lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <524883F9.6060403@gmx.de>
Date:	Sun, 29 Sep 2013 21:48:09 +0200
From:	Toralf Förster <toralf.foerster@....de>
To:	Linux NFS mailing list <linux-nfs@...r.kernel.org>
CC:	UML devel <user-mode-linux-devel@...ts.sourceforge.net>,
	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: fuzz tested UML cores in pshrink_dcache_for_umount_subtree (dentry=0x47bd7840)
 at fs/dcache.c:928

The following commit was bisected 2 times in a row to be the trigger(*) of the given back trace.
The core dump happens at a 32 bit user mode linux image (stable Gentoo) fuzzy tested with trinity.
It crashed often if 3 NFS shares heavily used by trinity were tried to be remounted.




BAD commit
Sun Sep 29 07:34:02 CEST 2013
=======================================================================

275bb307865a316cef390e01e6ab5e21e97023a2 is the first bad commit
commit 275bb307865a316cef390e01e6ab5e21e97023a2
Author: Trond Myklebust <Trond.Myklebust@...app.com>
Date:   Wed May 29 13:11:28 2013 -0400

    NFSv4: Move dentry instantiation into the NFSv4-specific atomic open
code

    Signed-off-by: Trond Myklebust <Trond.Myklebust@...app.com>

:040000 040000 075a18b71db9f50ad71f4637315f7f9c7cc19545
9bead78040810cb77ced8c134a8315e2e90eb237 M fs
bisect run success


back trace :

tfoerste@n22 ~ $ cat /mnt/ramdisk/bt.v3.10-rc1-24-g275bb30
[New LWP 5953]
[New LWP 5962]
Core was generated by `/home/tfoerste/devel/linux/linux earlyprintk ubda=/home/tfoerste/virtual/uml/tr'.
Program terminated with signal 6, Aborted.
#0  0xb77dd424 in __kernel_vsyscall ()
#0  0xb77dd424 in __kernel_vsyscall ()
#1  0x0839bc45 in kill ()
#2  0x0807155d in uml_abort () at arch/um/os-Linux/util.c:93
#3  0x08071845 in os_dump_core () at arch/um/os-Linux/util.c:138
#4  0x08061197 in panic_exit (self=0x8599518 <panic_exit_notifier>, unused1=0, unused2=0x85ced60 <buf.12233>) at arch/um/kernel/um_arch.c:240
#5  0x0809dac8 in notifier_call_chain (nl=0x0, val=0, v=0x85ced60 <buf.12233>, nr_to_call=-2, nr_calls=0x0) at kernel/notifier.c:93
#6  0x0809dc13 in __atomic_notifier_call_chain (nr_calls=<optimized out>, nr_to_call=<optimized out>, v=<optimized out>, val=<optimized out>, nh=<optimized out>) at kernel/notifier.c:182
#7  atomic_notifier_call_chain (nh=0x85ced44 <panic_notifier_list>, val=0, v=0x85ced60 <buf.12233>) at kernel/notifier.c:191
#8  0x083f8fc8 in panic (fmt=0x0) at kernel/panic.c:127
#9  0x0810fee2 in shrink_dcache_for_umount_subtree (dentry=0x47bd7840) at fs/dcache.c:928
#10 0x08110628 in shrink_dcache_for_umount (sb=0x47eeef50) at fs/dcache.c:989
#11 0x080fed47 in generic_shutdown_super (sb=0x47eeef50) at fs/super.c:409
#12 0x080ffad5 in kill_anon_super (sb=0x0) at fs/super.c:880
#13 0x081cdea8 in nfs_kill_super (s=0x0) at fs/nfs/super.c:2563
#14 0x080fec0a in deactivate_locked_super (s=0x47eeef50) at fs/super.c:299
#15 0x080feca1 in deactivate_super (s=0x47eeef50) at fs/super.c:324
#16 0x0811686c in mntfree (mnt=<optimized out>) at fs/namespace.c:891
#17 mntput_no_expire (mnt=0x0) at fs/namespace.c:929
#18 0x08117d55 in SYSC_umount (flags=<optimized out>, name=<optimized out>) at fs/namespace.c:1335
#19 SyS_umount (name=134634000, flags=1) at fs/namespace.c:1305
#20 0x080616d2 in handle_syscall (r=0x4653f7d4) at arch/um/kernel/skas/syscall.c:35
#21 0x08073b1d in handle_trap (local_using_sysemu=<optimized out>, regs=<optimized out>, pid=<optimized out>) at arch/um/os-Linux/skas/process.c:198
#22 userspace (regs=0x4653f7d4) at arch/um/os-Linux/skas/process.c:431
#23 0x0805e44c in fork_handler () at arch/um/kernel/process.c:160
#24 0x00000000 in ?? ()



(*) due to the erratic nature of the issue the used test case is not 100% reproducible.
Therefore although bisected 2 times in a row there's a chance that this commit is rather the upper limit instead of the 1st bad commit

-- 
MfG/Sincerely
Toralf Förster
pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ