Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 3DA96200B3B for ; Mon, 11 Jul 2016 20:01:13 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 3C4C0160A5E; Mon, 11 Jul 2016 18:01:13 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 87877160A7D for ; Mon, 11 Jul 2016 20:01:12 +0200 (CEST) Received: (qmail 16411 invoked by uid 500); 11 Jul 2016 18:01:11 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 16355 invoked by uid 99); 11 Jul 2016 18:01:11 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jul 2016 18:01:11 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 325022C02AA for ; Mon, 11 Jul 2016 18:01:11 +0000 (UTC) Date: Mon, 11 Jul 2016 18:01:11 +0000 (UTC) From: "Yongjun Zhang (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HDFS-10587) Incorrect offset/length calculation in pipeline recovery causes block corruption MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 11 Jul 2016 18:01:13 -0000 [ https://issues.apache.org/jira/browse/HDFS-10587?page=3Dcom.atlassian= .jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D1537= 1294#comment-15371294 ]=20 Yongjun Zhang commented on HDFS-10587: -------------------------------------- HI [~jojochuang], I think it'd be nice to work out a unit test that demonstrates the block co= rruption, for example, to create a block with visibleLength X, and a replic= a with data X+delta written to disk, then use the involved code to copy th= e replica to a different one, to see if the corruption happens. If so, the= n we can see my above proposed change can address the issue.=20 Of course, we still need to understand better the "chunk end enforcement" m= entioned in my earlier comment.=20 =20 What do you think? Thanks. > Incorrect offset/length calculation in pipeline recovery causes block cor= ruption > -------------------------------------------------------------------------= ------- > > Key: HDFS-10587 > URL: https://issues.apache.org/jira/browse/HDFS-10587 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode > Reporter: Wei-Chiu Chuang > Assignee: Wei-Chiu Chuang > > We found incorrect offset and length calculation in pipeline recovery may= cause block corruption and results in missing blocks under a very unfortun= ate scenario.=20 > (1) A client established pipeline and started writing data to the pipelin= e. > (2) One of the data node in the pipeline restarted, closing the socket, a= nd some written data were unacknowledged. > (3) Client replaced the failed data node with a new one, initiating block= transfer to copy existing data in the block to the new datanode. > (4) The block is transferred to the new node. Crucially, the entire block= , including the unacknowledged data, was transferred. > (5) The last chunk (512 bytes) was not a full chunk, but the destination = still reserved the whole chunk in its buffer, and wrote the entire buffer t= o disk, therefore some written data is garbage. > (6) When the transfer was done, the destination data node converted the r= eplica from temporary to rbw, which made its visible length as the length o= f bytes on disk. That is to say, it thought whatever was transferred was ac= knowledged. However, the visible length of the replica is different (round = up to the next multiple of 512) than the source of transfer. > (7) Client then truncated the block in the attempt to remove unacknowledg= ed data. However, because the visible length is equivalent of the bytes on = disk, it did not truncate unacknowledged data. > (8) When new data was appended to the destination, it skipped the bytes a= lready on disk. Therefore, whatever was written as garbage was not replaced= . > (9) the volume scanner detected corrupt replica, but due to HDFS-10512, i= t wouldn=E2=80=99t tell NameNode to mark the replica as corrupt, so the cli= ent continued to form a pipeline using the corrupt replica. > (10) Finally the DN that had the only healthy replica was restarted. Name= Node then update the pipeline to only contain the corrupt replica. > (11) Client continue to write to the corrupt replica, because neither cli= ent nor the data node itself knows the replica is corrupt. When the restart= ed datanodes comes back, their replica are stale, despite they are not corr= upt. Therefore, none of the replica is good and up to date. > The sequence of events was reconstructed based on DataNode/NameNode log a= nd my understanding of code. > Incidentally, we have observed the same sequence of events on two indepen= dent clusters. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org