| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110419214747.GA2965@joi.lan> Date: Tue, 19 Apr 2011 23:47:47 +0200 From: Marcin Slusarz <marcin.slusarz@...il.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Kyle Spaans <kspaans@...terloo.ca>, linux-kernel@...r.kernel.org, Dominik Brodowski <linux@...inikbrodowski.net>, Ben Skeggs <bskeggs@...hat.com>, airlied@...hat.com, dri-devel@...ts.freedesktop.org, mjg@...hat.com, maciej.rutecki@...il.com, nouveau@...ts.freedesktop.org, Nigel Cunningham <lkml@...elcunningham.com.au>, Nick Piggin <npiggin@...il.com> Subject: Re: 2.6.39-rc1 nouveau(?) regression (bisected) On Mon, Apr 18, 2011 at 01:27:10PM -0700, Linus Torvalds wrote: > On Mon, Apr 18, 2011 at 1:02 PM, Marcin Slusarz > <marcin.slusarz@...il.com> wrote: > > > > It's some nasty corruption: > > Looks like something wrote 0xffffffff to free'd memory. > > Enabling DEBUG_PAGEALLOC *might* show where it happens. > > > > > [ 6.523867] ============================================================================= > > [ 6.523916] BUG sysfs_dir_cache: Poison overwritten > > [ 6.523949] ----------------------------------------------------------------------------- > > [ 6.523950] > > [ 6.524016] INFO: 0xffff8801bb47df4c-0xffff8801bb47df4f. First byte 0xff instead of 0x6b > > [ 6.524061] INFO: Slab 0xffffea00060f7b58 objects=22 used=21 fp=0xffff8801bb47df18 flags=0x80000000000000c1 > > [ 6.524110] INFO: Object 0xffff8801bb47df18 @offset=3864 fp=0x (null) > > [ 6.524111] > > [ 6.524170] Bytes b4 0xffff8801bb47df08: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ > > [ 6.524516] Object 0xffff8801bb47df18: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk > > [ 6.524862] Object 0xffff8801bb47df28: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk > > [ 6.525208] Object 0xffff8801bb47df38: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk > > [ 6.525556] Object 0xffff8801bb47df48: 6b 6b 6b 6b ff ff ff ff 6b 6b 6b 6b 6b 6b 6b 6b kkkk<FF><FF><FF><FF>kkkkkkkk > > So here the 0xffffffff is pretty obvious. > > > and in another boot: > > > > [ 6.704786] BUG: unable to handle kernel paging request at ffffffffbc70b058 > > Here it is less obvious, but it was _probably_ a regular kernel > pointer of the type 0xffff8801bc70b058 before the high bits were > overwritten by a 0xffffffff. > > So then sysfs_refresh_inode() follows that pointer, and crashes. > > Just a guess, obviously, but it looks rather likely. Thanks. It helped a bit. I'll send two patches in response to this message, one of which fixes this bug. Marcin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists