From: Dave Chinner <david@fromorbit.com>
To: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Cc: "Darrick J. Wong" <darrick.wong@oracle.com>,
linux-xfs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: XFS: Hang and dmesg flood on mounting invalid FS image
Date: Mon, 29 Oct 2018 12:20:59 +1100 [thread overview]
Message-ID: <20181029012058.GK19305@dastard> (raw)
In-Reply-To: <CAE5jQCc3hrq6E-Ff1oiYUOSDA08PMrqnu80XQtaD5adcUQvV8w@mail.gmail.com>
On Sun, Oct 28, 2018 at 08:50:46PM +0300, Anatoly Trosinenko wrote:
> Hello,
>
> When mounting a broken XFS image, the kernel hangs and floods dmesg
> with stack traces.
How did the corruption occur?
$ sudo xfs_logprint -d /dev/vdc
xfs_logprint:
data device: 0xfd20
log device: 0xfd20 daddr: 131112 length: 6840
0 HEADER Cycle 1 tail 1:000000 len 512 ops 1
[00000 - 00000] Cycle 0xffffffff New Cycle 0x00000001
2 HEADER Cycle 1 tail 1:000002 len 512 ops 5
4 HEADER Cycle 1 tail -2147483647:000002 len 512 ops 1
^^^^^^^^^^^^
6 HEADER Cycle 0 tail 1:000000 len 0 ops 0
[00000 - 00006] Cycle 0x00000001 New Cycle 0x00000000
7 HEADER Cycle 0 tail 1:000000 len 0 ops 0
Ok, so from this the head of the log is block 4, and it has a
corrupt tail pointer it points to:
$ sudo xfs_logprint -D -s 4 /dev/vdc |head -10
xfs_logprint:
data device: 0xfd20
log device: 0xfd20 daddr: 131112 length: 6840
BLKNO: 4
0 bebaedfe 1000000 2000000 20000 1000000 3610000 1000080 2000000
^^^^^^^ ^ ^
wrong wrong wrong
8 2f27bae6 2000000 1000000 dabdbab0 0 0 0 0
10 0 0 0 0 0 0 0 0
18 0 0 0 0 0 0 0 0
20 0 0 0 0 0 0 0 0
They decode as:
cycle: 1 version: 2 lsn: 1,24835 tail_lsn: 2147483649,2
So the tail LSN points to an invalid log cycle and the previous
block. IOWs, the block number in the tail indicates the whole log is
valid and needs to be scanned. but the cycle is not valid.
And that's the problem. Neither the head or tail blocks are
validated before they are used. CRC checking of the head and tail
blocks comes later....
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2018-10-29 1:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-28 17:50 XFS: Hang and dmesg flood on mounting invalid FS image Anatoly Trosinenko
2018-10-29 1:20 ` Dave Chinner [this message]
2018-10-29 6:57 ` Anatoly Trosinenko
2018-10-29 7:10 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181029012058.GK19305@dastard \
--to=david@fromorbit.com \
--cc=anatoly.trosinenko@gmail.com \
--cc=darrick.wong@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox