Bug 83321
| Summary: | file corruption with reiserfs partitions under 3.16.0-1, inclusive. | ||
|---|---|---|---|
| Product: | IO/Storage | Reporter: | Bob Raitz (pappy_mcfae) |
| Component: | Other | Assignee: | io_other |
| Status: | NEW --- | ||
| Severity: | normal | CC: | charles, jackdachef, min, phmagic, rasasi78, szg00000 |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 3.16.0-1 inclusive | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
|
Description
Bob Raitz
2014-08-27 08:12:36 UTC
most probably dupe of https://bugzilla.kernel.org/show_bug.cgi?id=83121 I can confirm that I also faced this bug with 3.16.1. With 3.15.7 I see no manifestation of this issue. This seem to happen to reiserfs filesystems with lots of small frequently changing files (portage tree is a good example). My reiserfs partition is on a hardware RAID array where the controller is set up to dishonor FUA requests (with RAM journalling and backup enabled, this is probably most typical setup on many servers), this may be a factor. I see no manifestation on my laptop running gentoo where the same partition for portage tree is on a standard SATA HDD. (In reply to Alexander Bezrukov from comment #2) Please disregard my last comment. I reproduced this issue on a filesystem on a standard SATA drive, too. For some reason it didn't manifest at the beginning but now is easily reproducible. This is probably a duplication of bug 83121. I can confirm that with 3.16.3 the issue went out, I cannot reproduce it anymore. From the changelog: commit 9ae91b17b20eafecf8dc4416f86383c76dcdc6a4 Author: Jan Kara <jack@suse.cz> Date: Wed Aug 6 19:43:56 2014 +0200 reiserfs: Fix use after free in journal teardown commit 01777836c87081e4f68c4a43c9abe6114805f91e upstream. If do_journal_release() races with do_journal_end() which requeues delayed works for transaction flushing, we can leave work items for flushing outstanding transactions queued while freeing them. That results in use after free and possible crash in run_timers_softirq(). Fix the problem by not requeueing works if superblock is being shut down (MS_ACTIVE not set) and using cancel_delayed_work_sync() in do_journal_release(). Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> commit 906f27708b9126cd6793e35094d283f5f259ec0b Author: Jeff Mahoney <jeffm@suse.com> Date: Mon Aug 4 19:51:47 2014 -0400 reiserfs: fix corruption introduced by balance_leaf refactor commit 27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d upstream. Commits f1f007c308e (reiserfs: balance_leaf refactor, pull out balance_leaf_insert_left) and cf22df182bf (reiserfs: balance_leaf refactor, pull out balance_leaf_paste_left) missed that the `body' pointer was getting repositioned. Subsequent users of the pointer would expect it to be repositioned, and as a result, parts of the tree would get overwritten. The most common observed corruption is indirect block pointers being overwritten. Since the body value isn't actually used anymore in the called routines, we can pass back the offset it should be shifted. We constify the body and ih pointers in the balance_leaf as a mostly-free preventative measure. Reported-and-tested-by: Jeff Chua <jeff.chua.linux@gmail.com> Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |