From: Dave Jones <davej@redhat.com>
To: Linux Kernel <linux-kernel@vger.kernel.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Subject: sysfs_dir_cache slab corruption
Date: Thu, 7 Mar 2013 00:33:53 -0500 [thread overview]
Message-ID: <20130307053353.GA24287@redhat.com> (raw)
In-Reply-To: <20130307052854.GA23745@redhat.com>
And even more sysfs fallout (From a clean boot)..
=============================================================================
BUG sysfs_dir_cache (Not tainted): Poison overwritten
-----------------------------------------------------------------------------
Disabling lock debugging due to kernel taint
INFO: 0xffff8801239a85b8-0xffff8801239a85b8. First byte 0x69 instead of 0x6b
INFO: Allocated in sysfs_new_dirent+0x59/0x130 age=493166 cpu=3 pid=301
__slab_alloc+0x4ed/0x584
kmem_cache_alloc+0x2c0/0x330
sysfs_new_dirent+0x59/0x130
sysfs_add_file_mode+0x6b/0x110
sysfs_add_file+0x12/0x20
sysfs_create_file+0x26/0x30
load_module+0x1360/0x28d0
sys_init_module+0xd7/0x120
system_call_fastpath+0x16/0x1b
INFO: Freed in release_sysfs_dirent+0x81/0x100 age=10736 cpu=3 pid=8692
__slab_free+0x3c/0x3de
kmem_cache_free+0x362/0x380
release_sysfs_dirent+0x81/0x100
sysfs_dir_pos+0x46/0xf0
sysfs_readdir+0x9a/0x2b0
vfs_readdir+0xb8/0xf0
sys_getdents64+0x8f/0x110
system_call_fastpath+0x16/0x1b
INFO: Slab 0xffffea00048e6a00 objects=16 used=16 fp=0x (null) flags=0x5000000000004080
INFO: Object 0xffff8801239a85b8 @offset=1464 fp=0x (null)
Bytes b4 ffff8801239a85a8: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
Object ffff8801239a85b8: 69 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ikkkkkkkkkkkkkkk
Object ffff8801239a85c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8801239a85d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8801239a85e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8801239a85f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8801239a8608: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8801239a8618: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8801239a8628: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8801239a8638: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8801239a8648: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk.
Redzone ffff8801239a8658: bb bb bb bb bb bb bb bb ........
Padding ffff8801239a8798: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
Pid: 15728, comm: modprobe Tainted: G B 3.9.0-rc1+ #69
Call Trace:
[<ffffffff8118e81d>] ? print_section+0x3d/0x40
[<ffffffff8118f98e>] print_trailer+0xfe/0x160
[<ffffffff8118fb2f>] check_bytes_and_report+0xef/0x130
[<ffffffff81190126>] check_object+0x1c6/0x240
[<ffffffff81190989>] ? check_slab+0x89/0x130
[<ffffffff81235159>] ? sysfs_new_dirent+0x59/0x130
[<ffffffff816bb755>] alloc_debug_processing+0x67/0x109
[<ffffffff816bc2ee>] __slab_alloc+0x4ed/0x584
[<ffffffff81235159>] ? sysfs_new_dirent+0x59/0x130
[<ffffffff811926f0>] kmem_cache_alloc+0x2c0/0x330
[<ffffffff81235159>] ? sysfs_new_dirent+0x59/0x130
[<ffffffff81235159>] sysfs_new_dirent+0x59/0x130
[<ffffffff812343eb>] sysfs_add_file_mode+0x6b/0x110
[<ffffffff81237620>] internal_create_group+0xd0/0x210
[<ffffffff81237793>] sysfs_create_group+0x13/0x20
[<ffffffff810c71f1>] load_module+0x22d1/0x28d0
[<ffffffff81355570>] ? ddebug_proc_open+0xc0/0xc0
[<ffffffff810b24ae>] ? put_lock_stats.isra.23+0xe/0x40
[<ffffffff810c78c7>] sys_init_module+0xd7/0x120
[<ffffffff816cd942>] system_call_fastpath+0x16/0x1b
FIX sysfs_dir_cache: Restoring 0xffff8801239a85b8-0xffff8801239a85b8=0x6b
next prev parent reply other threads:[~2013-03-07 5:34 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-07 5:28 use after free in sysfs_find_dirent Dave Jones
2013-03-07 5:33 ` Dave Jones [this message]
2013-03-07 6:03 ` sysfs_dir_cache slab corruption Greg Kroah-Hartman
2013-03-07 6:02 ` use after free in sysfs_find_dirent Greg Kroah-Hartman
2013-03-07 6:26 ` Dave Jones
2013-03-13 11:47 ` Ming Lei
2013-03-15 4:03 ` Sasha Levin
2013-03-15 5:04 ` Sasha Levin
2013-03-15 7:38 ` Ming Lei
2013-03-15 16:27 ` Sasha Levin
2013-03-16 12:39 ` Hillf Danton
2013-03-16 13:30 ` Ming Lei
2013-03-16 15:07 ` Sasha Levin
2013-03-16 15:22 ` Ming Lei
2013-03-16 15:58 ` Ming Lei
2013-03-16 18:33 ` Sasha Levin
2013-03-17 1:02 ` Ming Lei
2013-03-17 14:24 ` Sasha Levin
2013-03-17 16:23 ` Ming Lei
2013-03-19 2:06 ` Sasha Levin
2013-03-19 3:40 ` Ming Lei
2013-03-19 11:54 ` Ming Lei
2013-03-19 16:28 ` Sasha Levin
2013-03-20 1:02 ` Ming Lei
2013-03-20 14:34 ` Sasha Levin
2013-03-20 17:17 ` Greg Kroah-Hartman
2013-03-16 15:59 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130307053353.GA24287@redhat.com \
--to=davej@redhat.com \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.