From: "Toralf Förster" <toralf.foerster@gmx.de>
To: linux-ext4@vger.kernel.org
Cc: UML devel <user-mode-linux-devel@lists.sourceforge.net>
Subject: fuzz testing an ext4fs file system under a 32 bit Linux user mode linux guest let task jbd2/ubda hang
Date: Sun, 03 Aug 2014 15:52:18 +0200 [thread overview]
Message-ID: <53DE3E92.3060304@gmx.de> (raw)
Hello,
fuzzying a 32 bit stable Gentoo x86 linux with trinity (and without excluding the munmap syscall but it might be independed from this) gives within a 32 bit user mode linux guest :
Aug 3 15:31:19 trinity su[1475]: Successful su for root by root
Aug 3 15:31:19 trinity su[1475]: + ??? root:root
Aug 3 15:31:19 trinity su[1475]: pam_unix(su:session): session opened for user root by (uid=0)
Aug 3 15:31:19 trinity su[1475]: pam_unix(su:session): session closed for user root
Aug 3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug 3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug 3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug 3 15:31:23 trinity kernel: trinity-c1 (1687) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
Aug 3 15:31:23 trinity kernel: VFS: Warning: trinity-c0 using old stat() call. Recompile your binary.
Aug 3 15:31:23 trinity kernel: warning: process `trinity-c0' used the deprecated sysctl system call with
Aug 3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug 3 15:37:50 trinity kernel: INFO: task jbd2/ubda-8:397 blocked for more than 120 seconds.
Aug 3 15:37:50 trinity kernel: Not tainted 3.16.0-rc7-00111-g3f9c08f #92
Aug 3 15:37:50 trinity kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 3 15:37:50 trinity kernel: jbd2/ubda-8 D 400011d2 0 397 2 0x00000000
Aug 3 15:37:50 trinity kernel: Stack:
Aug 3 15:37:50 trinity kernel: 086c8b7c 00000001 00000000 8486fd88 08060864 851e9f3c 086c8b7c 851e9a00
Aug 3 15:37:50 trinity kernel: 851e9a00 8486fdb0 084e7d14 851e9a00 086c8640 00000001 00000010 00001000
Aug 3 15:37:50 trinity kernel: 8486fe28 8486fe20 ffffffff 8486fdc4 084e7e05 080729be 00000000 8486fde0
Aug 3 15:37:50 trinity kernel: Call Trace:
Aug 3 15:37:50 trinity kernel: [<08060864>] __switch_to+0x44/0x70
Aug 3 15:37:50 trinity kernel: [<084e7d14>] __schedule+0x2c4/0x360
Aug 3 15:37:50 trinity kernel: [<084e7e05>] schedule+0x55/0x60
Aug 3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug 3 15:37:50 trinity kernel: [<084e8106>] io_schedule+0x46/0x60
Aug 3 15:37:50 trinity kernel: [<0812f628>] sleep_on_buffer+0x8/0x10
Aug 3 15:37:50 trinity kernel: [<084e81cc>] __wait_on_bit+0x3c/0x70
Aug 3 15:37:50 trinity kernel: [<084e82f9>] out_of_line_wait_on_bit+0x69/0x80
Aug 3 15:37:50 trinity kernel: [<0812f620>] ? sleep_on_buffer+0x0/0x10
Aug 3 15:37:50 trinity kernel: [<080a4b60>] ? wake_bit_function+0x0/0x50
Aug 3 15:37:50 trinity kernel: [<08130290>] __wait_on_buffer+0x30/0x40
Aug 3 15:37:50 trinity kernel: [<0812f620>] ? sleep_on_buffer+0x0/0x10
Aug 3 15:37:50 trinity kernel: [<081c841a>] jbd2_journal_commit_transaction+0xe1a/0x1390
Aug 3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug 3 15:37:50 trinity kernel: [<081cbc8f>] kjournald2+0xaf/0x1f0
Aug 3 15:37:50 trinity kernel: [<081cbc8f>] ? kjournald2+0xaf/0x1f0
Aug 3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug 3 15:37:50 trinity kernel: [<080a4b10>] ? autoremove_wake_function+0x0/0x50
Aug 3 15:37:50 trinity kernel: [<081cbbe0>] ? kjournald2+0x0/0x1f0
Aug 3 15:37:50 trinity kernel: [<08096806>] kthread+0xd6/0xe0
Aug 3 15:37:50 trinity kernel: [<0809dd7d>] ? finish_task_switch.isra.56+0x1d/0x70
Aug 3 15:37:50 trinity kernel: [<0806064b>] new_thread_handler+0x6b/0x90
Aug 3 15:37:50 trinity kernel:
Aug 3 15:39:50 trinity kernel: INFO: task jbd2/ubda-8:397 blocked for more than 120 seconds.
The trinity fuzzer now seems to be in an endless loop, the corresponding process at the host side gives always :
Thread 1 (process 21625):
#0 0xb7726aec in __kernel_vsyscall ()
#1 0x08496f6f in __nanosleep_nocancel () at ../sysdeps/unix/syscall-template.S:81
#2 0x08073124 in idle_sleep (nsecs=606859328233668608) at arch/um/os-Linux/time.c:183
#3 0x08060b3f in arch_cpu_idle () at arch/um/kernel/process.c:208
#4 0x080a5405 in cpuidle_idle_call () at kernel/sched/idle.c:120
#5 cpu_idle_loop () at kernel/sched/idle.c:224
#6 cpu_startup_entry (state=CPUHP_ONLINE) at kernel/sched/idle.c:272
#7 0x084e1692 in rest_init () at init/main.c:419
#8 0x0804892e in start_kernel () at init/main.c:679
#9 0x08049fc9 in start_kernel_proc (unused=0x0) at arch/um/kernel/skas/process.c:46
#10 0x0806064b in new_thread_handler () at arch/um/kernel/process.c:129
#11 0x00000000 in ?? ()
It might be that [1] has few more info/data, or ?
The diff to [1] is just that I'm still able to login into the UML guest.
[1] http://sourceforge.net/p/user-mode-linux/mailman/message/32673925/
--
Toralf
WARNING: multiple messages have this Message-ID (diff)
From: "Toralf Förster" <toralf.foerster@gmx.de>
To: linux-ext4@vger.kernel.org
Cc: UML devel <user-mode-linux-devel@lists.sourceforge.net>
Subject: [uml-devel] fuzz testing an ext4fs file system under a 32 bit Linux user mode linux guest let task jbd2/ubda hang
Date: Sun, 03 Aug 2014 15:52:18 +0200 [thread overview]
Message-ID: <53DE3E92.3060304@gmx.de> (raw)
Hello,
fuzzying a 32 bit stable Gentoo x86 linux with trinity (and without excluding the munmap syscall but it might be independed from this) gives within a 32 bit user mode linux guest :
Aug 3 15:31:19 trinity su[1475]: Successful su for root by root
Aug 3 15:31:19 trinity su[1475]: + ??? root:root
Aug 3 15:31:19 trinity su[1475]: pam_unix(su:session): session opened for user root by (uid=0)
Aug 3 15:31:19 trinity su[1475]: pam_unix(su:session): session closed for user root
Aug 3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug 3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug 3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug 3 15:31:23 trinity kernel: trinity-c1 (1687) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
Aug 3 15:31:23 trinity kernel: VFS: Warning: trinity-c0 using old stat() call. Recompile your binary.
Aug 3 15:31:23 trinity kernel: warning: process `trinity-c0' used the deprecated sysctl system call with
Aug 3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug 3 15:37:50 trinity kernel: INFO: task jbd2/ubda-8:397 blocked for more than 120 seconds.
Aug 3 15:37:50 trinity kernel: Not tainted 3.16.0-rc7-00111-g3f9c08f #92
Aug 3 15:37:50 trinity kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug 3 15:37:50 trinity kernel: jbd2/ubda-8 D 400011d2 0 397 2 0x00000000
Aug 3 15:37:50 trinity kernel: Stack:
Aug 3 15:37:50 trinity kernel: 086c8b7c 00000001 00000000 8486fd88 08060864 851e9f3c 086c8b7c 851e9a00
Aug 3 15:37:50 trinity kernel: 851e9a00 8486fdb0 084e7d14 851e9a00 086c8640 00000001 00000010 00001000
Aug 3 15:37:50 trinity kernel: 8486fe28 8486fe20 ffffffff 8486fdc4 084e7e05 080729be 00000000 8486fde0
Aug 3 15:37:50 trinity kernel: Call Trace:
Aug 3 15:37:50 trinity kernel: [<08060864>] __switch_to+0x44/0x70
Aug 3 15:37:50 trinity kernel: [<084e7d14>] __schedule+0x2c4/0x360
Aug 3 15:37:50 trinity kernel: [<084e7e05>] schedule+0x55/0x60
Aug 3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug 3 15:37:50 trinity kernel: [<084e8106>] io_schedule+0x46/0x60
Aug 3 15:37:50 trinity kernel: [<0812f628>] sleep_on_buffer+0x8/0x10
Aug 3 15:37:50 trinity kernel: [<084e81cc>] __wait_on_bit+0x3c/0x70
Aug 3 15:37:50 trinity kernel: [<084e82f9>] out_of_line_wait_on_bit+0x69/0x80
Aug 3 15:37:50 trinity kernel: [<0812f620>] ? sleep_on_buffer+0x0/0x10
Aug 3 15:37:50 trinity kernel: [<080a4b60>] ? wake_bit_function+0x0/0x50
Aug 3 15:37:50 trinity kernel: [<08130290>] __wait_on_buffer+0x30/0x40
Aug 3 15:37:50 trinity kernel: [<0812f620>] ? sleep_on_buffer+0x0/0x10
Aug 3 15:37:50 trinity kernel: [<081c841a>] jbd2_journal_commit_transaction+0xe1a/0x1390
Aug 3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug 3 15:37:50 trinity kernel: [<081cbc8f>] kjournald2+0xaf/0x1f0
Aug 3 15:37:50 trinity kernel: [<081cbc8f>] ? kjournald2+0xaf/0x1f0
Aug 3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug 3 15:37:50 trinity kernel: [<080a4b10>] ? autoremove_wake_function+0x0/0x50
Aug 3 15:37:50 trinity kernel: [<081cbbe0>] ? kjournald2+0x0/0x1f0
Aug 3 15:37:50 trinity kernel: [<08096806>] kthread+0xd6/0xe0
Aug 3 15:37:50 trinity kernel: [<0809dd7d>] ? finish_task_switch.isra.56+0x1d/0x70
Aug 3 15:37:50 trinity kernel: [<0806064b>] new_thread_handler+0x6b/0x90
Aug 3 15:37:50 trinity kernel:
Aug 3 15:39:50 trinity kernel: INFO: task jbd2/ubda-8:397 blocked for more than 120 seconds.
The trinity fuzzer now seems to be in an endless loop, the corresponding process at the host side gives always :
Thread 1 (process 21625):
#0 0xb7726aec in __kernel_vsyscall ()
#1 0x08496f6f in __nanosleep_nocancel () at ../sysdeps/unix/syscall-template.S:81
#2 0x08073124 in idle_sleep (nsecs=606859328233668608) at arch/um/os-Linux/time.c:183
#3 0x08060b3f in arch_cpu_idle () at arch/um/kernel/process.c:208
#4 0x080a5405 in cpuidle_idle_call () at kernel/sched/idle.c:120
#5 cpu_idle_loop () at kernel/sched/idle.c:224
#6 cpu_startup_entry (state=CPUHP_ONLINE) at kernel/sched/idle.c:272
#7 0x084e1692 in rest_init () at init/main.c:419
#8 0x0804892e in start_kernel () at init/main.c:679
#9 0x08049fc9 in start_kernel_proc (unused=0x0) at arch/um/kernel/skas/process.c:46
#10 0x0806064b in new_thread_handler () at arch/um/kernel/process.c:129
#11 0x00000000 in ?? ()
It might be that [1] has few more info/data, or ?
The diff to [1] is just that I'm still able to login into the UML guest.
[1] http://sourceforge.net/p/user-mode-linux/mailman/message/32673925/
--
Toralf
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
next reply other threads:[~2014-08-03 13:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-03 13:52 Toralf Förster [this message]
2014-08-03 13:52 ` [uml-devel] fuzz testing an ext4fs file system under a 32 bit Linux user mode linux guest let task jbd2/ubda hang Toralf Förster
2014-08-03 18:42 ` Theodore Ts'o
2014-08-03 18:42 ` [uml-devel] " Theodore Ts'o
2014-08-09 18:45 ` Toralf Förster
2014-08-09 18:45 ` [uml-devel] " Toralf Förster
2014-08-09 20:00 ` Theodore Ts'o
2014-08-09 20:00 ` [uml-devel] " Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53DE3E92.3060304@gmx.de \
--to=toralf.foerster@gmx.de \
--cc=linux-ext4@vger.kernel.org \
--cc=user-mode-linux-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.