On Tue, Sep 29, 2020 at 10:33 AM Borislav Petkov <[email protected]> wrote: > > On Mon, Sep 28, 2020 at 10:23:53PM +0200, Borislav Petkov wrote: > > 2020/09/28 22:21:01 VMs 3, executed 179, corpus cover 11792, corpus signal > > 10881, max signal 19337, crashes 0, repro 0 > > Ok, so far triggered two things: > > WARNING in f2fs_is_valid_blkaddr 1 2020/09/29 10:27 > reproducing > WARNING in reiserfs_put_super 1 2020/09/28 22:42 > > you've probably seen them already. > > Anyway, next question. Let's say I trigger the corruption: is there a > way to stop the guest VM which has triggered it so that I'm able to > examine it with gdb? > > What about kdump? Can I dump the guest memory either with kdump or > through the qemu monitor (I believe there's a command to dump memory) so > that it can be poked at? > > Because as it is, we don't have a reproducer and as I see it, the fuzzing > simply > gets restarted: > > 2020/09/29 10:27:03 vm-3: crash: WARNING in f2fs_is_valid_blkaddr > ... > 2020/09/29 10:27:05 loop: phase=1 shutdown=false instances=1/4 [3] repro: > pending=0 reproducing=1 queued=1 > 2020/09/29 10:27:05 loop: starting instance 3 > > so it would be good to be able to say, when a vm encounters a crash, it > should be stopped immediately so that the guest can be examined through > qemu's gdb interface, i.e., > > -gdb tcp::<portnum> > > or so?
Currently there is no such feature. I think some people did it because something similar was mentioned on the mailing IIRC, but I don't know how they did it, probably with some local code changes.
