From: Eric Sesterhenn <snakebyte@gmx.de>
To: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Cc: linux-fsdevel@vger.kernel.org, jfs-discussion@lists.sourceforge.net
Subject: Re: Filesystem fuzzing
Date: Wed, 21 May 2008 10:26:37 +0200 [thread overview]
Message-ID: <20080521082636.GA4311@alice> (raw)
In-Reply-To: <1211298026.6389.5.camel@norville.austin.ibm.com>
* Dave Kleikamp (shaggy@linux.vnet.ibm.com) wrote:
> On Mon, 2008-05-19 at 12:07 +0200, Eric Sesterhenn wrote:
> > hi,
> >
> > i do some regular filesystem fuzzing, based on a modified version
> > of lmhs fsfuzzer. I try to test current -git at least once a week.
> > Most modifications are adding of new filesystems or mounting
> > them with different options, but i also added
> > some new tests like invoking iozone, fsx or fsstress if available
> >
> > I currently test vfat, udf, msdos, swap, iso9660, ext2,
> > ext3, ext4, hfs, hfsplus, gfs2, ntfs, minix, qnx4, affs and bfs
>
> You didn't mention jfs. If you want to test that, you can report any
> bugs to me or to jfs-discussion@lists.sourceforge.net.
ah, i removed jfs somewhen because the mkfs.jfs doesnt work
if the file is smaller than 16mb, i readded it and got
a first oops for you
[52500.590030] ERROR: (device loop1): diRead: i_ino != di_number
[52500.590308] BUG: unable to handle kernel NULL pointer dereference at
00000237
[52500.590518] IP: [<c019348a>] iput+0xa/0x50
[52500.590642] *pde = 00000000
[52500.590749] Oops: 0000 [#2] PREEMPT DEBUG_PAGEALLOC
[52500.590958] Modules linked in: nfsd exportfs
[52500.591155]
[52500.591220] Pid: 6938, comm: mount Tainted: G D (2.6.26-rc3
#26)
[52500.591304] EIP: 0060:[<c019348a>] EFLAGS: 00010282 CPU: 0
[52500.591356] EIP is at iput+0xa/0x50
[52500.591356] EAX: fffffffb EBX: fffffffb ECX: 00000001 EDX: 00000000
[52500.591356] ESI: c9811920 EDI: cbd5f780 EBP: cbc67e34 ESP: cbc67e30
[52500.591356] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[52500.591356] Process mount (pid: 6938, ti=cbc67000 task=cbeb3f00
task.ti=cbc67000)
[52500.591356] Stack: fffffffb cbc67e5c c0316078 cbc67e4c fffffffb
00000000 00000000 00000002
[52500.591356] 00000000 c9811920 00000000 cbc67ea0 c01827ff
cf415d40 c07b93c0 cf415d40
[52500.591356] c9811920 706f6f6c 00000031 c01971ed c07e4ddc
c01971ed 000000d0 cf32e6c0
[52500.591356] Call Trace:
[52500.591356] [<c0316078>] ? jfs_fill_super+0x268/0x2a0
[52500.591356] [<c01827ff>] ? get_sb_bdev+0xef/0x120
[52500.591356] [<c01971ed>] ? alloc_vfsmnt+0xdd/0x120
[52500.591356] [<c01971ed>] ? alloc_vfsmnt+0xdd/0x120
[52500.591356] [<c0314fd2>] ? jfs_get_sb+0x22/0x30
[52500.591356] [<c0315e10>] ? jfs_fill_super+0x0/0x2a0
[52500.591356] [<c018234a>] ? vfs_kern_mount+0x3a/0x90
[52500.591356] [<c01823f9>] ? do_kern_mount+0x39/0xd0
[52500.591356] [<c0198425>] ? do_new_mount+0x65/0x90
[52500.591356] [<c01985aa>] ? do_mount+0x15a/0x1b0
[52500.591356] [<c015fc7b>] ? __get_free_pages+0x1b/0x30
[52500.591356] [<c01962b8>] ? copy_mount_options+0x38/0x140
[52500.591356] [<c0188d47>] ? getname+0xa7/0xc0
[52500.591356] [<c019866f>] ? sys_mount+0x6f/0xb0
[52500.591356] [<c0103d7d>] ? sysenter_past_esp+0x6a/0xb1
[52500.591356] =======================
[52500.591356] Code: 4f fa ff 5d c3 8d b6 00 00 00 00 8d bf 00 00 00 00
55 89 e5 e8 d8 88 46 00 31 c0 5d c3 8d 74 26 00 55 85 c0 89 e5 53 89 c3
74 3d <83> b8 3c 02 00 00 40 74 37 8d 40 24 ba e0 ce 7a c0 e8 90 3c 1d
[52500.591356] EIP: [<c019348a>] iput+0xa/0x50 SS:ESP 0068:cbc67e30
[52500.599040] ---[ end trace 299f5ea1b691e69f ]---
kerneloops.org also catched it, but the code is not disassembled
yet, http://kerneloops.org/raw.php?rawid=13020&msgid=
this is with linux-next from yesterday
A copy of the image file is available here:
http://www.cccmz.de/~snakebyte/jfs.7.img.bz2
Greetings, Eric
next prev parent reply other threads:[~2008-05-21 8:26 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-19 10:07 Filesystem fuzzing Eric Sesterhenn
2008-05-20 15:40 ` Dave Kleikamp
2008-05-21 8:26 ` Eric Sesterhenn [this message]
[not found] ` <20080521111627.GA14265@alice>
2008-05-21 15:10 ` Eric Sesterhenn
2008-05-21 16:19 ` Dave Kleikamp
2008-05-21 15:44 ` Dave Kleikamp
2008-05-22 20:29 ` Eric Sesterhenn
2008-05-21 17:21 ` Sunil Mushran
2008-05-21 18:49 ` Eric Sesterhenn
2008-05-27 8:00 ` Eric Sesterhenn
2008-05-27 8:29 ` Eric Sesterhenn
2008-05-28 2:29 ` Sunil Mushran
2008-05-29 13:17 ` Eric Sesterhenn
2008-05-29 14:56 ` Szabolcs Szakacsits
2008-05-30 7:51 ` Eric Sesterhenn
2008-05-30 19:58 ` Szabolcs Szakacsits
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080521082636.GA4311@alice \
--to=snakebyte@gmx.de \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=shaggy@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).