* [BUG] invalid open call: O_CREAT or O_TMPFILE without mode
@ 2016-10-12 18:32 Andersen, John
2016-10-12 19:28 ` Dave Jones
0 siblings, 1 reply; 3+ messages in thread
From: Andersen, John @ 2016-10-12 18:32 UTC (permalink / raw
To: trinity
[-- Attachment #1: Type: text/plain, Size: 452 bytes --]
Log attached. When I tried to fuzz devices in /dev. Hoping to fuzz an ioctl.
Trinity gets killed and displays the message seen in the subject.
'invalid open call: O_CREAT or O_TMPFILE without mode'
I am running on Android which may have something / everything to do with this.
I just wanted to see if anyone has experienced this issue before. Otherwise
some pointers on where I might start looking to make a patch would be
appreciated.
Thanks,
John
[-- Attachment #2: trinity.log --]
[-- Type: text/plain, Size: 7632 bytes --]
# /data/trinity --dangerous --victims /dev/
Trinity 1.6 Dave Jones <davej@codemonkey.org.uk>
shm:0x7f3dd0282000-0x7f3de8355308 (5 pages)
[init] Registered 11 fd providers.
[init] Done parsing arguments.
[init] shm is at 0x7f3dd0282000
[init] Kernel was tainted on startup. Will ignore flags that are already set.
Marking all syscalls as enabled.
[init] 32-bit syscalls: 375 enabled. 64-bit syscalls: 324 enabled.
Free memory: 0.49GB
Low on memory, disabling mmaping of 1GB pages
DANGER: RUNNING AS ROOT.
Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS
or similar which could potentially make this machine unbootable without a firmware reset.
You might want to check out running with --dropprivs (currently experimental).
ctrl-c now unless you really know what you are doing.
[init] mapping[0]: (zeropage PROT_READ | PROT_WRITE) 0x7f3dd024d000 (4KB)
[init] mapping[1]: (zeropage PROT_READ) 0x7f3dd024c000 (4KB)
[init] mapping[2]: (zeropage PROT_WRITE) 0x7f3dd024b000 (4KB)
[init] mapping[3]: (zeropage PROT_READ | PROT_WRITE) 0x7f3dd014b000 (1MB)
[init] mapping[4]: (zeropage PROT_READ) 0x7f3dd004b000 (1MB)
[init] mapping[5]: (zeropage PROT_WRITE) 0x7f3dcff4b000 (1MB)
[init] mapping[6]: (zeropage PROT_READ | PROT_WRITE) 0x7f3dcfd4b000 (2MB)
[init] mapping[7]: (zeropage PROT_READ) 0x7f3dcfb4b000 (2MB)
[init] mapping[8]: (zeropage PROT_WRITE) 0x7f3dcf94b000 (2MB)
[init] mapping[9]: (zeropage PROT_READ | PROT_WRITE) 0x7f3dcf54b000 (4MB)
[init] mapping[10]: (zeropage PROT_READ) 0x7f3dcf14b000 (4MB)
[init] mapping[11]: (zeropage PROT_WRITE) 0x7f3dced4b000 (4MB)
[init] mapping[12]: (zeropage PROT_READ | PROT_WRITE) 0x7f3dce34b000 (10MB)
[init] mapping[13]: (zeropage PROT_READ) 0x7f3dcd94b000 (10MB)
[init] mapping[14]: (zeropage PROT_WRITE) 0x7f3dccf4b000 (10MB)
[init] There are 15 entries in the map table
[init] start: 0x7f3dd024d000 name: anon(PROT_READ | PROT_WRITE)
[init] start: 0x7f3dd024c000 name: anon(PROT_READ)
[init] start: 0x7f3dd024b000 name: anon(PROT_WRITE)
[init] start: 0x7f3dd014b000 name: anon(PROT_READ | PROT_WRITE)
[init] start: 0x7f3dd004b000 name: anon(PROT_READ)
[init] start: 0x7f3dcff4b000 name: anon(PROT_WRITE)
[init] start: 0x7f3dcfd4b000 name: anon(PROT_READ | PROT_WRITE)
[init] start: 0x7f3dcfb4b000 name: anon(PROT_READ)
[init] start: 0x7f3dcf94b000 name: anon(PROT_WRITE)
[init] start: 0x7f3dcf54b000 name: anon(PROT_READ | PROT_WRITE)
[init] start: 0x7f3dcf14b000 name: anon(PROT_READ)
[init] start: 0x7f3dced4b000 name: anon(PROT_WRITE)
[init] start: 0x7f3dce34b000 name: anon(PROT_READ | PROT_WRITE)
[init] start: 0x7f3dcd94b000 name: anon(PROT_READ)
[init] start: 0x7f3dccf4b000 name: anon(PROT_WRITE)
[init] Parsed 38 char devices, 22 block devices, 37 misc devices.
[init] Using pid_max = 32768
[init] Started watchdog process, PID is 27223
[main] Main thread is alive.
[main] fd[6] = pipe([reader] flags:0)
[main] fd[7] = pipe([writer] flags:0)
[main] fd[8] = pipe([reader] flags:800)
[main] fd[9] = pipe([writer] flags:800)
[main] fd[10] = pipe([reader] flags:80000)
[main] fd[11] = pipe([writer] flags:80000)
[main] fd[12] = pipe([reader] flags:80800)
[main] fd[13] = pipe([writer] flags:80800)
[main] fd[14] = perf
[main] fd[15] = perf
[main] fd[16] = perf
[main] fd[17] = perf
[main] fd[18] = perf
[main] fd[19] = perf
[main] fd[20] = perf
[main] fd[21] = perf
[main] fd[22] = perf
[main] fd[23] = perf
[main] fd[24] = epoll
[main] fd[25] = epoll
[main] fd[26] = epoll
[main] fd[27] = epoll
[main] fd[28] = epoll
[main] fd[29] = epoll
[main] fd[30] = epoll
[main] fd[31] = epoll
[main] fd[32] = epoll
[main] fd[33] = epoll
[main] fd[34] = eventfd
[main] fd[35] = eventfd
[main] fd[36] = eventfd
[main] fd[37] = eventfd
[main] fd[38] = eventfd
[main] fd[39] = eventfd
[main] fd[40] = eventfd
[main] fd[41] = eventfd
[main] Generating file descriptors
[main] Added 267 filenames from /dev/
[main] fd[42] = fopen /dev/i2c-12 (read-write) flags:2 fcntl_flags:42400
[main] fd[43] = fopen /dev/__properties__/u:object_r:shell_prop:s0 (read-only) flags:0 fcntl_flags:400
[main] fd[44] = fopen /dev/cpu_freq_min (read-write) flags:2 fcntl_flags:46000
[main] fd[45] = open /dev/__properties__/u:object_r:logd_prop:s0 (read-only) flags:183200
[main] fd[46] = fopen /dev/block/ram0 (read-write) flags:2 fcntl_flags:40800
*** invalid open call: O_CREAT or O_TMPFILE without mode ***: /data/trinity terminated
======= Backtrace: =========
[0x429561]
[0x464682]
[0x45d34d]
[0x40a25e]
[0x40991e]
[0x400aee]
[0x416416]
[0x41660a]
[0x401159]
======= Memory map: ========
00400000-0050e000 r-xp 00000000 fd:00 16 /data/trinity
0070d000-007c6000 rw-p 0010d000 fd:00 16 /data/trinity
007c6000-007c9000 rw-p 00000000 00:00 0
020d5000-020d9000 rw-p 00000000 00:00 0 [heap]
020d9000-020da000 r--p 00000000 00:00 0 [heap]
020da000-020f8000 rw-p 00000000 00:00 0 [heap]
020f8000-0213f000 rw-p 00000000 00:00 0 [heap]
7f3dccf4a000-7f3dccf4b000 rw-p 00000000 00:00 0
7f3dccf4b000-7f3dcd94b000 rw-s 00000000 00:01 501482 /dev/zero (deleted)
7f3dcd94b000-7f3dce34b000 rw-s 00000000 00:01 501481 /dev/zero (deleted)
7f3dce34b000-7f3dced4b000 rw-s 00000000 00:01 501480 /dev/zero (deleted)
7f3dced4b000-7f3dcf14b000 rw-s 00000000 00:01 501479 /dev/zero (deleted)
7f3dcf14b000-7f3dcf54b000 rw-s 00000000 00:01 501478 /dev/zero (deleted)
7f3dcf54b000-7f3dcf94b000 rw-s 00000000 00:01 501477 /dev/zero (deleted)
7f3dcf94b000-7f3dcfb4b000 rw-s 00000000 00:01 501476 /dev/zero (deleted)
7f3dcfb4b000-7f3dcfd4b000 rw-s 00000000 00:01 501475 /dev/zero (deleted)
7f3dcfd4b000-7f3dcff4b000 rw-s 00000000 00:01 501474 /dev/zero (deleted)
7f3dcff4b000-7f3dd004b000 rw-s 00000000 00:01 501473 /dev/zero (deleted)
7f3dd004b000-7f3dd014b000 rw-s 00000000 00:01 501472 /dev/zero (deleted)
7f3dd014b000-7f3dd024b000 rw-s 00000000 00:01 501471 /dev/zero (deleted)
7f3dd024b000-7f3dd024c000 rw-s 00000000 00:01 501470 /dev/zero (deleted)
7f3dd024c000-7f3dd024d000 rw-s 00000000 00:01 501469 /dev/zero (deleted)
7f3dd024d000-7f3dd024e000 rw-s 00000000 00:01 501468 /dev/zero (deleted)
7f3dd024e000-7f3dd025b000 rw-s 00000000 00:01 501465 /dev/zero (deleted)
7f3dd025b000-7f3dd0268000 rw-s 00000000 00:01 501464 /dev/zero (deleted)
7f3dd0268000-7f3dd0275000 rw-s 00000000 00:01 501463 /dev/zero (deleted)
7f3dd0275000-7f3dd0282000 rw-s 00000000 00:01 501462 /dev/zero (deleted)
7f3dd0282000-7f3dd0287000 rw-s 00000000 00:01 501461 /dev/zero (deleted)
7f3dd0287000-7f3dd033c000 rw-s 00000000 00:01 501460 /dev/zero (deleted)
7f3dd033c000-7f3dd03d9000 rw-s 00000000 00:01 501459 /dev/zero (deleted)
7ffe4176b000-7ffe4178c000 rw-p 00000000 00:00 0 [stack]
7ffe417ba000-7ffe417bb000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
[watchdog] main pid 27224 has disappeared.
[watchdog] [27223] Watchdog exiting because Main process disappeared..
[init] Ran 0 syscalls. Successes: 0 Failures: 0
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [BUG] invalid open call: O_CREAT or O_TMPFILE without mode
2016-10-12 18:32 [BUG] invalid open call: O_CREAT or O_TMPFILE without mode Andersen, John
@ 2016-10-12 19:28 ` Dave Jones
2016-10-12 20:04 ` Andersen, John
0 siblings, 1 reply; 3+ messages in thread
From: Dave Jones @ 2016-10-12 19:28 UTC (permalink / raw
To: Andersen, John; +Cc: trinity
On Wed, Oct 12, 2016 at 11:32:16AM -0700, Andersen, John wrote:
> Log attached. When I tried to fuzz devices in /dev. Hoping to fuzz an ioctl.
> Trinity gets killed and displays the message seen in the subject.
>
> 'invalid open call: O_CREAT or O_TMPFILE without mode'
>
> I am running on Android which may have something / everything to do with this.
> I just wanted to see if anyone has experienced this issue before. Otherwise
> some pointers on where I might start looking to make a patch would be
> appreciated.
I think this might be something that was fixed post 1.6. Let me know if
it still happens with the version in git.
https://github.com/kernelslacker/trinity/commit/08bcce0b86046dc150d3100a77152dff7d19083c
should be the commit that fixed it.
I'll be doing a 1.7 tarball in a few weeks, there's been enough stuff
like this accumulated, along with all the new features. Just need to
fix a handful of small problems.
Dave
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [BUG] invalid open call: O_CREAT or O_TMPFILE without mode
2016-10-12 19:28 ` Dave Jones
@ 2016-10-12 20:04 ` Andersen, John
0 siblings, 0 replies; 3+ messages in thread
From: Andersen, John @ 2016-10-12 20:04 UTC (permalink / raw
To: Dave Jones; +Cc: trinity
On Wed, Oct 12, 2016 at 03:28:04PM -0400, Dave Jones wrote:
> On Wed, Oct 12, 2016 at 11:32:16AM -0700, Andersen, John wrote:
> > Log attached. When I tried to fuzz devices in /dev. Hoping to fuzz an ioctl.
> > Trinity gets killed and displays the message seen in the subject.
> >
> > 'invalid open call: O_CREAT or O_TMPFILE without mode'
> >
> > I am running on Android which may have something / everything to do with this.
> > I just wanted to see if anyone has experienced this issue before. Otherwise
> > some pointers on where I might start looking to make a patch would be
> > appreciated.
>
> I think this might be something that was fixed post 1.6. Let me know if
> it still happens with the version in git.
>
> https://github.com/kernelslacker/trinity/commit/08bcce0b86046dc150d3100a77152dff7d19083c
> should be the commit that fixed it.
>
> I'll be doing a 1.7 tarball in a few weeks, there's been enough stuff
> like this accumulated, along with all the new features. Just need to
> fix a handful of small problems.
>
> Dave
>
Of course, I should have thought to pull from master. Thanks!
- John
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-10-12 20:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-12 18:32 [BUG] invalid open call: O_CREAT or O_TMPFILE without mode Andersen, John
2016-10-12 19:28 ` Dave Jones
2016-10-12 20:04 ` Andersen, John
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).