From: Eryu Guan <eguan@redhat.com>
To: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: david@fromorbit.com, linux-xfs@vger.kernel.org, fstests@vger.kernel.org
Subject: Re: [PATCH 8/9] xfs: fuzz every field of every structure
Date: Wed, 9 Nov 2016 18:04:05 +0800 [thread overview]
Message-ID: <20161109100405.GZ27776@eguan.usersys.redhat.com> (raw)
In-Reply-To: <20161109092523.GF20710@birch.djwong.org>
On Wed, Nov 09, 2016 at 01:25:23AM -0800, Darrick J. Wong wrote:
> On Wed, Nov 09, 2016 at 05:13:44PM +0800, Eryu Guan wrote:
> > On Wed, Nov 09, 2016 at 12:52:36AM -0800, Darrick J. Wong wrote:
> > > On Wed, Nov 09, 2016 at 04:09:24PM +0800, Eryu Guan wrote:
> > > > On Fri, Nov 04, 2016 at 05:18:00PM -0700, Darrick J. Wong wrote:
> > > > > Previously, our XFS fuzzing efforts were limited to using the xfs_db
> > > > > blocktrash command to scribble garbage all over a block. This is
> > > > > pretty easy to discover; it would be far more interesting if we could
> > > > > fuzz individual fields looking for unhandled corner cases. Since we
> > > > > now have an online scrub tool, use it to check for our targeted
> > > > > corruptions prior to the usual steps of writing to the FS, taking it
> > > > > offline, repairing, and re-checking.
> > > > >
> > > > > These tests use the new xfs_db 'fuzz' command to test corner case
> > > > > handling of every field. The 'print' command tells us which fields
> > > > > are available, and the fuzz command can write zeroes or ones to the
> > > > > field; set the high, middle, or low bit; add or subtract numbers; or
> > > > > randomize the field. We loop through all fields and all fuzz verbs to
> > > > > see if we can trip up the kernel.
> > > > >
> > > > > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> > > >
> > > > The first test gave me a kernel crash :) xfs/1300 crashed your kernel
> > > > djwong-devel branch. I appended the console log at the end of this mail
> > > > if you have interest to see it.
> > > >
> > > > And another xfs/1300 run gave me this failure message:
> > > >
> > > > +/mnt/testarea/scratch: Kernel lacks GETFSMAP; scrub will be less efficient. (xfs.c line 661)
> > > > +/mnt/testarea/scratch: Kernel cannot help scrub metadata; scrub will be incomplete. (xfs.c line 661)
> > > > +/mnt/testarea/scratch: Kernel cannot help scrub inodes; scrub will be incomplete. (xfs.c line 661)
> > > > +/mnt/testarea/scratch: Kernel cannot help scrub extent map; scrub will be less efficient. (xfs.c line 661)
> > > >
> > > > Is this known issue or something should be filtered out in the test?
> > >
> > > That's strange, the djwong-devel branch should have getfsmap & scrub in it...
> > >
> > > ...are you running the djwong-devel kernel and xfsprogs code? The scrub
> > > ioctl structure has shifted some over the past few months, though GETFSMAP
> > > hasn't changed in ages.
> > >
> > > Wait, "another xfs/1300 run" ... so after the first crash, did you go
> > > back to a vanilla kernel without all my crazypatches? :)
> >
> > Ahh, you're right! It booted into 4.9-rc4 vanilla kernel, sorry about
> > that.. But xfs/1300 crashed djwong-devel for the second time in my
> > second try, seems the crash is reliable reproduced, with reflink
> > enabled.
>
> I think if you change the XFS_SCRUB_OP_ERROR_GOTO at line 2237 of
> xfs_scrub_get_inode() to "if (error) goto out_err;" that ought to clear it up.
>
> > > > And ext4/1300 generated large .out.bad file (51M), containing something
> > > > like:
> > > >
> > > > +/mnt/testarea/scratch/test/68/S_IFREG.FMT_ETREE: extent (1101381632/2469888/4096) ends past end of filesystem at 31457280. (generic.c line 272)
> > > > +/mnt/testarea/scratch/test/68/S_IFREG.FMT_ETREE: extent (1101389824/2478080/4096) starts past end of filesystem at 31457280. (generic.c line 264)
> > > > +/mnt/testarea/scratch/test/68/S_IFREG.FMT_ETREE: extent (1101389824/2478080/4096) ends past end of filesystem at 31457280. (generic.c line 272)
> > > > +/mnt/testarea/scratch/test/68/S_IFREG.FMT_ETREE: extent (1101398016/2486272/4096) starts past end of filesystem at 31457280. (generic.c line 264)
> > > > +/mnt/testarea/scratch/test/68/S_IFREG.FMT_ETREE: extent (1101398016/2486272/4096) ends past end of filesystem at 31457280. (generic.c line 272)
> > > > +/mnt/testarea/scratch/test/68/S_IFREG.FMT_ETREE: extent (1101406208/2494464/4096) starts past end of filesystem at 31457280. (generic.c line 264)
> > > > +/mnt/testarea/scratch/test/68/S_IFREG.FMT_ETREE: extent (1101406208/2494464/4096) ends past end of filesystem at 31457280. (generic.c line 272)
> > > > +/mnt/testarea/scratch/test/68/S_IFREG.FMT_ETREE: extent (1101414400/2502656/4096) starts past end of filesystem at 31457280. (generic.c line 264)
> > > > +/mnt/testarea/scratch/test/68/S_IFREG.FMT_ETREE: extent (1101414400/2502656/4096) ends past end of filesystem at 31457280. (generic.c line 272)
> > > >
> > > > Seems like scrub found something wrong (real problems) and became very
> > > > noisy?
> > >
> > > Hmm that's even stranger. I'll try to reproduce tomorrow.
> >
> > So this ext4 noise came from the vanilla kernel too, retested with
> > djwong-devel kernel & userspace ext4/1300 passed without problems. Sorry
> > for my noise..
>
> But that's even more weird; there haven't been any changes to ext4 that
> would explain why this breaks on a vanilla 4.9-rc4 kernel...
Puzzle resolved, I somehow switched back to mainline xfsprogs or some
other wrong xfsprogs version after booted into 4.9-rc4 vanilla kernel.
After updating xfsprogs to djwong-devel, ext4/1300 showed no problem on
4.9-rc4 kernel too.
Sorry again for the mess!
Eryu
next prev parent reply other threads:[~2016-11-09 10:04 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-05 0:17 [PATCH v2 0/9] xfstests: online scrub/repair support Darrick J. Wong
2016-11-05 0:17 ` [PATCH 1/9] populate: create all types of XFS metadata Darrick J. Wong
2016-11-07 15:34 ` Eryu Guan
2016-11-09 0:29 ` Darrick J. Wong
2016-11-05 0:17 ` [PATCH 2/9] populate: add _require_populate_commands to check for tools Darrick J. Wong
2016-11-05 0:17 ` [PATCH 3/9] populate: optionally fill the filesystem when populating fs Darrick J. Wong
2016-11-05 0:17 ` [PATCH 4/9] populate: fix some silly errors when modifying a fs while fuzzing Darrick J. Wong
2016-11-05 0:17 ` [PATCH 5/9] common/fuzzy: move fuzzing helper functions here Darrick J. Wong
2016-11-05 0:17 ` [PATCH 6/9] populate: cache scratch metadata images Darrick J. Wong
2016-11-05 0:17 ` [PATCH 7/9] populate: discover XFS structure fields and fuzz verbs, and use them to fuzz fields Darrick J. Wong
2016-11-09 3:32 ` Eryu Guan
2016-11-09 7:52 ` Darrick J. Wong
2016-11-09 3:44 ` Eryu Guan
2016-11-09 7:53 ` Darrick J. Wong
2016-11-05 0:18 ` [PATCH 8/9] xfs: fuzz every field of every structure Darrick J. Wong
2016-11-09 8:09 ` Eryu Guan
2016-11-09 8:52 ` Darrick J. Wong
2016-11-09 9:13 ` Eryu Guan
2016-11-09 9:25 ` Darrick J. Wong
2016-11-09 10:04 ` Eryu Guan [this message]
2016-11-05 0:18 ` [PATCH 9/9] common/populate: create attrs in different namespaces Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161109100405.GZ27776@eguan.usersys.redhat.com \
--to=eguan@redhat.com \
--cc=darrick.wong@oracle.com \
--cc=david@fromorbit.com \
--cc=fstests@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox