Re: [2.6.37-rc8] BUG kmalloc-256: Poison overwritten.

Previous thread: block device without page cache buffering by folkert on Thursday, December 30, 2010 - 7:37 am. (1 message)

Next thread: [2.6.37-rc8] BUG kmalloc-256: Poison overwritten. by Pawel Sikora on Thursday, December 30, 2010 - 8:08 am. (1 message)

[view original message]

From: Pekka Enberg

Subject: Re: [2.6.37-rc8] BUG kmalloc-256: Poison overwritten.

Date: Thursday, December 30, 2010 - 8:31 am

This looks like a use-after-free bug somewhere in drivers/md/raid10.c.

			Pekka

--

[ message continues ]

[view original message]

From: Pekka Enberg

Subject: Re: [2.6.37-rc8] BUG kmalloc-256: Poison overwritten.

Date: Thursday, December 30, 2010 - 8:59 am

Does reverting commit 4e78064f42ad474ce9c31760861f7fb0cfc22532 (&quot;md:
Fix possible deadlock with multiple mempool allocations.&quot;) fix the
problem?
--

[ message continues ]

[view original message]

From: =?utf-8?q?Pawe=C5=82_Sikora?=

Subject: Re: [2.6.37-rc8] BUG kmalloc-256: Poison overwritten.

Date: Thursday, December 30, 2010 - 12:39 pm

i think it's quite easy to reproduce this problem. here's a mini howto:

- setup two raid10 matrices.

[root@odra ~]# cat /proc/mdstat
Personalities : [raid1] [raid0] [raid10]
md3 : active raid10 sdd4[1] sdc4[0]
      424757248 blocks super 1.2 512K chunks 2 far-copies [2/2] [UU]
      [&gt;....................]  resync =  0.4% (1966592/424757248) finish=82.4min speed=85504K/sec

md2 : active raid10 sdb4[1] sda4[0]
      424757248 blocks super 1.2 512K chunks 2 far-copies [2/2] [UU]
      [&gt;....................]  resync =  0.5% (2446080/424757248) finish=97.1min speed=72432K/sec

- stop matrices.

[root@odra ~]# mdadm --stop /dev/md2
mdadm: stopped /dev/md2
[root@odra ~]# mdadm --stop /dev/md3
mdadm: stopped /dev/md3

- create raid0 on devices previously used by raid10.

[root@odra ~]# mdadm -C /dev/md2 -l 0 -n 4 /dev/sda4 /dev/sdb4 /dev/sdc4 /dev/sdd4

mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md2 started.

[root@odra ~]# cat /proc/mdstat
Personalities : [raid1] [raid0] [raid10]
md2 : active raid0 sdd4[3] sdc4[2] sdb4[1] sda4[0]
      1699028992 blocks super 1.2 512k chunks

- stop it.

[root@odra ~]# mdadm --stop /dev/md2
mdadm: stopped /dev/md2

- create one raid10 matrix once more.

[root@odra ~]# mdadm -C /dev/md2 -l 10 -n 2 --layout f2 /dev/sda4 /dev/sdb4
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md2 started.

- in this moment i can see a bug report.

Dec 30 20:08:46 odra kernel: [12501.627162] =============================================================================
Dec 30 20:08:46 odra kernel: [12501.627166] BUG kmalloc-256: Poison overwritten
Dec 30 20:08:46 odra kernel: [12501.627168] -----------------------------------------------------------------------------
Dec 30 20:08:46 odra kernel: [12501.627169]
Dec 30 20:08:46 odra kernel: [12501.627172] INFO: 0xffff8803feb5e15c-0xffff8803feb5e15d. First byte 0x6c instead of 0x6b
Dec 30 20:08:46 odra kernel: [12501.627178] INFO: Allocated in setup_conf+0x12b/0x360 ...[ message continues ]

[view original message]

From: Neil Brown

Subject: Re: [2.6.37-rc8] BUG kmalloc-256: Poison overwritten.

Date: Thursday, December 30, 2010 - 4:00 pm

Please report exactly which kernel you are running (git hash of head) and in
particular whether
   commit  589a594be1fb8815b3f18e517be696c48664f728

is present?

It looks like something tried to lock conf-&gt;device_lock after conf had been
freed.  It is possible that that could happen due to the bug  fixed by the
above commit.

Thanks,
NeilBrown



--

[ message continues ]

[view original message]

From: PaweÅ Sikora

Subject: Re: [2.6.37-rc8] BUG kmalloc-256: Poison overwritten.

Date: Friday, December 31, 2010 - 1:02 am

i'm testing the pure 2.6.37-rc8 which afaics contains mentioned merge:

 3d0b608 589a594
 Author: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
 Date:   Tue Dec 14 18:49:40 2010 -0800
     Merge branch 'for-linus' of git://neil.brown.name/md

--

[ message continues ]


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Matthew Garrett	Re: [PATCH] Enable speedstep for sonoma processors.
Mauro Carvalho Chehab	Re: [PATCH 1/2] media: Add timberdale video-in driver
Peter Zijlstra	[PATCH 23/30] netvm: skb processing
Greg Kroah-Hartman	[PATCH 21/28] cgroupfs: create /sys/fs/cgroup to mount cgroupfs on
git:
Jan Hudec	Re: GIT push to sftp (feature request)
Steffen Prohaska	[PATCH 0/4] core.ignorecase
Johannes Schindelin	Re: Git checkout preserve timestamp?
Linus Torvalds	[PATCH 1/7] Make unpack_trees_options bit flags actual bitfields
Johan Herland	Re: What's cooking in git.git (Oct 2010, #01; Wed, 13)
linux-netdev:
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Richard Cochran	Re: [PATCH v3 3/3] ptp: Added a clock that uses the eTSEC found on the MPC85xx.
Jan Engelhardt	Re: [PATCH] Fix netfilter xt_time's time_mt()'s use of do_div()
Herbert Xu	Re: [RFC PATCH 00/17] virtual-bus
Jeff Kirsher	Re: [net-next-2.6 PATCH] e1000e: don't inadvertently re-set INTX_DISABLE
git-commits-head:
Linux Kernel Mailing List	ALSA: hda - Enable beep on Realtek codecs with PCI SSID override
Linux Kernel Mailing List	Use path_put() in a few places instead of {mnt,d}put()
Linux Kernel Mailing List	mv643xx_eth: use sw csum for big packets
Linux Kernel Mailing List	arm: fix HAVE_CLK merge goof
Linux Kernel Mailing List	arm: convert pcm037 platform to use smsc911x
freebsd-current:
David Wolfskill	"interrupt storm..."; seems associated with an0 NIC
Andriy Gapon	Re: letting glabel recognise a media change
Garrett Cooper	Re: Only display ACPI bootmenu key if ACPI is present
Pyun YongHyeon	CFT: msk(4) Rx checksum offloading support
FreeBSD Tinderbox	[head tinderbox] failure on sparc64/sparc64