From: Marc Dietrich <marvin24@gmx.de>
To: Gui Hecheng <guihc.fnst@cn.fujitsu.com>
Cc: Zooko Wilcox-OHearn <zooko@leastauthority.com>,
linux-btrfs@vger.kernel.org
Subject: Re: fs corruption report
Date: Mon, 01 Sep 2014 10:47:26 +0200 [thread overview]
Message-ID: <1484373.Oezxgh4u8P@ax5200p> (raw)
In-Reply-To: <1409192882.1582.13.camel@localhost.localdomain>
[-- Attachment #1: Type: text/plain, Size: 6478 bytes --]
Guy,
Am Donnerstag 28 August 2014, 10:28:02 schrieb Gui Hecheng:
> On Mon, 2014-08-25 at 05:08 +0000, Zooko Wilcox-OHearn wrote:
> > Aha. When it is run under valgrind it consistently stops (killing
> > valgrind, in fact!) in the same way on every run.
> >
> > Here's the tail of stdout and stderr when it aborted when run under
> > valgrind:
> >
> > Restoring
> > ./sda6-btrfs-restore-3/@home/zooko/.mozilla/firefox/ltjwtkwe.ketotic.org/
> > thumbnails/188888af64f6d2871b0f24e325d8a298.png Restoring
> > ./sda6-btrfs-restofailed to inflate: -6
> >
> > Full valgrind outputs from such a run is attached to this letter.
> >
> > I've spent a little time looking at the stack traces in the valgrind
> > log, and I *guess* that there is corruption such that the
> > decompression fails, and I guess it would be possible to make
> > cmds-restore handle corrupted compressedtext better, so that it would
> > end up skipping whatever files and directories were unrestorable due
> > to corruption. However, I don't immediately see how to proceed.
> >
> > Regards,
>
> Hi Zooko,
> Here are some pieces for your information:
>
> For the first:
> ==5569== Syscall param pwrite64(buf) points to uninitialised byte(s)
> ==5569== at 0x56ABD03: __pwrite_nocancel (syscall-template.S:81)
> ==5569== by 0x41F346: search_dir (cmds-restore.c:392)
>
> It is handled by
> https://patchwork.kernel.org/patch/4755441/
>
> For the second:
> ==5569== Invalid read of size 1
> ==5569== at 0x4C2F95E: memcpy@@GLIBC_2.14
> ==5569== by 0x4388E6: read_extent_buffer (string3.h:51)
> ==5569== by 0x41ED6C: search_dir (cmds-restore.c:233)
>
> It should be handled by
> https://patchwork.kernel.org/patch/4792381/
> And it handles Marc's similar problem too.
I can confirm that this patch really cures these memleaks, but ....
>
> And for the last one and the crucial one...
> ==5569== Invalid read of size 4
> ==5569== at 0x41E394: decompress (cmds-restore.c:93)
> ==5569== by 0x41F291: search_dir (cmds-restore.c:378)
> along with
> ==5569== Invalid read of size 1
> ==5569== at 0x548DDB6: lzo1x_decompress_safe
> ==5569== by 0x41E3BD: decompress (cmds-restore.c:122)
> ==5569== by 0x41F291: search_dir (cmds-restore.c:378)
>
> Sorry, I'm not able to reproduce it yet, it may be just what you've
> guessed that corruption happens. But I am sure that there are bugs
> around the decompress routine, because I've got "failed to inflate"s too
> with a non-corrupted btrfs. I'm going to track it down.
this one still exists. It took me a while to reproduce this (actually, find
the file which causes it). So we have:
==27292== Invalid read of size 8
==27292== at 0x57A10D2: lzo1x_decompress_safe (in
/usr/lib64/liblzo2.so.2.0.0)
==27292== by 0x41E9ED: decompress (cmds-restore.c:129)
==27292== by 0x41F8A7: search_dir (cmds-restore.c:386)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x420C6F: cmd_restore (cmds-restore.c:1319)
==27292== by 0x4042FC: main (btrfs.c:247)
==27292== Address 0x6280afc is 24,572 bytes inside a block of size 24,576
alloc'd
==27292== at 0x4C277AB: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-
amd64-linux.so)
==27292== by 0x41F577: search_dir (cmds-restore.c:317)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x420C6F: cmd_restore (cmds-restore.c:1319)
==27292== by 0x4042FC: main (btrfs.c:247)
==27292==
==27292== (action on error) vgdb me ...
and the attached debug backtrace is (I attached the full bt):
Program received signal SIGTRAP, Trace/breakpoint trap.
0x00000000057a10d2 in lzo1x_decompress_safe () from /usr/lib64/liblzo2.so.2
(gdb) bt
#0 0x00000000057a10d2 in lzo1x_decompress_safe () from
/usr/lib64/liblzo2.so.2
#1 0x000000000041e9ee in decompress_lzo (decompress_len=0x7feff9f60,
compress_len=417,
outbuf=0x63229a0 "ource/core/dom/webcore_dom.StaticNodeList.o",
inbuf=0x6280a6d "\017ource/core/dom/webl\001") at cmds-restore.c:129
#2 decompress (inbuf=inbuf@entry=0x627ab00 "zU\001",
outbuf=outbuf@entry=0x631a9a0 "<X", compress_len=compress_len@entry=24576,
decompress_len=decompress_len@entry=0x7feff9f60,
compress=compress@entry=2) at cmds-restore.c:155
#3 0x000000000041f8a8 in copy_one_extent (pos=4063232, fi=<optimized out>,
leaf=0x5fb58d0, fd=4, root=0x61405c0) at cmds-restore.c:386
#4 copy_file (file=0x66a700 <path_name>
"/work/chromium/src/out/Release/.ninja_deps", key=0x7feffb080, fd=4,
root=0x61405c0)
at cmds-restore.c:659
#5 search_dir (root=root@entry=0x61405c0, key=key@entry=0x7feffc2d0,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x6602d70 "/chromium/src/out/Release",
mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:840
#6 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0,
key=key@entry=0x7feffd520,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x6df4d90 "/chromium/src/out",
mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:916
#7 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0,
key=key@entry=0x7feffe770,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x65d7080 "/chromium/src", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
#8 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0,
key=key@entry=0x7fefff9c0,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x6f35ac0 "/chromium", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
#9 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0,
key=key@entry=0x7fefffe30,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x45ab43 "", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
#10 0x0000000000420c70 in cmd_restore (argc=<optimized out>, argv=<optimized
out>) at cmds-restore.c:1319
#11 0x00000000004042fd in main (argc=8, argv=0x7feffffa0) at btrfs.c:247
Hope that helps
Marc
[-- Attachment #2: full-bt.txt --]
[-- Type: text/plain, Size: 9356 bytes --]
(gdb) bt full
#0 0x00000000057a10d2 in lzo1x_decompress_safe () from /usr/lib64/liblzo2.so.2
No symbol table info available.
#1 0x000000000041e9ee in decompress_lzo (decompress_len=0x7feff9f60, compress_len=417,
outbuf=0x63229a0 "ource/core/dom/webcore_dom.StaticNodeList.o", inbuf=0x6280a6d "\017ource/core/dom/webl\001") at cmds-restore.c:129
ret = <optimized out>
new_len = 0
out_len = 32768
tot_in = 24429
#2 decompress (inbuf=inbuf@entry=0x627ab00 "zU\001", outbuf=outbuf@entry=0x631a9a0 "<X", compress_len=compress_len@entry=24576,
decompress_len=decompress_len@entry=0x7feff9f60, compress=compress@entry=2) at cmds-restore.c:155
No locals.
#3 0x000000000041f8a8 in copy_one_extent (pos=4063232, fi=<optimized out>, leaf=0x5fb58d0, fd=4, root=0x61405c0) at cmds-restore.c:386
device = <optimized out>
dev_fd = 5
mirror_num = 1
num_copies = <optimized out>
inbuf = 0x627ab00 "zU\001"
done = <optimized out>
ram_size = 126976
multi = 0x67fa250
outbuf = 0x631a9a0 "<X"
total = 0
dev_bytenr = 317671178240
compress = 2
length = 24576
ret = <optimized out>
bytenr = 390685646848
size_left = 0
count = 24576
#4 copy_file (file=0x66a700 <path_name> "/work/chromium/src/out/Release/.ninja_deps", key=0x7feffb080, fd=4, root=0x61405c0)
at cmds-restore.c:659
fi = <optimized out>
ret = <optimized out>
compression = 2
found_size = 11632652
leaf = 0x5fb58d0
path = <optimized out>
inode_item = <optimized out>
extent_type = <optimized out>
loops = 33
#5 search_dir (root=root@entry=0x61405c0, key=key@entry=0x7feffc2d0, output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x6602d70 "/chromium/src/out/Release", mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:840
path = <optimized out>
leaf = 0x6daaa50
dir_item = <optimized out>
location = {objectid = 27472733, type = 108 'l', offset = 0}
filename = ".ninja_deps", '\000' <repeats 29 times>, "\021\000\000\000\b\000\000\000\b\000\000\000\020\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\360\225\023\006\000\000\000\000\360M\337\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\340\260\377\376\a\000\000\000\---Type <return> to continue, or q <return> to quit---
020\260\377\376\a", '\000' <repeats 20 times>, "\247f\000\000\000\000\000src/out/Release\000\000T\367\005\000\000\000\000\230\260\377\376\a\000\000\000"...
name_ptr = <optimized out>
name_len = <optimized out>
ret = <optimized out>
loops = 0
#6 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, key=key@entry=0x7feffd520,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", in_dir=in_dir@entry=0x6df4d90 "/chromium/src/out",
mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:916
search_root = <optimized out>
dir = 0x6602d70 "/chromium/src/out/Release"
path = <optimized out>
leaf = 0x61395f0
dir_item = <optimized out>
location = {objectid = 27470610, type = 96 '`', offset = 0}
filename = "Release\000\000\267f", '\000' <repeats 29 times>, "\r\000\000\000\004\000\000\000\004\000\000\000\020\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\020\017\a\006\000\000\000\000\200\234e\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\060\303\377\376\a\000\000\000`\302\377\376\a", '\000' <repeats 20 times>, "\247f\000\000\000\000\000hromium/src/out\000\000T\367\005\000\000\000\000\002\021\000\000\000\000\000\000"...
name_ptr = <optimized out>
name_len = <optimized out>
ret = <optimized out>
loops = 0
#7 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, key=key@entry=0x7feffe770,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", in_dir=in_dir@entry=0x65d7080 "/chromium/src", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
search_root = <optimized out>
dir = 0x6df4d90 "/chromium/src/out"
path = <optimized out>
leaf = 0x6070f10
dir_item = <optimized out>
location = {objectid = 27469314, type = 96 '`', offset = 0}
filename = "out\000\000gnore\000settings", '\000' <repeats 21 times>, "\t\000\000\000\004\000\000\000\004\000\000\000\016\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\000\303\027\a\000\000\000\000\300\226:\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\200\325\377\376\a\000\000\000\260\324\377\376\a", '\000' <repeats 20 times>, "\247f\000\000\000\000\000ium/src\000\000\000\000\000\000\000\000\000\000T\367\005\000\000\000\000\002\021\000\000\000\000\000\000"...
name_ptr = <optimized out>
name_len = <optimized out>
ret = <optimized out>
loops = 0
#8 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, key=key@entry=0x7fefff9c0,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", in_dir=in_dir@entry=0x6f35ac0 "/chromium", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
search_root = <optimized out>
dir = 0x65d7080 "/chromium/src"
path = <optimized out>
leaf = 0x717c300
---Type <return> to continue, or q <return> to quit---
dir_item = <optimized out>
location = {objectid = 26833838, type = 96 '`', offset = 0}
filename = "src\000ient\000ls", '\000' <repeats 33 times>, "\t\000\000\000\t\000\000\000\n\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\340ȓ\006\000\000\000\000\240N\024\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\320\347\377\376\a\000\000\000\000\347\377\376\a", '\000' <repeats 20 times>, "\247f\000\000\000\000\000hromium\000\000\000\000\000\000\000\000\000\000T\367\005\000\000\000\000\260\060\375\005\000\000\000\000@"...
name_ptr = <optimized out>
name_len = <optimized out>
ret = <optimized out>
loops = 0
#9 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, key=key@entry=0x7fefffe30,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", in_dir=in_dir@entry=0x45ab43 "", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
search_root = <optimized out>
dir = 0x6f35ac0 "/chromium"
path = <optimized out>
leaf = 0x693c8e0
dir_item = <optimized out>
location = {objectid = 26832818, type = 96 '`', offset = 0}
filename = "chromium\000.6.5\000\000\000r_2012_r2_x64_dvd_2707952.iso\000ER_EVAL_DE-DE-IRM_SSS_X64FREE_DE-DE_DV5.ISO\000\000ISO\000\000\002\000\000\000\002\000\000\000\260E\024\006\000\000\000\000\317\003\000\377\a\000\000\000\317\003\000\377\a", '\000' <repeats 31 times>, "\021\000\000\000\021\000\000\000\021\000\000\000\020\000\000\000\020\000\000\000\020\000\000\000\020\000\000\000\020", '\000' <repeats 15 times>...
name_ptr = <optimized out>
name_len = <optimized out>
ret = <optimized out>
loops = 0
#10 0x0000000000420c70 in cmd_restore (argc=<optimized out>, argv=<optimized out>) at cmds-restore.c:1319
root = 0x61405c0
key = {objectid = 256, type = 96 '`', offset = 0}
dir_name = "/work", '\000' <repeats 122 times>
tree_location = <optimized out>
fs_location = 0
root_objectid = 0
len = <optimized out>
ret = <optimized out>
opt = <optimized out>
option_index = 0
super_mirror = <optimized out>
find_dir = 0
list_roots = 0
match_regstr = 0x7ff0003cf "^/(|temp(|/.*))$"
match_cflags = 13
match_reg = {buffer = 0x6142d40 "`.\024\006", allocated = 224, used = 224, syntax = 242620, fastmap = 0x6142c00 "",
translate = 0x0, re_nsub = 2, can_be_null = 0, regs_allocated = 0, fastmap_accurate = 1, no_sub = 1, not_bol = 0, not_eol = 0,
newline_anchor = 1}
mreg = 0x7fefffd60
reg_err = "\377\232f", '\000' <repeats 45 times>, "\370\375\377\376\004\000\000\000H\021\"\004", '\000' <repeats 28 times>, "@\277\0---Type <return> to continue, or q <return> to quit---
05\004\000\000\000\000\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000H\021\"\004\000\000\000\000\377\377\377\377\a\000\000\000\000\375\377\376\a\000\000\000\314?\f\257\000\000\000\000\000T\367\005", '\000' <repeats 12 times>, "\240\024\"\004\000\000\000\000@\375\377\376\a\000\000\000\060\375\377\376\a\000\000\000L\353:}\000\000\000\000"...
#11 0x00000000004042fd in main (argc=8, argv=0x7feffffa0) at btrfs.c:247
cmd = 0x6689c8
bname = <optimized out>
next prev parent reply other threads:[~2014-09-01 8:47 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-25 5:08 fs corruption report Zooko Wilcox-OHearn
2014-08-28 2:28 ` Gui Hecheng
2014-09-01 8:47 ` Marc Dietrich [this message]
2014-09-01 9:09 ` Marc Dietrich
2014-09-01 15:25 ` Zooko Wilcox-OHearn
2014-09-04 3:00 ` Gui Hecheng
2014-09-04 9:50 ` Marc Dietrich
2014-09-12 12:35 ` Marc Dietrich
2014-09-18 3:39 ` Gui Hecheng
2014-09-18 8:16 ` Marc Dietrich
2014-09-18 12:47 ` Zooko Wilcox-OHearn
2014-09-19 1:30 ` Gui Hecheng
2014-09-22 8:19 ` Marc Dietrich
2014-09-22 8:33 ` Gui Hecheng
2014-09-22 8:49 ` Marc Dietrich
2014-09-22 8:55 ` Gui Hecheng
2014-09-22 15:05 ` Zooko Wilcox-OHearn
2014-08-28 2:46 ` Gui Hecheng
2014-08-28 3:23 ` Chris Murphy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1484373.Oezxgh4u8P@ax5200p \
--to=marvin24@gmx.de \
--cc=guihc.fnst@cn.fujitsu.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=zooko@leastauthority.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).