lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 May 2007 16:28:11 +0200 (CEST) From: "Indan Zupancic" <indan@....nu> To: "Linux Kernel Mailing List" <linux-kernel@...r.kernel.org> Cc: "Christoph Lameter" <clameter@....com> Subject: [BUG: 2.6.22-rc2] SLAB doesn't like usb_get_configuration() Hello, I had two SLAb related bugs, both with usb_get_configuration() near the end of the backtrace. First one was with git between rc1 and rc2, but very close to rc2, second one was with rc2, both at bootup. Oh, almost forgot: First one uses SLAB, second one SLUB. [ 85.574686] usb 2-1: new full speed USB device using ohci_hcd and address 2 [ 85.709684] BUG: at /home/indan/src/git/linux-2.6/mm/slab.c:777 __find_genera l_cachep() [ 85.709693] [<b014be2f>] __kmalloc+0x3f/0xa0 [ 85.709709] [<b013d271>] __kzalloc+0xd/0x34 [ 85.709720] [<c09a9d78>] usb_get_configuration+0x93e/0xd26 [usbcore] [ 85.709761] [<c09a7459>] usb_control_msg+0xbe/0xc8 [usbcore] [ 85.709784] [<c09a856a>] usb_get_device_descriptor+0x72/0x7c [usbcore] [ 85.709804] [<c09a3259>] hub_port_init+0x55d/0x567 [usbcore] [ 85.709823] [<c09a3914>] usb_new_device+0x17/0xdd [usbcore] [ 85.709841] [<c09a435f>] hub_thread+0x6cc/0xa4a [usbcore] [ 85.709862] [<b0125dff>] autoremove_wake_function+0x0/0x35 [ 85.709871] [<c09a3c93>] hub_thread+0x0/0xa4a [usbcore] [ 85.709888] [<b0125d47>] kthread+0x36/0x5b [ 85.709893] [<b0125d11>] kthread+0x0/0x5b [ 85.709898] [<b010476b>] kernel_thread_helper+0x7/0x10 [ 85.709907] ======================= and [ 30.420891] usb 2-1: new full speed USB device using ohci_hcd and address 2 [ 30.555891] BUG: at /home/indan/src/git/linux-2.6/include/linux/slub_def.h:77 kmalloc_index() [ 30.555901] [<b014d02c>] get_slab+0x43/0x214 [ 30.555913] [<c09acc18>] usb_get_configuration+0x923/0xd07 [usbcore] [ 30.555951] [<b014e16a>] __kmalloc_track_caller+0xf/0x56 [ 30.555959] [<b013d2b1>] __kzalloc+0x11/0x38 [ 30.555971] [<c09acc18>] usb_get_configuration+0x923/0xd07 [usbcore] [ 30.555991] [<c09aa34d>] usb_control_msg+0xbe/0xc8 [usbcore] [ 30.556014] [<c09a6234>] hub_port_init+0x559/0x563 [usbcore] [ 30.556033] [<c09a68d4>] usb_new_device+0x17/0xdd [usbcore] [ 30.556052] [<c09a72da>] hub_thread+0x68f/0x9f8 [usbcore] [ 30.556071] [<b027252f>] __sched_text_start+0x497/0x539 [ 30.556080] [<b0125e27>] autoremove_wake_function+0x0/0x35 [ 30.556089] [<c09a6c4b>] hub_thread+0x0/0x9f8 [usbcore] [ 30.556107] [<b0125d6f>] kthread+0x36/0x5b [ 30.556112] [<b0125d39>] kthread+0x0/0x5b [ 30.556118] [<b010476b>] kernel_thread_helper+0x7/0x10 [ 30.556125] ======================= Both are triggered by WARN_ON_ONCE(size == 0), Full dmesg outputs and config for second bug attached. Greetings, Indan Download attachment "SLABBUG" of type "application/octet-stream" (17890 bytes) Download attachment "SLABBUG2" of type "application/octet-stream" (18367 bytes) Download attachment ".config" of type "application/octet-stream" (33749 bytes)
Powered by blists - more mailing lists