crash, trace, free(): corrupted unsorted chunks

[Maximilian Mehnert]

I experienced a few crashes now on rudd-o/unstable.
This is the first with debugging symbols:

commit 6b8f5069a81896aa1ab5e9a6f2d2c48d824cfa8a
Merge: 5327c2f 7b326b9
Author: Seth Heeren <zfs-...@sehe.nl>
Date: Wed Apr 6 10:29:45 2011 +0200
Merge remote branch 'rainemu/master' into unstable

Hope, it helps :-)

Core was generated by `zfs-fuse -e 600 -a 600 -m 512'.
Program terminated with signal 6, Aborted.
#0 0x00002abe5aec5165 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0 0x00002abe5aec5165 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00002abe5aec7f70 in abort () at abort.c:92
#2 0x00002abe5aefb27b in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>)
at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3 0x00002abe5af04ad6 in malloc_printerr (action=3, str=0x2abe5afbbaf0 "free(): corrupted unsorted chunks",
ptr=<value optimized out>) at malloc.c:6267
#4 0x00002abe5af0984c in __libc_free (mem=<value optimized out>) at malloc.c:3739
#5 0x00002abe5a48d660 in ?? () from /usr/local/64/usr/lib/libfuse.so.2
#6 0x00002abe5a48d6a4 in ?? () from /usr/local/64/usr/lib/libfuse.so.2
#7 0x00002abe5a48d98f in fuse_reply_write () from /usr/local/64/usr/lib/libfuse.so.2
#8 0x0000000000452359 in zfsfuse_write (req=0x2abeb40008b0, ino=10099984,
buf=0x2abe7be0c060 "/wwwoffle.css\" type=\"text/css\" rel=\"stylesheet\">\n</HEAD>\n\n<BODY class=\"wwwoffle-message\">\n\n<!-- Standard WWWOFFLE Message Page Header Start -->\n\n<div class=\"wwwoffle-header\" align=\"center\">\n<b>WWWOFFL"...,
size=1027, off=1204, fi=0x2abe60ac6e10) at zfs-fuse/zfs_operations.c:1578
#9 0x00002abe5a48ed25 in ?? () from /usr/local/64/usr/lib/libfuse.so.2
#10 0x000000000044c6d2 in zfsfuse_listener_loop (arg=0x0) at zfs-fuse/fuse_listener.c:290
#11 0x00002abe5a2638ba in start_thread (arg=<value optimized out>) at pthread_create.c:300
#12 0x00002abe5af6202d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#13 0x0000000000000000 in ?? ()

[Emmanuel Anne]

Never seen that before. Apparently the crash is in fuse itself, from a fuse_reply_write call, and then a memory allocation problem. The circumstances of the crash might have been useful too, is it in a virtual machine ? Is it in doing something specific ?
Is your fuse up to date, are you sure it runs with the same lib which was used to compile it ?
That's all I can think of for now... !

2011/5/19 Maximilian Mehnert <maximilia...@gmx.de>

--
To post to this group, send email to zfs-...@googlegroups.com
To visit our Web site, click on http://zfs-fuse.net/

--
my zfs-fuse git repository : http://rainemu.swishparty.co.uk/cgi-bin/gitweb.cgi?p=zfs;a=summary

[Maximilian Mehnert]

Excerpts from Maximilian Mehnert's message of Thu May 19 23:55:45 +0200 2011:
> Excerpts from Emmanuel Anne's message of Thu May 19 22:21:41 +0200 2011:

> > Never seen that before. Apparently the crash is in fuse itself, from a
> > fuse_reply_write call, and then a memory allocation problem. The
> > circumstances of the crash might have been useful too, is it in a virtual
> > machine ? Is it in doing something specific ?
> > Is your fuse up to date, are you sure it runs with the same lib which was
> > used to compile it ?
> > That's all I can think of for now... !
>

> Hmm. Fuse is libfuse-dev_2.8.4-1.3 from debian. And it's definitely the one I
> compiled against. No virtual machine.
> Otherwise no special circumstances. I'm not sure what wwwoffle is doing in there.
> I have one or two very large directories in wwwoffle with about 400000 files so
> that might be something.
>
Well, I guess I'll wait to see whether it happens again...
:-)

[Seth Heeren]

Emmanuel: Could it be that your buffers thingie is allocating
unconditionally even when e.g. writing 1 byte to 400000 files? This
could be a problem

On 20 mei, 10:39, Maximilian Mehnert <maximilian.mehn...@gmx.de>
wrote:

[Emmanuel Anne]

The allocation error is in fuse itself, so it's rather unlikely.

Plus even if you wanted to write 1 byte in 400000 files, then the FILE* themselves would take much more memory than the buffers !

And not even sure this is the version with the buffers, because line 1578 of zfs_operations.c doesn't match any call to fuse_req_write for me...

Is there a gitweb for this repository somewhere... ? Eh no, found http://git.zfs-fuse.net/official 

but it's not a gitweb interface, too bad, no git here for now...

2011/5/20 Seth Heeren <sghe...@hotmail.com>

--
To post to this group, send email to zfs-...@googlegroups.com
To visit our Web site, click on http://zfs-fuse.net/

[sgheeren]

Come on! Don't be silly!

http://gitweb.zfs-fuse.net/

http://zfs-fuse.net/wiki/repositories
http://zfs-fuse.net/   ---> it's right in the top menu bar...

[Emmanuel Anne]

Oh, the menu bar !
Sorry I saw an array in the middle of the page with no links in it, by urls in plain text, and didn't think there was anything else to see on this page !
My bad then !

2011/5/20 sgheeren <sghe...@hotmail.com>

[Emmanuel Anne]

I guess the message displayed when it crashed (you probably didn't see it since zfs-fuse is launched as a daemon normally) was about a double free...  (maybe it's loged in syslog in this case).
The code which triggers that is indeed in the middle of some buffer handler, but it doesn't make much sense for me so far (apparently the double free would be when fuse frees its req parameter, but it can happen only once, I really don't see how it could happen more. So maybe req got corrupted somewhere but in this case I don't know where neither. Check if you don't have any interesting syslog message around the time of the crash)... A way to reproduce it would be useful, but if you don't have any...
Well if you want to be sure to avoid this you can disable the buffers in zfsrc (option no-buffers from memory), but it would be more useful if you find a way to reproduce this. Your choice...
So far I use these buffers everyday and didn't have any problem since the last fix for them (since the april 6th apparently !).

2011/5/20 Maximilian Mehnert <maximilia...@gmx.de>

--

To post to this group, send email to zfs-...@googlegroups.com
To visit our Web site, click on http://zfs-fuse.net/

[Maximilian Mehnert]

Excerpts from Emmanuel Anne's message of Sat May 21 00:19:34 +0200 2011:

> I guess the message displayed when it crashed (you probably didn't see it
> since zfs-fuse is launched as a daemon normally) was about a double free...
> (maybe it's loged in syslog in this case).
> The code which triggers that is indeed in the middle of some buffer handler,
> but it doesn't make much sense for me so far (apparently the double free
> would be when fuse frees its req parameter, but it can happen only once, I
> really don't see how it could happen more. So maybe req got corrupted
> somewhere but in this case I don't know where neither. Check if you don't
> have any interesting syslog message around the time of the crash)... A way
> to reproduce it would be useful, but if you don't have any...
> Well if you want to be sure to avoid this you can disable the buffers in
> zfsrc (option no-buffers from memory), but it would be more useful if you
> find a way to reproduce this. Your choice...
> So far I use these buffers everyday and didn't have any problem since the
> last fix for them (since the april 6th apparently !).
>

Hmm. Thanks a lot! :-)
Since the logs go to zfs-fuse too, I don't have the syslog from the time of the crash.
:-(
But I'll definitely try to reproduce. I have a feeling that it's not that easy
though. The last times zfs-fuse crashed for me it was after two or three days
of stable work.

[Emmanuel Anne]

Then at least try to put your /var/log dir somewhere else for next time...
No other idea for now.

2011/5/21 Maximilian Mehnert <maximilia...@gmx.de>

--

To post to this group, send email to zfs-...@googlegroups.com
To visit our Web site, click on http://zfs-fuse.net/