thr3ads.net - Btrfs devel - [BUG] __tree_mod_log_rewind makes extent buffers larger than leafsize [Oct 2012]

If this information is useful, please help other people find it:
Share via:

Liu Bo

2012-Oct-17 15:27 UTC

[BUG] __tree_mod_log_rewind makes extent buffers larger than leafsize

Hi Jan,

Here is the steps,

1. apply the three patches onto the latest btrfs
2. run the script ''debug.sh''[1]
   (NOTE: edit the script and the fio job file[2] to get device and mount point
right before running it)

3. it will crash after a few seconds. [3]


thanks,
liubo


[1]:
$ cat debug.sh 
#!/bin/bash

D=/dev/sda5
M=/mnt/btrfs

umount $M $D
mkfs.btrfs $D

mount $D $M -o autodefrag

fio fio_sync_random_write_4k_config &

for ((i=0; i<20; i++))
do
	btrfs sub snap $M $M/s_$i
	sleep 2
done &

[2]
$ cat fio_sync_random_write_4k_config 
[global]
direct=0
ioengine=sync
size=800M
bs=4k
numjobs=1
group_reporting
invalidate=0
end_fsync=1
overwrite=0
directory=/mnt/btrfs


[job_sub0]
startdelay=0
rw=randwrite
filename=foo

[3]
[   71.980881] device fsid bc47c36a-7e90-453d-aa6b-8c4a12e30dc0 devid 1 transid
4 /dev/sda5
[   71.984162] btrfs: enabling auto defrag
[   71.984168] btrfs: disk space caching is enabled
[   72.051464] root last_snapshot 5
[   95.789404] root last_snapshot 6
[  100.229357] root last_snapshot 7
[  103.252999] record_old_file_extents: ino 257 new file_pos 38273024 len
1048576 bytenr 2387300352 disk_len 1048576
[  103.255989] record_extent_backrefs file_pos 38273024 len 1048576
[  103.348648] eb->start 66080768 eb->len 4096 eb->level 1 nritems 66 n
176 rm 110 add 0
[  103.348718] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348743] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348764] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348788] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348807] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348826] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348847] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348869] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348887] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348904] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348924] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348944] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348965] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.348985] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349008] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349030] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349051] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349071] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349096] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349123] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349143] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349163] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349183] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349203] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349223] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349242] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349267] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349285] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349305] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349326] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349358] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349381] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349404] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349424] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349446] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349470] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349496] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349516] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349537] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349555] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349574] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349594] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349616] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349636] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349659] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349680] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349700] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349718] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349739] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.349759] eb->start 66080768 eb->len 4096 eb->level 1 nritems 121
n 176 rm 110 add 0
[  103.351367] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351398] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351430] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351462] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351494] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351522] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351551] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351584] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351613] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351641] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351669] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351700] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351730] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351759] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351785] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351814] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.351840] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.352817] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.352844] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.352871] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.352900] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.352930] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.352958] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.352985] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353013] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353043] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353071] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353107] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353138] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353166] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353195] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353223] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353251] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353279] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353307] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353335] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353370] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353401] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353431] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353460] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353493] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353524] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353552] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353580] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353608] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353634] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353664] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353698] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353728] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353755] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353783] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353811] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353840] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353869] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353896] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353926] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353953] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.353981] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.354010] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.354037] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.354066] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.354093] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.354123] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.354151] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.354177] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.354208] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.354237] eb->start 66080768 eb->len 4096 eb->level 1 nritems 62 n
235 rm 228 add 0
[  103.354239] offset 5909 min_len 17 eb->start 66080768 eb->len 4096,
eb->level 1 p 101 mid 176 low 118 high 235 item 33 max 235
[  103.354258] ------------[ cut here ]------------
[  103.354284] kernel BUG at fs/btrfs/ctree.c:1582!
[  103.354305] invalid opcode: 0000 [#1] SMP 
[  103.354326] Modules linked in: btrfs(O) tcp_lp zlib_deflate libcrc32c fuse
lockd rfcomm bnep ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter
ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack i915 arc4
iwldvm mac80211 snd_hda_codec_hdmi snd_hda_codec_conexant btusb bluetooth
snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm iwlwifi
snd_timer cfg80211 thinkpad_acpi snd soundcore wmi e1000e iTCO_wdt
iTCO_vendor_support lpc_ich mfd_core uinput snd_page_alloc rfkill pcspkr
coretemp crc32c_intel ghash_clmulni_intel drm_kms_helper drm joydev i2c_i801
microcode tpm_tis tpm tpm_bios i2c_algo_bit i2c_core video sunrpc sdhci_pci
sdhci mmc_core [last unloaded: btrfs]
[  103.354703] CPU 1 
[  103.354715] Pid: 1866, comm: btrfs-endio-wri Tainted: G           O 3.6.0+ #4
LENOVO 4291HA6/4291HA6
[  103.354753] RIP: 0010:[<ffffffffa05d3721>]  [<ffffffffa05d3721>]
generic_bin_search.constprop.9+0x1f1/0x200 [btrfs]
[  103.354814] RSP: 0018:ffff8801e6771750  EFLAGS: 00010286
[  103.354838] RAX: 0000000000000072 RBX: 00000000000000eb RCX: 0000000000000f79
[  103.354869] RDX: 00000000000029ea RSI: 0000000000000046 RDI: 0000000000000246
[  103.354899] RBP: ffff8801e6771800 R08: 206d657469203533 R09: 322078616d203333
[  103.354934] R10: 0000000000000441 R11: 3533322078616d20 R12: 0000000000001715
[  103.354966] R13: 0000000000000076 R14: ffff8801cc609d90 R15: 0000000000000021
[  103.354996] FS:  0000000000000000(0000) GS:ffff88021e240000(0000)
knlGS:0000000000000000
[  103.355029] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  103.355054] CR2: 00000000014e32b1 CR3: 0000000211e05000 CR4: 00000000000407e0
[  103.355085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  103.355116] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  103.355148] Process btrfs-endio-wri (pid: 1866, threadinfo ffff8801e6770000,
task ffff8801e6749700)
[  103.355185] Stack:
[  103.355196]  0000000000000065 ffffffff000000b0 ffff880100000076
00000000000000eb
[  103.355234]  ffff880100000021 ffff8801000000eb ffff8801e67717d0
ffff8801e677186c
[  103.355271]  00000021000000eb ffff8801e67718e6 000000000000003e
00000000000000eb
[  103.355307] Call Trace:
[  103.355326]  [<ffffffffa05d3779>] bin_search+0x49/0x80 [btrfs]
[  103.355357]  [<ffffffffa05d6c63>] btrfs_search_old_slot+0x2d3/0x7c0
[btrfs]
[  103.355396]  [<ffffffffa05d96ad>] btrfs_next_old_leaf+0xed/0x470
[btrfs]
[  103.355434]  [<ffffffffa064809d>] __resolve_indirect_refs+0x34d/0x6b0
[btrfs]
[  103.355474]  [<ffffffffa0648f04>] find_parent_nodes+0x784/0xf20 [btrfs]
[  103.355515]  [<ffffffffa05fa5f0>] ? btrfs_submit_direct+0x5c0/0x5c0
[btrfs]
[  103.355553]  [<ffffffffa0649e75>] iterate_extent_inodes+0x135/0x370
[btrfs]
[  103.355589]  [<ffffffffa064a142>] iterate_inodes_from_logical+0x92/0xb0
[btrfs]
[  103.355627]  [<ffffffffa05fa5f0>] ? btrfs_submit_direct+0x5c0/0x5c0
[btrfs]
[  103.355664]  [<ffffffffa05f7d9d>] record_extent_backrefs+0xad/0x160
[btrfs]
[  103.355704]  [<ffffffffa060212e>] btrfs_finish_ordered_io+0x11e/0xb80
[btrfs]
[  103.355740]  [<ffffffffa0602ba5>] finish_ordered_fn+0x15/0x20 [btrfs]
[  103.355776]  [<ffffffffa061fb98>] worker_loop+0x148/0x580 [btrfs]
[  103.355810]  [<ffffffffa061fa50>] ? btrfs_queue_worker+0x2e0/0x2e0
[btrfs]
[  103.355841]  [<ffffffff8107ff73>] kthread+0x93/0xa0
[  103.355865]  [<ffffffff8161ae04>] kernel_thread_helper+0x4/0x10
[  103.355890]  [<ffffffff8107fee0>] ? flush_kthread_worker+0xb0/0xb0
[  103.355922]  [<ffffffff8161ae00>] ? gs_change+0x13/0x13
[  103.355947] Code: 00 00 00 89 74 24 08 44 89 7c 24 20 4c 89 e6 89 5c 24 18 44
89 6c 24 10 89 44 24 28 48 c7 04 24 65 00 00 00 31 c0 e8 1d 3d 03 e1 <0f>
0b 89 de 45 31 ed 8b 5d 90 eb 8e 0f 1f 00 55 48 89 e5 66 66
[  103.357362] RIP  [<ffffffffa05d3721>]
generic_bin_search.constprop.9+0x1f1/0x200 [btrfs]
[  103.358666]  RSP <ffff8801e6771750>
[  103.379933] ---[ end trace a7d7755ca5895558 ]---
[  135.823880] ------------[ cut here ]------------
[  135.824938] WARNING: at lib/list_debug.c:33 __list_add+0xc8/0xd0()
[  135.826222] Hardware name: 4291HA6
[  135.827210] list_add corruption. prev->next should be next
(ffff8801fd5f27e0), but was           (null). (prev=ffff8801e6771bc8).
[  135.828569] Modules linked in: btrfs(O) tcp_lp zlib_deflate libcrc32c fuse
lockd rfcomm bnep ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter
ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack i915 arc4
iwldvm mac80211 snd_hda_codec_hdmi snd_hda_codec_conexant btusb bluetooth
snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm iwlwifi
snd_timer cfg80211 thinkpad_acpi snd soundcore wmi e1000e iTCO_wdt
iTCO_vendor_support lpc_ich mfd_core uinput snd_page_alloc rfkill pcspkr
coretemp crc32c_intel ghash_clmulni_intel drm_kms_helper drm joydev i2c_i801
microcode tpm_tis tpm tpm_bios i2c_algo_bit i2c_core video sunrpc sdhci_pci
sdhci mmc_core [last unloaded: btrfs]
[  135.837173] Pid: 1884, comm: btrfs-endio-wri Tainted: G      D    O 3.6.0+ #4
[  135.839005] Call Trace:
[  135.840579]  [<ffffffff8105c6cf>] warn_slowpath_common+0x7f/0xc0
[  135.842254]  [<ffffffff8105c7c6>] warn_slowpath_fmt+0x46/0x50
[  135.843940]  [<ffffffffa05d352c>] ? comp_keys+0x2c/0x30 [btrfs]
[  135.845638]  [<ffffffff812df9b8>] __list_add+0xc8/0xd0
[  135.847393]  [<ffffffffa05d16a8>] btrfs_get_tree_mod_seq+0xa8/0xc0
[btrfs]
[  135.849214]  [<ffffffffa0635f71>] add_delayed_data_ref+0x161/0x1d0
[btrfs]
[  135.851055]  [<ffffffffa0636aa4>]
btrfs_add_delayed_data_ref+0x114/0x1b0 [btrfs]
[  135.852940]  [<ffffffffa05e2a5d>] btrfs_free_extent+0x6d/0x100 [btrfs]
[  135.854861]  [<ffffffffa060927c>] __btrfs_drop_extents+0x9bc/0xb00
[btrfs]
[  135.856812]  [<ffffffffa05d0dca>] ? btrfs_alloc_path+0x1a/0x20 [btrfs]
[  135.858822]  [<ffffffffa0609dce>] btrfs_drop_extents+0x6e/0xa0 [btrfs]
[  135.860856]  [<ffffffffa05f909b>]
insert_reserved_file_extent.constprop.13+0x7b/0x2c0 [btrfs]
[  135.862969]  [<ffffffffa0602695>] btrfs_finish_ordered_io+0x685/0xb80
[btrfs]
[  135.865105]  [<ffffffff8106d1da>] ? del_timer_sync+0x3a/0x60
[  135.867280]  [<ffffffff8160f25b>] ? schedule_timeout+0x13b/0x250
[  135.869475]  [<ffffffff8106bea0>] ? lock_timer_base+0x70/0x70
[  135.871737]  [<ffffffffa0602ba5>] finish_ordered_fn+0x15/0x20 [btrfs]
[  135.874046]  [<ffffffffa061fb98>] worker_loop+0x148/0x580 [btrfs]
[  135.876377]  [<ffffffffa061fa50>] ? btrfs_queue_worker+0x2e0/0x2e0
[btrfs]
[  135.878735]  [<ffffffff8107ff73>] kthread+0x93/0xa0
[  135.881124]  [<ffffffff8161ae04>] kernel_thread_helper+0x4/0x10
[  135.883555]  [<ffffffff8107fee0>] ? flush_kthread_worker+0xb0/0xb0
[  135.886032]  [<ffffffff8161ae00>] ? gs_change+0x13/0x13
[  135.888531] ---[ end trace a7d7755ca5895559 ]---
[  165.568096] ------------[ cut here ]------------
[  165.568157] WARNING: at lib/list_debug.c:33 __list_add+0xc8/0xd0()
[  165.568183] Hardware name: 4291HA6
[  165.568196] list_add corruption. prev->next should be next
(ffff8801fd5f27e0), but was           (null). (prev=ffff8801e6771bc8).
[  165.568242] Modules linked in: btrfs(O) tcp_lp zlib_deflate libcrc32c fuse
lockd rfcomm bnep ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter
ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack i915 arc4
iwldvm mac80211 snd_hda_codec_hdmi snd_hda_codec_conexant btusb bluetooth
snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm iwlwifi
snd_timer cfg80211 thinkpad_acpi snd soundcore wmi e1000e iTCO_wdt
iTCO_vendor_support lpc_ich mfd_core uinput snd_page_alloc rfkill pcspkr
coretemp crc32c_intel ghash_clmulni_intel drm_kms_helper drm joydev i2c_i801
microcode tpm_tis tpm tpm_bios i2c_algo_bit i2c_core video sunrpc sdhci_pci
sdhci mmc_core [last unloaded: btrfs]
[  165.568578] Pid: 1852, comm: btrfs-endio-wri Tainted: G      D W  O 3.6.0+ #4
[  165.568600] Call Trace:
[  165.568615]  [<ffffffff8105c6cf>] warn_slowpath_common+0x7f/0xc0
[  165.568635]  [<ffffffff8105c7c6>] warn_slowpath_fmt+0x46/0x50
[  165.568654]  [<ffffffff812df9b8>] __list_add+0xc8/0xd0
[  165.568679]  [<ffffffffa05d16a8>] btrfs_get_tree_mod_seq+0xa8/0xc0
[btrfs]
[  165.568709]  [<ffffffffa0635f71>] add_delayed_data_ref+0x161/0x1d0
[btrfs]
[  165.568737]  [<ffffffffa0636aa4>]
btrfs_add_delayed_data_ref+0x114/0x1b0 [btrfs]
[  165.568765]  [<ffffffffa05db313>] btrfs_inc_extent_ref+0x53/0x90
[btrfs]
[  165.568793]  [<ffffffffa06091f0>] __btrfs_drop_extents+0x930/0xb00
[btrfs]
[  165.568821]  [<ffffffffa0609dce>] btrfs_drop_extents+0x6e/0xa0 [btrfs]
[  165.568848]  [<ffffffffa05f909b>]
insert_reserved_file_extent.constprop.13+0x7b/0x2c0 [btrfs]
[  165.568880]  [<ffffffffa0602695>] btrfs_finish_ordered_io+0x685/0xb80
[btrfs]
[  165.568903]  [<ffffffff8106d1da>] ? del_timer_sync+0x3a/0x60
[  165.568924]  [<ffffffff8160f25b>] ? schedule_timeout+0x13b/0x250
[  165.568950]  [<ffffffffa060ced1>] ? btrfs_put_ordered_extent+0x61/0xe0
[btrfs]
[  165.568973]  [<ffffffff8106bea0>] ? lock_timer_base+0x70/0x70
[  165.568997]  [<ffffffffa0602ba5>] finish_ordered_fn+0x15/0x20 [btrfs]
[  165.569023]  [<ffffffffa061fb98>] worker_loop+0x148/0x580 [btrfs]
[  165.569048]  [<ffffffffa061fa50>] ? btrfs_queue_worker+0x2e0/0x2e0
[btrfs]
[  165.569070]  [<ffffffff8107ff73>] kthread+0x93/0xa0
[  165.569088]  [<ffffffff8161ae04>] kernel_thread_helper+0x4/0x10
[  165.569113]  [<ffffffff8107fee0>] ? flush_kthread_worker+0xb0/0xb0
[  165.569142]  [<ffffffff8161ae00>] ? gs_change+0x13/0x13
[  165.569170] ---[ end trace a7d7755ca589555a ]---

Liu Bo

2012-Oct-17 15:33 UTC

head link

Re: [BUG] __tree_mod_log_rewind makes extent buffers larger than leafsize

On 10/17/2012 11:27 PM, Liu Bo wrote:> [  103.354284] kernel BUG at fs/btrfs/ctree.c:1582!
> [  103.354305] invalid opcode: 0000 [#1] SMP 
> [  103.354326] Modules linked in: btrfs(O) tcp_lp zlib_deflate libcrc32c
fuse lockd rfcomm bnep ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6
ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state
nf_conntrack i915 arc4 iwldvm mac80211 snd_hda_codec_hdmi snd_hda_codec_conexant
btusb bluetooth snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device
snd_pcm iwlwifi snd_timer cfg80211 thinkpad_acpi snd soundcore wmi e1000e
iTCO_wdt iTCO_vendor_support lpc_ich mfd_core uinput snd_page_alloc rfkill
pcspkr coretemp crc32c_intel ghash_clmulni_intel drm_kms_helper drm joydev
i2c_i801 microcode tpm_tis tpm tpm_bios i2c_algo_bit i2c_core video sunrpc
sdhci_pci sdhci mmc_core [last unloaded: btrfs]
> [  103.354703] CPU 1 
> [  103.354715] Pid: 1866, comm: btrfs-endio-wri Tainted: G           O
3.6.0+ #4 LENOVO 4291HA6/4291HA6
> [  103.354753] RIP: 0010:[<ffffffffa05d3721>] 
[<ffffffffa05d3721>] generic_bin_search.constprop.9+0x1f1/0x200 [btrfs]
This BUG_ON is from me, otherwise it''ll go deeper and throw out general
protection errors.

thanks,
liubo
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Jan Schmidt

2012-Oct-18 05:43 UTC

head link

Re: [BUG] __tree_mod_log_rewind makes extent buffers larger than leafsize

Hi liubo,

On Wed, October 17, 2012 at 17:27 (+0200), Liu Bo wrote:> Hi Jan,
> 
> Here is the steps,
> 
> 1. apply the three patches onto the latest btrfs
Can you give me a commit id? They don''t apply to cmason/master as of
today.
Patch 1 looks reversed, by the way.

I''d comment on patch 2, but it''s hard to comment on something
in a tar archive.
You probably wanted to add "add++" where you added "add = 0"
for the second time.
> 2. run the script ''debug.sh''[1]
>    (NOTE: edit the script and the fio job file[2] to get device and mount
point right before running it)
> 
> 3. it will crash after a few seconds. [3]
> 
> 
> thanks,
> liubo
> 
> 
> [1]:
> $ cat debug.sh 
> #!/bin/bash
> 
> D=/dev/sda5
> M=/mnt/btrfs
> 
> umount $M $D
> mkfs.btrfs $D
> 
> mount $D $M -o autodefrag
> 
> fio fio_sync_random_write_4k_config &
> 
> for ((i=0; i<20; i++))
> do
> 	btrfs sub snap $M $M/s_$i
> 	sleep 2
> done &
> 
> [2]
> $ cat fio_sync_random_write_4k_config 
> [global]
> direct=0
> ioengine=sync
> size=800M
> bs=4k
> numjobs=1
> group_reporting
> invalidate=0
> end_fsync=1
> overwrite=0
> directory=/mnt/btrfs
> 
> 
> [job_sub0]
> startdelay=0
> rw=randwrite
> filename=foo
> 
> [3]
> [   71.980881] device fsid bc47c36a-7e90-453d-aa6b-8c4a12e30dc0 devid 1
transid 4 /dev/sda5
> [   71.984162] btrfs: enabling auto defrag
> [   71.984168] btrfs: disk space caching is enabled
> [   72.051464] root last_snapshot 5
> [   95.789404] root last_snapshot 6
> [  100.229357] root last_snapshot 7
> [  103.252999] record_old_file_extents: ino 257 new file_pos 38273024 len
1048576 bytenr 2387300352 disk_len 1048576
> [  103.255989] record_extent_backrefs file_pos 38273024 len 1048576
> [  103.348648] eb->start 66080768 eb->len 4096 eb->level 1 nritems
66 n 176 rm 110 add 0
Even the first line tells us there''s something wrong. n
shouldn''t exceed 124
with 4k leaves. If you lower the debug output restriction (n > 130) we might
already see through here.

A guess is that we''ve probably queued some MOD_LOG_MOVE_KEYS operations
that
should have modified n.

Thanks,
-Jan
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Liu Bo

2012-Oct-18 06:32 UTC

head link

Re: [BUG] __tree_mod_log_rewind makes extent buffers larger than leafsize

On 10/18/2012 01:43 PM, Jan Schmidt wrote:> Hi liubo,
> 
> On Wed, October 17, 2012 at 17:27 (+0200), Liu Bo wrote:
>> Hi Jan,
>>
>> Here is the steps,
>>
>> 1. apply the three patches onto the latest btrfs
> 
> Can you give me a commit id? They don''t apply to cmason/master as
of today.
> Patch 1 looks reversed, by the way.
> 
Oh, I''m so sorry, there is a conflict of btrfs_drop_extents.

I''ve attached the new version test patches, which should work onto the
latest for-linus branch.
> I''d comment on patch 2, but it''s hard to comment on
something in a tar archive.
> You probably wanted to add "add++" where you added "add =
0" for the second time.
> 
Yeah, I noticed this, thanks for pointing it out ;)
>> 2. run the script ''debug.sh''[1]
>>    (NOTE: edit the script and the fio job file[2] to get device and
mount point right before running it)
>>
>> 3. it will crash after a few seconds. [3]
[...]>>
>> [3]
>> [   71.980881] device fsid bc47c36a-7e90-453d-aa6b-8c4a12e30dc0 devid 1
transid 4 /dev/sda5
>> [   71.984162] btrfs: enabling auto defrag
>> [   71.984168] btrfs: disk space caching is enabled
>> [   72.051464] root last_snapshot 5
>> [   95.789404] root last_snapshot 6
>> [  100.229357] root last_snapshot 7
>> [  103.252999] record_old_file_extents: ino 257 new file_pos 38273024
len 1048576 bytenr 2387300352 disk_len 1048576
>> [  103.255989] record_extent_backrefs file_pos 38273024 len 1048576
>> [  103.348648] eb->start 66080768 eb->len 4096 eb->level 1
nritems 66 n 176 rm 110 add 0
> 
> Even the first line tells us there''s something wrong. n
shouldn''t exceed 124
> with 4k leaves. If you lower the debug output restriction (n > 130) we
might
> already see through here.
> 
ok, besides, I add two more index: rm_free and rm_move.
> A guess is that we''ve probably queued some MOD_LOG_MOVE_KEYS
operations that
> should have modified n.
> 
IMHO MOD_LOG_KEY_REMOVE_WHILE_MOVING does not need to modify n, since nritems
remain
unchanged when we move items inside an node, don''t they?

thanks,
liubo
> Thanks,
> -Jan
> --
> To unsubscribe from this list: send the line "unsubscribe
linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Btrfs devel - Oct 2012 - [BUG] __tree_mod_log_rewind makes extent buffers larger than leafsize

[BUG] __tree_mod_log_rewind makes extent buffers larger than leafsize

Re: [BUG] __tree_mod_log_rewind makes extent buffers larger than leafsize

Re: [BUG] __tree_mod_log_rewind makes extent buffers larger than leafsize

Re: [BUG] __tree_mod_log_rewind makes extent buffers larger than leafsize