Bug#941712: hfs partitions corrupted when removing lots of files over network

2019-10-03 Thread Graham Coster 
Package: hfsutils
Version: 3.2.6-14
Severity: grave
 Output from uname -a
Linux raspberrypi 4.19.66-v7l+ #1253 SMP Thu Aug 15 12:02:08 BST 2019 armv7l 
GNU/Linux


 Output from apt show libc6 2>&1 | grep ^Version
Version: 2.28-10+rpi1

 Hardware;
RaspberryPi model 2b and RaspberryPi model 4b


 What led up to the situation?
I set up a new RaspberryPi to be a Samba network file server for an HFS 
partition  (see setup section at end of this email for details). I then deleted 
about 300 files from the HFS partition from a client machine.  This caused an 
"Internal error: Oops: 206 [#1] SMP ARM".  See kern.log below for Oops details.

After the error, the filesytem was corrputed and could not be repaired using 
fsck.  See fsck output below.

To reproduce the problem, I run the following from a client machine;
for i in {1..300}; do touch /Volumes/TimeMachineBackup/$i; done ; rm 
/Volumes/TimeMachineBackup/*

Every time I re-run this test on a freshly formatted drive, the same error 
occurs and the filesystem is always corrupted and cannot be repaired (i.e. 
total data loss).


 What exactly did you do (or not do) that was effective (or ineffective)?
I tried all of the following;
- Replaced Samba network sharing with Netatalk
- Re-installed Raspbian from scratch
- Different mkfs.hfs formatting options to add journal files and alter the 
b-node sizes
- Various samba configurations to change sync / async options, threading 
options, permissions, etc
- 3 different disk drives (USB flash drive, USB powered HDD, Separately powered 
HDD)
- 2 different RaspberryPi models (2b and 4b)
- Different network connections speeds (WiFi at 200Mbs, Ethernet at 100Mbs, 
Ethernet at 1000Mbs)
- Deleted 300 files locally on the RaspberryPi file server (i.e. not over 
network)
- Replaced HFS+ format with EXT4


 What was the outcome of this action?
None the the things I tried above had any impact on the problem except;
- The problem did not occur at all when deleting locally on the RaspberryPi 
file server.
- The problem did not occur at all when HFS+ was replaced with EXT4

 What outcome did you expect instead?
Given the problem did not occur locally on the file server, but did over 
Sambaa, I expected the problem to go away when I replaced Samba with Netatalk.  
It did not.

I wonder if the problem relates to how all file-networking protocols interact 
with local filesystems?


#
# LOGS AND OUTPUT   #
#
   
# kern.log;

Sep 26 16:09:25 raspberrypi kernel: [  222.906719] hfsplus: trying to free free 
bnode 0(1)
Sep 26 16:09:25 raspberrypi kernel: [  222.906844] hfsplus: trying to free free 
bnode 0(1)
Sep 26 16:09:25 raspberrypi kernel: [  222.906893] Unable to handle kernel NULL 
pointer dereference at virtual address 
Sep 26 16:09:25 raspberrypi kernel: [  222.906906] pgd = bc442823
Sep 26 16:09:25 raspberrypi kernel: [  222.906914] [] *pgd=11d05003, 
*pmd=
Sep 26 16:09:25 raspberrypi kernel: [  222.906933] Internal error: Oops: 206 
[#1] SMP ARM
Sep 26 16:09:25 raspberrypi kernel: [  222.906942] Modules linked in: nls_utf8 
hfsplus bnep hci_uart btbcm serdev bluetooth ecdh_generic 8021q garp stp llc 
vc4 v3d drm_kms_helper brcmfmac gpu_sched brcmutil drm 
drm_panel_orientation_quirks snd_bcm2835(C) snd_soc_core sha256_generic 
snd_compress snd_pcm_dmaengine snd_pcm sg snd_timer syscopyarea sysfillrect 
sysimgblt fb_sys_fops cfg80211 rfkill snd raspberrypi_hwmon hwmon 
bcm2835_codec(C) bcm2835_v4l2(C) v4l2_mem2mem v4l2_common videobuf2_vmalloc 
bcm2835_mmal_vchiq(C) videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 
videobuf2_common videodev media vc_sm_cma(C) rpivid_mem uio_pdrv_genirq uio 
fixed ip_tables x_tables ipv6
Sep 26 16:09:25 raspberrypi kernel: [  222.907150] CPU: 3 PID: 634 Comm: smbd 
Tainted: G C4.19.66-v7l+ #1253
Sep 26 16:09:25 raspberrypi kernel: [  222.907160] Hardware name: BCM2835
Sep 26 16:09:25 raspberrypi kernel: [  222.907177] PC is at kmap+0x1c/0x44
Sep 26 16:09:25 raspberrypi kernel: [  222.907188] LR is at 
_cond_resched+0x30/0x50
Sep 26 16:09:25 raspberrypi kernel: [  222.907196] pc : []lr : 
[]psr: 6013
Sep 26 16:09:25 raspberrypi kernel: [  222.907205] sp : dc0e3cc0  ip : dc0e3cb0 
 fp : dc0e3cd4
Sep 26 16:09:25 raspberrypi kernel: [  222.907214] r10: 002e  r9 : dcdf9c48 
 r8 : 
Sep 26 16:09:25 raspberrypi kernel: [  222.907222] r7 : dc0e3d02  r6 : dcdf9c7c 
 r5 : 0002  r4 : 
Sep 26 16:09:25 raspberrypi kernel: [  222.907231] r3 :   r2 : c0e953fc 
 r1 :   r0 : 
Sep 26 16:09:25 raspberrypi kernel: [  222.907241] Flags: nZCv  IRQs on  FIQs 
on  Mode SVC_32  ISA ARM  Segment user
Sep 26 16:09:25 raspberrypi kernel: [  222.907250] Control: 30c5383d  Table: 
1e71cfc0  DAC: 
Sep 26 16:09:25 raspberrypi kernel

Bug#941712: Same problem on Debian on VirtualBox

2019-10-09 Thread Graham Coster 
The same problem occurred when I tried re-testing on Debian (rather than 
Raspbian) using VirtualBox 6.0.12 r133076 (Qt5.6.3), hosted on a Mac (macOS 
10.14.6).

Again, HFS partitions were corrupted, but EXT4 partitions were not.


Details of installation;

Package: hfsutils
Version: 3.2.6-14 i386

 Output from uname -a
Linux debian 4.19.0-6-686-pae #1 SMP Debian 4.19.67-2+deb10u1 (2019-09-20) i686 
GNU/Linux

 Output from apt show libc6 2>&1 | grep ^Version
Version: 2.28-10


# kern.log;
Oct 10 14:28:50 debian kernel: [  915.021923] hfsplus: trying to free free 
bnode 0(1)
Oct 10 14:28:50 debian kernel: [  915.021931] hfsplus: trying to free free 
bnode 0(1)
Oct 10 14:28:50 debian kernel: [  915.021937] hfsplus: trying to free free 
bnode 0(1)
Oct 10 14:28:50 debian kernel: [  915.021944] BUG: unable to handle kernel NULL 
pointer dereference at 
Oct 10 14:28:50 debian kernel: [  915.021945] *pdpt = 0a582001 *pde = 

Oct 10 14:28:50 debian kernel: [  915.021947] Oops:  [#1] SMP PTI
Oct 10 14:28:50 debian kernel: [  915.021950] CPU: 0 PID: 1727 Comm: smbd 
Tainted: G   OE 4.19.0-6-686-pae #1 Debian 4.19.67-2+deb10u1
Oct 10 14:28:50 debian kernel: [  915.021951] Hardware name: innotek GmbH 
VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Oct 10 14:28:50 debian kernel: [  915.021954] EIP: kmap+0x10/0x50
Oct 10 14:28:50 debian kernel: [  915.021955] Code: 00 00 81 e1 00 00 00 80 89 
e5 e8 bb ee ff ff 5d c3 8d b4 26 00 00 00 00 66 90 3e 8d 74 26 00 55 89 e5 53 
89 c3 e8 10 0d 63 00 <8b> 03 c1 e8 1e 83 f8 02 74 1f 83 f8 03 74 11 89 d8 e8 6a 
fd 16 00
Oct 10 14:28:50 debian kernel: [  915.021956] EAX:  EBX:  ECX: 
0002 EDX: c3cb1d3a
Oct 10 14:28:50 debian kernel: [  915.021957] ESI:  EDI: 1ffc EBP: 
c3cb1d0c ESP: c3cb1d08
Oct 10 14:28:50 debian kernel: [  915.021958] DS: 007b ES: 007b FS: 00d8 GS: 
00e0 SS: 0068 EFLAGS: 00210246
Oct 10 14:28:50 debian kernel: [  915.021959] CR0: 80050033 CR2:  CR3: 
03cf4000 CR4: 000406f0
Oct 10 14:28:50 debian kernel: [  915.021962] DR0:  DR1:  DR2: 
 DR3: 
Oct 10 14:28:50 debian kernel: [  915.021962] DR6: fffe0ff0 DR7: 0400
Oct 10 14:28:50 debian kernel: [  915.021963] Call Trace:
Oct 10 14:28:50 debian kernel: [  915.021968]  hfsplus_bnode_write+0x3d/0x170 
[hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021970]  ? hfsplus_bnode_read+0x5a/0x170 
[hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021972]  
hfsplus_bnode_write_u16+0x2c/0x50 [hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021974]  hfsplus_brec_remove+0x11a/0x180 
[hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021975]  __hfsplus_delete_attr+0x70/0xd0 
[hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021977]  
hfsplus_delete_all_attrs+0x53/0xa0 [hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021979]  hfsplus_delete_cat+0x2ce/0x350 
[hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021981]  ? 0xf7dcc000
Oct 10 14:28:50 debian kernel: [  915.021983]  ? 
hfsplus_hash_dentry+0x158/0x210 [hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021984]  ? 
hfsplus_compare_dentry+0x20e/0x320 [hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021986]  hfsplus_unlink+0x73/0x1c0 
[hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021988]  ? mutex_lock+0x10/0x30
Oct 10 14:28:50 debian kernel: [  915.021990]  ? hfsplus_unlink+0x73/0x1c0 
[hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021991]  ? 
hfsplus_hash_dentry+0x210/0x210 [hfsplus]
Oct 10 14:28:50 debian kernel: [  915.021998]  ? __d_lookup+0x109/0x160
Oct 10 14:28:50 debian kernel: [  915.021999]  ? inode_permission+0x54/0x1b0
Oct 10 14:28:50 debian kernel: [  915.022001]  vfs_unlink+0x107/0x190
Oct 10 14:28:50 debian kernel: [  915.022002]  ? vfs_unlink+0x107/0x190
Oct 10 14:28:50 debian kernel: [  915.022004]  do_unlinkat+0x1dd/0x2a0
Oct 10 14:28:50 debian kernel: [  915.022006]  sys_unlink+0x20/0x30
Oct 10 14:28:50 debian kernel: [  915.022007]  do_fast_syscall_32+0x81/0x1a0
Oct 10 14:28:50 debian kernel: [  915.022009]  entry_SYSENTER_32+0x6b/0xbe
Oct 10 14:28:50 debian kernel: [  915.022010] EIP: 0xb7f5ad61
Oct 10 14:28:50 debian kernel: [  915.022011] Code: f6 ff ff 55 89 e5 8b 55 08 
8b 80 5c cd ff ff 85 d2 74 02 89 02 5d c3 8b 04 24 c3 8b 1c 24 c3 90 90 51 52 
55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 
90 8d 76
Oct 10 14:28:50 debian kernel: [  915.022012] EAX: ffda EBX: 00fcd1d0 ECX: 
00fcd420 EDX: b7e90bd0
Oct 10 14:28:50 debian kernel: [  915.022013] ESI: 00fcd420 EDI: 00faac80 EBP: 
00fe1e50 ESP: bf900f9c
Oct 10 14:28:50 debian kernel: [  915.022013] DS: 007b ES: 007b FS:  GS: 
0033 SS: 007b EFLAGS: 00200296
Oct 10 14:28:50 debian kernel: [  915.022015] Modules linked in: isofs udf 
crc_itu_t fuse nls_utf8 hfsplus joydev hid_generic uas usbhid hid usb_storage 
intel_powerclamp snd_intel8x0 crc32_pclmul snd_ac97_codec ac97_bus 
intel_rapl_perf snd_pcm snd_timer pcspkr serio_raw sg snd soundcore