lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 03 Aug 2014 15:52:18 +0200
From:	Toralf Förster <toralf.foerster@....de>
To:	linux-ext4@...r.kernel.org
CC:	UML devel <user-mode-linux-devel@...ts.sourceforge.net>
Subject: fuzz testing an ext4fs file system under a 32 bit Linux user mode
 linux guest let task jbd2/ubda hang

Hello,

fuzzying a 32 bit stable Gentoo x86 linux with trinity (and without excluding the munmap syscall but it might be independed from this) gives within a 32 bit user mode linux guest :


Aug  3 15:31:19 trinity su[1475]: Successful su for root by root
Aug  3 15:31:19 trinity su[1475]: + ??? root:root
Aug  3 15:31:19 trinity su[1475]: pam_unix(su:session): session opened for user root by (uid=0)
Aug  3 15:31:19 trinity su[1475]: pam_unix(su:session): session closed for user root
Aug  3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug  3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug  3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug  3 15:31:23 trinity kernel: trinity-c1 (1687) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
Aug  3 15:31:23 trinity kernel: VFS: Warning: trinity-c0 using old stat() call. Recompile your binary.
Aug  3 15:31:23 trinity kernel: warning: process `trinity-c0' used the deprecated sysctl system call with 
Aug  3 15:31:23 trinity kernel: VFS: Warning: trinity-c1 using old stat() call. Recompile your binary.
Aug  3 15:37:50 trinity kernel: INFO: task jbd2/ubda-8:397 blocked for more than 120 seconds.
Aug  3 15:37:50 trinity kernel: Not tainted 3.16.0-rc7-00111-g3f9c08f #92
Aug  3 15:37:50 trinity kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Aug  3 15:37:50 trinity kernel: jbd2/ubda-8     D 400011d2     0   397      2 0x00000000
Aug  3 15:37:50 trinity kernel: Stack:
Aug  3 15:37:50 trinity kernel: 086c8b7c 00000001 00000000 8486fd88 08060864 851e9f3c 086c8b7c 851e9a00
Aug  3 15:37:50 trinity kernel: 851e9a00 8486fdb0 084e7d14 851e9a00 086c8640 00000001 00000010 00001000
Aug  3 15:37:50 trinity kernel: 8486fe28 8486fe20 ffffffff 8486fdc4 084e7e05 080729be 00000000 8486fde0
Aug  3 15:37:50 trinity kernel: Call Trace:
Aug  3 15:37:50 trinity kernel: [<08060864>] __switch_to+0x44/0x70
Aug  3 15:37:50 trinity kernel: [<084e7d14>] __schedule+0x2c4/0x360
Aug  3 15:37:50 trinity kernel: [<084e7e05>] schedule+0x55/0x60
Aug  3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug  3 15:37:50 trinity kernel: [<084e8106>] io_schedule+0x46/0x60
Aug  3 15:37:50 trinity kernel: [<0812f628>] sleep_on_buffer+0x8/0x10
Aug  3 15:37:50 trinity kernel: [<084e81cc>] __wait_on_bit+0x3c/0x70
Aug  3 15:37:50 trinity kernel: [<084e82f9>] out_of_line_wait_on_bit+0x69/0x80
Aug  3 15:37:50 trinity kernel: [<0812f620>] ? sleep_on_buffer+0x0/0x10
Aug  3 15:37:50 trinity kernel: [<080a4b60>] ? wake_bit_function+0x0/0x50
Aug  3 15:37:50 trinity kernel: [<08130290>] __wait_on_buffer+0x30/0x40
Aug  3 15:37:50 trinity kernel: [<0812f620>] ? sleep_on_buffer+0x0/0x10
Aug  3 15:37:50 trinity kernel: [<081c841a>] jbd2_journal_commit_transaction+0xe1a/0x1390
Aug  3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug  3 15:37:50 trinity kernel: [<081cbc8f>] kjournald2+0xaf/0x1f0
Aug  3 15:37:50 trinity kernel: [<081cbc8f>] ? kjournald2+0xaf/0x1f0
Aug  3 15:37:50 trinity kernel: [<080729be>] ? set_signals+0x1e/0x40
Aug  3 15:37:50 trinity kernel: [<080a4b10>] ? autoremove_wake_function+0x0/0x50
Aug  3 15:37:50 trinity kernel: [<081cbbe0>] ? kjournald2+0x0/0x1f0
Aug  3 15:37:50 trinity kernel: [<08096806>] kthread+0xd6/0xe0
Aug  3 15:37:50 trinity kernel: [<0809dd7d>] ? finish_task_switch.isra.56+0x1d/0x70
Aug  3 15:37:50 trinity kernel: [<0806064b>] new_thread_handler+0x6b/0x90
Aug  3 15:37:50 trinity kernel: 
Aug  3 15:39:50 trinity kernel: INFO: task jbd2/ubda-8:397 blocked for more than 120 seconds.



The trinity fuzzer now seems to be in an endless loop, the corresponding process at the host side gives always :


Thread 1 (process 21625):
#0  0xb7726aec in __kernel_vsyscall ()
#1  0x08496f6f in __nanosleep_nocancel () at ../sysdeps/unix/syscall-template.S:81
#2  0x08073124 in idle_sleep (nsecs=606859328233668608) at arch/um/os-Linux/time.c:183
#3  0x08060b3f in arch_cpu_idle () at arch/um/kernel/process.c:208
#4  0x080a5405 in cpuidle_idle_call () at kernel/sched/idle.c:120
#5  cpu_idle_loop () at kernel/sched/idle.c:224
#6  cpu_startup_entry (state=CPUHP_ONLINE) at kernel/sched/idle.c:272
#7  0x084e1692 in rest_init () at init/main.c:419
#8  0x0804892e in start_kernel () at init/main.c:679
#9  0x08049fc9 in start_kernel_proc (unused=0x0) at arch/um/kernel/skas/process.c:46
#10 0x0806064b in new_thread_handler () at arch/um/kernel/process.c:129
#11 0x00000000 in ?? ()


It might be that [1] has few more info/data, or ?
The diff to [1] is just that I'm still able to login into the UML guest.



[1] http://sourceforge.net/p/user-mode-linux/mailman/message/32673925/

-- 
Toralf

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ