From: "Toralf Förster" <toralf.foerster@gmx.de>
To: linux-ext4@vger.kernel.org
Cc: "user-mode-linux-devel@lists.sourceforge.net"
<user-mode-linux-devel@lists.sourceforge.net>
Subject: fuzzying a user mode linux image often core dumps with
Date: Sat, 20 Jul 2013 17:07:19 +0200 [thread overview]
Message-ID: <51EAA7A7.4000104@gmx.de> (raw)
I do run the fuzzer trinity within a 32 bit user mode linux.
With latest git tree I do often get a core dump like the one attached.
Although it is the nature of trinity to corrupt the kernel /me wonders why it happens nearly alway
at the same place. That's why I decided to just report it here.
[New LWP 26743]
Core was generated by `/usr/local/bin/linux-v3.11-rc1-214-g6cc1862 earlyprintk ubda=/home/tfoerste/vir'.
Program terminated with signal 6, Aborted.
#0 0xb77b6424 in __kernel_vsyscall ()
#0 0xb77b6424 in __kernel_vsyscall ()
#1 0x083a3245 in kill ()
#2 0x0807163d in uml_abort () at arch/um/os-Linux/util.c:93
#3 0x08071925 in os_dump_core () at arch/um/os-Linux/util.c:138
#4 0x080613a7 in panic_exit (self=0x85a1518 <panic_exit_notifier>, unused1=0, unused2=0x85d6ce0 <buf.15904>) at arch/um/kernel/um_arch.c:240
#5 0x0809d588 in notifier_call_chain (nl=0x0, val=0, v=0x85d6ce0 <buf.15904>, nr_to_call=-2, nr_calls=0x0) at kernel/notifier.c:93
#6 0x0809d6d3 in __atomic_notifier_call_chain (nr_calls=<optimized out>, nr_to_call=<optimized out>, v=<optimized out>, val=<optimized out>, nh=<optimized out>) at kernel/notifier.c:182
#7 atomic_notifier_call_chain (nh=0x85d6cc4 <panic_notifier_list>, val=0, v=0x85d6ce0 <buf.15904>) at kernel/notifier.c:191
#8 0x08400a28 in panic (fmt=0x0) at kernel/panic.c:128
#9 0x0818a4b5 in ext4_orphan_add (handle=0x47870000, inode=0x47a06c60) at fs/ext4/namei.c:2571
#10 0x0818a6e5 in ext4_tmpfile (dir=0x479f5380, dentry=0x47a4b4d0, mode=0) at fs/ext4/namei.c:2319
#11 0x0810b7af in do_tmpfile (opened=<optimized out>, file=<optimized out>, op=<optimized out>, flags=<optimized out>, nd=<optimized out>, pathname=<optimized out>, dfd=<optimized out>) at fs/namei.c:2938
#12 path_openat (dfd=1201623936, pathname=0x47ce9040, nd=0x46effde4, op=0x46effe70, flags=67) at fs/namei.c:2981
#13 0x0810bcb1 in do_filp_open (dfd=-100, pathname=0x47ce9040, op=0x46effe70) at fs/namei.c:3043
#14 0x080fe5f8 in do_sys_open (dfd=0, filename=0x0, flags=4841986, mode=0) at fs/open.c:954
#15 0x080fe6c8 in SYSC_open (mode=<optimized out>, flags=<optimized out>, filename=<optimized out>) at fs/open.c:972
#16 SyS_open (filename=135073872, flags=4841986, mode=3127) at fs/open.c:967
#17 0x080618e2 in handle_syscall (r=0x46e0c7d4) at arch/um/kernel/skas/syscall.c:35
#18 0x08073c0d in handle_trap (local_using_sysemu=<optimized out>, regs=<optimized out>, pid=<optimized out>) at arch/um/os-Linux/skas/process.c:198
#19 userspace (regs=0x46e0c7d4) at arch/um/os-Linux/skas/process.c:431
#20 0x0805e65c in fork_handler () at arch/um/kernel/process.c:160
#21 0x00000000 in ?? ()
--
MfG/Sincerely
Toralf Förster
pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: "Toralf Förster" <toralf.foerster@gmx.de>
To: linux-ext4@vger.kernel.org
Cc: "user-mode-linux-devel@lists.sourceforge.net"
<user-mode-linux-devel@lists.sourceforge.net>
Subject: [uml-devel] fuzzying a user mode linux image often core dumps with
Date: Sat, 20 Jul 2013 17:07:19 +0200 [thread overview]
Message-ID: <51EAA7A7.4000104@gmx.de> (raw)
I do run the fuzzer trinity within a 32 bit user mode linux.
With latest git tree I do often get a core dump like the one attached.
Although it is the nature of trinity to corrupt the kernel /me wonders why it happens nearly alway
at the same place. That's why I decided to just report it here.
[New LWP 26743]
Core was generated by `/usr/local/bin/linux-v3.11-rc1-214-g6cc1862 earlyprintk ubda=/home/tfoerste/vir'.
Program terminated with signal 6, Aborted.
#0 0xb77b6424 in __kernel_vsyscall ()
#0 0xb77b6424 in __kernel_vsyscall ()
#1 0x083a3245 in kill ()
#2 0x0807163d in uml_abort () at arch/um/os-Linux/util.c:93
#3 0x08071925 in os_dump_core () at arch/um/os-Linux/util.c:138
#4 0x080613a7 in panic_exit (self=0x85a1518 <panic_exit_notifier>, unused1=0, unused2=0x85d6ce0 <buf.15904>) at arch/um/kernel/um_arch.c:240
#5 0x0809d588 in notifier_call_chain (nl=0x0, val=0, v=0x85d6ce0 <buf.15904>, nr_to_call=-2, nr_calls=0x0) at kernel/notifier.c:93
#6 0x0809d6d3 in __atomic_notifier_call_chain (nr_calls=<optimized out>, nr_to_call=<optimized out>, v=<optimized out>, val=<optimized out>, nh=<optimized out>) at kernel/notifier.c:182
#7 atomic_notifier_call_chain (nh=0x85d6cc4 <panic_notifier_list>, val=0, v=0x85d6ce0 <buf.15904>) at kernel/notifier.c:191
#8 0x08400a28 in panic (fmt=0x0) at kernel/panic.c:128
#9 0x0818a4b5 in ext4_orphan_add (handle=0x47870000, inode=0x47a06c60) at fs/ext4/namei.c:2571
#10 0x0818a6e5 in ext4_tmpfile (dir=0x479f5380, dentry=0x47a4b4d0, mode=0) at fs/ext4/namei.c:2319
#11 0x0810b7af in do_tmpfile (opened=<optimized out>, file=<optimized out>, op=<optimized out>, flags=<optimized out>, nd=<optimized out>, pathname=<optimized out>, dfd=<optimized out>) at fs/namei.c:2938
#12 path_openat (dfd=1201623936, pathname=0x47ce9040, nd=0x46effde4, op=0x46effe70, flags=67) at fs/namei.c:2981
#13 0x0810bcb1 in do_filp_open (dfd=-100, pathname=0x47ce9040, op=0x46effe70) at fs/namei.c:3043
#14 0x080fe5f8 in do_sys_open (dfd=0, filename=0x0, flags=4841986, mode=0) at fs/open.c:954
#15 0x080fe6c8 in SYSC_open (mode=<optimized out>, flags=<optimized out>, filename=<optimized out>) at fs/open.c:972
#16 SyS_open (filename=135073872, flags=4841986, mode=3127) at fs/open.c:967
#17 0x080618e2 in handle_syscall (r=0x46e0c7d4) at arch/um/kernel/skas/syscall.c:35
#18 0x08073c0d in handle_trap (local_using_sysemu=<optimized out>, regs=<optimized out>, pid=<optimized out>) at arch/um/os-Linux/skas/process.c:198
#19 userspace (regs=0x46e0c7d4) at arch/um/os-Linux/skas/process.c:431
#20 0x0805e65c in fork_handler () at arch/um/kernel/process.c:160
#21 0x00000000 in ?? ()
--
MfG/Sincerely
Toralf Förster
pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
next reply other threads:[~2013-07-20 15:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-20 15:07 Toralf Förster [this message]
2013-07-20 15:07 ` [uml-devel] fuzzying a user mode linux image often core dumps with Toralf Förster
2013-07-21 1:03 ` Theodore Ts'o
2013-07-21 1:03 ` [uml-devel] " Theodore Ts'o
2013-07-21 11:14 ` Toralf Förster
2013-07-21 11:14 ` [uml-devel] " Toralf Förster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51EAA7A7.4000104@gmx.de \
--to=toralf.foerster@gmx.de \
--cc=linux-ext4@vger.kernel.org \
--cc=user-mode-linux-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.