A recent question at trinity's mailing list (http://news.gmane.org/gmane.comp.security.fuzzing.trinity) points probably to a hostfs issue - therefore I'd like to forward the answer f Dave Jones here.
ANd /me wonders how to use ftrace to further dig into this issue ? -------- Forwarded Message -------- Subject: Re: trinity doesn't exit after its finished Date: Thu, 20 Nov 2014 13:21:54 -0500 From: Dave Jones <da...@redhat.com> To: Toralf Förster <toralf.foers...@gmx.de> CC: trin...@vger.kernel.org On Thu, Nov 20, 2014 at 07:08:15PM +0100, Toralf Förster wrote: > With latest git tree of trinity at a user mode linux image it stays here > forever: > [child0:5249] <timed out> > [main] Bailing main loop because Completed maximum number of operations.. > [watchdog] [5096] Watchdog exiting because Completed maximum number of > operations.. So that [main] line is the last line in main_loop() On return, we do this.. 159 main_loop(); 160 161 shm->mainpid = 0; 162 _exit(EXIT_SUCCESS); and yet.. > The proces list shows: > > $ ps fx -eo pid,start_time,command | grep -e trinity -e sleep | grep -v grep > 4878 18:30 | \_ bash -c logger "2#-1, M=/mnt/hostfs"; cd ~; sudo su > -c 'if [[ -d ./t3 ]]; then sudo chmod -R a+rwx ./t3; sudo rm -rf ./t3; fi'; > mkdir ./t3 && cd ./t3 || exit; if [[ -n /mnt/hostfs ]]; then if [[ -d > /mnt/hostfs/victims/v1 ]]; then sudo chmod -R a+rwx /mnt/hostfs/victims/v1; > sudo rm -rf /mnt/hostfs/victims/v1 || exit; fi; mkdir -p > /mnt/hostfs/victims/v1/v2; for i in $(seq -w 0 99); do touch > /mnt/hostfs/victims/v1/v2/f$i; mkdir /mnt/hostfs/victims/v1/v2/d$i; done; > fi; MALLOC_CHECK_=2 trinity -C 2 -N 25000 -q -V /mnt/hostfs/victims/v1/v2 > 5095 18:30 | \_ trinity -C 2 -N 25000 -q -V > /mnt/hostfs/victims/v1/v2 > 5096 18:30 | \_ [trinity-watchdo] <defunct> > 5097 18:30 | \_ [trinity-main] Somehow it's still around. > Here are the stacks: > > $ sudo cat /proc/5097/stack > > [<0805f8b4>] __switch_to+0x44/0x70 > > [<0850b194>] __schedule+0x2f4/0x3a0 > > [<08097b8a>] __cond_resched+0x1a/0x30 > > [<0850b371>] _cond_resched+0x31/0x50 > [<080dbbb2>] truncate_inode_pages_range+0x192/0x650 > [<080dc102>] truncate_inode_pages_final+0x52/0x60 > [<08275f18>] hostfs_evict_inode+0x18/0x40 > [<08126e8d>] evict+0xdd/0x1b0 > [<08127b0d>] iput+0x16d/0x180 > [<08123538>] __dentry_kill+0x138/0x200 > [<08123f66>] dput+0x156/0x180 > [<0810fa15>] __fput+0x175/0x190 > [<0810fa6b>] ____fput+0xb/0x10 > [<08092956>] task_work_run+0x76/0x90 > [<0807e92d>] do_exit+0x32d/0x940 > [<0807f022>] do_group_exit+0xa2/0xf0 > [<0807f087>] SyS_exit_group+0x17/0x20 > [<08062980>] handle_syscall+0x60/0x80 > [<080746fc>] userspace+0x46c/0x5e0 > [<0805f720>] fork_handler+0x60/0x70 > [<ffffffff>] 0xffffffff This is the interesting part. The process is about to exit, but hostfs is doing.. something. It might just be taking a really long time, or it might be stuck. If it happens again, you might be able to use ftrace to figure out if hostfs is actually making forward progress or not. Perhaps the UML folks have some ideas. > Maybe it helps you to improve trinity, if not, ignore this mail > ;-) afaics, there's nothing here that trinity can do, once we've called _exit(), we're done. Anything that happens afterwards is the kernels fault :) Dave ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel