From: =?UTF-8?B?VG9yYWxmIEbDtnJzdGVy?= <toralf.foerster@gmx.de>
Subject: fuzzying a user mode linux image often core dumps with
Date: Sat, 20 Jul 2013 17:07:19 +0200
Message-ID: <51EAA7A7.4000104@gmx.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Cc: "user-mode-linux-devel@lists.sourceforge.net"
	<user-mode-linux-devel@lists.sourceforge.net>
To: linux-ext4@vger.kernel.org
Return-path: <linux-ext4-owner@vger.kernel.org>
Received: from mout.gmx.net ([212.227.17.21]:49195 "EHLO mout.gmx.net"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754139Ab3GTPHW (ORCPT <rfc822;linux-ext4@vger.kernel.org>);
	Sat, 20 Jul 2013 11:07:22 -0400
Received: from [80.171.222.82] ([80.171.222.82]) by mail.gmx.com (mrgmx001)
 with ESMTPSA (Nemesis) id 0MgszY-1UnRkm1P3w-00M2SI for
 <linux-ext4@vger.kernel.org>; Sat, 20 Jul 2013 17:07:20 +0200
Sender: linux-ext4-owner@vger.kernel.org
List-ID: <linux-ext4.vger.kernel.org>

I do run the fuzzer trinity within a 32 bit user mode linux.
With latest git tree I do often get a core dump like the one attached.

Although it is the nature of trinity to corrupt the kernel /me wonders =
why it happens nearly alway
at the same place. That's why I decided to just report it here.


[New LWP 26743]
Core was generated by `/usr/local/bin/linux-v3.11-rc1-214-g6cc1862 earl=
yprintk ubda=3D/home/tfoerste/vir'.
Program terminated with signal 6, Aborted.
#0  0xb77b6424 in __kernel_vsyscall ()
#0  0xb77b6424 in __kernel_vsyscall ()
#1  0x083a3245 in kill ()
#2  0x0807163d in uml_abort () at arch/um/os-Linux/util.c:93
#3  0x08071925 in os_dump_core () at arch/um/os-Linux/util.c:138
#4  0x080613a7 in panic_exit (self=3D0x85a1518 <panic_exit_notifier>, u=
nused1=3D0, unused2=3D0x85d6ce0 <buf.15904>) at arch/um/kernel/um_arch.=
c:240
#5  0x0809d588 in notifier_call_chain (nl=3D0x0, val=3D0, v=3D0x85d6ce0=
 <buf.15904>, nr_to_call=3D-2, nr_calls=3D0x0) at kernel/notifier.c:93
#6  0x0809d6d3 in __atomic_notifier_call_chain (nr_calls=3D<optimized o=
ut>, nr_to_call=3D<optimized out>, v=3D<optimized out>, val=3D<optimize=
d out>, nh=3D<optimized out>) at kernel/notifier.c:182
#7  atomic_notifier_call_chain (nh=3D0x85d6cc4 <panic_notifier_list>, v=
al=3D0, v=3D0x85d6ce0 <buf.15904>) at kernel/notifier.c:191
#8  0x08400a28 in panic (fmt=3D0x0) at kernel/panic.c:128
#9  0x0818a4b5 in ext4_orphan_add (handle=3D0x47870000, inode=3D0x47a06=
c60) at fs/ext4/namei.c:2571
#10 0x0818a6e5 in ext4_tmpfile (dir=3D0x479f5380, dentry=3D0x47a4b4d0, =
mode=3D0) at fs/ext4/namei.c:2319
#11 0x0810b7af in do_tmpfile (opened=3D<optimized out>, file=3D<optimiz=
ed out>, op=3D<optimized out>, flags=3D<optimized out>, nd=3D<optimized=
 out>, pathname=3D<optimized out>, dfd=3D<optimized out>) at fs/namei.c=
:2938
#12 path_openat (dfd=3D1201623936, pathname=3D0x47ce9040, nd=3D0x46effd=
e4, op=3D0x46effe70, flags=3D67) at fs/namei.c:2981
#13 0x0810bcb1 in do_filp_open (dfd=3D-100, pathname=3D0x47ce9040, op=3D=
0x46effe70) at fs/namei.c:3043
#14 0x080fe5f8 in do_sys_open (dfd=3D0, filename=3D0x0, flags=3D4841986=
, mode=3D0) at fs/open.c:954
#15 0x080fe6c8 in SYSC_open (mode=3D<optimized out>, flags=3D<optimized=
 out>, filename=3D<optimized out>) at fs/open.c:972
#16 SyS_open (filename=3D135073872, flags=3D4841986, mode=3D3127) at fs=
/open.c:967
#17 0x080618e2 in handle_syscall (r=3D0x46e0c7d4) at arch/um/kernel/ska=
s/syscall.c:35
#18 0x08073c0d in handle_trap (local_using_sysemu=3D<optimized out>, re=
gs=3D<optimized out>, pid=3D<optimized out>) at arch/um/os-Linux/skas/p=
rocess.c:198
#19 userspace (regs=3D0x46e0c7d4) at arch/um/os-Linux/skas/process.c:43=
1
#20 0x0805e65c in fork_handler () at arch/um/kernel/process.c:160
#21 0x00000000 in ?? ()


--=20
MfG/Sincerely
Toralf F=C3=B6rster
pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" i=
n
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html