[FS#533] anon_mount 1 in fstab freezes boot in wrt3200acm

LEDE Bugs lede-bugs at lists.infradead.org
Tue Feb 21 02:26:47 PST 2017


The following task has a new comment added:

FS#533 - anon_mount 1 in fstab freezes boot in wrt3200acm
User who did this - Hannu Nyman (hnyman)

----------
This looks like a nasty bug as it will hit newcomer users who have flashed LEDE just once and are configuring their router. Simply adding "anon_mount 1" option to fstab will make router unbootable. Failsafe will work, but may be hard to find by new users :-(

Summary of findings so far:

* fstab init script calls fstools "/sbin/block mount", which hangs permanently at boot (or if issued from command line later) if there is /etc/config/fstab containing "anon_mount 1" option.

* It hangs when it tries to auto-mount the inactive rootfs partition that contains the original Linksys OEM contents. The partition contains raw jffs2 instead of ubi.

* The bug will not get triggered if both firmwares have been flashed with LEDE or Openwrt, as then also the inactive rootfs contains ubi.

The hang can be seen from kernel log if the command was issued from console and another console is used to read the log. The log gets filled with this at 0.2s intervals:

kern.err kernel: [ 3032.483307] pxa3xx-nand f10d0000.flash: Wait time out!!!


So far this has been found in WRT3200ACM, but the same will likely happen with all WRT1900/1200/3200ACx devices that have dual firmware partitions.

----

Longer explanation:

I added debug statements to fstools block, and MagicSimi tested in his device:
https://forum.lede-project.org/t/wrt3200acm-fstab-problem-with-anon-mount/1673/13

Based on testing, the router is trying to automount "mtdblock6" and gets stuck there.

block: list_for_each_entry starts
block: mount_device for mtdblock6
block: mount_device for mtdblock6 auto_mount test
block: mount_device for mtdblock6 extroot test
block: mount_device for mtdblock6 check anon_mount
block: mount_device for mtdblock6 try anon_mount
block: handle_mount starts
...hang...



cat /proc/mtd:

dev:    size   erasesize  name
mtd0: 00200000 00020000 "u-boot"
mtd1: 00020000 00020000 "u_env"
mtd2: 00040000 00020000 "s_env"
mtd3: 00040000 00020000 "devinfo"
mtd4: 001e0000 00020000 "sysdiag"
mtd5: 05000000 00020000 "kernel1"
mtd6: 04a00000 00020000 "rootfs1"
mtd7: 05000000 00020000 "kernel2"
mtd8: 04a00000 00020000 "ubi"
mtd9: 05600000 00020000 "syscfg"
mtd10: 005c0000 00020000 "unused_area"



/sbin/block info:
/dev/mtdblock6: TYPE="jffs2"
/dev/ubiblock0_0: UUID="643ef9c1-d0d092d2-0fa9f12b-3da3502a" VERSION="4.0" MOUNT="/rom" TYPE="squashfs"
/dev/ubi0_1: UUID="a9709d2e-35ba-4444-a544-aa10a4b4133e" VERSION="w4r0" MOUNT="/overlay" TYPE="ubifs"
/dev/ubi1_0: UUID="e16dd61c-066d-45ee-9b2b-0a92e84b06bb" VERSION="w4r0" TYPE="ubifs"
/dev/sda1: UUID="856ba000-4a72-41c5-aa1c-d374766efdf3" VERSION="1" TYPE="swap"
/dev/sda2: UUID="d99873c8-a42f-4f19-9f5b-68571ba47558" VERSION="1.0" MOUNT="/mnt/sda2" TYPE="ext3"

"block info" shows that it is a "jffs2" partition. 

After that finding, I checked the binary copy of my own router's mtd partitions (which I made immediately after flashing LEDE successfully first time), and the corresponding partition really seems to contain raw jffs2 data. Starting with magic 0x1985.


85 19 01 e0 31 00 00 00 1d d9


Apparently fstools block still tries to mount it, and then the kernel driver hangs for some reason. It expects to be find ubi? The real reason for the hang is so far unclear. Something in the flash driver? jffs2 should not be mounted at all in a NAND system?

I have added more debug print commands to block and hopefully MagicSimi will test it again. That should reveal the parameters passed to the mount function etc. So far it likely that the hnag happens at the call to the system mount function.

It looks like fstools block mount should be somehow modified.

----------

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=533#comment1900



More information about the lede-bugs mailing list