On Mon, Feb 10, 2020 at 11:02:08AM +0800, zhengbin (A) wrote: > ### question > We recently used fuzz(hydra) to test 4.19 stable XFS and automatically generate tmp.img (XFS v5 format, but some metadata is wrong) So you create impossible situations in the on-disk format, then recalculate the CRC to make appear valid to the filesystem? > Test as follows: > mount tmp.img tmpdir > cp file tmpdir > sync --> stuck > > ### cause analysis > This is because tmp.img (only 1 AG) has some problems. Using xfs_repair detect information as follows: Please use at least 2 AGs for your fuzzer images. There's no point in testing single AG filesystems because: a) they are not supported b) there is no redundant information in the filesysetm to be able to detect a vast range of potential corruptions. > agf_freeblks 0, counted 3224 in ag 0 > agf_longest 536874136, counted 3224 in ag 0 > sb_fdblocks 613, counted 3228 So the AGF verifier is missing these checks: a) agf_longest < agf_freeblks b) agf_freeblks < sb_dblocks / sb_agcount c) agf_freeblks < sb_fdblocks and probably some other things as well. Can you please add these checks to xfs_agf_verify() (and any other obvious bounds tests that are missing) and submit the patch for inclusion? Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx
