From: Eric Sesterhenn <snakebyte@gmx.de>
To: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Cc: linux-fsdevel@vger.kernel.org, jfs-discussion@lists.sourceforge.net
Subject: Re: Filesystem fuzzing
Date: Wed, 21 May 2008 10:26:37 +0200 [thread overview]
Message-ID: <20080521082636.GA4311@alice> (raw)
In-Reply-To: <1211298026.6389.5.camel@norville.austin.ibm.com>
* Dave Kleikamp (shaggy@linux.vnet.ibm.com) wrote:
> On Mon, 2008-05-19 at 12:07 +0200, Eric Sesterhenn wrote:
> > hi,
> >
> > i do some regular filesystem fuzzing, based on a modified version
> > of lmhs fsfuzzer. I try to test current -git at least once a week.
> > Most modifications are adding of new filesystems or mounting
> > them with different options, but i also added
> > some new tests like invoking iozone, fsx or fsstress if available
> >
> > I currently test vfat, udf, msdos, swap, iso9660, ext2,
> > ext3, ext4, hfs, hfsplus, gfs2, ntfs, minix, qnx4, affs and bfs
>
> You didn't mention jfs. If you want to test that, you can report any
> bugs to me or to jfs-discussion@lists.sourceforge.net.
ah, i removed jfs somewhen because the mkfs.jfs doesnt work
if the file is smaller than 16mb, i readded it and got
a first oops for you
[52500.590030] ERROR: (device loop1): diRead: i_ino != di_number
[52500.590308] BUG: unable to handle kernel NULL pointer dereference at
00000237
[52500.590518] IP: [<c019348a>] iput+0xa/0x50
[52500.590642] *pde = 00000000
[52500.590749] Oops: 0000 [#2] PREEMPT DEBUG_PAGEALLOC
[52500.590958] Modules linked in: nfsd exportfs
[52500.591155]
[52500.591220] Pid: 6938, comm: mount Tainted: G D (2.6.26-rc3
#26)
[52500.591304] EIP: 0060:[<c019348a>] EFLAGS: 00010282 CPU: 0
[52500.591356] EIP is at iput+0xa/0x50
[52500.591356] EAX: fffffffb EBX: fffffffb ECX: 00000001 EDX: 00000000
[52500.591356] ESI: c9811920 EDI: cbd5f780 EBP: cbc67e34 ESP: cbc67e30
[52500.591356] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[52500.591356] Process mount (pid: 6938, ti=cbc67000 task=cbeb3f00
task.ti=cbc67000)
[52500.591356] Stack: fffffffb cbc67e5c c0316078 cbc67e4c fffffffb
00000000 00000000 00000002
[52500.591356] 00000000 c9811920 00000000 cbc67ea0 c01827ff
cf415d40 c07b93c0 cf415d40
[52500.591356] c9811920 706f6f6c 00000031 c01971ed c07e4ddc
c01971ed 000000d0 cf32e6c0
[52500.591356] Call Trace:
[52500.591356] [<c0316078>] ? jfs_fill_super+0x268/0x2a0
[52500.591356] [<c01827ff>] ? get_sb_bdev+0xef/0x120
[52500.591356] [<c01971ed>] ? alloc_vfsmnt+0xdd/0x120
[52500.591356] [<c01971ed>] ? alloc_vfsmnt+0xdd/0x120
[52500.591356] [<c0314fd2>] ? jfs_get_sb+0x22/0x30
[52500.591356] [<c0315e10>] ? jfs_fill_super+0x0/0x2a0
[52500.591356] [<c018234a>] ? vfs_kern_mount+0x3a/0x90
[52500.591356] [<c01823f9>] ? do_kern_mount+0x39/0xd0
[52500.591356] [<c0198425>] ? do_new_mount+0x65/0x90
[52500.591356] [<c01985aa>] ? do_mount+0x15a/0x1b0
[52500.591356] [<c015fc7b>] ? __get_free_pages+0x1b/0x30
[52500.591356] [<c01962b8>] ? copy_mount_options+0x38/0x140
[52500.591356] [<c0188d47>] ? getname+0xa7/0xc0
[52500.591356] [<c019866f>] ? sys_mount+0x6f/0xb0
[52500.591356] [<c0103d7d>] ? sysenter_past_esp+0x6a/0xb1
[52500.591356] =======================
[52500.591356] Code: 4f fa ff 5d c3 8d b6 00 00 00 00 8d bf 00 00 00 00
55 89 e5 e8 d8 88 46 00 31 c0 5d c3 8d 74 26 00 55 85 c0 89 e5 53 89 c3
74 3d <83> b8 3c 02 00 00 40 74 37 8d 40 24 ba e0 ce 7a c0 e8 90 3c 1d
[52500.591356] EIP: [<c019348a>] iput+0xa/0x50 SS:ESP 0068:cbc67e30
[52500.599040] ---[ end trace 299f5ea1b691e69f ]---
kerneloops.org also catched it, but the code is not disassembled
yet, http://kerneloops.org/raw.php?rawid=13020&msgid=
this is with linux-next from yesterday
A copy of the image file is available here:
http://www.cccmz.de/~snakebyte/jfs.7.img.bz2
Greetings, Eric
next prev parent reply other threads:[~2008-05-21 8:26 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-19 10:07 Filesystem fuzzing Eric Sesterhenn
2008-05-20 15:40 ` Dave Kleikamp
2008-05-21 8:26 ` Eric Sesterhenn [this message]
[not found] ` <20080521111627.GA14265@alice>
2008-05-21 15:10 ` Eric Sesterhenn
2008-05-21 16:19 ` Dave Kleikamp
2008-05-21 15:44 ` Dave Kleikamp
2008-05-22 20:29 ` Eric Sesterhenn
2008-05-21 17:21 ` Sunil Mushran
2008-05-21 18:49 ` Eric Sesterhenn
2008-05-27 8:00 ` Eric Sesterhenn
2008-05-27 8:01 ` [Ocfs2-devel] " Eric Sesterhenn
2008-05-27 8:29 ` Eric Sesterhenn
2008-05-27 8:29 ` [Ocfs2-devel] " Eric Sesterhenn
2008-05-28 2:29 ` Sunil Mushran
2008-05-28 2:29 ` Sunil Mushran
2008-05-29 13:17 ` Eric Sesterhenn
2008-05-29 13:18 ` [Ocfs2-devel] " Eric Sesterhenn
2008-05-29 14:56 ` Szabolcs Szakacsits
2008-05-30 7:51 ` Eric Sesterhenn
2008-05-30 19:58 ` Szabolcs Szakacsits
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080521082636.GA4311@alice \
--to=snakebyte@gmx.de \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=shaggy@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.