From: Kevin Winchester <kjwinchester@gmail.com>
To: Christoph Lameter <clameter@sgi.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org, herbert@gondor.apana.org.au
Subject: Re: 2.6.21-mm1 and now 2.6.21-git: SLUB Crashes on boot - crypto?
Date: Tue, 08 May 2007 21:58:09 -0300 [thread overview]
Message-ID: <46411CA1.8060506@gmail.com> (raw)
In-Reply-To: <Pine.LNX.4.64.0705081639570.16372@schroedinger.engr.sgi.com>
Christoph Lameter wrote:
> On Tue, 8 May 2007, Kevin Winchester wrote:
>
>
>> Here's the dmesg of the slub_debug run, I'll try the patch next:
>>
>
> Ok someone wrote to an object after it was freed. Not slubs problem.
>
>
>> [ 1.367129] Object 0xffff810001bdecd0: 80 b7 b1 01 00 81 ff ff 6b 6b
>> 6b 6b 6b 6b 6b 6b .·±...kkkkkkkk
>>
>
> The first 8 bytes of the freed object were overwritten.
>
>
>> [ 1.374455] Last alloc: cryptomgr_notify+0x28/0x190 jiffies_ago=0 cpu=0
>> pid=1
>> [ 1.374611] Last free : cryptomgr_probe+0x85/0xb0 jiffies_ago=0 cpu=0
>> pid=405
>>
>
> Here are some potential candidates that have recently handled the object.
> That was less than a jiffy ago. So very recent.
>
>
Not having any idea what I'm doing, I looked at cryptomgr_probe and
cryptomgr_notify, and can't seem to see much, except for the following
odd lines.
From cryptomgr_schedule_probe, which is almost certainly inlined into
crypto_notify:
-----
param = kzalloc(sizeof(*param), GFP_KERNEL);
...
param->thread = kthread_run(cryptomgr_probe, param, "cryptomgr");
if (IS_ERR(param->thread))
goto err_free_param;
return NOTIFY_STOP;
err_free_param:
kfree(param);
err_put_module:
module_put(THIS_MODULE);
err:
return NOTIFY_OK;
-----
while cryptomgr_probe does (with a local variable param that points to
the same data):
-----
...
if (err)
goto err;
out:
kfree(param);
module_put_and_exit(0);
-----
Now perhaps I am wrong, but would it be possible for the kthread_run()
call to cause cryptomgr_probe to run before the return result is stored
into param->thread? That would mean that param would be accessed after
freeing.
<changes thread to a local variable in the cryptomgr_schedule_probe
method...compile...test...still fails>
I guess that's not it.
Any thoughts on what might be the cause of this (I've added Herbert Xu
to the CC list since he seems to be the crypto maintainer)?
I'll try to add some printk's in there to see if that enlightens me.
Kevin
next prev parent reply other threads:[~2007-05-09 0:58 UTC|newest]
Thread overview: 121+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-05 8:49 2.6.21-mm1 Andrew Morton
2007-05-05 10:36 ` 2.6.21-mm1 Pekka Enberg
2007-05-05 17:18 ` 2.6.21-mm1 Gabriel C
2007-05-05 10:54 ` 2.6.21-mm1 Gabriel C
2007-05-05 12:14 ` [-mm patch] mutex.h bogus __must_check (was Re: 2.6.21-mm1) Frederik Deweerdt
2007-05-05 18:31 ` Andrew Morton
2007-05-05 15:48 ` 2.6.21-mm1 Maciej Rutecki
2007-05-05 18:48 ` 2.6.21-mm1 Andrew Morton
2007-05-05 21:48 ` 2.6.21-mm1 Michael Buesch
2007-05-05 22:25 ` 2.6.21-mm1 John W. Linville
2007-05-05 16:09 ` 2.6.21-mm1 Gabriel C
2007-05-05 16:44 ` [-mm patch] fix fs/nfs/nfsroot.c compile error Adrian Bunk
2007-05-05 17:20 ` Trond Myklebust
2007-05-05 17:27 ` Trond Myklebust
2007-05-07 10:47 ` David Howells
2007-05-07 10:56 ` Adrian Bunk
2007-05-07 13:12 ` Trond Myklebust
2007-05-07 15:49 ` David Howells
2007-05-05 17:00 ` [-mm patch] fix unionfs compilation Adrian Bunk
2007-05-05 18:57 ` Andrew Morton
2007-05-05 19:09 ` Adrian Bunk
2007-05-05 19:13 ` Josef Sipek
2007-05-05 19:22 ` Andrew Morton
2007-05-05 19:19 ` Pekka Enberg
2007-05-05 19:23 ` Josef Sipek
2007-05-05 20:31 ` Josef Sipek
2007-05-05 17:19 ` [-mm patch] drivers/battery/olpc_battery.c: fix compilation Adrian Bunk
2007-05-05 17:30 ` [-mm patch] the OLPC laptop is not available for $100 Adrian Bunk
2007-05-06 21:04 ` Anton Vorontsov
2007-05-05 18:10 ` 2.6.21-mm1 Valdis.Kletnieks
2007-05-05 20:29 ` acpi_handle is intel only Olaf Hering
2007-05-08 6:11 ` Zhang, Yanmin
2007-05-05 20:38 ` cpufreq_set_policy [arch/powerpc/platforms/cell/cbe_cpufreq.ko] undefined! Olaf Hering
2007-05-05 21:13 ` [-mm patch] do_revoke error handling (was Re: 2.6.21-mm1) Frederik Deweerdt
2007-05-05 21:23 ` Pekka J Enberg
2007-05-05 21:47 ` Frederik Deweerdt
2007-05-06 9:12 ` Pekka Enberg
2007-05-05 23:22 ` 2.6.21-mm1 Simon Arlott
[not found] ` <a8f16e2b0705052130g37307df1vb7bd8a178d3130a@mail.gmail.com>
2007-05-06 4:33 ` 2.6.21-mm1 Dan Kruchinin
2007-05-06 20:44 ` 2.6.21-mm1 Sam Ravnborg
2007-05-06 20:55 ` 2.6.21-mm1 Andrew Morton
2007-05-06 22:01 ` 2.6.21-mm1 Williams, Dan J
2007-05-06 15:00 ` Fwd: 2.6.21-mm1 Simon Arlott
2007-05-06 20:23 ` 2.6.21-mm1 Sam Ravnborg
2007-05-06 6:49 ` 2.6.21-mm1 Valdis.Kletnieks
2007-05-06 20:57 ` 2.6.21-mm1 Sam Ravnborg
2007-05-06 21:08 ` 2.6.21-mm1 Andrew Morton
2007-05-06 21:27 ` 2.6.21-mm1 Sam Ravnborg
2007-05-06 9:03 ` [-mm patch] get_unmapped_area: remove now unused ret variable (was Re: 2.6.21-mm1) Frederik Deweerdt
2007-05-06 21:45 ` Benjamin Herrenschmidt
2007-05-06 14:59 ` 2.6.21-mm1 Simon Arlott
2007-05-06 20:08 ` 2.6.21-mm1 Andrew Morton
2007-05-06 21:04 ` 2.6.21-mm1 Satyam Sharma
2007-05-06 21:13 ` 2.6.21-mm1 Satyam Sharma
2007-05-06 21:22 ` 2.6.21-mm1 Andrew Morton
2007-05-06 21:13 ` 2.6.21-mm1 Simon Arlott
2007-05-06 19:00 ` 2.6.21-mm1: DRM does kmalloc(0) sometimes? Alexey Dobriyan
2007-05-06 19:30 ` [BUG] mixing 8250/16550 and AT91 serial ports causes oops Ryan Ordway
2007-05-06 20:05 ` Russell King
2007-05-06 20:36 ` 2.6.21-mm1 Simon Arlott
2007-05-06 20:54 ` 2.6.21-mm1 Andrew Morton
2007-05-06 21:07 ` 2.6.21-mm1 Simon Arlott
2007-05-07 22:58 ` sleeping function called from invalid context at block/cfq-iosched.c (Was: Re: 2.6.21-mm1) Simon Arlott
2007-05-07 23:23 ` Andrew Morton
2007-05-07 23:30 ` Simon Arlott
2007-05-07 23:33 ` Andrew Morton
2007-05-08 4:31 ` Jeremy Fitzhardinge
2007-05-08 5:24 ` Andrew Morton
2007-05-08 5:31 ` William Lee Irwin III
2007-05-08 5:37 ` Andrew Morton
2007-05-08 6:03 ` William Lee Irwin III
2007-05-08 8:59 ` Andi Kleen
2007-05-08 10:46 ` William Lee Irwin III
2007-05-08 5:38 ` Jeremy Fitzhardinge
2007-05-08 6:18 ` David Chinner
2007-05-08 8:28 ` Jan Engelhardt
2007-05-07 10:35 ` [PATCH] drivers/macintosh: remove default y from Kconfig (was: " Borislav Petkov
2007-05-08 8:33 ` Jan Engelhardt
2007-05-08 20:16 ` Borislav Petkov
2007-05-07 11:04 ` 2.6.21-mm1 Cornelia Huck
2007-05-07 16:06 ` 2.6.21-mm1 J.A. Magallón
2007-05-08 9:46 ` 2.6.21-mm1 -- x86 verify_cpu.S compile failure Andy Whitcroft
2007-05-08 15:24 ` Andi Kleen
2007-05-09 8:49 ` Andy Whitcroft
2007-05-09 16:06 ` Andy Whitcroft
2007-05-10 8:33 ` Andy Whitcroft
2007-05-08 13:04 ` 2.6.21-mm1 Andy Whitcroft
2007-05-08 16:07 ` 2.6.21-mm1 Christoph Lameter
2007-05-08 17:22 ` kmem_cache_init failure (was Re: 2.6.21-mm1) Frederik Deweerdt
2007-05-08 19:35 ` Andrew Morton
2007-05-08 22:12 ` Andi Kleen
2007-05-08 23:47 ` Frederik Deweerdt
2007-05-09 7:40 ` Jan Beulich
2007-05-09 9:00 ` Andi Kleen
2007-05-09 12:26 ` Frederik Deweerdt
2007-05-09 18:04 ` Frederik Deweerdt
2007-05-08 22:48 ` 2.6.21-mm1 and now 2.6.21-git: SLUB Crashes on boot Kevin Winchester
2007-05-08 23:04 ` Christoph Lameter
2007-05-08 23:33 ` Kevin Winchester
2007-05-08 23:43 ` Christoph Lameter
2007-05-09 0:58 ` Kevin Winchester [this message]
2007-05-09 3:02 ` 2.6.21-mm1 and now 2.6.21-git: SLUB Crashes on boot - crypto? Herbert Xu
2007-05-10 11:10 ` Kevin Winchester
2007-05-14 17:38 ` Luca Tettamanti
2007-05-15 1:43 ` Herbert Xu
2007-05-15 18:52 ` Luca Tettamanti
2007-05-18 3:19 ` Herbert Xu
2007-05-18 12:09 ` Luca
2007-05-18 13:14 ` Herbert Xu
2007-05-18 19:16 ` Luca Tettamanti
2007-05-18 20:48 ` Chuck Ebbert
2007-05-19 4:50 ` Herbert Xu
2007-05-17 17:46 ` Luca Tettamanti
2007-05-17 19:20 ` Luca
2007-05-08 23:57 ` 2.6.21-mm1 and now 2.6.21-git: SLUB Crashes on boot Christoph Lameter
2007-05-08 23:08 ` Christoph Lameter
2007-06-14 8:25 ` mach64 breakage in 2.6.22 Olaf Hering
2007-06-14 17:36 ` Ville Syrjälä
2007-06-18 14:45 ` Olaf Hering
2007-06-21 17:25 ` Ville Syrjälä
2007-06-22 16:06 ` Olaf Hering
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46411CA1.8060506@gmail.com \
--to=kjwinchester@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=clameter@sgi.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox