From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69C3AC433E6 for ; Wed, 2 Sep 2020 00:14:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 424A120FC3 for ; Wed, 2 Sep 2020 00:14:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726503AbgIBAOb convert rfc822-to-8bit (ORCPT ); Tue, 1 Sep 2020 20:14:31 -0400 Received: from james.kirk.hungrycats.org ([174.142.39.145]:42322 "EHLO james.kirk.hungrycats.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726167AbgIBAOb (ORCPT ); Tue, 1 Sep 2020 20:14:31 -0400 Received: by james.kirk.hungrycats.org (Postfix, from userid 1002) id A0AEB7E16E2; Tue, 1 Sep 2020 20:14:29 -0400 (EDT) Date: Tue, 1 Sep 2020 20:14:29 -0400 From: Zygo Blaxell To: Qu Wenruo Cc: Nikolay Borisov , David Sterba , linux-btrfs@vger.kernel.org, wqu@suse.com Subject: Re: BUG at fs/btrfs/relocation.c:794! Still happening on misc-next and 5.8.3 Message-ID: <20200902001429.GZ5890@hungrycats.org> References: <20200630221006.17585-1-dsterba@suse.com> <20200723215641.GE5890@hungrycats.org> <20200804161626.GN5890@hungrycats.org> <20200828000313.GS5890@hungrycats.org> <20200828000822.GT5890@hungrycats.org> <720f3ac7-6af5-e171-5947-ed0240d5f5e5@suse.com> <20200828204255.GV5890@hungrycats.org> <20200901225341.GY5890@hungrycats.org> <45343d53-7dc0-1a7b-6da5-6461b653cde0@gmx.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8BIT In-Reply-To: <45343d53-7dc0-1a7b-6da5-6461b653cde0@gmx.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org On Wed, Sep 02, 2020 at 07:33:21AM +0800, Qu Wenruo wrote: > This looks like a race between some reloc tree creation from some other > part. > > If you could add debug output for create_reloc_root() and its callers, > we may have a chance to debug it. The callers are always the same: btrfs_init_reloc_root+0x1b0 record_root_in_trans+0x18c record_root_in_trans+0x8b start_transaction+0x189 (gdb) l *(create_reloc_root+0x468) 0xffffffff81930848 is in create_reloc_root (fs/btrfs/relocation.c:1503). 1498 btrfs_tree_unlock(eb); 1499 free_extent_buffer(eb); 1500 1501 ret = btrfs_insert_root(trans, fs_info->tree_root, 1502 &root_key, root_item); 1503 BUG_ON(ret); 1504 kfree(root_item); 1505 1506 reloc_root = btrfs_read_tree_root(fs_info->tree_root, &root_key); 1507 BUG_ON(IS_ERR(reloc_root)); (gdb) l *(btrfs_init_reloc_root+0x1b0) 0xffffffff81937db0 is in btrfs_init_reloc_root (fs/btrfs/relocation.c:1567). 1562 if (!trans->reloc_reserved) { 1563 rsv = trans->block_rsv; 1564 trans->block_rsv = rc->block_rsv; 1565 clear_rsv = 1; 1566 } 1567 reloc_root = create_reloc_root(trans, root, root->root_key.objectid); 1568 if (clear_rsv) 1569 trans->block_rsv = rsv; 1570 1571 ret = __add_reloc_root(reloc_root); (gdb) l *(record_root_in_trans+0x18c) 0xffffffff81889bfc is in record_root_in_trans (./include/asm-generic/bitops/instrumented-atomic.h:41). 36 * 37 * This is a relaxed atomic operation (no implied memory barriers). 38 */ 39 static inline void clear_bit(long nr, volatile unsigned long *addr) 40 { 41 kasan_check_write(addr + BIT_WORD(nr), sizeof(long)); 42 arch_clear_bit(nr, addr); 43 } 44 45 /** (gdb) l *(start_transaction+0x189) 0xffffffff8188f0d9 is in start_transaction (fs/btrfs/transaction.c:697). 692 * Thus it need to be called after current->journal_info initialized, 693 * or we can deadlock. 694 */ 695 btrfs_record_root_in_trans(h, root); 696 697 return h; 698 699 join_fail: 700 if (type & __TRANS_FREEZABLE) 701 sb_end_intwrite(fs_info->sb); (gdb) quit It seems to be very early in the transaction. Is there anything to output here? Or are we more interested in what is left over from the previous transaction? > But for the first step, we can hunt down the BUG_ON()s first and make it > exist more gracefully. > > I'll try to spare some time to do this in the following week. > > Thanks, > Qu > > On 2020/9/2 上午6:53, Zygo Blaxell wrote: > > On Fri, Aug 28, 2020 at 04:42:55PM -0400, Zygo Blaxell wrote: > >> On Fri, Aug 28, 2020 at 09:34:31AM +0300, Nikolay Borisov wrote: > >>> On 28.08.20 г. 3:08 ч., Zygo Blaxell wrote: > >>>> On Thu, Aug 27, 2020 at 08:03:13PM -0400, Zygo Blaxell wrote: > >>>>> On Tue, Aug 04, 2020 at 12:16:26PM -0400, Zygo Blaxell wrote: > >>> > >>> > >>> > >>> Since you can repro reliably could you modify the code in > >>> create_reloc_root so it prints what's the returned error value, I'd > >>> speculate it's EEXIST from > >>> > >>> btrfs_insert_root > >>> btrfs_insert_item > >>> btrfs_insert_empty_item > >>> btrfs_insert_empty_items > >>> btrfs_search_slot > >>> > >>> But better be sure. > >> > >> Here you go, EEXIST == 17: > >> > >> Aug 28 15:30:55 regress kernel: [18452.845182][T31546] BTRFS info (device dm-0): balance: start -dlimit=9 > >> Aug 28 15:30:55 regress kernel: [18452.874627][T31546] BTRFS info (device dm-0): relocating block group 15873413742592 flags data > >> Aug 28 15:30:55 regress kernel: [18453.097516][ T2100] btrfs_search_slot ret = 0 > >> Aug 28 15:30:55 regress kernel: [18453.104865][ T2100] btrfs_search_slot ret = 0 > >> Aug 28 15:30:55 regress kernel: [18453.109751][ T2100] btrfs_search_slot ret = 0 > >> Aug 28 15:30:56 regress kernel: [18454.453135][ T2100] btrfs_search_slot ret = 0 > >> Aug 28 15:30:56 regress kernel: [18454.453955][ T2100] btrfs_insert_empty_item ret = -17 > >> Aug 28 15:30:56 regress kernel: [18454.455022][ T2100] btrfs_insert_root ret = -17 > >> Aug 28 15:30:56 regress kernel: [18454.456229][ T2100] ------------[ cut here ]------------ > >> Aug 28 15:30:56 regress kernel: [18454.457622][ T2100] kernel BUG at fs/btrfs/relocation.c:795! > > > > I did a low-resolution bisect for this issue. I dug up 5.4, 5.5, 5.6, > > and 5.7 kernel sources, backported btrfs fixes from 5.4 to the obsolete > > kernels, and ran the tests on each kernel. Results: > > > > 5.8: kernel BUG at fs/btrfs/relocation.c:794 > > > > 5.7: kernel BUG (same code but different line number) > > > > 5.6: kernel BUG (same as the others) > > > > 5.5: assertion failure (stack trace below) > > > > 5.4: kernel BUG (!) > > > > The 5.4 result is interesting--I've been running 5.4 for some time and > > not hit this before. So there are 3 possible theories: > > > > 1. It's because of sending signals to balance. That has been > > added to my test workload after 5.7 was released, so earlier > > tests on 5.4 would not have triggered it. > > > > 2. There's a regression in 5.4-stable, which I've cherry-picked > > to all the other kernels during my test setup. (On the other > > hand, if I don't backport some fixes, kernels 5.5..5.7 crash > > before they get to this bug.) > > > > 3. There's something rotten in my test filesystem, and the > > BUG will go away for a while if I do a mkfs. Qu asked for > > a dump earlier in this thread, and I provided one. > > > > All three of these theories are testable to some extent, so I'll have > > my test VM run some variations. > > > > The full test workload is: > > > > balance metadata or data at random intervals > > > > scrub, scrub cancel at random intervals > > > > 20x rsync updating files > > > > snapshot create, delete at random intervals > > > > bees dedupe (lots of EXTENT_SAME and LOGICAL_INO calls) > > > > balance cancel at random intervals > > > > kill -9 $(pidof btrfs balance) at random intervals (NEW - added > > when 5.7 came out) > > > > This is the 5.5 root assertion failure: > > > > Sep 1 04:48:48 regress kernel: [10642.537825][T24161] assertion failed: root, in fs/btrfs/relocation.c:837 > > Sep 1 04:48:48 regress kernel: [10642.538911][T24161] ------------[ cut here ]------------ > > Sep 1 04:48:48 regress kernel: [10642.539704][T24161] kernel BUG at fs/btrfs/ctree.h:3125! > > Sep 1 04:48:48 regress kernel: [10642.540621][T24161] invalid opcode: 0000 [#1] SMP KASAN PTI > > Sep 1 04:48:48 regress kernel: [10642.540624][ T4639] irq event stamp: 49626809 > > Sep 1 04:48:48 regress kernel: [10642.540632][ T4639] hardirqs last enabled at (49626809): [] trace_hardirqs_on_thunk+0x1a/0x1c > > Sep 1 04:48:48 regress kernel: [10642.541451][T24161] CPU: 1 PID: 24161 Comm: btrfs Tainted: G W 5.5.19-76348822ab91+ #14 > > Sep 1 04:48:48 regress kernel: [10642.542114][ T4639] hardirqs last disabled at (49626808): [] trace_hardirqs_off_thunk+0x1a/0x1c > > Sep 1 04:48:48 regress kernel: [10642.543693][T24161] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 > > Sep 1 04:48:48 regress kernel: [10642.545017][ T4639] softirqs last enabled at (49626726): [] __do_softirq+0x48b/0x5be > > Sep 1 04:48:48 regress kernel: [10642.545023][ T4639] softirqs last disabled at (49626715): [] irq_exit+0x112/0x120 > > Sep 1 04:48:48 regress kernel: [10642.546536][T24161] RIP: 0010:assertfail.constprop.42+0x1c/0x1e > > Sep 1 04:48:49 regress kernel: [10642.551589][T24161] Code: 48 c7 c6 c0 90 03 8c e8 89 29 f1 ff 0f 0b 55 89 f1 48 c7 c2 40 82 03 8c 48 89 fe 48 c7 c7 60 83 03 8c 48 89 e5 e8 41 b0 90 ff <0f> 0b 0f 1f 44 00 00 55 48 89 e5 41 54 49 89 f4 53 48 89 fb 48 83 > > Sep 1 04:48:49 regress kernel: [10642.554495][T24161] RSP: 0018:ffffc90002327150 EFLAGS: 00010282 > > Sep 1 04:48:49 regress kernel: [10642.555371][T24161] RAX: 0000000000000034 RBX: 000004513701c000 RCX: ffffffff8a264242 > > Sep 1 04:48:49 regress kernel: [10642.556515][T24161] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8881f580004c > > Sep 1 04:48:49 regress kernel: [10642.557680][T24161] RBP: ffffc90002327150 R08: ffffed103eb017e1 R09: ffffed103eb017e1 > > Sep 1 04:48:49 regress kernel: [10642.558895][T24161] R10: ffffed103eb017e0 R11: ffff8881f580bf07 R12: ffff88800d1ea5c0 > > Sep 1 04:48:49 regress kernel: [10642.560139][T24161] R13: ffffc900023273e0 R14: 0000000000000000 R15: ffff8880bbf238f0 > > Sep 1 04:48:49 regress kernel: [10642.561391][T24161] FS: 00007f03f48488c0(0000) GS:ffff8881f5600000(0000) knlGS:0000000000000000 > > Sep 1 04:48:49 regress kernel: [10642.562779][T24161] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > Sep 1 04:48:49 regress kernel: [10642.563801][T24161] CR2: 00007f1cab76f718 CR3: 0000000189a5e004 CR4: 00000000001606e0 > > Sep 1 04:48:49 regress kernel: [10642.565046][T24161] Call Trace: > > Sep 1 04:48:49 regress kernel: [10642.565565][T24161] build_backref_tree+0x186b/0x2590 > > Sep 1 04:48:49 regress kernel: [10642.566389][T24161] ? relocate_data_extent+0x1a0/0x1a0 > > Sep 1 04:48:49 regress kernel: [10642.567295][T24161] ? lock_downgrade+0x3d0/0x3d0 > > Sep 1 04:48:49 regress kernel: [10642.568142][T24161] ? match_held_lock+0x20/0x260 > > Sep 1 04:48:49 regress kernel: [10642.568925][T24161] ? do_raw_spin_unlock+0xa8/0x140 > > Sep 1 04:48:49 regress kernel: [10642.569765][T24161] ? _raw_spin_trylock_bh+0x60/0x80 > > Sep 1 04:48:49 regress kernel: [10642.570605][T24161] ? release_extent_buffer+0x13b/0x230 > > Sep 1 04:48:49 regress kernel: [10642.571480][T24161] ? free_extent_buffer.part.45+0xd7/0x140 > > Sep 1 04:48:49 regress kernel: [10642.572406][T24161] relocate_tree_blocks+0x204/0xa50 > > Sep 1 04:48:49 regress kernel: [10642.573244][T24161] ? build_backref_tree+0x2590/0x2590 > > Sep 1 04:48:49 regress kernel: [10642.574103][T24161] ? rb_insert_color+0x3af/0x400 > > Sep 1 04:48:49 regress kernel: [10642.574896][T24161] ? kmem_cache_alloc_trace+0x5af/0x740 > > Sep 1 04:48:49 regress kernel: [10642.575785][T24161] ? tree_insert+0x90/0xb0 > > Sep 1 04:48:49 regress kernel: [10642.576495][T24161] ? add_tree_block.isra.38+0x1d6/0x230 > > Sep 1 04:48:49 regress kernel: [10642.577387][T24161] relocate_block_group+0x528/0x9d0 > > Sep 1 04:48:49 regress kernel: [10642.578220][T24161] ? merge_reloc_roots+0x470/0x470 > > Sep 1 04:48:49 regress kernel: [10642.579047][T24161] btrfs_relocate_block_group+0x26e/0x4c0 > > Sep 1 04:48:49 regress kernel: [10642.579968][T24161] btrfs_relocate_chunk+0x52/0xf0 > > Sep 1 04:48:49 regress kernel: [10642.580773][T24161] btrfs_balance+0xe5b/0x1800 > > Sep 1 04:48:49 regress kernel: [10642.581542][T24161] ? btrfs_relocate_chunk+0xf0/0xf0 > > Sep 1 04:48:49 regress kernel: [10642.582381][T24161] ? kmem_cache_alloc_trace+0x5af/0x740 > > Sep 1 04:48:49 regress kernel: [10642.583270][T24161] ? _copy_from_user+0xaa/0xd0 > > Sep 1 04:48:49 regress kernel: [10642.584022][T24161] btrfs_ioctl_balance+0x3de/0x4c0 > > Sep 1 04:48:49 regress kernel: [10642.584819][T24161] btrfs_ioctl+0x3122/0x4470 > > Sep 1 04:48:49 regress kernel: [10642.585540][T24161] ? __asan_loadN+0xf/0x20 > > Sep 1 04:48:49 regress kernel: [10642.586229][T24161] ? __asan_loadN+0xf/0x20 > > Sep 1 04:48:49 regress kernel: [10642.586920][T24161] ? btrfs_ioctl_get_supported_features+0x30/0x30 > > Sep 1 04:48:49 regress kernel: [10642.587935][T24161] ? __asan_loadN+0xf/0x20 > > Sep 1 04:48:49 regress kernel: [10642.588649][T24161] ? pvclock_clocksource_read+0xeb/0x190 > > Sep 1 04:48:49 regress kernel: [10642.589566][T24161] ? __asan_loadN+0xf/0x20 > > Sep 1 04:48:49 regress kernel: [10642.590254][T24161] ? pvclock_clocksource_read+0xeb/0x190 > > Sep 1 04:48:49 regress kernel: [10642.591128][T24161] ? __kasan_check_read+0x11/0x20 > > Sep 1 04:48:49 regress kernel: [10642.591913][T24161] ? check_chain_key+0x1e6/0x2e0 > > Sep 1 04:48:49 regress kernel: [10642.592707][T24161] ? __asan_loadN+0xf/0x20 > > Sep 1 04:48:49 regress kernel: [10642.593409][T24161] ? pvclock_clocksource_read+0xeb/0x190 > > Sep 1 04:48:49 regress kernel: [10642.594312][T24161] ? kvm_sched_clock_read+0x18/0x30 > > Sep 1 04:48:49 regress kernel: [10642.595139][T24161] ? check_chain_key+0x1e6/0x2e0 > > Sep 1 04:48:49 regress kernel: [10642.595929][T24161] ? sched_clock_cpu+0x1b/0x120 > > Sep 1 04:48:49 regress kernel: [10642.596712][T24161] do_vfs_ioctl+0x13e/0xad0 > > Sep 1 04:48:49 regress kernel: [10642.597432][T24161] ? btrfs_ioctl_get_supported_features+0x30/0x30 > > Sep 1 04:48:49 regress kernel: [10642.598455][T24161] ? do_vfs_ioctl+0x13e/0xad0 > > Sep 1 04:48:49 regress kernel: [10642.599202][T24161] ? compat_ioctl_preallocate+0x170/0x170 > > Sep 1 04:48:49 regress kernel: [10642.600128][T24161] ? __kasan_check_write+0x14/0x20 > > Sep 1 04:48:49 regress kernel: [10642.600949][T24161] ? up_read+0x176/0x4f0 > > Sep 1 04:48:49 regress kernel: [10642.601648][T24161] ? down_write_nested+0x2d0/0x2d0 > > Sep 1 04:48:49 regress kernel: [10642.602476][T24161] ? handle_mm_fault+0x211/0x480 > > Sep 1 04:48:49 regress kernel: [10642.603263][T24161] ? __kasan_check_read+0x11/0x20 > > Sep 1 04:48:49 regress kernel: [10642.604062][T24161] ? __fget_light+0xb2/0x110 > > Sep 1 04:48:49 regress kernel: [10642.604805][T24161] ksys_ioctl+0x67/0x90 > > Sep 1 04:48:49 regress kernel: [10642.605471][T24161] __x64_sys_ioctl+0x43/0x50 > > Sep 1 04:48:49 regress kernel: [10642.606203][T24161] do_syscall_64+0x77/0x2d0 > > Sep 1 04:48:49 regress kernel: [10642.606933][T24161] entry_SYSCALL_64_after_hwframe+0x49/0xbe > > Sep 1 04:48:49 regress kernel: [10642.607875][T24161] RIP: 0033:0x7f03f493b427 > > Sep 1 04:48:49 regress kernel: [10642.608588][T24161] Code: 00 00 90 48 8b 05 69 aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 39 aa 0c 00 f7 d8 64 89 01 48 > > Sep 1 04:48:49 regress kernel: [10642.611697][T24161] RSP: 002b:00007ffd6bd78fb8 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 > > Sep 1 04:48:49 regress kernel: [10642.613035][T24161] RAX: ffffffffffffffda RBX: 00007ffd6bd79058 RCX: 00007f03f493b427 > > Sep 1 04:48:49 regress kernel: [10642.614313][T24161] RDX: 00007ffd6bd79058 RSI: 00000000c4009420 RDI: 0000000000000003 > > Sep 1 04:48:49 regress kernel: [10642.615605][T24161] RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000078 > > Sep 1 04:48:49 regress kernel: [10642.616877][T24161] R10: fffffffffffff5ab R11: 0000000000000206 R12: 0000000000000001 > > Sep 1 04:48:49 regress kernel: [10642.618132][T24161] R13: 0000000000000000 R14: 00007ffd6bd7aa46 R15: 0000000000000001 > > Sep 1 04:48:49 regress kernel: [10642.619378][T24161] Modules linked in: > > Sep 1 04:48:49 regress kernel: [10642.620153][T24161] ---[ end trace a33c17a7d43dd973 ]--- > >