)]}'
{
  "log": [
    {
      "commit": "48564e628bd7662d7a0b3ac81c41cd0e4cc36dae",
      "tree": "44f5d76fb7dfa2636b790a0aea1fe8568807a088",
      "parents": [
        "2e367a82fc2da335455984a7722c721dd3fa782b"
      ],
      "author": {
        "name": "Jan Niehusmann",
        "email": "jan@gondor.com",
        "time": "Mon May 15 09:44:12 2006 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon May 15 11:20:56 2006 -0700"
      },
      "message": "[PATCH] smbfs: Fix slab corruption in samba error path\n\nYesterday, I got the following error with 2.6.16.13 during a file copy from\na smb filesystem over a wireless link.  I guess there was some error on the\nwireless link, which in turn caused an error condition for the smb\nfilesystem.\n\nIn the log, smb_file_read reports error\u003d4294966784 (0xfffffe00), which also\nshows up in the slab dumps, and also is -ERESTARTSYS.  Error code 27499\ncorresponds to 0x6b6b, so the rq_errno field seems to be the only one being\nset after freeing the slab.\n\nIn smb_add_request (which is the only place in smbfs where I found\nERESTARTSYS), I found the following:\n\n        if (!timeleft || signal_pending(current)) {\n                /*\n                 * On timeout or on interrupt we want to try and remove the\n                 * request from the recvq/xmitq.\n                 */\n                smb_lock_server(server);\n                if (!(req-\u003erq_flags \u0026 SMB_REQ_RECEIVED)) {\n                        list_del_init(\u0026req-\u003erq_queue);\n                        smb_rput(req);\n                }\n                smb_unlock_server(server);\n        }\n\t[...]\n        if (signal_pending(current))\n                req-\u003erq_errno \u003d -ERESTARTSYS;\n\nI guess that some codepath like smbiod_flush() caused the request to be\nremoved from the queue, and smb_rput(req) be called, without\nSMB_REQ_RECEIVED being set.  This violates an asumption made by the quoted\ncode.\n\nThen, the above code calls smb_rput(req) again, the req gets freed, and\nreq-\u003erq_errno \u003d -ERESTARTSYS writes into the already freed slab.  As\nlist_del_init doesn\u0027t cause an error if called multiple times, that does\ncause the observed behaviour (freed slab with rq_errno\u003d-ERESTARTSYS).\n\nIf this observation is correct, the following patch should fix it.\n\nI wonder why the smb code uses list_del_init everywhere - using list_del\ninstead would catch such situations by poisoning the next and prev\npointers.\n\nMay  4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Firmware error detected.  Restarting.\nMay  4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Sysfs \u0027error\u0027 log captured.\nMay  4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Firmware error detected.  Restarting.\nMay  4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Sysfs \u0027error\u0027 log already exists.\nMay  4 23:33:02 knautsch kernel: [17180306.968000] smb_file_read: //some_file validation failed, error\u003d4294966784\nMay  4 23:34:18 knautsch kernel: [17180383.256000] smb_file_read: //some_file validation failed, error\u003d4294966784\nMay  4 23:34:18 knautsch kernel: [17180383.284000] SMB connection re-established (-5)\nMay  4 23:37:19 knautsch kernel: [17180563.956000] smb_file_read: //some_file validation failed, error\u003d4294966784\nMay  4 23:40:09 knautsch kernel: [17180733.636000] smb_file_read: //some_file validation failed, error\u003d4294966784\nMay  4 23:40:26 knautsch kernel: [17180750.700000] smb_file_read: //some_file validation failed, error\u003d4294966784\nMay  4 23:43:02 knautsch kernel: [17180907.304000] smb_file_read: //some_file validation failed, error\u003d4294966784\nMay  4 23:43:08 knautsch kernel: [17180912.324000] smb_file_read: //some_file validation failed, error\u003d4294966784\nMay  4 23:43:34 knautsch kernel: [17180938.416000] smb_errno: class Unknown, code 27499 from command 0x6b\nMay  4 23:43:34 knautsch kernel: [17180938.416000] Slab corruption: start\u003dc4ebe09c, len\u003d244\nMay  4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071.\nMay  4 23:43:34 knautsch kernel: [17180938.416000] Last user: [\u003ce087b903\u003e](smb_rput+0x53/0x90 [smbfs])\nMay  4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b\nMay  4 23:43:34 knautsch kernel: [17180938.416000] 0f0: 00 fe ff ff\nMay  4 23:43:34 knautsch kernel: [17180938.416000] Next obj: start\u003dc4ebe19c, len\u003d244\nMay  4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071.\nMay  4 23:43:34 knautsch kernel: [17180938.416000] Last user: [\u003c00000000\u003e](_stext+0x3feffde0/0x30)\nMay  4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b\nMay  4 23:43:34 knautsch kernel: [17180938.416000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b\nMay  4 23:43:34 knautsch kernel: [17180938.460000] SMB connection re-established (-5)\nMay  4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Firmware error detected.  Restarting.\nMay  4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Sysfs \u0027error\u0027 log already exists.\nMay  4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Firmware error detected.  Restarting.\nMay  4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Sysfs \u0027error\u0027 log already exists.\nMay  4 23:45:05 knautsch kernel: [17181029.868000] smb_file_read: //some_file validation failed, error\u003d4294966784\nMay  4 23:45:36 knautsch kernel: [17181060.984000] smb_errno: class Unknown, code 27499 from command 0x6b\nMay  4 23:45:36 knautsch kernel: [17181060.984000] Slab corruption: start\u003dc4ebe09c, len\u003d244\nMay  4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071.\nMay  4 23:45:36 knautsch kernel: [17181060.984000] Last user: [\u003ce087b903\u003e](smb_rput+0x53/0x90 [smbfs])\nMay  4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b\nMay  4 23:45:36 knautsch kernel: [17181060.984000] 0f0: 00 fe ff ff\nMay  4 23:45:36 knautsch kernel: [17181060.984000] Next obj: start\u003dc4ebe19c, len\u003d244\nMay  4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071.\nMay  4 23:45:36 knautsch kernel: [17181060.984000] Last user: [\u003c00000000\u003e](_stext+0x3feffde0/0x30)\nMay  4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b\nMay  4 23:45:36 knautsch kernel: [17181060.984000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b\nMay  4 23:45:36 knautsch kernel: [17181061.024000] SMB connection re-established (-5)\nMay  4 23:46:17 knautsch kernel: [17181102.132000] smb_file_read: //some_file validation failed, error\u003d4294966784\nMay  4 23:47:46 knautsch kernel: [17181190.468000] smb_errno: class Unknown, code 27499 from command 0x6b\nMay  4 23:47:46 knautsch kernel: [17181190.468000] Slab corruption: start\u003dc4ebe09c, len\u003d244\nMay  4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071.\nMay  4 23:47:46 knautsch kernel: [17181190.468000] Last user: [\u003ce087b903\u003e](smb_rput+0x53/0x90 [smbfs])\nMay  4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b\nMay  4 23:47:46 knautsch kernel: [17181190.468000] 0f0: 00 fe ff ff\nMay  4 23:47:46 knautsch kernel: [17181190.468000] Next obj: start\u003dc4ebe19c, len\u003d244\nMay  4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071.\nMay  4 23:47:46 knautsch kernel: [17181190.468000] Last user: [\u003c00000000\u003e](_stext+0x3feffde0/0x30)\nMay  4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b\nMay  4 23:47:46 knautsch kernel: [17181190.468000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b\nMay  4 23:47:46 knautsch kernel: [17181190.492000] SMB connection re-established (-5)\nMay  4 23:49:20 knautsch kernel: [17181284.828000] smb_file_read: //some_file validation failed, error\u003d4294966784\nMay  4 23:49:39 knautsch kernel: [17181303.896000] smb_file_read: //some_file validation failed, error\u003d4294966784\n\nSigned-off-by: Jan Niehusmann \u003cjan@gondor.com\u003e\nCc: \u003cstable@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "d063389ecf20e5c20be91a0007656deb9fc38a1c",
      "tree": "0a5ccb8f50522d62765225f227cdf135438806b9",
      "parents": [
        "44db77f33cc42c49f55ddb360f5e9a05581ffdc0"
      ],
      "author": {
        "name": "Pekka Enberg",
        "email": "penberg@cs.helsinki.fi",
        "time": "Sat Jan 14 13:21:13 2006 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Sat Jan 14 18:27:13 2006 -0800"
      },
      "message": "[PATCH] smbfs: remove kmalloc wrapper\n\nRemove the remaining kmalloc() wrapper bits from fs/smbfs/.\n\nSigned-off-by: Pekka Enberg \u003cpenberg@cs.helsinki.fi\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "ccb6e363a68144cdfdaa6d964d63d620c8ac9a9b",
      "tree": "c7a412727aa338fdfbf9f8ae6c46205852eeb7f0",
      "parents": [
        "6f08b72cdd4b99a190c4e1fcddd63b401e5b572d"
      ],
      "author": {
        "name": "Adrian Bunk",
        "email": "bunk@stusta.de",
        "time": "Mon Nov 07 00:59:23 2005 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@g5.osdl.org",
        "time": "Mon Nov 07 07:53:36 2005 -0800"
      },
      "message": "[PATCH] fs/smbfs/request.c: turn NULL dereference into BUG()\n\nIn a case documented as\n\n  We should never be called with any of these states\n\nBUG() in a case that would later result in a NULL pointer dereference.\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n"
    },
    {
      "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
      "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d",
      "parents": [],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n"
    }
  ]
}