| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 7 Jan 2007 17:02:20 +0200 From: "Pekka Enberg" <penberg@...helsinki.fi> To: "Sebastian Kärgel" <mailing@...kahexe.de> Cc: linux-kernel@...r.kernel.org Subject: Re: Oops with 2.6.29.1 (slab_get_obj,free_block,journal_write_metadata_buffer) On 1/7/07, Sebastian Kärgel <mailing@...kahexe.de> wrote: > BUG: unable to handle kernel paging request at virtual address 1b1ca570 > printing eip: > c014c3b1 > *pde = 00000000 > Oops: 0000 [#1] > Modules linked in: > CPU: 0 > EIP: 0060:[<c014c3b1>] Not tainted VLI > EFLAGS: 00010807 (2.6.19.1 #1) > EIP is at slab_get_obj+0x14/0x1f > eax: 55555544 ebx: 00000017 ecx: 55555555 edx: c5c75000 > esi: c5c75000 edi: c18ddc60 ebp: c18d7e00 esp: e54bfc58 > ds: 007b es: 007b ss: 0068 > Process shred (pid: 3393, ti=e54be000 task=f77fda70 task.ti=e54be000) > Stack: c014c62b c18dfba0 c5c75000 00000000 00000024 00000246 00000050 c18dfba0 > 00000001 c014c8c3 c18dfba0 00000050 f77cb8f4 00000400 00000400 c016dd60 > c18dfba0 00000050 f77cb8f4 c016b66c 00000050 c1309d60 00000800 c1309d60 > Call Trace: > [<c014c62b>] cache_alloc_refill+0xc8/0x17d > [<c014c8c3>] kmem_cache_alloc+0x55/0x61 > [<c016dd60>] alloc_buffer_head+0x18/0x2f > [<c016b66c>] alloc_page_buffers+0x26/0xa9 > [<c016be86>] create_empty_buffers+0x25/0x7c > [<c016c2ca>] __block_prepare_write+0x95/0x445 > [<c01386c8>] __alloc_pages+0x72/0x2f0 > [<c016ce5a>] block_prepare_write+0x31/0x3e > [<c016f289>] blkdev_get_block+0x0/0x3e > [<c01362d8>] generic_file_buffered_write+0x231/0x61e > [<c016f289>] blkdev_get_block+0x0/0x3e > [<c01036f3>] apic_timer_interrupt+0x1f/0x24 > [<c011b2d8>] current_fs_time+0x47/0x52 > [<c016070f>] file_update_time+0x37/0x9f > [<c0136bbd>] __generic_file_aio_write_nolock+0x4f8/0x526 > [<c02f47d9>] ide_dma_exec_cmd+0x30/0x34 > [<c02f480f>] ide_dma_start+0x32/0x40 > [<c02f6354>] __ide_do_rw_disk+0x3ba/0x49e > [<c0232407>] as_move_to_dispatch+0xff/0x124 > [<c0136c43>] generic_file_aio_write_nolock+0x58/0xb1 > [<c014efe9>] do_sync_write+0xdd/0x11a > [<c0127fb2>] autoremove_wake_function+0x0/0x4b > [<c0133a64>] handle_edge_irq+0xcd/0xee > [<c010513c>] do_IRQ+0x70/0x83 > [<c0133a64>] handle_edge_irq+0xcd/0xee > [<c014f0c6>] vfs_write+0xa0/0x16b > [<c014f24d>] sys_write+0x4b/0x71 > [<c0102d47>] syscall_call+0x7/0xb > ======================= > Code: 15 0f 0b 3e 0a d1 5e 44 c0 c3 a8 01 74 08 0f 0b 40 0a d1 5e 44 c0 c3 8b 54 24 08 8b 44 24 04 8b 4a 14 8b 40 10 ff 42 10 0f af c1 <8b> 4c 8a 1c 03 42 0c 89 4a 14 c3 8b 54 24 08 8b 4c 24 04 8b 44 > EIP: [<c014c3b1>] slab_get_obj+0x14/0x1f SS:ESP 0068:e54bfc58 Looks like someone corrupted slab->free with 0x55555555. If possible, try running with CONFIG_SLAB_DEBUG enabled to catch the offender. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists