lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 21 Jul 2008 11:41:10 +0200
From:	Ingo Molnar <mingo@...e.hu>
To:	Pekka J Enberg <penberg@...helsinki.fi>
Cc:	linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
	Vegard Nossum <vegard.nossum@...il.com>,
	"Rafael J. Wysocki" <rjw@...k.pl>, cl@...ux-foundation.org,
	davem@...emloft.net, johnpol@....mipt.ru
Subject: Re: [bug, netconsole, SLUB] BUG skbuff_head_cache: Poison
	overwritten


update about this problem: just triggered another colorful crash, see 
below. This was with the 4K object dump patch already, maybe the dump 
gives a clue?

The upstream base of this test kernel was v2.6.26-5253-g14b395e - i.e. 
post the big networking pull, but this problem predates it. (It first 
triggered after v2.6.26)

All the crashes trigger in or close to networking code - not a single 
block IO DMA or other DMA crash happened so far, and no filesystem 
corruptions or anything like that which would signal hw trouble.

	Ingo

------------------>
initcall sctp_init+0x0/0x697 returned 0 after 9 msecs
calling  powernowk8_init+0x0/0x6e
initcall powernowk8_init+0x0/0x6e returned -19 after 0 msecs
calling  hpet_insert_resource+0x0/0x1e
initcall hpet_insert_resource+0x0/0x1e returned 0 after 0 msecs
calling  lapic_insert_resource+0x0/0x44
initcall lapic_insert_resource+0x0/0x44 returned 0 after 0 msecs
calling  init_lapic_nmi_sysfs+0x0/0x33
initcall init_lapic_nmi_sysfs+0x0/0x33 returned 0 after 0 msecs
=============================================================================
BUG skbuff_head_cache: Poison overwritten
-----------------------------------------------------------------------------

INFO: 0xf7ccc100-0xf7ccc103. First byte 0x0 instead of 0x6b
INFO: Allocated in __alloc_skb+0x30/0x10e age=1 cpu=1 pid=1
INFO: Freed in __kfree_skb+0x63/0x66 age=1 cpu=0 pid=0
INFO: Slab 0xc1c34ca0 objects=16 used=1 fp=0xf7ccc100 flags=0x400000c3
INFO: Object 0xf7ccc100 @offset=256 fp=0xf7ccc200

Bytes b4 0xf7ccc0f0:  5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
  Object 0xf7ccc100:  00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ....kkkkkkkkkkkk
  Object 0xf7ccc110:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xf7ccc120:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xf7ccc130:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xf7ccc140:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xf7ccc150:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xf7ccc160:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xf7ccc170:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xf7ccc180:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xf7ccc190:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
  Object 0xf7ccc1a0:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk�
 Redzone 0xf7ccc1b0:  bb bb bb bb                                     ����            
 Padding 0xf7ccc1d8:  5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
 Padding 0xf7ccc1e8:  5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
 Padding 0xf7ccc1f8:  5a 5a 5a 5a 5a 5a 5a 5a                         ZZZZZZZZ        
Pid: 1, comm: swapper Not tainted 2.6.26-tip #3261
 [<c01673ad>] print_trailer+0xd1/0xd9
 [<c0167428>] check_bytes_and_report+0x73/0x8f
 [<c0167664>] check_object+0xa5/0x15a
 [<c016824c>] __slab_alloc+0x2fb/0x3c8
 [<c0168364>] kmem_cache_alloc+0x4b/0xa8
 [<c0497376>] ? __alloc_skb+0x30/0x10e
 [<c0497376>] ? __alloc_skb+0x30/0x10e
 [<c0497376>] __alloc_skb+0x30/0x10e
 [<c04a6678>] alloc_skb+0xc/0xe
 [<c04a6ce5>] find_skb+0x28/0x66
 [<c04a6f5f>] netpoll_send_udp+0x2b/0x1cf
 [<c058800f>] ? _spin_lock_irqsave+0x4b/0x55
 [<c03db399>] write_msg+0x79/0xac
 [<c03db320>] ? write_msg+0x0/0xac
 [<c0122f96>] __call_console_drivers+0x56/0x63
 [<c0122ffa>] _call_console_drivers+0x57/0x5b
 [<c0123386>] release_console_sem+0x112/0x1a5
 [<c01238f3>] vprintk+0x344/0x35e
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists