lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130307060328.GB31738@kroah.com>
Date:	Thu, 7 Mar 2013 14:03:28 +0800
From:	Greg Kroah-Hartman <greg@...ah.com>
To:	Dave Jones <davej@...hat.com>,
	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: sysfs_dir_cache slab corruption

On Thu, Mar 07, 2013 at 12:33:53AM -0500, Dave Jones wrote:
> And even more sysfs fallout (From a clean boot)..
> 
> =============================================================================
> BUG sysfs_dir_cache (Not tainted): Poison overwritten
> -----------------------------------------------------------------------------
> 
> Disabling lock debugging due to kernel taint
> INFO: 0xffff8801239a85b8-0xffff8801239a85b8. First byte 0x69 instead of 0x6b
> INFO: Allocated in sysfs_new_dirent+0x59/0x130 age=493166 cpu=3 pid=301
> 	__slab_alloc+0x4ed/0x584
> 	kmem_cache_alloc+0x2c0/0x330
> 	sysfs_new_dirent+0x59/0x130
> 	sysfs_add_file_mode+0x6b/0x110
> 	sysfs_add_file+0x12/0x20
> 	sysfs_create_file+0x26/0x30
> 	load_module+0x1360/0x28d0
> 	sys_init_module+0xd7/0x120
> 	system_call_fastpath+0x16/0x1b
> INFO: Freed in release_sysfs_dirent+0x81/0x100 age=10736 cpu=3 pid=8692
> 	__slab_free+0x3c/0x3de
> 	kmem_cache_free+0x362/0x380
> 	release_sysfs_dirent+0x81/0x100
> 	sysfs_dir_pos+0x46/0xf0
> 	sysfs_readdir+0x9a/0x2b0
> 	vfs_readdir+0xb8/0xf0
> 	sys_getdents64+0x8f/0x110
> 	system_call_fastpath+0x16/0x1b
> INFO: Slab 0xffffea00048e6a00 objects=16 used=16 fp=0x          (null) flags=0x5000000000004080
> INFO: Object 0xffff8801239a85b8 @offset=1464 fp=0x          (null)
> 
> Bytes b4 ffff8801239a85a8: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a  ........ZZZZZZZZ
> Object ffff8801239a85b8: 69 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  ikkkkkkkkkkkkkkk
> Object ffff8801239a85c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
> Object ffff8801239a85d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
> Object ffff8801239a85e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
> Object ffff8801239a85f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
> Object ffff8801239a8608: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
> Object ffff8801239a8618: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
> Object ffff8801239a8628: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
> Object ffff8801239a8638: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
> Object ffff8801239a8648: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5  kkkkkkkkkkkkkkk.
> Redzone ffff8801239a8658: bb bb bb bb bb bb bb bb                          ........
> Padding ffff8801239a8798: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ
> Pid: 15728, comm: modprobe Tainted: G    B        3.9.0-rc1+ #69
> Call Trace:
>  [<ffffffff8118e81d>] ? print_section+0x3d/0x40
>  [<ffffffff8118f98e>] print_trailer+0xfe/0x160
>  [<ffffffff8118fb2f>] check_bytes_and_report+0xef/0x130
>  [<ffffffff81190126>] check_object+0x1c6/0x240
>  [<ffffffff81190989>] ? check_slab+0x89/0x130
>  [<ffffffff81235159>] ? sysfs_new_dirent+0x59/0x130
>  [<ffffffff816bb755>] alloc_debug_processing+0x67/0x109
>  [<ffffffff816bc2ee>] __slab_alloc+0x4ed/0x584
>  [<ffffffff81235159>] ? sysfs_new_dirent+0x59/0x130
>  [<ffffffff811926f0>] kmem_cache_alloc+0x2c0/0x330
>  [<ffffffff81235159>] ? sysfs_new_dirent+0x59/0x130
>  [<ffffffff81235159>] sysfs_new_dirent+0x59/0x130
>  [<ffffffff812343eb>] sysfs_add_file_mode+0x6b/0x110
>  [<ffffffff81237620>] internal_create_group+0xd0/0x210
>  [<ffffffff81237793>] sysfs_create_group+0x13/0x20
>  [<ffffffff810c71f1>] load_module+0x22d1/0x28d0
>  [<ffffffff81355570>] ? ddebug_proc_open+0xc0/0xc0
>  [<ffffffff810b24ae>] ? put_lock_stats.isra.23+0xe/0x40
>  [<ffffffff810c78c7>] sys_init_module+0xd7/0x120
>  [<ffffffff816cd942>] system_call_fastpath+0x16/0x1b
> FIX sysfs_dir_cache: Restoring 0xffff8801239a85b8-0xffff8801239a85b8=0x6b
> 

Hm, a module was being loaded.  Odd, I haven't seen this before, I'm
guessing that 3.8 doesn't show this, right?

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ