From: Eric Sandeen <sandeen@redhat.com>
To: Nick Piggin <npiggin@kernel.dk>
Cc: linux-ext4@vger.kernel.org, zeng.zhaoming@freescale.com
Subject: Re: [bug] ext4 bug
Date: Tue, 23 Nov 2010 09:00:37 -0600 [thread overview]
Message-ID: <4CEBD715.3070405@redhat.com> (raw)
In-Reply-To: <20101123093201.GA4131@amd>
On 11/23/10 3:32 AM, Nick Piggin wrote:
> Hi,
>
> Got a couple of ext4 bugs. modprobe ext4 ; # use it ; rmmod ext4 ;
> modprobe ext4 reproduced it twice.
>
> Seems to not deallocate the kobject stuff properly, and then probably
> something in an error path is doing a double free and corrupting stuff.
have a look at
http://www.spinics.net/lists/linux-ext4/msg21890.html
> ext4 allocate memory for cache name by:
> namep = kstrdup(name, GFP_KERNEL);
> and reclaim it by:
> name = kmem_cache_name(cache);
> kfree(name)
>
> This is ok if allocator only reference to the cache name memory, and return
> the name memory pass to kmem_cache_create() by kmem_cache_name();
> But not true in slub, when using slub, memory leak and double free error appears.
-Eric
>
> [ 1234.475241]
> =============================================================================
> [ 1234.475503] BUG kmalloc-32: Object already free
> [ 1234.475665]
> -----------------------------------------------------------------------------
> [ 1234.475668]
> [ 1234.476076] INFO: Allocated in kmem_cache_create+0x65/0x2d0
> age=1104271 cpu=0 pid=1492
> [ 1234.476332] INFO: Freed in kmem_cache_release+0x16/0x30 age=1 cpu=13
> pid=27603
> [ 1234.476584] INFO: Slab 0xffffea0003cf5cd8 objects=39 used=9
> fp=0xffff880116acd750 flags=0x40000000000000c1
> [ 1234.476842] INFO: Object 0xffff880116acd6e8 @offset=1768
> fp=0xffff880116acd478
> [ 1234.476845]
> [ 1234.477244] Bytes b4 0xffff880116acd6d8: 00 00 00 00 00 00 00 00 5a
> 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
> [ 1234.478696] Object 0xffff880116acd6e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
> 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
> [ 1234.480152] Object 0xffff880116acd6f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b
> 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk?
> [ 1234.481604] Redzone 0xffff880116acd708: bb bb bb bb bb bb bb bb
> ????????
> [ 1234.483059] Padding 0xffff880116acd748: 5a 5a 5a 5a 5a 5a 5a 5a
> ZZZZZZZZ
> [ 1234.484512] Pid: 27603, comm: rmmod Not tainted 2.6.37-rc3+ #27
> [ 1234.484679] Call Trace:
> [ 1234.484837] [<ffffffff8110bb1e>] print_trailer+0xfe/0x160
> [ 1234.485025] [<ffffffffa00626a7>] ? ext4_exit_mballoc+0x67/0x80
> [ext4]
> [ 1234.485196] [<ffffffff8110bbbc>] object_err+0x3c/0x50
> [ 1234.485362] [<ffffffff8110e015>] free_debug_processing+0x1f5/0x250
> [ 1234.485546] [<ffffffffa00626a7>] ? ext4_exit_mballoc+0x67/0x80
> [ext4]
> [ 1234.485719] [<ffffffff8110e5d4>] __slab_free+0x1b4/0x1e0
> [ 1234.485891] [<ffffffff8110e71c>] kfree+0x11c/0x1c0
> [ 1234.486071] [<ffffffffa00626a7>] ? ext4_exit_mballoc+0x67/0x80
> [ext4]
> [ 1234.486258] [<ffffffffa00626a7>] ext4_exit_mballoc+0x67/0x80 [ext4]
> [ 1234.486444] [<ffffffffa0070e23>] ext4_exit_fs+0xfb/0x12e [ext4]
> [ 1234.486619] [<ffffffff81083b4d>] ? trace_hardirqs_on+0xd/0x10
> [ 1234.486791] [<ffffffff810904ea>] sys_delete_module+0x17a/0x270
> [ 1234.486964] [<ffffffff816036ad>] ? retint_swapgs+0xe/0x13
> [ 1234.487133] [<ffffffff81083afd>] ?
> trace_hardirqs_on_caller+0x13d/0x180
> [ 1234.487306] [<ffffffff8100312b>] system_call_fastpath+0x16/0x1b
> [ 1234.487477] FIX kmalloc-32: Object at 0xffff880116acd6e8 not freed
> [ 1243.592427] ------------[ cut here ]------------
> [ 1243.592595] WARNING: at fs/sysfs/dir.c:451 sysfs_add_one+0xce/0x200()
> [ 1243.592757] Hardware name: S5520UR
> [ 1243.592921] sysfs: cannot create duplicate filename '/fs/ext4'
> [ 1243.593081] Modules linked in: ext4(+) jbd2 crc16 brd [last unloaded:
> ext4]
> [ 1243.593642] Pid: 27865, comm: modprobe Not tainted 2.6.37-rc3+ #27
> [ 1243.593800] Call Trace:
> [ 1243.593964] [<ffffffff810497ea>] warn_slowpath_common+0x7a/0xb0
> [ 1243.594129] [<ffffffff810498c1>] warn_slowpath_fmt+0x41/0x50
> [ 1243.594289] [<ffffffff8118c35e>] sysfs_add_one+0xce/0x200
> [ 1243.594447] [<ffffffff8118c50c>] create_dir+0x7c/0xd0
> [ 1243.594607] [<ffffffff8118c5dc>] sysfs_create_dir+0x7c/0xd0
> [ 1243.594771] [<ffffffff8127949b>] kobject_add_internal+0xab/0x1f0
> [ 1243.594954] [<ffffffff8127960f>] kset_register+0x2f/0x60
> [ 1243.595118] [<ffffffff81279c9f>] kset_create_and_add+0x8f/0x1c0
> [ 1243.595287] [<ffffffffa00ff11e>] ? ext4_init_fs+0x0/0x139 [ext4]
> [ 1243.595454] [<ffffffffa00ff15a>] ext4_init_fs+0x3c/0x139 [ext4]
> [ 1243.595617] [<ffffffff810001de>] do_one_initcall+0x3e/0x180
> [ 1243.595780] [<ffffffff81093ba2>] sys_init_module+0xb2/0x200
> [ 1243.595949] [<ffffffff8100312b>] system_call_fastpath+0x16/0x1b
> [ 1243.596113] ---[ end trace 8766368be9c85c43 ]---
> [ 1243.596279] kobject_add_internal failed for ext4 with -EEXIST, don't
> try to register things with the same name in the same directory.
> [ 1243.596538] Pid: 27865, comm: modprobe Tainted: G W
> 2.6.37-rc3+ #27
> [ 1243.596711] Call Trace:
> [ 1243.596865] [<ffffffff8127953c>] kobject_add_internal+0x14c/0x1f0
> [ 1243.597043] [<ffffffff8127960f>] kset_register+0x2f/0x60
> [ 1243.597208] [<ffffffff81279c9f>] kset_create_and_add+0x8f/0x1c0
> [ 1243.597377] [<ffffffffa00ff11e>] ? ext4_init_fs+0x0/0x139 [ext4]
> [ 1243.597545] [<ffffffffa00ff15a>] ext4_init_fs+0x3c/0x139 [ext4]
> [ 1243.597710] [<ffffffff810001de>] do_one_initcall+0x3e/0x180
> [ 1243.597872] [<ffffffff81093ba2>] sys_init_module+0xb2/0x200
> [ 1243.598085] [<ffffffff8100312b>] system_call_fastpath+0x16/0x1b
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2010-11-23 15:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-23 9:32 [bug] ext4 bug Nick Piggin
2010-11-23 15:00 ` Eric Sandeen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CEBD715.3070405@redhat.com \
--to=sandeen@redhat.com \
--cc=linux-ext4@vger.kernel.org \
--cc=npiggin@kernel.dk \
--cc=zeng.zhaoming@freescale.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.