From: "Elijah Newren via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Elijah Newren <newren@gmail.com>,
Matthew John Cheetham <mjcheetham@outlook.com>
Subject: [PATCH] fsck: snapshot default refs before object walk
Date: Mon, 29 Dec 2025 19:12:29 +0000 [thread overview]
Message-ID: <pull.2026.git.1767035549378.gitgitgadget@gmail.com> (raw)
From: Matthew John Cheetham <mjcheetham@outlook.com>
Fsck has a race when operating on live repositories; consider the
following simple script that writes new commits as fsck runs:
#!/bin/bash
git fsck &
PID=$!
while ps -p $PID >/dev/null; do
sleep 3
git commit -q --allow-empty -m "Another commit"
done
Since fsck reads refs at the beginning, walks those for connectivity,
and then reads the refs again at the end to check, this can cause fsck
to get confused and think that the new refs refer to missing commits and
that new reflog entries are invalid. Running the above script in a
clone of git.git results in the following (output ellipsized to remove
additional errors of the same type):
$ ./fsck-while-writing.sh
Checking ref database: 100% (1/1), done.
Checking object directories: 100% (256/256), done.
warning in tag d6602ec5194c87b0fc87103ca4d67251c76f233a: missingTaggerEntry: invalid format - expected 'tagger' line
Checking objects: 100% (835091/835091), done.
error: HEAD: invalid reflog entry 2aac9f9286e2164fbf8e4f1d1df53044ace2b310
error: HEAD: invalid reflog entry 2aac9f9286e2164fbf8e4f1d1df53044ace2b310
error: HEAD: invalid reflog entry da0f5b80d61844a6f0ad2ddfd57e4fdfa246ea68
error: HEAD: invalid reflog entry da0f5b80d61844a6f0ad2ddfd57e4fdfa246ea68
[...]
error: HEAD: invalid reflog entry 87c8a5c2f6b79d9afa9e941590b9a097b6f7ac09
error: HEAD: invalid reflog entry d80887a48865e6ad165274b152cbbbed29f8a55a
error: HEAD: invalid reflog entry d80887a48865e6ad165274b152cbbbed29f8a55a
error: HEAD: invalid reflog entry 6724f2dfede88bfa9445a333e06e78536c0c6c0d
error: refs/heads/mybranch invalid reflog entry 2aac9f9286e2164fbf8e4f1d1df53044ace2b310
error: refs/heads/mybranch: invalid reflog entry 2aac9f9286e2164fbf8e4f1d1df53044ace2b310
error: refs/heads/mybranch: invalid reflog entry da0f5b80d61844a6f0ad2ddfd57e4fdfa246ea68
error: refs/heads/mybranch: invalid reflog entry da0f5b80d61844a6f0ad2ddfd57e4fdfa246ea68
[...]
error: refs/heads/mybranch: invalid reflog entry 87c8a5c2f6b79d9afa9e941590b9a097b6f7ac09
error: refs/heads/mybranch: invalid reflog entry d80887a48865e6ad165274b152cbbbed29f8a55a
error: refs/heads/mybranch: invalid reflog entry d80887a48865e6ad165274b152cbbbed29f8a55a
error: refs/heads/mybranch: invalid reflog entry 6724f2dfede88bfa9445a333e06e78536c0c6c0d
Checking connectivity: 833846, done.
missing commit 6724f2dfede88bfa9445a333e06e78536c0c6c0d
Verifying commits in commit graph: 100% (242243/242243), done.
This problem doesn't occur when refs are specified on the command line
for us to check, since we use those specified refs for both walking and
checking. Using the same refs for walking and checking seems to just
make sense, so modify the existing code to do the same when refs aren't
specified. Snapshot the refs at the beginning, and also ignore all
reflog entries since the time of our snapshot (while this technically
means we could ignore a reflog entry created before the fsck process
if the local clock is weird, since reflogs are local-only there are not
concerns about differences between clocks on different machines). This
combination of changes modifies the output of running the above script
to:
$ ./fsck-while-writing.sh
Checking ref database: 100% (1/1), done.
Checking object directories: 100% (256/256), done.
warning in tag d6602ec5194c87b0fc87103ca4d67251c76f233a: missingTaggerEntry: invalid format - expected 'tagger' line
Checking objects: 100% (835091/835091), done.
Checking connectivity: 833846, done.
Verifying commits in commit graph: 100% (242243/242243), done.
While worries about live updates while running fsck is likely of most
interest for forge operators, it will likely also benefit those with
automated jobs (such as git maintenance) or even casual users who want
to do other work in their clone while fsck is running.
Signed-off-by: Matthew John Cheetham <mjcheetham@outlook.com>
Co-authored-by: Elijah Newren <newren@gmail.com>
[en: several changes:
* adjusted for upstream refactorings to refs callback call signatures
* handle reflogs as well
* free recorded snapshot of refs when done
* default to snapshotting instead of making it a non-default option
* provide reproducible testcase in commit message and rewrite commit
message around it
]
Signed-off-by: Elijah Newren <newren@gmail.com>
---
fsck: snapshot default refs before object walk
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-2026%2Fnewren%2Ffsck-snapshot-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-2026/newren/fsck-snapshot-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/2026
builtin/fsck.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 70 insertions(+), 4 deletions(-)
diff --git a/builtin/fsck.c b/builtin/fsck.c
index c489582faa..8d20505f5d 100644
--- a/builtin/fsck.c
+++ b/builtin/fsck.c
@@ -51,6 +51,7 @@ static int show_progress = -1;
static int show_dangling = 1;
static int name_objects;
static int check_references = 1;
+static timestamp_t now;
#define ERROR_OBJECT 01
#define ERROR_REACHABLE 02
#define ERROR_PACK 04
@@ -509,6 +510,9 @@ static int fsck_handle_reflog_ent(const char *refname,
timestamp_t timestamp, int tz UNUSED,
const char *message UNUSED, void *cb_data UNUSED)
{
+ if (now && timestamp > now)
+ return 0;
+
if (verbose)
fprintf_ln(stderr, _("Checking reflog %s->%s"),
oid_to_hex(ooid), oid_to_hex(noid));
@@ -567,14 +571,53 @@ static int fsck_head_link(const char *head_ref_name,
const char **head_points_at,
struct object_id *head_oid);
-static void get_default_heads(void)
+struct ref_snapshot {
+ size_t nr;
+ size_t name_alloc;
+ size_t oid_alloc;
+ char **refname;
+ struct object_id *oid;
+};
+
+static int snapshot_refs(const struct reference *ref, void *cb_data)
+{
+ struct ref_snapshot *refs = cb_data;
+
+ ALLOC_GROW(refs->refname, refs->nr + 1, refs->name_alloc);
+ ALLOC_GROW(refs->oid, refs->nr + 1, refs->oid_alloc);
+
+ refs->refname[refs->nr] = xstrdup(ref->name);
+ oidcpy(&refs->oid[refs->nr], ref->oid);
+ refs->nr++;
+
+ return 0;
+}
+
+static void free_snapshot_refs(struct ref_snapshot *snapshot)
+{
+ for (size_t i = 0; i < snapshot->nr; i++)
+ free(snapshot->refname[i]);
+ free(snapshot->refname);
+ free(snapshot->oid);
+}
+
+static void get_default_heads(struct ref_snapshot *the_refs)
{
struct worktree **worktrees, **p;
const char *head_points_at;
struct object_id head_oid;
- refs_for_each_rawref(get_main_ref_store(the_repository),
- fsck_handle_ref, NULL);
+ if (the_refs)
+ for (size_t i = 0; i < the_refs->nr; i++) {
+ struct reference ref = {
+ .name = the_refs->refname[i],
+ .oid = &the_refs->oid[i],
+ };
+ fsck_handle_ref(&ref, NULL);
+ }
+ else
+ refs_for_each_rawref(get_main_ref_store(the_repository),
+ fsck_handle_ref, NULL);
worktrees = get_worktrees();
for (p = worktrees; *p; p++) {
@@ -964,6 +1007,14 @@ int cmd_fsck(int argc,
{
int i;
struct odb_source *source;
+ struct ref_snapshot default_refs_snapshot = {
+ .nr = 0,
+ .name_alloc = 0,
+ .oid_alloc = 0,
+ .refname = NULL,
+ .oid = NULL
+ };
+ bool use_snapshot;
/* fsck knows how to handle missing promisor objects */
fetch_if_missing = 0;
@@ -999,6 +1050,19 @@ int cmd_fsck(int argc,
if (check_references)
fsck_refs(the_repository);
+ /*
+ * Take a snapshot of the refs before walking objects to avoid looking
+ * at a set of refs that may be changed by the user while we are walking
+ * objects. We can still walk over new objects that are added during the
+ * execution of fsck but won't miss any objects that were reachable.
+ */
+ use_snapshot = !argc;
+ if (use_snapshot) {
+ now = time(NULL);
+ refs_for_each_rawref(get_main_ref_store(the_repository),
+ snapshot_refs, &default_refs_snapshot);
+ }
+
if (connectivity_only) {
for_each_loose_object(the_repository->objects,
mark_loose_for_connectivity, NULL, 0);
@@ -1071,7 +1135,7 @@ int cmd_fsck(int argc,
* in this case (ie this implies --cache).
*/
if (!argc) {
- get_default_heads();
+ get_default_heads(use_snapshot ? &default_refs_snapshot : NULL);
keep_cache_objects = 1;
}
@@ -1148,5 +1212,7 @@ int cmd_fsck(int argc,
}
}
+ if (use_snapshot)
+ free_snapshot_refs(&default_refs_snapshot);
return errors_found;
}
base-commit: b31ab939fe8e3cbe8be48dddd1c6ac0265991f45
--
gitgitgadget
next reply other threads:[~2025-12-29 19:12 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-29 19:12 Elijah Newren via GitGitGadget [this message]
2025-12-30 0:45 ` [PATCH] fsck: snapshot default refs before object walk Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pull.2026.git.1767035549378.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=git@vger.kernel.org \
--cc=mjcheetham@outlook.com \
--cc=newren@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).