From: Eric Sandeen <sandeen@redhat.com>
To: Qu Wenruo <quwenruo@cn.fujitsu.com>, linux-btrfs@vger.kernel.org
Subject: Re: [PATCH v2 3/5] btrfs-progs: Record and report every file extent hole.
Date: Tue, 24 Mar 2015 22:05:26 -0500 [thread overview]
Message-ID: <551225F6.4030208@redhat.com> (raw)
In-Reply-To: <1420182753-2724-3-git-send-email-quwenruo@cn.fujitsu.com>
On 1/2/15 1:12 AM, Qu Wenruo wrote:
> Record every file extent discontinuous hole in inode_record using a
> rb_tree member.
>
> Before the patch, btrfsck will only record the first file extent hole by
> using first_extent_gap, that's good for detecting error, but not
> suitable for fixing it.
>
> This patch provides the ability to record every file extent hole and
> report it.
This is causing use after free and segfaults in my testing, running
xfstests btrfs/078 with multiple devices defined:
SCRATCH_DEV_POOL="/dev/sdc5 /dev/sdc6 /dev/sdc7 /dev/sdc8 /dev/sdc9 /dev/sdc10 /dev/sdc11 /dev/sdc12"
-Eric
# valgrind ./btrfsck /dev/sdc5
==31620== Memcheck, a memory error detector
==31620== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==31620== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==31620== Command: ./btrfsck /dev/sdc5
==31620==
Checking filesystem on /dev/sdc5
UUID: ab91fc96-549b-4048-a68b-73c5190e6265
checking extents
checking free space cache
checking fs roots
==31620== Invalid read of size 8
==31620== at 0x4C257C3: rb_first (rbtree.c:420)
==31620== by 0x41E609: first_extent_gap (cmds-check.c:182)
==31620== by 0x427D43: merge_inode_recs (cmds-check.c:950)
==31620== by 0x42827B: splice_shared_node (cmds-check.c:1032)
==31620== by 0x428827: enter_shared_node (cmds-check.c:1138)
==31620== by 0x428BCF: walk_down_tree (cmds-check.c:1745)
==31620== by 0x42CA64: check_fs_root (cmds-check.c:3360)
==31620== by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
==31620== by 0x42E342: cmd_check (cmds-check.c:9161)
==31620== by 0x40C089: main (btrfs.c:245)
==31620== Address 0x4e5dc60 is 16 bytes inside a block of size 40 free'd
==31620== at 0x4A063F0: free (vg_replace_malloc.c:446)
==31620== by 0x421887: free_file_extent_holes (cmds-check.c:359)
==31620== by 0x4218FB: free_inode_rec (cmds-check.c:718)
==31620== by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
==31620== by 0x4282A5: splice_shared_node (cmds-check.c:1038)
==31620== by 0x42849E: leave_shared_node (cmds-check.c:1170)
==31620== by 0x42869F: walk_up_tree (cmds-check.c:1817)
==31620== by 0x42CA82: check_fs_root (cmds-check.c:3366)
==31620== by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
==31620== by 0x42E342: cmd_check (cmds-check.c:9161)
==31620== by 0x40C089: main (btrfs.c:245)
==31620==
==31620== Invalid read of size 8
==31620== at 0x41E60A: first_extent_gap (cmds-check.c:183)
==31620== by 0x427D43: merge_inode_recs (cmds-check.c:950)
==31620== by 0x42827B: splice_shared_node (cmds-check.c:1032)
==31620== by 0x428827: enter_shared_node (cmds-check.c:1138)
==31620== by 0x428BCF: walk_down_tree (cmds-check.c:1745)
==31620== by 0x42CA64: check_fs_root (cmds-check.c:3360)
==31620== by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
==31620== by 0x42E342: cmd_check (cmds-check.c:9161)
==31620== by 0x40C089: main (btrfs.c:245)
==31620== Address 0x4e5dc68 is 24 bytes inside a block of size 40 free'd
==31620== at 0x4A063F0: free (vg_replace_malloc.c:446)
==31620== by 0x421887: free_file_extent_holes (cmds-check.c:359)
==31620== by 0x4218FB: free_inode_rec (cmds-check.c:718)
==31620== by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
==31620== by 0x4282A5: splice_shared_node (cmds-check.c:1038)
==31620== by 0x42849E: leave_shared_node (cmds-check.c:1170)
==31620== by 0x42869F: walk_up_tree (cmds-check.c:1817)
==31620== by 0x42CA82: check_fs_root (cmds-check.c:3366)
==31620== by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
==31620== by 0x42E342: cmd_check (cmds-check.c:9161)
==31620== by 0x40C089: main (btrfs.c:245)
==31620==
==31620== Invalid read of size 8
==31620== at 0x4C257C3: rb_first (rbtree.c:420)
==31620== by 0x41E609: first_extent_gap (cmds-check.c:182)
==31620== by 0x427421: maybe_free_inode_rec (cmds-check.c:768)
==31620== by 0x4282A5: splice_shared_node (cmds-check.c:1038)
==31620== by 0x428827: enter_shared_node (cmds-check.c:1138)
==31620== by 0x428BCF: walk_down_tree (cmds-check.c:1745)
==31620== by 0x42CA64: check_fs_root (cmds-check.c:3360)
==31620== by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
==31620== by 0x42E342: cmd_check (cmds-check.c:9161)
==31620== by 0x40C089: main (btrfs.c:245)
==31620== Address 0x4e5dc60 is 16 bytes inside a block of size 40 free'd
==31620== at 0x4A063F0: free (vg_replace_malloc.c:446)
==31620== by 0x421887: free_file_extent_holes (cmds-check.c:359)
==31620== by 0x4218FB: free_inode_rec (cmds-check.c:718)
==31620== by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
==31620== by 0x4282A5: splice_shared_node (cmds-check.c:1038)
==31620== by 0x42849E: leave_shared_node (cmds-check.c:1170)
==31620== by 0x42869F: walk_up_tree (cmds-check.c:1817)
==31620== by 0x42CA82: check_fs_root (cmds-check.c:3366)
==31620== by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
==31620== by 0x42E342: cmd_check (cmds-check.c:9161)
==31620== by 0x40C089: main (btrfs.c:245)
==31620==
==31620== Invalid read of size 8
==31620== at 0x41E60A: first_extent_gap (cmds-check.c:183)
==31620== by 0x427421: maybe_free_inode_rec (cmds-check.c:768)
==31620== by 0x4282A5: splice_shared_node (cmds-check.c:1038)
==31620== by 0x428827: enter_shared_node (cmds-check.c:1138)
==31620== by 0x428BCF: walk_down_tree (cmds-check.c:1745)
==31620== by 0x42CA64: check_fs_root (cmds-check.c:3360)
==31620== by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
==31620== by 0x42E342: cmd_check (cmds-check.c:9161)
==31620== by 0x40C089: main (btrfs.c:245)
==31620== Address 0x4e5dc68 is 24 bytes inside a block of size 40 free'd
==31620== at 0x4A063F0: free (vg_replace_malloc.c:446)
==31620== by 0x421887: free_file_extent_holes (cmds-check.c:359)
==31620== by 0x4218FB: free_inode_rec (cmds-check.c:718)
==31620== by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
==31620== by 0x4282A5: splice_shared_node (cmds-check.c:1038)
==31620== by 0x42849E: leave_shared_node (cmds-check.c:1170)
==31620== by 0x42869F: walk_up_tree (cmds-check.c:1817)
==31620== by 0x42CA82: check_fs_root (cmds-check.c:3366)
==31620== by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
==31620== by 0x42E342: cmd_check (cmds-check.c:9161)
==31620== by 0x40C089: main (btrfs.c:245)
==31620==
==31620== Invalid read of size 8
==31620== at 0x4C257C3: rb_first (rbtree.c:420)
==31620== by 0x42186C: free_file_extent_holes (cmds-check.c:355)
==31620== by 0x4218FB: free_inode_rec (cmds-check.c:718)
==31620== by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
==31620== by 0x4282A5: splice_shared_node (cmds-check.c:1038)
==31620== by 0x428827: enter_shared_node (cmds-check.c:1138)
==31620== by 0x428BCF: walk_down_tree (cmds-check.c:1745)
==31620== by 0x42CA64: check_fs_root (cmds-check.c:3360)
==31620== by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
==31620== by 0x42E342: cmd_check (cmds-check.c:9161)
==31620== by 0x40C089: main (btrfs.c:245)
==31620== Address 0x4e5dc60 is 16 bytes inside a block of size 40 free'd
==31620== at 0x4A063F0: free (vg_replace_malloc.c:446)
==31620== by 0x421887: free_file_extent_holes (cmds-check.c:359)
==31620== by 0x4218FB: free_inode_rec (cmds-check.c:718)
==31620== by 0x42753E: maybe_free_inode_rec (cmds-check.c:786)
==31620== by 0x4282A5: splice_shared_node (cmds-check.c:1038)
==31620== by 0x42849E: leave_shared_node (cmds-check.c:1170)
==31620== by 0x42869F: walk_up_tree (cmds-check.c:1817)
==31620== by 0x42CA82: check_fs_root (cmds-check.c:3366)
==31620== by 0x42CE2D: check_fs_roots (cmds-check.c:3496)
==31620== by 0x42E342: cmd_check (cmds-check.c:9161)
==31620== by 0x40C089: main (btrfs.c:245)
... etc ...
next prev parent reply other threads:[~2015-03-25 3:05 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-02 7:12 [PATCH v2 1/5] btrfs-progs: Record orphan data extent ref to corresponding root Qu Wenruo
2015-01-02 7:12 ` [PATCH v2 2/5] btrfs-progs: Add btrfs_get_extent() and btrfs_punch_hole() Qu Wenruo
2015-01-02 7:12 ` [PATCH v2 3/5] btrfs-progs: Record and report every file extent hole Qu Wenruo
2015-03-25 3:05 ` Eric Sandeen [this message]
2015-03-25 3:36 ` Qu Wenruo
2015-05-02 16:36 ` Filipe David Manana
2015-05-05 0:55 ` Qu Wenruo
2015-01-02 7:12 ` [PATCH v2 4/5] btrfs-progs: Add repair and report function for orphan file extent Qu Wenruo
2015-01-02 7:12 ` [PATCH v2 5/5] btrfs-progs: Add repair function for discount file extent hole Qu Wenruo
2015-02-02 13:43 ` [PATCH v2 1/5] btrfs-progs: Record orphan data extent ref to corresponding root David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=551225F6.4030208@redhat.com \
--to=sandeen@redhat.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=quwenruo@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.