +++ b/fs/btrfs/disk-io.c
>> > @@ -572,13 +572,17 @@ static noinline int check_leaf(struct btrfs_root
>> > *root,
>> > * open_ctree() some roots has not yet been set up.
>> > */
>> > if (!IS_ERR_OR_NULL(check_root)) {
>> > + struct extent_buffer *eb;
>> > +
>> > + eb = btrfs_root_node(check_root);
>> > /* if leaf is the root, then it's fine */
>> > - if (leaf->start !=
>> > - btrfs_root_bytenr(&check_root->root_item)) {
>> > + if (leaf != eb) {
>> > CORRUPT("non-root leaf's nritems is 0",
>> > - leaf, root, 0);
>> > + leaf, check_root, 0);
>> > + free_extent_buffer(eb);
>> > return -EIO;
>> > }
>> > + free_extent_buffer(eb);
>> > }
>> > return 0;
>> > }
>> > --
>> > 2.5.5
>> >
>> > --
>> > To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
>> > the body of a message to majord...@vger.kernel.org
>> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>>
>>
>> --
>> Filipe David Manana,
>>
>> "People will forget what you said,
>> people will forget what you did,
>> but people will never forget how you made them feel."
--
Filipe David Manana,
"People will forget what you said,
people will forget what you did,
but people will never forget how you made them feel."
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
