From: Eric Sesterhenn <snakebyte@gmx.de>
To: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Cc: linux-fsdevel@vger.kernel.org, jfs-discussion@lists.sourceforge.net
Subject: Re: Filesystem fuzzing
Date: Wed, 21 May 2008 17:10:34 +0200 [thread overview]
Message-ID: <20080521151034.GA16128@alice> (raw)
In-Reply-To: <20080521111627.GA14265@alice>
* Eric Sesterhenn (snakebyte@gmx.de) wrote:
since i forgot the CCs on the last msg i do a fullquote, sorry for this
> and here is another one:
>
> [ 458.684137] BUG: unable to handle kernel paging request at e0171576
> [ 458.684348] IP: [<c0323eab>] dbFindLeaf+0x2b/0xb0
> [ 458.684348] Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC
> [ 458.684348] Modules linked in: nfsd exportfs
> [ 458.684348]
> [ 458.684348] Pid: 4831, comm: fsstress Not tainted
> (2.6.26-rc3-00243-gd40ace0 #26)
> [ 458.684348] EIP: 0060:[<c0323eab>] EFLAGS: 00010206 CPU: 0
> [ 458.684348] EIP is at dbFindLeaf+0x2b/0xb0
> [ 458.684348] EAX: 00000000 EBX: ca81c010 ECX: 15955555 EDX: 05655555
> [ 458.684348] ESI: 00cefff6 EDI: 00000000 EBP: ca8bd9a4 ESP: ca8bd984
> [ 458.684348] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> [ 458.684348] Process fsstress (pid: 4831, ti=ca8bd000 task=ca87af40
> task.ti=ca8bd000)
> [ 458.684348] Stack: ca8bd9d4 c033017d 00000000 000007a6 ca8bd9c4
> ca859000 00000000 ca81c000
> [ 458.684348] ca8bd9d4 c0324bb0 c1152380 00000000 00000046
> f21e31e8 00000001 ca848000
> [ 458.684348] c01441ad ca859000 00000000 00000000 ca8bda28
> c0324fa3 00000000 ca8bdb7c
> [ 458.684348] Call Trace:
> [ 458.684348] [<c033017d>] ? __get_metapage+0xed/0x3d0
> [ 458.684348] [<c0324bb0>] ? dbAllocDmapLev+0x50/0xc0
> [ 458.684348] [<c01441ad>] ? put_lock_stats+0xd/0x30
> [ 458.684348] [<c0324fa3>] ? dbAllocCtl+0x383/0x3d0
> [ 458.684348] [<c01441ad>] ? put_lock_stats+0xd/0x30
> [ 458.684348] [<c032512d>] ? dbAllocAG+0x9d/0x450
> [ 458.684348] [<c013bfd6>] ? down_write_nested+0x76/0x90
> [ 458.684348] [<c03258d5>] ? dbAlloc+0x145/0x570
> [ 458.684348] [<c05fed37>] ? _spin_unlock+0x27/0x50
> [ 458.684348] [<c03289c0>] ? add_index+0x2b0/0x520
> [ 458.684348] [<c0146ef4>] ? __lock_acquire+0x2c4/0x1120
> [ 458.684348] [<c010974f>] ? native_sched_clock+0x7f/0xb0
> [ 458.684348] [<c0328ed4>] ? dtInsertEntry+0x114/0x4b0
> [ 458.684348] [<c05fed37>] ? _spin_unlock+0x27/0x50
> [ 458.684348] [<c032c53f>] ? dtInsert+0x27f/0x19e0
> [ 458.684348] [<c010974f>] ? native_sched_clock+0x7f/0xb0
> [ 458.684348] [<c017a131>] ? check_bytes_and_report+0x21/0xc0
> [ 458.684348] [<c0146ef4>] ? __lock_acquire+0x2c4/0x1120
> [ 458.684348] [<c032aa41>] ? dtSearch+0x721/0x9f0
> [ 458.684348] [<c032aa41>] ? dtSearch+0x721/0x9f0
> [ 458.684348] [<c010974f>] ? native_sched_clock+0x7f/0xb0
> [ 458.684348] [<c05fed37>] ? _spin_unlock+0x27/0x50
> [ 458.684348] [<c0330018>] ? force_metapage+0x8/0x80
> [ 458.684348] [<c03187e2>] ? jfs_create+0x212/0x360
> [ 458.684348] [<c010974f>] ? native_sched_clock+0x7f/0xb0
> [ 458.684348] [<c03387b0>] ? jfs_permission+0x0/0x10
> [ 458.684348] [<c01880b4>] ? vfs_create+0xa4/0x100
> [ 458.684348] [<c018b223>] ? do_filp_open+0x683/0x780
> [ 458.684348] [<c010974f>] ? native_sched_clock+0x7f/0xb0
> [ 458.684348] [<c05fed37>] ? _spin_unlock+0x27/0x50
> [ 458.684348] [<c017e1a9>] ? do_sys_open+0x49/0xe0
> [ 458.684348] [<c017e2a9>] ? sys_open+0x29/0x40
> [ 458.684348] [<c017e2e1>] ? sys_creat+0x21/0x30
> [ 458.684348] [<c0103d7d>] ? sysenter_past_esp+0x6a/0xb1
> [ 458.684348] =======================
> [ 458.684348] Code: 55 89 e5 57 89 d7 56 be e4 ff ff ff 53 89 c3 83 ec
> 14 89 4d f0 0f be 40 11 39 d0 7c 74 8b 73 0c 31 c0 85 f6 7e 5f b9 01 00
> 00 00 <0f> be 44 19 11 39 c7 7e 67 8d 51 01 0f be 44 1a 1jfs.18.img.bz21 39 c7 7e 5d
> [ 458.684348] EIP: [<c0323eab>] dbFindLeaf+0x2b/0xb0 SS:ESP
> 0068:ca8bd984
> [ 458.684348] ---[ end trace 6c51bcbd2c170a69 ]---
>
> The image can be found at http://www.cccmz.de/~snakebyte/jfs.18.img.bz2
>
and i just got another one...
[ 2223.316259] ERROR: (device loop0): XT_GETPAGE: xtree page corrupt
[ 2223.322958] ERROR: (device loop0): XT_GETPAGE: xtree page corrupt
[ 2231.555219] ------------[ cut here ]------------
[ 2231.555344] WARNING: at kernel/mutex.c:134
mutex_lock_nested+0x252/0x2a0()
[ 2231.555346] Modules linked in: nfsd exportfs
[ 2231.555346] Pid: 8081, comm: mkdir Not tainted
2.6.26-rc3-00243-gd40ace0 #26
[ 2231.555346] [<c01252c4>] warn_on_slowpath+0x54/0x70
[ 2231.555346] [<c01441ad>] ? put_lock_stats+0xd/0x30
[ 2231.555346] [<c010974f>] ? native_sched_clock+0x7f/0xb0
[ 2231.555346] [<c01465db>] ? mark_held_locks+0x4b/0x80
[ 2231.555346] [<c05fcf8c>] ? __mutex_unlock_slowpath+0xac/0x140
[ 2231.555346] [<c014676d>] ? trace_hardirqs_on+0xbd/0x140
[ 2231.555346] [<c05fd282>] mutex_lock_nested+0x252/0x2a0
[ 2231.555346] [<c0321ec1>] ? diAlloc+0x211/0x6d0
[ 2231.555346] [<c0321ec1>] diAlloc+0x211/0x6d0
[ 2231.555346] [<c05fed37>] ? _spin_unlock+0x27/0x50
[ 2231.555346] [<c032e988>] ialloc+0x48/0x290
[ 2231.555346] [<c0318984>] jfs_mkdir+0x54/0x370
[ 2231.555346] [<c014686c>] ? debug_check_no_locks_freed+0x7c/0x130
[ 2231.555346] [<c010974f>] ? native_sched_clock+0x7f/0xb0
[ 2231.555346] [<c010974f>] ? native_sched_clock+0x7f/0xb0
[ 2231.555346] [<c03387b0>] ? jfs_permission+0x0/0x10
[ 2231.555346] [<c03387bd>] ? jfs_permission+0xd/0x10
[ 2231.555346] [<c0187e98>] vfs_mkdir+0x98/0xf0
[ 2231.555346] [<c05fed37>] ? _spin_unlock+0x27/0x50
[ 2231.555346] [<c018a436>] sys_mkdirat+0xd6/0xf0
[ 2231.555346] [<c013c176>] ? up_read+0x16/0x30
[ 2231.555346] [<c0118287>] ? do_page_fault+0x2c7/0x640
[ 2231.555346] [<c0103e67>] ? restore_nocheck+0x12/0x15
[ 2231.555346] [<c018a470>] sys_mkdir+0x20/0x30
[ 2231.555346] [<c0103d7d>] sysenter_past_esp+0x6a/0xb1
[ 2231.555346] =======================
[ 2231.555346] ---[ end trace 91ffe6a3a3009964 ]---
[ 2231.555346] BUG: unable to handle kernel NULL pointer dereference at
00000000
[ 2231.555346] IP: [<c037b960>] __list_add+0x10/0x60
[ 2231.555346] *pde = 00000000
[ 2231.555346] Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC
[ 2231.555346] Modules linked in: nfsd exportfs
[ 2231.555346]
[ 2231.555346] Pid: 8081, comm: mkdir Tainted: G W
(2.6.26-rc3-00243-gd40ace0 #26)
[ 2231.555346] EIP: 0060:[<c037b960>] EFLAGS: 00010046 CPU: 0
[ 2231.555346] EIP is at __list_add+0x10/0x60
[ 2231.555346] EAX: 00000000 EBX: c28c7d98 ECX: c2f9f890 EDX: 00000000
[ 2231.555346] ESI: 00000246 EDI: c2f9f870 EBP: c28c7d70 ESP: c28c7d5c
[ 2231.555346] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[ 2231.555346] Process mkdir (pid: 8081, ti=c28c7000 task=cbed2f40
task.ti=c28c7000)
[ 2231.555346] Stack: c0321ec1 c2f9f8a4 c2f9f86c 00000246 c2f9f86c
c28c7db8 c05fd0e1 00000000
[ 2231.555346] 00000002 c0321ec1 c2f9f890 c0321ec1 00000000
cbed2f40 c2f9f8a4 c28c7d98
[ 2231.555346] c28c7d98 11111111 c2f9f86c c28c7d98 c390c2d4
c2bdc000 00000010 c28c7e20
[ 2231.555346] Call Trace:
[ 2231.555346] [<c0321ec1>] ? diAlloc+0x211/0x6d0
[ 2231.555346] [<c05fd0e1>] ? mutex_lock_nested+0xb1/0x2a0
[ 2231.555346] [<c0321ec1>] ? diAlloc+0x211/0x6d0
[ 2231.555346] [<c0321ec1>] ? diAlloc+0x211/0x6d0
[ 2231.555346] [<c0321ec1>] ? diAlloc+0x211/0x6d0
[ 2231.555346] [<c05fed37>] ? _spin_unlock+0x27/0x50
[ 2231.555346] [<c032e988>] ? ialloc+0x48/0x290
[ 2231.555346] [<c0318984>] ? jfs_mkdir+0x54/0x370
[ 2231.555346] [<c014686c>] ? debug_check_no_locks_freed+0x7c/0x130
[ 2231.555346] [<c010974f>] ? native_sched_clock+0x7f/0xb0
[ 2231.555346] [<c010974f>] ? native_sched_clock+0x7f/0xb0
[ 2231.555346] [<c03387b0>] ? jfs_permission+0x0/0x10
[ 2231.555346] [<c03387bd>] ? jfs_permission+0xd/0x10
[ 2231.555346] [<c0187e98>] ? vfs_mkdir+0x98/0xf0
[ 2231.555346] [<c05fed37>] ? _spin_unlock+0x27/0x50
[ 2231.555346] [<c018a436>] ? sys_mkdirat+0xd6/0xf0
[ 2231.555346] [<c013c176>] ? up_read+0x16/0x30
[ 2231.555346] [<c0118287>] ? do_page_fault+0x2c7/0x640
[ 2231.555346] [<c0103e67>] ? restore_nocheck+0x12/0x15
[ 2231.555346] [<c018a470>] ? sys_mkdir+0x20/0x30
[ 2231.555346] [<c0103d7d>] ? sysenter_past_esp+0x6a/0xb1
[ 2231.555346] =======================
[ 2231.555346] Code: 54 24 04 c7 04 24 10 98 73 c0 e8 cc a9 da ff 0f 0b
eb fe 90 8d b4 26 00 00 00 00 55 89 e5 53 89 c3 83 ec 10 8b 41 04 39 d0
75 16 <8b> 10 39 ca 75 2c 89 5a 04 89 13 89 43 04 89 18 83 c4 10 5b 5d
[ 2231.555346] EIP: [<c037b960>] __list_add+0x10/0x60 SS:ESP
0068:c28c7d5c
[ 2231.555346] ---[ end trace 91ffe6a3a3009964 ]---
image can be found at http://www.cccmz.de/~snakebyte/jfs.11.img.bz2
I guess i will stop torturing jfs until monday or so :-)
Greetings, Eric
next prev parent reply other threads:[~2008-05-21 15:10 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-19 10:07 Filesystem fuzzing Eric Sesterhenn
2008-05-20 15:40 ` Dave Kleikamp
2008-05-21 8:26 ` Eric Sesterhenn
[not found] ` <20080521111627.GA14265@alice>
2008-05-21 15:10 ` Eric Sesterhenn [this message]
2008-05-21 16:19 ` Dave Kleikamp
2008-05-21 15:44 ` Dave Kleikamp
2008-05-22 20:29 ` Eric Sesterhenn
2008-05-21 17:21 ` Sunil Mushran
2008-05-21 18:49 ` Eric Sesterhenn
2008-05-27 8:00 ` Eric Sesterhenn
2008-05-27 8:01 ` [Ocfs2-devel] " Eric Sesterhenn
2008-05-27 8:29 ` Eric Sesterhenn
2008-05-27 8:29 ` [Ocfs2-devel] " Eric Sesterhenn
2008-05-28 2:29 ` Sunil Mushran
2008-05-28 2:29 ` Sunil Mushran
2008-05-29 13:17 ` Eric Sesterhenn
2008-05-29 13:18 ` [Ocfs2-devel] " Eric Sesterhenn
2008-05-29 14:56 ` Szabolcs Szakacsits
2008-05-30 7:51 ` Eric Sesterhenn
2008-05-30 19:58 ` Szabolcs Szakacsits
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080521151034.GA16128@alice \
--to=snakebyte@gmx.de \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=shaggy@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.