lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3642.81.207.0.53.1179584891.squirrel@secure.samage.net>
Date:	Sat, 19 May 2007 16:28:11 +0200 (CEST)
From:	"Indan Zupancic" <indan@....nu>
To:	"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>
Cc:	"Christoph Lameter" <clameter@....com>
Subject: [BUG: 2.6.22-rc2] SLAB doesn't like usb_get_configuration()

Hello,

I had two SLAb related bugs, both with usb_get_configuration()
near the end of the backtrace. First one was with git between
rc1 and rc2, but very close to rc2, second one was with rc2,
both at bootup.

Oh, almost forgot: First one uses SLAB, second one SLUB.

[   85.574686] usb 2-1: new full speed USB device using ohci_hcd and address 2
[   85.709684] BUG: at /home/indan/src/git/linux-2.6/mm/slab.c:777 __find_genera
l_cachep()
[   85.709693]  [<b014be2f>] __kmalloc+0x3f/0xa0
[   85.709709]  [<b013d271>] __kzalloc+0xd/0x34
[   85.709720]  [<c09a9d78>] usb_get_configuration+0x93e/0xd26 [usbcore]
[   85.709761]  [<c09a7459>] usb_control_msg+0xbe/0xc8 [usbcore]
[   85.709784]  [<c09a856a>] usb_get_device_descriptor+0x72/0x7c [usbcore]
[   85.709804]  [<c09a3259>] hub_port_init+0x55d/0x567 [usbcore]
[   85.709823]  [<c09a3914>] usb_new_device+0x17/0xdd [usbcore]
[   85.709841]  [<c09a435f>] hub_thread+0x6cc/0xa4a [usbcore]
[   85.709862]  [<b0125dff>] autoremove_wake_function+0x0/0x35
[   85.709871]  [<c09a3c93>] hub_thread+0x0/0xa4a [usbcore]
[   85.709888]  [<b0125d47>] kthread+0x36/0x5b
[   85.709893]  [<b0125d11>] kthread+0x0/0x5b
[   85.709898]  [<b010476b>] kernel_thread_helper+0x7/0x10
[   85.709907]  =======================

and

[   30.420891] usb 2-1: new full speed USB device using ohci_hcd and address 2
[   30.555891] BUG: at /home/indan/src/git/linux-2.6/include/linux/slub_def.h:77 kmalloc_index()
[   30.555901]  [<b014d02c>] get_slab+0x43/0x214
[   30.555913]  [<c09acc18>] usb_get_configuration+0x923/0xd07 [usbcore]
[   30.555951]  [<b014e16a>] __kmalloc_track_caller+0xf/0x56
[   30.555959]  [<b013d2b1>] __kzalloc+0x11/0x38
[   30.555971]  [<c09acc18>] usb_get_configuration+0x923/0xd07 [usbcore]
[   30.555991]  [<c09aa34d>] usb_control_msg+0xbe/0xc8 [usbcore]
[   30.556014]  [<c09a6234>] hub_port_init+0x559/0x563 [usbcore]
[   30.556033]  [<c09a68d4>] usb_new_device+0x17/0xdd [usbcore]
[   30.556052]  [<c09a72da>] hub_thread+0x68f/0x9f8 [usbcore]
[   30.556071]  [<b027252f>] __sched_text_start+0x497/0x539
[   30.556080]  [<b0125e27>] autoremove_wake_function+0x0/0x35
[   30.556089]  [<c09a6c4b>] hub_thread+0x0/0x9f8 [usbcore]
[   30.556107]  [<b0125d6f>] kthread+0x36/0x5b
[   30.556112]  [<b0125d39>] kthread+0x0/0x5b
[   30.556118]  [<b010476b>] kernel_thread_helper+0x7/0x10
[   30.556125]  =======================

Both are triggered by WARN_ON_ONCE(size == 0),

Full dmesg outputs and config for second bug attached.

Greetings,

Indan

Download attachment "SLABBUG" of type "application/octet-stream" (17890 bytes)

Download attachment "SLABBUG2" of type "application/octet-stream" (18367 bytes)

Download attachment ".config" of type "application/octet-stream" (33749 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ