Re: The question about hfs+ patch (hfsplus: fix BUG on bnode parent update)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



tchou 於 2019-02-27 11:14 寫到:
Viacheslav Dubeyko 於 2019-02-27 10:56 寫到:
On Wed, 2019-02-27 at 09:46 +0800, tchou wrote:
Viacheslav Dubeyko 於 2019-02-27 02:01 寫到:
> On Tue, 2019-02-26 at 11:32 +0800, tchou wrote:
>> Ernesto A. Fernández 於 2019-02-24 08:44 寫到:
>> >
>> >
>
> [skipped]
>
>> > >
>> > > [1]
>> > > =================================================================
>> > > =================================
>> > >
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.504049] hfsplus:
>> > > trying to free free bnode 294912(2)
>> > >
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.510017] hfsplus:
>> > > trying to free free bnode 294912(2)
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.515983] hfsplus:
>> > > trying to free free bnode 294912(2)
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.521949] general
>> > > protection fault: 0000 [#1] SMP
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.621069] CPU: 1
>> > > PID:
>> > > 18715 Comm: SYNO.FileStatio Tainted: P C O 3.10.102 #15152
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.630308] Hardware
>> > > name:
>> > > Synology Inc. DS1517+/Type2 - Board Product Name1, BIOS M.405
>> > > 2017/05/09
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.640423] task:
>> > > ffff8802753fa040 ti: ffff880270880000 task.ti: ffff880270880000
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.648779] RIP:
>> > > 0010:[<ffffffffa051459e>] [<ffffffffa051459e>]
>> > > hfsplus_bnode_write+0x9e/0x1e0 [hfsplus]
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.659489] RSP:
>> > > 0018:ffff880270883c18 EFLAGS: 00010202
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.665415] RAX:
>> > > 0000000000000000 RBX: 0000000000000002 RCX: 000000000000aeff
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.673391] RDX:
>> > > 0000000000000000 RSI: ffff880270883c56 RDI: db73880000000000
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.681366] RBP:
>> > > ffff88005f7b1920 R08: 0000000000000002 R09: 0000000000000002
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.689343] R10:
>> > > ffff88005f7b18d0 R11: 0000000000000002 R12: 0000000000001ffc
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.697310] R13:
>> > > ffff880270883c56 R14: 0000000000000002 R15: 0000000000000002
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.705286] FS:
>> > > 00007f4fee0607c0(0000) GS:ffff88027fc40000(0000)
>> > > knlGS:0000000000000000
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.714322] CS: 0010
>> > > DS:
>> > > 0000 ES: 0000 CR0: 000000008005003b
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.720744] CR2:
>> > > 00007f4fee05d000 CR3: 0000000247210000 CR4: 00000000001007e0
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.728711] DR0:
>> > > 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.736687] DR3:
>> > > 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.744654] Stack:
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.746896]
>> > > ffff88005f7b18c0 ffff880270883cd0 0000000000001ffc
>> > > 0000000000001f9c
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.755181]
>> > > 0000000000000060 000000000000000e ffffffffa05146ff
>> > > aeff000000000031
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.763468]
>> > > ffffffffa0516bf9 000000606228c340 ffff880270883cd0
>> > > 00000000fffffffe
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.771763] Call
>> > > Trace:
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.774497]
>> > > [<ffffffffa05146ff>] ? hfsplus_bnode_write_u16+0x1f/0x30
>> > > [hfsplus]
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.782671]
>> > > [<ffffffffa0516bf9>] ? hfsplus_brec_remove+0x129/0x190 [hfsplus]
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.790650]
>> > > [<ffffffffa05191d0>] ? __hfsplus_delete_attr+0x90/0xf0 [hfsplus]
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.798629]
>> > > [<ffffffffa0519979>] ? hfsplus_delete_all_attrs+0x49/0xb0
>> > > [hfsplus]
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.806900]
>> > > [<ffffffffa0512482>] ? hfsplus_delete_cat+0x1c2/0x2b0 [hfsplus]
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.814782]
>> > > [<ffffffffa0512d90>] ? hfsplus_unlink+0x1d0/0x1e0 [hfsplus]
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.822277]
>> > > [<ffffffff811066bd>] ? __inode_permission+0x1d/0xb0
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.828992]
>> > > [<ffffffff8110a72a>] ? vfs_unlink+0x8a/0x100
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.835025]
>> > > [<ffffffff8110a9c3>] ? do_unlinkat+0x223/0x230
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.841255]
>> > > [<ffffffff8111d853>] ? mntput_no_expire+0x13/0x130
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.847873]
>> > > [<ffffffff8104d1bc>] ? task_work_run+0x9c/0xe0
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.854102]
>> > > [<ffffffff81002901>] ? do_notify_resume+0x61/0x90
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.860624]
>> > > [<ffffffff810fb827>] ? fput+0x57/0xb0
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.865978]
>> > > [<ffffffff8149dd32>] ? system_call_fastpath+0x16/0x1b
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.872884] Code: 48
>> > > 63 ca
>> > > 48 01 cf 48 83 fb 08 0f 83 fd 00 00 00 31 c0 41 f6 c3 04 74 09 8b
>> > > 06
>> > > 89 07 b8 04 00 00 00 41 f6 c3 02 74 0c 0f b7 0c 06 <66> 89 0c 07
>> > > 48 8d
>> > > 40 02 41 83 e3 01 74 07 0f b6 0c 06 88 0c 07
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.894293] RIP
>> > > [<ffffffffa051459e>] hfsplus_bnode_write+0x9e/0x1e0 [hfsplus]
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.902375] RSP
>> > > <ffff880270883c18>
>> > >
>> > > 2017-08-30T10:32:30-04:00 BS-SAN kernel: [ 5471.906350] ---[ end
>> > > trace
>> > > 0e65d1ee34a1e12e ]---
>> > >
>> > >
>> > > =================================================================
>> > > =================================
>> > >
>
>
> Could you please share more details about the environment of the bug?
> Do you know what operation trigger the bug? How had volume been
> created? Can you reproduce the issue?
>
> It looks like the file deletion operation took place. Do you have any
> idea what file is under deletion and what features it has? Does this
> file contain any xattr?

Ok, the following description is my situation. The Linux versions of
our products are 3.10 and 4.4.

Users may plug-in the external USB drive, whose hfs+ is formatted on
their macOS device, to our device.  They can do all file system
operations(etc create, remove, rename files, and so on) on both
macOS side and Linux side.

The files created on macOS have the default xattr:
com.apple.FinderInfo=0sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKrmU=
The files created on Linux have no xattr.

Some users seem enconter the call trace when removing the file on
our device.And it will stock when we unmount it and cause the
unmount fail.

We cannot reproduce it by ourselves. The following link is the
only one I can find that have the same situation of mine:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1646565/comments/5

I try some reproduce ways:
1. Format the USB drive on Linux and macOS.
2. Use fsstress to stress create and unlink operations on Linux.
3. Create and remove the 100,000 files on Linux.
4. Create 10,000 ~ 500,000 files on MacOS and remove all on Linux.
All of ways failed.

There are about 10+ users enconter this situation so I try to fix it.
Any Idea about it?

OK. I see the point. Let's achieve the stable reproduction of the issue
at first. The issue is triggered by operations in the Attributes Tree
but not in the Catalog Tree. So, it will be enough to create the several
files. The key trick is to create many xattrs for one file. It will be
better to create xattrs by native way under Macx OS X. I believe that
Attributes Tree's node size could be about 8 KB by default (but maybe 4
KB only). It is better to check the size in superblock's dump, for
example. So, it needs to create a lot of xattrs for one file (or several files) with the goal to create the Attributes Tree with enough number of
nodes. The best case will be to create the Attributes Tree with height
of 2 or 3 with the goal to have the index nodes too. As far as I can
judge, the issue can be reproduce during the deletion of the xattrs or
file with xattrs under Linux. And it needs to have the Attributes Tree
with many nodes because the issue should be triggered during the
operation of the b-tree node deletion.

So, I hope my vision could help. Could you please try to reproduce the
issue and to share the results?

Thanks for your advice! I will try to reproduce it. And we have a four-day
vacations in our country from tomorrow on. I will try it at 3/4 ~ 3/5.
Please forgive the delay.


Sorry for delay, I finish the reproduce steps. And it works!
I try it on our product with kernel 3.10 and ubuntu with kernel 4.19
Both environmnets can reproduce the bug.

I use two ways to reproduce:
==============================================================================
1). mkfs the hfs+ image on linux
1. touch file on it.
2. add enouth xattrs in the file
for x in $(seq 1 1000)
do setfattr -n user.$x -v "gggg${x}gggg${x}qqqqq${x}pleaseggggg" /mnt/1
done
3. rm the file
4. segmentation fault and get the same call trace
5. the fsck.hfsplus result:
** img2 (NO WRITE)
** Checking HFS Plus volume.
** Checking Extents Overflow file.
** Checking Catalog file.
   Invalid leaf record count
   (It should be 4 instead of 6)
** Checking Catalog hierarchy.
   Invalid directory item count
   (It should be 1 instead of 2)
** Checking Extended Attributes file.
   Invalid index key
(8, 1)
** The volume untitled needs to be repaired.
==============================================================================
2). format hfs+ on mac
1. touch file on it.
2.add enouth xattrs in the file
for x in $(seq 1 1000)
do xattr -w user.$x "gggg${x}gggg${x}qqqqq${x}pleaseggggg" /Volumes/test/1
done
3. move the usb disk to linux
4. rm the file
5. segmentation fault and get the same call trace
6. the fsck.hfsplus result:
** /dev/sdq1 (NO WRITE)
** Checking HFS Plus volume.
** Checking Extents Overflow file.
** Checking Catalog file.
** Checking Catalog hierarchy.
** Checking Extended Attributes file.
** Checking volume bitmap.
** Checking volume information.
   Volume Header needs minor repair
(2, 0)
** The volume test needs to be repaired.
==============================================================================

It seems that the guess it correct. The Attributes Tree with enough number of
node can trigger the bug.

Thanks,
Vyacheslav Dubeyko.




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux