[uml-devel] trinity fuzzying gave : BUG anon_vma (Not tainted): Redzone overwritten

Toralf Förster Tue, 14 May 2013 09:16:21 -0700

Although it just happens for the first time I'd like to share this.

Got by fuzzyinga 32bit stable Gentoo guest  with trinity,
guest kernel is linux-v3.10-rc1-36 (strnlen + stub4 patch included) :



2013-05-14T18:06:15.405+02:00 trinity kernel: 
=============================================================================
2013-05-14T18:06:15.405+02:00 trinity kernel: BUG anon_vma (Not tainted): 
Redzone overwritten
2013-05-14T18:06:15.405+02:00 trinity kernel: 
-----------------------------------------------------------------------------
2013-05-14T18:06:15.405+02:00 trinity kernel:
2013-05-14T18:06:15.405+02:00 trinity kernel: Disabling lock debugging due to 
kernel taint
2013-05-14T18:06:15.405+02:00 trinity kernel: INFO: 0x405084f8-0x405084fb. 
First byte 0xe8 instead of 0xcc
2013-05-14T18:06:15.405+02:00 trinity kernel: INFO: Allocated in 
anon_vma_prepare+0x6a/0x160 age=1631 cpu=0 pid=856
2013-05-14T18:06:15.405+02:00 trinity kernel: INFO: Freed in 
__put_anon_vma+0x93/0xa0 age=1651 cpu=0 pid=854
2013-05-14T18:06:15.405+02:00 trinity kernel: INFO: Slab 0x0ae47800 objects=46 
used=7 fp=0x40508108 flags=0x0081
2013-05-14T18:06:15.405+02:00 trinity kernel: INFO: Object 0x405084d0 
@offset=1232 fp=0x405084e8
2013-05-14T18:06:15.410+02:00 trinity kernel:
2013-05-14T18:06:15.410+02:00 trinity kernel: Bytes b4 405084c0: 59 03 00 00 00 
99 ff ff 5a 5a 5a 5a 5a 5a 5a 5a  Y.......ZZZZZZZZ
2013-05-14T18:06:15.410+02:00 trinity kernel: Object 405084d0: d0 84 50 40 00 
00 00 00 01 00 00 00 ad 4e ad de  ..P@.........N..
2013-05-14T18:06:15.410+02:00 trinity kernel: Object 405084e0: ff ff ff ff ff 
ff ff ff e8 84 50 40 e8 84 50 40  ..........P@..P@
2013-05-14T18:06:15.410+02:00 trinity kernel: Object 405084f0: 00 00 00 00 00 
00 00 00                          ........
2013-05-14T18:06:15.410+02:00 trinity kernel: Redzone 405084f8: e8 84 50 40     
                                 ..P@
2013-05-14T18:06:15.410+02:00 trinity kernel: Padding 40508520: 5a 5a 5a 5a 5a 
5a 5a 5a                          ZZZZZZZZ
2013-05-14T18:06:15.410+02:00 trinity kernel: CPU: 0 PID: 856 Comm: rc Tainted: 
G    B        3.10.0-rc1-00036-g05d129d #9
2013-05-14T18:06:15.410+02:00 trinity kernel: 416a7c1c 416a7c48 080f9da0 
083db92c 405084d0 000004d0 405084e8 0ae47800
2013-05-14T18:06:15.410+02:00 trinity kernel: 405084f8 00000004 405084fb 
416a7c80 080fa378 083dba0c 405084f8 405084fb
2013-05-14T18:06:15.411+02:00 trinity kernel: 000000e8 000000cc 0000005a 
405084d0 0ae47800 414496c0 414496c0 405084d0 416a7bf0:  [<08060cff>] 
show_stack+0xcf/0x100
2013-05-14T18:06:15.411+02:00 trinity kernel: 416a7c14:  [<0835ed79>] 
dump_stack+0x26/0x28
2013-05-14T18:06:15.411+02:00 trinity kernel: 416a7c24:  [<080f9da0>] 
print_trailer+0xe0/0xf0
2013-05-14T18:06:15.411+02:00 trinity kernel: 416a7c4c:  [<080fa378>] 
check_bytes_and_report+0xa8/0x100
2013-05-14T18:06:15.411+02:00 trinity kernel: 416a7c84:  [<080fa41f>] 
check_object+0x4f/0x210
2013-05-14T18:06:15.411+02:00 trinity kernel: 416a7cc0:  [<0835d4c9>] 
free_debug_processing+0xd0/0x216
2013-05-14T18:06:15.411+02:00 trinity kernel: 416a7cec:  [<0835d6fd>] 
__slab_free+0x2d/0x282
2013-05-14T18:06:15.411+02:00 trinity kernel: 416a7d50:  [<080fba79>] 
kmem_cache_free+0xe9/0x100
2013-05-14T18:06:15.411+02:00 trinity kernel: 416a7d74:  [<080ee373>] 
__put_anon_vma+0x93/0xa0
2013-05-14T18:06:15.411+02:00 trinity kernel: 416a7d8c:  [<080ee61c>] 
unlink_anon_vmas+0x13c/0x1a0
2013-05-14T18:06:15.413+02:00 trinity kernel: 416a7db4:  [<080e4355>] 
free_pgtables+0x55/0xe0
2013-05-14T18:06:15.413+02:00 trinity kernel: 416a7ddc:  [<080eb84e>] 
exit_mmap+0xbe/0x170
2013-05-14T18:06:15.413+02:00 trinity kernel: 416a7e14:  [<0807991d>] 
mmput+0x3d/0xb0
2013-05-14T18:06:15.413+02:00 trinity kernel: 416a7e28:  [<08081086>] 
do_exit+0x2f6/0x880
2013-05-14T18:06:15.413+02:00 trinity kernel: 416a7e78:  [<080816f9>] 
do_group_exit+0xa9/0xf0
2013-05-14T18:06:15.413+02:00 trinity kernel: 416a7ea0:  [<08081759>] 
SyS_exit_group+0x19/0x20
2013-05-14T18:06:15.413+02:00 trinity kernel: 416a7eac:  [<08062ac2>] 
handle_syscall+0x82/0xb0
2013-05-14T18:06:15.413+02:00 trinity kernel: 416a7ef4:  [<0807519d>] 
userspace+0x46d/0x590
2013-05-14T18:06:15.413+02:00 trinity kernel: 416a7fec:  [<0805f7fc>] 
fork_handler+0x6c/0x70
2013-05-14T18:06:15.413+02:00 trinity kernel: 416a7ffc:  [<00000000>] 0x0
2013-05-14T18:06:15.414+02:00 trinity kernel:
2013-05-14T18:06:15.414+02:00 trinity kernel: FIX anon_vma: Restoring 
0x405084f8-0x405084fb=0xcc
2013-05-14T18:06:15.414+02:00 trinity kernel:
2013-05-14T18:06:22.639+02:00 trinity kernel: INFO: 0x405084f8-0x405084fb. 
First byte 0xcc instead of 0xbb
2013-05-14T18:06:22.639+02:00 trinity kernel: INFO: Allocated in 
anon_vma_prepare+0x6a/0x160 age=2360 cpu=0 pid=856
2013-05-14T18:06:22.639+02:00 trinity kernel: INFO: Freed in 
__put_anon_vma+0x93/0xa0 age=2380 cpu=0 pid=854
2013-05-14T18:06:22.639+02:00 trinity kernel: INFO: Slab 0x0ae47800 objects=46 
used=46 fp=0x  (null) flags=0x0080
2013-05-14T18:06:22.639+02:00 trinity kernel: INFO: Object 0x405084d0 
@offset=1232 fp=0x40508108
2013-05-14T18:06:22.639+02:00 trinity kernel:
2013-05-14T18:06:22.644+02:00 trinity kernel: Bytes b4 405084c0: 59 03 00 00 00 
99 ff ff 5a 5a 5a 5a 5a 5a 5a 5a  Y.......ZZZZZZZZ
2013-05-14T18:06:22.644+02:00 trinity kernel: Object 405084d0: d0 84 50 40 00 
00 00 00 01 00 00 00 ad 4e ad de  ..P@.........N..
2013-05-14T18:06:22.644+02:00 trinity kernel: Object 405084e0: ff ff ff ff ff 
ff ff ff e8 84 50 40 e8 84 50 40  ..........P@..P@
2013-05-14T18:06:22.644+02:00 trinity kernel: Object 405084f0: 00 00 00 00 00 
00 00 00                          ........
2013-05-14T18:06:22.644+02:00 trinity kernel: Redzone 405084f8: cc cc cc cc     
                                 ....
2013-05-14T18:06:22.644+02:00 trinity kernel: Padding 40508520: 5a 5a 5a 5a 5a 
5a 5a 5a                          ZZZZZZZZ
2013-05-14T18:06:22.644+02:00 trinity kernel: CPU: 0 PID: 964 Comm: sshd 
Tainted: G    B        3.10.0-rc1-00036-g05d129d #9
2013-05-14T18:06:22.644+02:00 trinity kernel: 41837c0c 41837c38 080f9da0 
083db92c 405084d0 000004d0 40508108 0ae47800
2013-05-14T18:06:22.644+02:00 trinity kernel: 405084f8 00000004 405084fb 
41837c70 080fa378 083dba0c 405084f8 405084fb
2013-05-14T18:06:22.644+02:00 trinity kernel: 000000cc 000000bb 0000005a 
405084d0 0ae47800 414496c0 414496c0 405084d0 41837be0:  [<08060cff>] 
show_stack+0xcf/0x100
2013-05-14T18:06:22.653+02:00 trinity kernel: 41837c04:  [<0835ed79>] 
dump_stack+0x26/0x28
2013-05-14T18:06:22.653+02:00 trinity kernel: 41837c14:  [<080f9da0>] 
print_trailer+0xe0/0xf0
2013-05-14T18:06:22.653+02:00 trinity kernel: 41837c3c:  [<080fa378>] 
check_bytes_and_report+0xa8/0x100
2013-05-14T18:06:22.653+02:00 trinity kernel: 41837c74:  [<080fa41f>] 
check_object+0x4f/0x210
2013-05-14T18:06:22.653+02:00 trinity kernel: 41837cb0:  [<0835d368>] 
alloc_debug_processing+0x7d/0x10e
2013-05-14T18:06:22.653+02:00 trinity kernel: 41837cd4:  [<0835ddd9>] 
__slab_alloc.constprop.66+0x3ca/0x41c
2013-05-14T18:06:22.653+02:00 trinity kernel: 41837d68:  [<080fb833>] 
kmem_cache_alloc+0x33/0xf0
2013-05-14T18:06:22.653+02:00 trinity kernel: 41837d94:  [<080ee85a>] 
anon_vma_fork+0x4a/0x110
2013-05-14T18:06:22.653+02:00 trinity kernel: 41837db4:  [<08079e61>] 
dup_mm+0x261/0x490
2013-05-14T18:06:22.653+02:00 trinity kernel: 41837e04:  [<0807aa7a>] 
copy_process+0x9aa/0x11c0
2013-05-14T18:06:22.658+02:00 trinity kernel: 41837e4c:  [<0807b375>] 
do_fork+0x95/0x250
2013-05-14T18:06:22.658+02:00 trinity kernel: 41837e90:  [<0807b61e>] 
SyS_clone+0x2e/0x30
2013-05-14T18:06:22.658+02:00 trinity kernel: 41837eac:  [<08062ac2>] 
handle_syscall+0x82/0xb0
2013-05-14T18:06:22.658+02:00 trinity kernel: 41837ef4:  [<0807519d>] 
userspace+0x46d/0x590
2013-05-14T18:06:22.658+02:00 trinity kernel: 41837fec:  [<0805f7fc>] 
fork_handler+0x6c/0x70
2013-05-14T18:06:22.658+02:00 trinity kernel: 41837ffc:  [<00000000>] 0x0
2013-05-14T18:06:22.658+02:00 trinity kernel:
2013-05-14T18:06:22.658+02:00 trinity kernel: FIX anon_vma: Restoring 
0x405084f8-0x405084fb=0xbb
2013-05-14T18:06:22.658+02:00 trinity kernel:
2013-05-14T18:06:22.658+02:00 trinity kernel: FIX anon_vma: Marking all objects 
used


-- 
MfG/Sincerely
Toralf Förster
pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

[uml-devel] trinity fuzzying gave : BUG anon_vma (Not tainted): Redzone overwritten

Reply via email to