| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.02.1108171813460.11234@p34.internal.lan> Date: Wed, 17 Aug 2011 18:13:59 -0400 (EDT) From: Justin Piszcz <jpiszcz@...idpixels.com> To: Arnaud Lacombe <lacombar@...il.com> cc: Jeff Layton <jlayton@...ba.org>, Jesper Juhl <jj@...osbits.net>, linux-kernel@...r.kernel.org, Alan Piszcz <ap@...arrain.com>, Steve French <sfrench@...ba.org>, linux-cifs@...r.kernel.org Subject: Re: Kernel 3.0: Instant kernel crash when mounting CIFS (also crashes with linux-3.1-rc2 On Wed, 17 Aug 2011, Justin Piszcz wrote: > > > On Wed, 17 Aug 2011, Arnaud Lacombe wrote: > >> Hi, >> >> On Wed, Aug 17, 2011 at 4:45 PM, Justin Piszcz <jpiszcz@...idpixels.com> >> wrote: >>> >>> >>> On Wed, 17 Aug 2011, Jeff Layton wrote: >>> >>>> The crash is happening in the bowels of the slab allocator. >>>> Specifically, it looks like it's hitting this: >>>> >>>> /* >>>> * The slab was either on partial or free list so >>>> * there must be at least one object available for >>>> * allocation. >>>> */ >>>> BUG_ON(slabp->inuse >= cachep->num); >>>> >>>> ...which looks like maybe the accounting of in-use objects is off. This >>>> really sounds like some sort of memory corruption. I've not been able >>>> to reproduce this so far, but I also had someone report panic here that >>>> might be related: >>>> >>>> https://bugzilla.redhat.com/show_bug.cgi?id=731278 Hi, Got a better one here: [ 98.386992] CIFS VFS: cifs_mount failed w/return code = -22 [ 562.565161] CIFS VFS: cifs_mount failed w/return code = -22 [ 596.277441] ------------[ cut here ]------------ [ 596.277450] kernel BUG at mm/slab.c:3111! [ 596.277456] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC [ 596.277463] CPU 2 [ 596.277466] Modules linked in: rfcomm bnep bluetooth speedstep_lib cryptd aes_x86_64 aes_generic configfs ath9k mac80211 ath9k_common ath9k_hw ohci_hcd ssb ath mmc_core cfg80211 shpchp uvcvideo i2c_piix4 videodev v4l2_compat_ioctl32 pci_hotplug wmi pcmcia rfkill pcmcia_core edac_core k10temp edac_mce_amd video battery ac [ 596.277517] [ 596.277523] Pid: 4157, comm: ps Not tainted 3.1.0-rc2 #3 Acer Aspire 7551 /Aspire 7551 [ 596.277536] RIP: 0010:[<ffffffff816464a6>] [<ffffffff816464a6>] cache_alloc_refill+0x111/0x4a6 [ 596.277554] RSP: 0018:ffff88012e231b88 EFLAGS: 00010046 [ 596.277559] RAX: ffff8801394d5000 RBX: ffff88013f000080 RCX: 0000000000000033 [ 596.277565] RDX: 0000000000000070 RSI: dead000000200200 RDI: 0000000000000009 [ 596.277570] RBP: ffff88012e231be8 R08: 000000000000005f R09: ffff88013f004450 [ 596.277576] R10: ffff88013f004460 R11: ffff88012e231d80 R12: 00000000000000d0 [ 596.277581] R13: ffff88013f0d1400 R14: 00000000000000d0 R15: ffff88013f004440 [ 596.277588] FS: 00007f8bf016c700(0000) GS:ffff88013fd00000(0000) knlGS:0000000000000000 [ 596.277594] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 596.277599] CR2: 00007f8befd44328 CR3: 000000012e27b000 CR4: 00000000000006e0 [ 596.277605] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 596.277610] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 596.277616] Process ps (pid: 4157, threadinfo ffff88012e230000, task ffff88013f3f78d0) [ 596.277621] Stack: [ 596.277624] ffff88013f045c00 ffff88010000003c ffff88012e231bb8 ffff88012f491088 [ 596.277635] 000000d02e231bc8 0000001000000000 ffff88012f491118 ffff880132266a40 [ 596.277645] 00000000000000d0 0000000000000202 ffff88013f000080 ffff880132266a40 [ 596.277654] Call Trace: [ 596.277666] [<ffffffff810ae0e6>] kmem_cache_alloc+0x76/0xa0 [ 596.277675] [<ffffffff8110bb80>] ? meminfo_proc_open+0x30/0x30 [ 596.277684] [<ffffffff810d58e2>] single_open+0x32/0xa0 [ 596.277694] [<ffffffff8110a095>] ? proc_lookup_de+0xa5/0x100 [ 596.277701] [<ffffffff8110bb65>] meminfo_proc_open+0x15/0x30 [ 596.277709] [<ffffffff811044e8>] proc_reg_open+0x88/0x150 [ 596.277717] [<ffffffff810d4c50>] ? seq_release_private+0x50/0x50 [ 596.277726] [<ffffffff81104460>] ? proc_alloc_inode+0xa0/0xa0 [ 596.277735] [<ffffffff810b5339>] __dentry_open.isra.17+0xf9/0x2d0 [ 596.277744] [<ffffffff810b625e>] nameidata_to_filp+0x4e/0x60 [ 596.277753] [<ffffffff810c4804>] do_last.isra.48+0x204/0x830 [ 596.277760] [<ffffffff810c50a6>] path_openat+0xc6/0x370 [ 596.277769] [<ffffffff8109a965>] ? handle_mm_fault+0x165/0x300 [ 596.277776] [<ffffffff810c53ad>] do_filp_open+0x3d/0xa0 [ 596.277786] [<ffffffff810d0697>] ? alloc_fd+0x47/0x130 [ 596.277795] [<ffffffff810b6362>] do_sys_open+0xf2/0x1d0 [ 596.277803] [<ffffffff810b645b>] sys_open+0x1b/0x20 [ 596.277812] [<ffffffff8164debb>] system_call_fastpath+0x16/0x1b [ 596.277817] Code: 00 e9 d2 00 00 00 49 8b 07 49 39 c7 75 15 49 8b 47 20 41 c7 47 60 01 00 00 00 4c 39 d0 0f 84 ad 00 00 00 8b 53 18 39 50 20 72 2f <0f> 0b 44 8b 40 24 8b 53 0c ff c6 41 8b 7d 00 89 70 20 41 0f af [ 596.277879] RIP [<ffffffff816464a6>] cache_alloc_refill+0x111/0x4a6 [ 596.277888] RSP <ffff88012e231b88> [ 596.277894] ---[ end trace 01e175dd97a8992b ]--- Justin.
Powered by blists - more mailing lists