From: Marc Dietrich <marvin24@gmx.de>
To: Gui Hecheng <guihc.fnst@cn.fujitsu.com>
Cc: Zooko Wilcox-OHearn <zooko@leastauthority.com>,
linux-btrfs@vger.kernel.org
Subject: Re: fs corruption report
Date: Mon, 01 Sep 2014 10:47:26 +0200 [thread overview]
Message-ID: <1484373.Oezxgh4u8P@ax5200p> (raw)
In-Reply-To: <1409192882.1582.13.camel@localhost.localdomain>
[-- Attachment #1: Type: text/plain, Size: 6478 bytes --]
Guy,
Am Donnerstag 28 August 2014, 10:28:02 schrieb Gui Hecheng:
> On Mon, 2014-08-25 at 05:08 +0000, Zooko Wilcox-OHearn wrote:
> > Aha. When it is run under valgrind it consistently stops (killing
> > valgrind, in fact!) in the same way on every run.
> >
> > Here's the tail of stdout and stderr when it aborted when run under
> > valgrind:
> >
> > Restoring
> > ./sda6-btrfs-restore-3/@home/zooko/.mozilla/firefox/ltjwtkwe.ketotic.org/
> > thumbnails/188888af64f6d2871b0f24e325d8a298.png Restoring
> > ./sda6-btrfs-restofailed to inflate: -6
> >
> > Full valgrind outputs from such a run is attached to this letter.
> >
> > I've spent a little time looking at the stack traces in the valgrind
> > log, and I *guess* that there is corruption such that the
> > decompression fails, and I guess it would be possible to make
> > cmds-restore handle corrupted compressedtext better, so that it would
> > end up skipping whatever files and directories were unrestorable due
> > to corruption. However, I don't immediately see how to proceed.
> >
> > Regards,
>
> Hi Zooko,
> Here are some pieces for your information:
>
> For the first:
> ==5569== Syscall param pwrite64(buf) points to uninitialised byte(s)
> ==5569== at 0x56ABD03: __pwrite_nocancel (syscall-template.S:81)
> ==5569== by 0x41F346: search_dir (cmds-restore.c:392)
>
> It is handled by
> https://patchwork.kernel.org/patch/4755441/
>
> For the second:
> ==5569== Invalid read of size 1
> ==5569== at 0x4C2F95E: memcpy@@GLIBC_2.14
> ==5569== by 0x4388E6: read_extent_buffer (string3.h:51)
> ==5569== by 0x41ED6C: search_dir (cmds-restore.c:233)
>
> It should be handled by
> https://patchwork.kernel.org/patch/4792381/
> And it handles Marc's similar problem too.
I can confirm that this patch really cures these memleaks, but ....
>
> And for the last one and the crucial one...
> ==5569== Invalid read of size 4
> ==5569== at 0x41E394: decompress (cmds-restore.c:93)
> ==5569== by 0x41F291: search_dir (cmds-restore.c:378)
> along with
> ==5569== Invalid read of size 1
> ==5569== at 0x548DDB6: lzo1x_decompress_safe
> ==5569== by 0x41E3BD: decompress (cmds-restore.c:122)
> ==5569== by 0x41F291: search_dir (cmds-restore.c:378)
>
> Sorry, I'm not able to reproduce it yet, it may be just what you've
> guessed that corruption happens. But I am sure that there are bugs
> around the decompress routine, because I've got "failed to inflate"s too
> with a non-corrupted btrfs. I'm going to track it down.
this one still exists. It took me a while to reproduce this (actually, find
the file which causes it). So we have:
==27292== Invalid read of size 8
==27292== at 0x57A10D2: lzo1x_decompress_safe (in
/usr/lib64/liblzo2.so.2.0.0)
==27292== by 0x41E9ED: decompress (cmds-restore.c:129)
==27292== by 0x41F8A7: search_dir (cmds-restore.c:386)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x420C6F: cmd_restore (cmds-restore.c:1319)
==27292== by 0x4042FC: main (btrfs.c:247)
==27292== Address 0x6280afc is 24,572 bytes inside a block of size 24,576
alloc'd
==27292== at 0x4C277AB: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-
amd64-linux.so)
==27292== by 0x41F577: search_dir (cmds-restore.c:317)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x41FFE6: search_dir (cmds-restore.c:916)
==27292== by 0x420C6F: cmd_restore (cmds-restore.c:1319)
==27292== by 0x4042FC: main (btrfs.c:247)
==27292==
==27292== (action on error) vgdb me ...
and the attached debug backtrace is (I attached the full bt):
Program received signal SIGTRAP, Trace/breakpoint trap.
0x00000000057a10d2 in lzo1x_decompress_safe () from /usr/lib64/liblzo2.so.2
(gdb) bt
#0 0x00000000057a10d2 in lzo1x_decompress_safe () from
/usr/lib64/liblzo2.so.2
#1 0x000000000041e9ee in decompress_lzo (decompress_len=0x7feff9f60,
compress_len=417,
outbuf=0x63229a0 "ource/core/dom/webcore_dom.StaticNodeList.o",
inbuf=0x6280a6d "\017ource/core/dom/webl\001") at cmds-restore.c:129
#2 decompress (inbuf=inbuf@entry=0x627ab00 "zU\001",
outbuf=outbuf@entry=0x631a9a0 "<X", compress_len=compress_len@entry=24576,
decompress_len=decompress_len@entry=0x7feff9f60,
compress=compress@entry=2) at cmds-restore.c:155
#3 0x000000000041f8a8 in copy_one_extent (pos=4063232, fi=<optimized out>,
leaf=0x5fb58d0, fd=4, root=0x61405c0) at cmds-restore.c:386
#4 copy_file (file=0x66a700 <path_name>
"/work/chromium/src/out/Release/.ninja_deps", key=0x7feffb080, fd=4,
root=0x61405c0)
at cmds-restore.c:659
#5 search_dir (root=root@entry=0x61405c0, key=key@entry=0x7feffc2d0,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x6602d70 "/chromium/src/out/Release",
mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:840
#6 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0,
key=key@entry=0x7feffd520,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x6df4d90 "/chromium/src/out",
mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:916
#7 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0,
key=key@entry=0x7feffe770,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x65d7080 "/chromium/src", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
#8 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0,
key=key@entry=0x7fefff9c0,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x6f35ac0 "/chromium", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
#9 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0,
key=key@entry=0x7fefffe30,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x45ab43 "", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
#10 0x0000000000420c70 in cmd_restore (argc=<optimized out>, argv=<optimized
out>) at cmds-restore.c:1319
#11 0x00000000004042fd in main (argc=8, argv=0x7feffffa0) at btrfs.c:247
Hope that helps
Marc
[-- Attachment #2: full-bt.txt --]
[-- Type: text/plain, Size: 9356 bytes --]
(gdb) bt full
#0 0x00000000057a10d2 in lzo1x_decompress_safe () from /usr/lib64/liblzo2.so.2
No symbol table info available.
#1 0x000000000041e9ee in decompress_lzo (decompress_len=0x7feff9f60, compress_len=417,
outbuf=0x63229a0 "ource/core/dom/webcore_dom.StaticNodeList.o", inbuf=0x6280a6d "\017ource/core/dom/webl\001") at cmds-restore.c:129
ret = <optimized out>
new_len = 0
out_len = 32768
tot_in = 24429
#2 decompress (inbuf=inbuf@entry=0x627ab00 "zU\001", outbuf=outbuf@entry=0x631a9a0 "<X", compress_len=compress_len@entry=24576,
decompress_len=decompress_len@entry=0x7feff9f60, compress=compress@entry=2) at cmds-restore.c:155
No locals.
#3 0x000000000041f8a8 in copy_one_extent (pos=4063232, fi=<optimized out>, leaf=0x5fb58d0, fd=4, root=0x61405c0) at cmds-restore.c:386
device = <optimized out>
dev_fd = 5
mirror_num = 1
num_copies = <optimized out>
inbuf = 0x627ab00 "zU\001"
done = <optimized out>
ram_size = 126976
multi = 0x67fa250
outbuf = 0x631a9a0 "<X"
total = 0
dev_bytenr = 317671178240
compress = 2
length = 24576
ret = <optimized out>
bytenr = 390685646848
size_left = 0
count = 24576
#4 copy_file (file=0x66a700 <path_name> "/work/chromium/src/out/Release/.ninja_deps", key=0x7feffb080, fd=4, root=0x61405c0)
at cmds-restore.c:659
fi = <optimized out>
ret = <optimized out>
compression = 2
found_size = 11632652
leaf = 0x5fb58d0
path = <optimized out>
inode_item = <optimized out>
extent_type = <optimized out>
loops = 33
#5 search_dir (root=root@entry=0x61405c0, key=key@entry=0x7feffc2d0, output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work",
in_dir=in_dir@entry=0x6602d70 "/chromium/src/out/Release", mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:840
path = <optimized out>
leaf = 0x6daaa50
dir_item = <optimized out>
location = {objectid = 27472733, type = 108 'l', offset = 0}
filename = ".ninja_deps", '\000' <repeats 29 times>, "\021\000\000\000\b\000\000\000\b\000\000\000\020\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\360\225\023\006\000\000\000\000\360M\337\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\340\260\377\376\a\000\000\000\---Type <return> to continue, or q <return> to quit---
020\260\377\376\a", '\000' <repeats 20 times>, "\247f\000\000\000\000\000src/out/Release\000\000T\367\005\000\000\000\000\230\260\377\376\a\000\000\000"...
name_ptr = <optimized out>
name_len = <optimized out>
ret = <optimized out>
loops = 0
#6 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, key=key@entry=0x7feffd520,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", in_dir=in_dir@entry=0x6df4d90 "/chromium/src/out",
mreg=mreg@entry=0x7fefffd60) at cmds-restore.c:916
search_root = <optimized out>
dir = 0x6602d70 "/chromium/src/out/Release"
path = <optimized out>
leaf = 0x61395f0
dir_item = <optimized out>
location = {objectid = 27470610, type = 96 '`', offset = 0}
filename = "Release\000\000\267f", '\000' <repeats 29 times>, "\r\000\000\000\004\000\000\000\004\000\000\000\020\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\020\017\a\006\000\000\000\000\200\234e\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\060\303\377\376\a\000\000\000`\302\377\376\a", '\000' <repeats 20 times>, "\247f\000\000\000\000\000hromium/src/out\000\000T\367\005\000\000\000\000\002\021\000\000\000\000\000\000"...
name_ptr = <optimized out>
name_len = <optimized out>
ret = <optimized out>
loops = 0
#7 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, key=key@entry=0x7feffe770,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", in_dir=in_dir@entry=0x65d7080 "/chromium/src", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
search_root = <optimized out>
dir = 0x6df4d90 "/chromium/src/out"
path = <optimized out>
leaf = 0x6070f10
dir_item = <optimized out>
location = {objectid = 27469314, type = 96 '`', offset = 0}
filename = "out\000\000gnore\000settings", '\000' <repeats 21 times>, "\t\000\000\000\004\000\000\000\004\000\000\000\016\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\000\303\027\a\000\000\000\000\300\226:\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\200\325\377\376\a\000\000\000\260\324\377\376\a", '\000' <repeats 20 times>, "\247f\000\000\000\000\000ium/src\000\000\000\000\000\000\000\000\000\000T\367\005\000\000\000\000\002\021\000\000\000\000\000\000"...
name_ptr = <optimized out>
name_len = <optimized out>
ret = <optimized out>
loops = 0
#8 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, key=key@entry=0x7fefff9c0,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", in_dir=in_dir@entry=0x6f35ac0 "/chromium", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
search_root = <optimized out>
dir = 0x65d7080 "/chromium/src"
path = <optimized out>
leaf = 0x717c300
---Type <return> to continue, or q <return> to quit---
dir_item = <optimized out>
location = {objectid = 26833838, type = 96 '`', offset = 0}
filename = "src\000ient\000ls", '\000' <repeats 33 times>, "\t\000\000\000\t\000\000\000\n\000\000\000\240r\367\005\000\000\000\000\001\000\000\000\000\000\000\000\300\005\024\006\000\000\000\000\340ȓ\006\000\000\000\000\240N\024\006\000\000\000\000\020w\367\005\000\000\000\000A0\314\005\000\000\000\000@-\024\006\000\000\000\000\030\000\000\000\060\000\000\000\320\347\377\376\a\000\000\000\000\347\377\376\a", '\000' <repeats 20 times>, "\247f\000\000\000\000\000hromium\000\000\000\000\000\000\000\000\000\000T\367\005\000\000\000\000\260\060\375\005\000\000\000\000@"...
name_ptr = <optimized out>
name_len = <optimized out>
ret = <optimized out>
loops = 0
#9 0x000000000041ffe7 in search_dir (root=root@entry=0x61405c0, key=key@entry=0x7fefffe30,
output_rootdir=output_rootdir@entry=0x7fefffdb0 "/work", in_dir=in_dir@entry=0x45ab43 "", mreg=mreg@entry=0x7fefffd60)
at cmds-restore.c:916
search_root = <optimized out>
dir = 0x6f35ac0 "/chromium"
path = <optimized out>
leaf = 0x693c8e0
dir_item = <optimized out>
location = {objectid = 26832818, type = 96 '`', offset = 0}
filename = "chromium\000.6.5\000\000\000r_2012_r2_x64_dvd_2707952.iso\000ER_EVAL_DE-DE-IRM_SSS_X64FREE_DE-DE_DV5.ISO\000\000ISO\000\000\002\000\000\000\002\000\000\000\260E\024\006\000\000\000\000\317\003\000\377\a\000\000\000\317\003\000\377\a", '\000' <repeats 31 times>, "\021\000\000\000\021\000\000\000\021\000\000\000\020\000\000\000\020\000\000\000\020\000\000\000\020\000\000\000\020", '\000' <repeats 15 times>...
name_ptr = <optimized out>
name_len = <optimized out>
ret = <optimized out>
loops = 0
#10 0x0000000000420c70 in cmd_restore (argc=<optimized out>, argv=<optimized out>) at cmds-restore.c:1319
root = 0x61405c0
key = {objectid = 256, type = 96 '`', offset = 0}
dir_name = "/work", '\000' <repeats 122 times>
tree_location = <optimized out>
fs_location = 0
root_objectid = 0
len = <optimized out>
ret = <optimized out>
opt = <optimized out>
option_index = 0
super_mirror = <optimized out>
find_dir = 0
list_roots = 0
match_regstr = 0x7ff0003cf "^/(|temp(|/.*))$"
match_cflags = 13
match_reg = {buffer = 0x6142d40 "`.\024\006", allocated = 224, used = 224, syntax = 242620, fastmap = 0x6142c00 "",
translate = 0x0, re_nsub = 2, can_be_null = 0, regs_allocated = 0, fastmap_accurate = 1, no_sub = 1, not_bol = 0, not_eol = 0,
newline_anchor = 1}
mreg = 0x7fefffd60
reg_err = "\377\232f", '\000' <repeats 45 times>, "\370\375\377\376\004\000\000\000H\021\"\004", '\000' <repeats 28 times>, "@\277\0---Type <return> to continue, or q <return> to quit---
05\004\000\000\000\000\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000H\021\"\004\000\000\000\000\377\377\377\377\a\000\000\000\000\375\377\376\a\000\000\000\314?\f\257\000\000\000\000\000T\367\005", '\000' <repeats 12 times>, "\240\024\"\004\000\000\000\000@\375\377\376\a\000\000\000\060\375\377\376\a\000\000\000L\353:}\000\000\000\000"...
#11 0x00000000004042fd in main (argc=8, argv=0x7feffffa0) at btrfs.c:247
cmd = 0x6689c8
bname = <optimized out>
next prev parent reply other threads:[~2014-09-01 8:47 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-25 5:08 fs corruption report Zooko Wilcox-OHearn
2014-08-28 2:28 ` Gui Hecheng
2014-09-01 8:47 ` Marc Dietrich [this message]
2014-09-01 9:09 ` Marc Dietrich
2014-09-01 15:25 ` Zooko Wilcox-OHearn
2014-09-04 3:00 ` Gui Hecheng
2014-09-04 9:50 ` Marc Dietrich
2014-09-12 12:35 ` Marc Dietrich
2014-09-18 3:39 ` Gui Hecheng
2014-09-18 8:16 ` Marc Dietrich
2014-09-18 12:47 ` Zooko Wilcox-OHearn
2014-09-19 1:30 ` Gui Hecheng
2014-09-22 8:19 ` Marc Dietrich
2014-09-22 8:33 ` Gui Hecheng
2014-09-22 8:49 ` Marc Dietrich
2014-09-22 8:55 ` Gui Hecheng
2014-09-22 15:05 ` Zooko Wilcox-OHearn
2014-08-28 2:46 ` Gui Hecheng
2014-08-28 3:23 ` Chris Murphy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1484373.Oezxgh4u8P@ax5200p \
--to=marvin24@gmx.de \
--cc=guihc.fnst@cn.fujitsu.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=zooko@leastauthority.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.