lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080419111719.GA6724@martell.zuzino.mipt.ru>
Date:	Sat, 19 Apr 2008 15:17:19 +0400
From:	Alexey Dobriyan <adobriyan@...il.com>
To:	Christoph Lameter <clameter@....com>
Cc:	Pekka Enberg <penberg@...helsinki.fi>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: 2.6.25-rc8-mm2: FIX kmalloc-2048 (was Re: 2.6.25-rc8-mm2: IP:
	[<ffffffff802868f9>] __kmalloc+0x69/0x110)

On Mon, Apr 14, 2008 at 01:05:09PM -0700, Christoph Lameter wrote:
> On Mon, 14 Apr 2008, Alexey Dobriyan wrote:
> 
> > I can reproduce semi-reliably (by kernel standards) corruption in
> > kmalloc-2048. No idea if this can explain all "struct file" related
> > oopses I saw, or SLUB free pointer corruption Pekka and Christoph are
> > looking into.
> 
> The slub free pointer corruption is usually a result of the overwrites.
> 
> > Bytes b4 0xffff81017ff9d2c0:  62 ea ff ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a
> >   Object 0xffff81017ff9d2d0:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
> >   Object 0xffff81017ff9d2e0:  6b 6b 00 18 f3 a2 9f 90 00 1b 38 af 22 49 08 00
> >   Object 0xffff81017ff9d2f0:  45 10 00 4c ff 59 40 00 40 11 86 ac c0 a8 00 2a
> >   Object 0xffff81017ff9d300:  50 fa a2 be 91 43 00 7b 00 38 54 d4 23 00 00 00
> >   Object 0xffff81017ff9d310:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> >   Object 0xffff81017ff9d320:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> >   Object 0xffff81017ff9d330:  00 00 00 00 4c ff 10 44 74 7f 6f 9d e4 c8 a2 4f
> >   Object 0xffff81017ff9d340:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> >  Redzone 0xffff81017ff9dad0:  bb bb bb bb bb bb bb bb
> >  Padding 0xffff81017ff9db10:  5a 5a 5a 5a 5a 5a 5a 5a
> > 
> > FIX kmalloc-2048: Restoring 0xffff81017ff9d2e2-0xffff81017ff9d8d9=0x6b
> 
> Looks like skb corruption. Would be helpful to have the complete output 
> though. Does the data in the restored range trigger any memories?

No.

I'm currently tracing this bug and 2.6.24 also has it. :-(

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ