lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 24 Dec 2006 01:06:05 +0100
From:	Pavel Machek <pavel@....cz>
To:	Andrew Morton <akpm@...l.org>,
	kernel list <linux-kernel@...r.kernel.org>
Cc:	marcel@...tmann.org, maxk@...lcomm.com, bluez-devel@...ts.sf.net
Subject: not-only-bluetooth memory corruption

On Sun 2006-12-24 01:01:50, Pavel Machek wrote:
> Hi!
> 
> > > I got this nasty oops while playing with debugger. Not sure if that is
> > > related; it also might be something with bluetooth; I already know it
> > > corrupts memory during suspend, perhaps it corrupts memory in some
> > > error path?
> > 
> > Okay, I spoke too soon. bluetooth & suspend memory corruption was
> > _way_ harder to reproduce than expected. Took me 5-or-so-suspend
> > cycles... so it is probably unrelated to the previous crash.
> > 
> > I was getting pretty regular crashes with bluetooth & gdb, but I was
> > not using bluetooth at the time of ext3-related crash.
> 
> And for completeness, here's bluetooth + gdb oops. Ok, I'm not _sure_
> it is bluetooth related. I'll try it without bluetooth in a while.

Ok, so this one is not bluetooth related. My little "phone"
application provokes nasty oops, even when talking to
/dev/null. Strange, that code does _nothing_
strange. (www.sf.net/projects/tui).

Is there something wrong with gdb?

									Pavel
pcmcia: Detected deprecated PCMCIA ioctl usage from process: cardmgr.
pcmcia: This interface will soon be removed from the kernel; please expect breakage unless you upgrade to new tools.
pcmcia: see http://www.kernel.org/pub/linux/utils/kernel/pcmcia/pcmcia.html for details.
cs: IO port probe 0x310-0x380: clean.
cs: IO port probe 0xa00-0xaff: clean.
PM: Adding info for No Bus:vcs10
PM: Adding info for No Bus:vcsa10
PM: Removing info for No Bus:vcs10
PM: Removing info for No Bus:vcsa10
PM: Adding info for No Bus:vcs10
PM: Adding info for No Bus:vcsa10
PM: Removing info for No Bus:vcs10
PM: Removing info for No Bus:vcsa10
e1000: eth0: e1000_watchdog: NIC Link is Up 100 Mbps Full Duplex
e1000: eth0: e1000_watchdog: 10/100 speed: disabling TSO
PM: Adding info for No Bus:vcs11
PM: Adding info for No Bus:vcsa11
PM: Adding info for No Bus:vcs2
PM: Adding info for No Bus:vcs3
PM: Adding info for No Bus:vcs4
PM: Adding info for No Bus:vcsa2
PM: Adding info for No Bus:vcs5
PM: Adding info for No Bus:vcs6
PM: Adding info for No Bus:vcs7
PM: Adding info for No Bus:vcs8
PM: Adding info for No Bus:vcsa3
PM: Adding info for No Bus:vcsa4
PM: Adding info for No Bus:vcsa5
PM: Adding info for No Bus:vcsa6
PM: Adding info for No Bus:vcsa7
PM: Adding info for No Bus:vcsa8
coda_read_super: Bad mount data
coda_read_super: device index: 0
coda_read_super: No pseudo device
PM: Removing info for No Bus:vcs1
PM: Removing info for No Bus:vcsa1
PM: Adding info for No Bus:vcs1
PM: Adding info for No Bus:vcsa1
PM: Removing info for No Bus:vcs1
PM: Removing info for No Bus:vcsa1
PM: Adding info for No Bus:vcs1
PM: Adding info for No Bus:vcsa1
kjournald starting.  Commit interval 5 seconds
EXT3 FS on sda2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
------------[ cut here ]------------
kernel BUG at fs/buffer.c:1235!
invalid opcode: 0000 [#1]
SMP 
Modules linked in:
CPU:    1
EIP:    0060:[<c01912b2>]    Not tainted VLI
EFLAGS: 00010046   (2.6.20-rc1 #383)
EIP is at __find_get_block+0x1b2/0x1c0
eax: 00000086   ebx: 00001000   ecx: 00000000   edx: 006780b2
esi: 0033d60d   edi: 00001000   ebp: 000000cf   esp: f6de1c90
ds: 007b   es: 007b   ss: 0068
Process phone (pid: 1847, ti=f6de0000 task=c2329550 task.ti=f6de0000)
Stack: 006780b2 00000000 c20eb5f8 00000003 05950595 c236d8d2 c0629908 00000000 
       f88da000 00000012 00000002 00000003 05800580 c236d878 c016a284 00001000 
       0033d60d 00001000 000000cf c01912df 00001000 5a0df380 0000007f f77b9c0c 
Call Trace:
 [<c016a284>] check_poison_obj+0x24/0x1a0
 [<c01912df>] __getblk+0x1f/0x290
 [<c01312e0>] lock_timer_base+0x20/0x50
 [<c01317f0>] __mod_timer+0x90/0xa0
 [<c01b1ad0>] __ext3_get_inode_loc+0x120/0x3a0
 [<c016954e>] dbg_redzone1+0xe/0x20
 [<c016a43e>] cache_alloc_debugcheck_after+0x3e/0x150
 [<c01c1703>] journal_start+0x83/0xe0
 [<c01b1e27>] ext3_reserve_inode_write+0x27/0x80
 [<c01b226a>] ext3_mark_inode_dirty+0x1a/0x40
 [<c01b2719>] ext3_dirty_inode+0x79/0xb0
 [<c018a744>] __mark_inode_dirty+0x34/0x1c0
 [<c0181a59>] file_update_time+0x39/0xa0
 [<c0152984>] __generic_file_aio_write_nolock+0x244/0x590
 [<c06154df>] __mutex_lock_slowpath+0xef/0x230
 [<c0152d29>] generic_file_aio_write+0x59/0xd0
 [<c0103aa4>] apic_timer_interrupt+0x28/0x30
 [<c01b04a0>] ext3_file_write+0x30/0xc0
 [<c016e997>] do_sync_write+0xc7/0x130
 [<c013c640>] autoremove_wake_function+0x0/0x50
 [<c015f2e9>] remove_vma+0x39/0x50
 [<c016f126>] vfs_write+0xa6/0x160
 [<c016e8d0>] do_sync_write+0x0/0x130
 [<c016f9e1>] sys_write+0x41/0x70
 [<c010304c>] syscall_call+0x7/0xb
 =======================
Code: 00 8b 7c 24 18 f3 a5 fb 8b 44 24 10 85 c0 0f 84 2c ff ff ff 8b 44 24 10 e8 5c ca ff ff e9 1e ff ff ff 89 d8 e8 50 ca ff ff eb 8d <0f> 0b eb fe 0f 0b eb fe 0f 0b eb fe 89 f6 55 57 56 53 83 ec 48 
EIP: [<c01912b2>] __find_get_block+0x1b2/0x1c0 SS:ESP 0068:f6de1c90
 


-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Download attachment "oops4.bz2" of type "application/octet-stream" (12140 bytes)

Powered by blists - more mailing lists