fuzz testing an ext4fs file system under a 32 bit Linux user mode linux guest let task jbd2/ubda hang

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

fuzzying a 32 bit stable Gentoo x86 linux with trinity (and without excluding the munmap syscall but it might be independed from this) gives within a 32 bit user mode linux guest :


Aug  3 15:31:19 trinity su[1475]: Successful su for root by root
Aug  3 15:31:19 trinity su[1475]: + ??? root:root
Aug  3 15:31:19 trinity su[1475]: pam_unix(su:session): session opened for user root by (uid=0)
Aug  3 15:31:19 trinity su[1475]: pam_unix(su:session): session closed for user root
Aug  3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug  3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug  3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug  3 15:31:23 trinity kernel: trinity-c1 (1687) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
Aug  3 15:31:23 trinity kernel: VFS: Warning: trinity-c0 using old stat() call. Recompile your binary.
Aug  3 15:31:23 trinity kernel: warning: process `trinity-c0' used the deprecated sysctl system call with 
Aug  3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug  3 15:37:50 trinity kernel: INFO: task jbd2/ubda-8:397 blocked for more than 120 seconds.
Aug  3 15:37:50 trinity kernel: Not tainted 3.16.0-rc7-00111-g3f9c08f #92
Aug  3 15:37:50 trinity kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug  3 15:37:50 trinity kernel: jbd2/ubda-8     D 400011d2     0   397      2 0x00000000
Aug  3 15:37:50 trinity kernel: Stack:
Aug  3 15:37:50 trinity kernel: 086c8b7c 00000001 00000000 8486fd88 08060864 851e9f3c 086c8b7c 851e9a00
Aug  3 15:37:50 trinity kernel: 851e9a00 8486fdb0 084e7d14 851e9a00 086c8640 00000001 00000010 00001000
Aug  3 15:37:50 trinity kernel: 8486fe28 8486fe20 ffffffff 8486fdc4 084e7e05 080729be 00000000 8486fde0
Aug  3 15:37:50 trinity kernel: Call Trace:
Aug  3 15:37:50 trinity kernel: [<08060864>] __switch_to+0x44/0x70
Aug  3 15:37:50 trinity kernel: [<084e7d14>] __schedule+0x2c4/0x360
Aug  3 15:37:50 trinity kernel: [<084e7e05>] schedule+0x55/0x60
Aug  3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug  3 15:37:50 trinity kernel: [<084e8106>] io_schedule+0x46/0x60
Aug  3 15:37:50 trinity kernel: [<0812f628>] sleep_on_buffer+0x8/0x10
Aug  3 15:37:50 trinity kernel: [<084e81cc>] __wait_on_bit+0x3c/0x70
Aug  3 15:37:50 trinity kernel: [<084e82f9>] out_of_line_wait_on_bit+0x69/0x80
Aug  3 15:37:50 trinity kernel: [<0812f620>] ? sleep_on_buffer+0x0/0x10
Aug  3 15:37:50 trinity kernel: [<080a4b60>] ? wake_bit_function+0x0/0x50
Aug  3 15:37:50 trinity kernel: [<08130290>] __wait_on_buffer+0x30/0x40
Aug  3 15:37:50 trinity kernel: [<0812f620>] ? sleep_on_buffer+0x0/0x10
Aug  3 15:37:50 trinity kernel: [<081c841a>] jbd2_journal_commit_transaction+0xe1a/0x1390
Aug  3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug  3 15:37:50 trinity kernel: [<081cbc8f>] kjournald2+0xaf/0x1f0
Aug  3 15:37:50 trinity kernel: [<081cbc8f>] ? kjournald2+0xaf/0x1f0
Aug  3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug  3 15:37:50 trinity kernel: [<080a4b10>] ? autoremove_wake_function+0x0/0x50
Aug  3 15:37:50 trinity kernel: [<081cbbe0>] ? kjournald2+0x0/0x1f0
Aug  3 15:37:50 trinity kernel: [<08096806>] kthread+0xd6/0xe0
Aug  3 15:37:50 trinity kernel: [<0809dd7d>] ? finish_task_switch.isra.56+0x1d/0x70
Aug  3 15:37:50 trinity kernel: [<0806064b>] new_thread_handler+0x6b/0x90
Aug  3 15:37:50 trinity kernel: 
Aug  3 15:39:50 trinity kernel: INFO: task jbd2/ubda-8:397 blocked for more than 120 seconds.



The trinity fuzzer now seems to be in an endless loop, the corresponding process at the host side gives always :


Thread 1 (process 21625):
#0  0xb7726aec in __kernel_vsyscall ()
#1  0x08496f6f in __nanosleep_nocancel () at ../sysdeps/unix/syscall-template.S:81
#2  0x08073124 in idle_sleep (nsecs=606859328233668608) at arch/um/os-Linux/time.c:183
#3  0x08060b3f in arch_cpu_idle () at arch/um/kernel/process.c:208
#4  0x080a5405 in cpuidle_idle_call () at kernel/sched/idle.c:120
#5  cpu_idle_loop () at kernel/sched/idle.c:224
#6  cpu_startup_entry (state=CPUHP_ONLINE) at kernel/sched/idle.c:272
#7  0x084e1692 in rest_init () at init/main.c:419
#8  0x0804892e in start_kernel () at init/main.c:679
#9  0x08049fc9 in start_kernel_proc (unused=0x0) at arch/um/kernel/skas/process.c:46
#10 0x0806064b in new_thread_handler () at arch/um/kernel/process.c:129
#11 0x00000000 in ?? ()


It might be that [1] has few more info/data, or ?
The diff to [1] is just that I'm still able to login into the UML guest.



[1] http://sourceforge.net/p/user-mode-linux/mailman/message/32673925/

-- 
Toralf

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux