Re: fs: memory corruption in names_cache

From: Christoph Lameter
Date: Wed Jun 04 2014 - 13:41:36 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH] fence: Use smp_mb__before_atomic()"
Previous message: Antoine Ténart: "Re: [PATCH 2/2] ARM: dts: berlin: enable i2c0 and i2c2"
In reply to: Jan Kara: "Re: fs: memory corruption in names_cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 4 Jun 2014, Jan Kara wrote:

> On Wed 04-06-14 10:33:00, Sasha Levin wrote:
> > Hi all,
> >
> > While fuzzing with trinity inside a KVM tools guest running the latest -next
> > kernel I've stumbled on the following spew:
> Hum, I'd really suspect more a SLUB bug - the area has poisoning 0x6b
> (POISON_FREE) instead of expected poisoning 0x5a (POISON_INUSE). Or maybe
> I'm just mistaken - could some SLUB guy comment?

Well yes that is really weird. The last byte is 0xa5 (end of object) which
indicates that the padding space has been treated as an object. Could be
metadata corruption. The slab is empty but there is an object allocated in
there???

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "Re: [PATCH] fence: Use smp_mb__before_atomic()"
Previous message: Antoine Ténart: "Re: [PATCH 2/2] ARM: dts: berlin: enable i2c0 and i2c2"
In reply to: Jan Kara: "Re: fs: memory corruption in names_cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]