| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081023125733.GA19147@elte.hu>
Date: Thu, 23 Oct 2008 14:57:33 +0200
From: Ingo Molnar <mingo@...e.hu>
To: Mike Travis <travis@....com>
Cc: Rusty Russell <rusty@...tcorp.com.au>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: [bug] Re: [PATCH 00/35] cpumask: Replace cpumask_t with struct
cpumask
* Ingo Molnar <mingo@...e.hu> wrote:
> ok, the new cpumask code blew up in -tip testing, with various sorts
> of slab corruptions during scheduler init:
another 64-bit testbox has similar problems - see the log attached
below. Config attached as well. The bootup seems to have continued fine.
Ingo
------------>
checking TSC synchronization [CPU#0 -> CPU#1]: passed.
Brought up 2 CPUs
Total of 2 processors activated (11732.92 BogoMIPS).
CPU0 attaching sched-domain:
domain 0: span 0-1 level CPU
groups: 0 1
CPU1 attaching sched-domain:
domain 0: span 0-1 level CPU
groups: 1 0
=============================================================================
BUG kmalloc-8: Wrong object count. Counter is 11 but counted were 50
-----------------------------------------------------------------------------
INFO: Slab 0xffffe200019cc2d8 objects=51 used=11 fp=0xffff88003f807370 flags=0x40000000000000c3
Pid: 1, comm: swapper Not tainted 2.6.27-tip-07104-g5cf7b67-dirty #1
Call Trace:
[<ffffffff802cf110>] slab_err+0xa0/0xb0
[<ffffffff8052a57d>] ? _raw_spin_unlock+0x6d/0xd0
[<ffffffff80249762>] ? cpu_attach_domain+0x172/0x6b0
[<ffffffff802ce579>] ? check_bytes+0x9/0x30
[<ffffffff802d0ea8>] ? slab_pad_check+0xd8/0x160
[<ffffffff802cfa67>] on_freelist+0x197/0x240
[<ffffffff802d1877>] __slab_free+0x1c7/0x330
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff802d1a9b>] kfree+0xbb/0x120
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff80512929>] free_cpumask_var+0x9/0x10
[<ffffffff80249ec7>] __build_sched_domains+0x227/0x580
[<ffffffff819dd5f5>] sched_init_smp+0x95/0x280
[<ffffffff819d239a>] ? native_smp_cpus_done+0x1aa/0x2b0
[<ffffffff819c5fd0>] kernel_init+0x170/0x240
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff802134b9>] child_rip+0xa/0x11
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5e60>] ? kernel_init+0x0/0x240
[<ffffffff802134af>] ? child_rip+0x0/0x11
FIX kmalloc-8: Object count adjusted.
=============================================================================
BUG kmalloc-8: Redzone overwritten
-----------------------------------------------------------------------------
INFO: 0xffff88003f807328-0xffff88003f80732f. First byte 0x0 instead of 0xcc
INFO: Slab 0xffffe200019cc2d8 objects=51 used=50 fp=0xffff88003f807370 flags=0x40000000000000c3
INFO: Object 0xffff88003f807320 @offset=800 fp=0x0000000000000000
Bytes b4 0xffff88003f807310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object 0xffff88003f807320: 00 00 00 00 00 00 00 00 ........
Redzone 0xffff88003f807328: 00 00 00 00 00 00 00 00 ........
Padding 0xffff88003f807368: 00 00 00 00 00 00 00 00 ........
Pid: 1, comm: swapper Not tainted 2.6.27-tip-07104-g5cf7b67-dirty #1
Call Trace:
[<ffffffff802cf21c>] print_trailer+0xfc/0x160
[<ffffffff802cf3e8>] check_bytes_and_report+0xb8/0xe0
[<ffffffff802d092a>] check_object+0x6a/0x270
[<ffffffff802d18d9>] __slab_free+0x229/0x330
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff802d1a9b>] kfree+0xbb/0x120
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff80512929>] free_cpumask_var+0x9/0x10
[<ffffffff80249ec7>] __build_sched_domains+0x227/0x580
[<ffffffff819dd5f5>] sched_init_smp+0x95/0x280
[<ffffffff819d239a>] ? native_smp_cpus_done+0x1aa/0x2b0
[<ffffffff819c5fd0>] kernel_init+0x170/0x240
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff802134b9>] child_rip+0xa/0x11
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5e60>] ? kernel_init+0x0/0x240
[<ffffffff802134af>] ? child_rip+0x0/0x11
FIX kmalloc-8: Restoring 0xffff88003f807328-0xffff88003f80732f=0xcc
=============================================================================
BUG kmalloc-8: Redzone overwritten
-----------------------------------------------------------------------------
INFO: 0xffff88003f8072d8-0xffff88003f8072df. First byte 0x0 instead of 0xcc
INFO: Slab 0xffffe200019cc2d8 objects=51 used=50 fp=0xffff88003f807370 flags=0x40000000000000c3
INFO: Object 0xffff88003f8072d0 @offset=720 fp=0x0000000000000000
Bytes b4 0xffff88003f8072c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object 0xffff88003f8072d0: 03 00 00 00 00 00 00 00 ........
Redzone 0xffff88003f8072d8: 00 00 00 00 00 00 00 00 ........
Padding 0xffff88003f807318: 00 00 00 00 00 00 00 00 ........
Pid: 1, comm: swapper Not tainted 2.6.27-tip-07104-g5cf7b67-dirty #1
Call Trace:
[<ffffffff802cf21c>] print_trailer+0xfc/0x160
[<ffffffff802cf3e8>] check_bytes_and_report+0xb8/0xe0
[<ffffffff802d092a>] check_object+0x6a/0x270
[<ffffffff802d18d9>] __slab_free+0x229/0x330
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff802d1a9b>] kfree+0xbb/0x120
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff80512929>] free_cpumask_var+0x9/0x10
[<ffffffff80249ed0>] __build_sched_domains+0x230/0x580
[<ffffffff819dd5f5>] sched_init_smp+0x95/0x280
[<ffffffff819d239a>] ? native_smp_cpus_done+0x1aa/0x2b0
[<ffffffff819c5fd0>] kernel_init+0x170/0x240
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff802134b9>] child_rip+0xa/0x11
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5e60>] ? kernel_init+0x0/0x240
[<ffffffff802134af>] ? child_rip+0x0/0x11
FIX kmalloc-8: Restoring 0xffff88003f8072d8-0xffff88003f8072df=0xcc
=============================================================================
BUG kmalloc-8: Redzone overwritten
-----------------------------------------------------------------------------
INFO: 0xffff88003f807288-0xffff88003f80728f. First byte 0x0 instead of 0xcc
INFO: Slab 0xffffe200019cc2d8 objects=51 used=50 fp=0xffff88003f807370 flags=0x40000000000000c3
INFO: Object 0xffff88003f807280 @offset=640 fp=0x0000000000000000
Bytes b4 0xffff88003f807270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object 0xffff88003f807280: 00 00 00 00 00 00 00 00 ........
Redzone 0xffff88003f807288: 00 00 00 00 00 00 00 00 ........
Padding 0xffff88003f8072c8: 00 00 00 00 00 00 00 00 ........
Pid: 1, comm: swapper Not tainted 2.6.27-tip-07104-g5cf7b67-dirty #1
Call Trace:
[<ffffffff802cf21c>] print_trailer+0xfc/0x160
[<ffffffff802cf3e8>] check_bytes_and_report+0xb8/0xe0
[<ffffffff802d092a>] check_object+0x6a/0x270
[<ffffffff802d18d9>] __slab_free+0x229/0x330
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff802d1a9b>] kfree+0xbb/0x120
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff80512929>] free_cpumask_var+0x9/0x10
[<ffffffff80249d4d>] __build_sched_domains+0xad/0x580
[<ffffffff819dd5f5>] sched_init_smp+0x95/0x280
[<ffffffff819d239a>] ? native_smp_cpus_done+0x1aa/0x2b0
[<ffffffff819c5fd0>] kernel_init+0x170/0x240
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff802134b9>] child_rip+0xa/0x11
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5e60>] ? kernel_init+0x0/0x240
[<ffffffff802134af>] ? child_rip+0x0/0x11
FIX kmalloc-8: Restoring 0xffff88003f807288-0xffff88003f80728f=0xcc
=============================================================================
BUG kmalloc-8: Redzone overwritten
-----------------------------------------------------------------------------
INFO: 0xffff88003f807238-0xffff88003f80723f. First byte 0x0 instead of 0xcc
INFO: Slab 0xffffe200019cc2d8 objects=51 used=50 fp=0xffff88003f807370 flags=0x40000000000000c3
INFO: Object 0xffff88003f807230 @offset=560 fp=0x0000000000000000
Bytes b4 0xffff88003f807220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object 0xffff88003f807230: 00 00 00 00 00 00 00 00 ........
Redzone 0xffff88003f807238: 00 00 00 00 00 00 00 00 ........
Padding 0xffff88003f807278: 00 00 00 00 00 00 00 00 ........
Pid: 1, comm: swapper Not tainted 2.6.27-tip-07104-g5cf7b67-dirty #1
Call Trace:
[<ffffffff802cf21c>] print_trailer+0xfc/0x160
[<ffffffff802cf3e8>] check_bytes_and_report+0xb8/0xe0
[<ffffffff802d092a>] check_object+0x6a/0x270
[<ffffffff802d18d9>] __slab_free+0x229/0x330
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff802d1a9b>] kfree+0xbb/0x120
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff80512929>] free_cpumask_var+0x9/0x10
[<ffffffff80249d2d>] __build_sched_domains+0x8d/0x580
[<ffffffff819dd5f5>] sched_init_smp+0x95/0x280
[<ffffffff819d239a>] ? native_smp_cpus_done+0x1aa/0x2b0
[<ffffffff819c5fd0>] kernel_init+0x170/0x240
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff802134b9>] child_rip+0xa/0x11
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5e60>] ? kernel_init+0x0/0x240
[<ffffffff802134af>] ? child_rip+0x0/0x11
FIX kmalloc-8: Restoring 0xffff88003f807238-0xffff88003f80723f=0xcc
=============================================================================
BUG kmalloc-8: Redzone overwritten
-----------------------------------------------------------------------------
INFO: 0xffff88003f8071e8-0xffff88003f8071ef. First byte 0x0 instead of 0xcc
INFO: Slab 0xffffe200019cc2d8 objects=51 used=50 fp=0xffff88003f807370 flags=0x40000000000000c3
INFO: Object 0xffff88003f8071e0 @offset=480 fp=0x0000000000000000
Bytes b4 0xffff88003f8071d0: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
Object 0xffff88003f8071e0: 03 00 00 00 00 00 00 00 ........
Redzone 0xffff88003f8071e8: 00 00 00 00 00 00 00 00 ........
Padding 0xffff88003f807228: 00 00 00 00 00 00 00 00 ........
Pid: 1, comm: swapper Not tainted 2.6.27-tip-07104-g5cf7b67-dirty #1
Call Trace:
[<ffffffff802cf21c>] print_trailer+0xfc/0x160
[<ffffffff802cf3e8>] check_bytes_and_report+0xb8/0xe0
[<ffffffff802d092a>] check_object+0x6a/0x270
[<ffffffff802d18d9>] __slab_free+0x229/0x330
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff802d1a9b>] kfree+0xbb/0x120
[<ffffffff80512929>] ? free_cpumask_var+0x9/0x10
[<ffffffff80512929>] free_cpumask_var+0x9/0x10
[<ffffffff80249d0f>] __build_sched_domains+0x6f/0x580
[<ffffffff819dd5f5>] sched_init_smp+0x95/0x280
[<ffffffff819d239a>] ? native_smp_cpus_done+0x1aa/0x2b0
[<ffffffff819c5fd0>] kernel_init+0x170/0x240
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff802134b9>] child_rip+0xa/0x11
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5e60>] ? kernel_init+0x0/0x240
[<ffffffff802134af>] ? child_rip+0x0/0x11
FIX kmalloc-8: Restoring 0xffff88003f8071e8-0xffff88003f8071ef=0xcc
=============================================================================
BUG kmalloc-8: Redzone overwritten
-----------------------------------------------------------------------------
INFO: 0xffff88003f807378-0xffff88003f80737f. First byte 0x0 instead of 0xbb
INFO: Slab 0xffffe200019cc2d8 objects=51 used=50 fp=0xffff88003f807370 flags=0x40000000000000c3
INFO: Object 0xffff88003f807370 @offset=880 fp=0x0000000000000000
Bytes b4 0xffff88003f807360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object 0xffff88003f807370: 00 00 00 00 00 00 00 00 ........
Redzone 0xffff88003f807378: 00 00 00 00 00 00 00 00 ........
Padding 0xffff88003f8073b8: 00 00 00 00 00 00 00 00 ........
Pid: 1, comm: swapper Not tainted 2.6.27-tip-07104-g5cf7b67-dirty #1
Call Trace:
[<ffffffff802cf21c>] print_trailer+0xfc/0x160
[<ffffffff802cf3e8>] check_bytes_and_report+0xb8/0xe0
[<ffffffff80246aee>] ? register_sched_domain_sysctl+0xce/0x470
[<ffffffff802d092a>] check_object+0x6a/0x270
[<ffffffff802d23df>] __slab_alloc+0x4df/0x590
[<ffffffff80246aee>] ? register_sched_domain_sysctl+0xce/0x470
[<ffffffff80246aee>] ? register_sched_domain_sysctl+0xce/0x470
[<ffffffff802d3c90>] __kmalloc_track_caller+0x100/0x110
[<ffffffff802b20f5>] kstrdup+0x45/0x120
[<ffffffff80246aee>] register_sched_domain_sysctl+0xce/0x470
[<ffffffff819dd5fa>] sched_init_smp+0x9a/0x280
[<ffffffff819d239a>] ? native_smp_cpus_done+0x1aa/0x2b0
[<ffffffff819c5fd0>] kernel_init+0x170/0x240
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff802134b9>] child_rip+0xa/0x11
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5140>] ? early_idt_handler+0x0/0x73
[<ffffffff819c5e60>] ? kernel_init+0x0/0x240
[<ffffffff802134af>] ? child_rip+0x0/0x11
FIX kmalloc-8: Restoring 0xffff88003f807378-0xffff88003f80737f=0xbb
FIX kmalloc-8: Marking all objects used
calling init_cpufreq_transition_notifier_list+0x0/0x20 @ 1
initcall init_cpufreq_transition_notifier_list+0x0/0x20 returned 0 after 0 usecs
calling net_ns_init+0x0/0x180 @ 1
net_namespace: 728 bytes
initcall net_ns_init+0x0/0x180 returned 0 after 3906 usecs
calling cpufreq_tsc+0x0/0x40 @ 1
initcall cpufreq_tsc+0x0/0x40 returned 0 after 0 usecs
calling init_smp_flush+0x0/0x80 @ 1
initcall init_smp_flush+0x0/0x80 returned 0 after 0 usecs
calling print_banner+0x0/0x10 @ 1
Booting paravirtualized kernel on bare hardware
initcall print_banner+0x0/0x10 returned 0 after 3906 usecs
calling sysctl_init+0x0/0x40 @ 1
initcall sysctl_init+0x0/0x40 returned 0 after 0 usecs
calling ksysfs_init+0x0/0xc0 @ 1
initcall ksysfs_init+0x0/0xc0 returned 0 after 0 usecs
calling init_jiffies_clocksource+0x0/0x20 @ 1
initcall init_jiffies_clocksource+0x0/0x20 returned 0 after 0 usecs
calling pm_init+0x0/0x40 @ 1
initcall pm_init+0x0/0x40 returned 0 after 0 usecs
View attachment "config" of type "text/plain" (55950 bytes)
Powered by blists - more mailing lists