From: Jarek Poplawski <jarkao2@o2.pl>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: netdev@vger.kernel.org,
"bugme-daemon\@kernel-bugs\.osdl\.org"
<bugme-daemon@bugzilla.kernel.org>,
snakebyte@gmx.de
Subject: Re: Fw: [Bugme-new] [Bug 8057] New: slab corruption running ip6sic
Date: Mon, 12 Mar 2007 11:24:03 +0100 [thread overview]
Message-ID: <20070312102403.GB1664@ff.dom.local> (raw)
In-Reply-To: <20070222134918.e2f1af6d.akpm@linux-foundation.org>
On 22-02-2007 22:49, Andrew Morton wrote:
>
> Begin forwarded message:
>
> Date: Thu, 22 Feb 2007 07:56:27 -0800
> From: bugme-daemon@bugzilla.kernel.org
> To: bugme-new@lists.osdl.org
> Subject: [Bugme-new] [Bug 8057] New: slab corruption running ip6sic
>
>
> http://bugzilla.kernel.org/show_bug.cgi?id=8057
>
> Summary: slab corruption running ip6sic
> Kernel Version: 2.6.21-rc1
> Status: NEW
> Severity: normal
> Owner: yoshfuji@linux-ipv6.org
> Submitter: snakebyte@gmx.de
>
>
> Most recent kernel where this bug did *NOT* occur: unknown
> Distribution: gentoo
> Hardware Environment: AMD-K6, 400MHz, 288MB Ram
> Software Environment: ip6sic (http://ip6sic.sourceforge.net/)
> Problem Description:
>
> When running ip6sic against the loopback interface i get the following kernel
> messages:
>
> [ 199.514486] Slab corruption: start=d0505554, len=156
> [ 199.514704] Redzone: 0x5a2cf071/0x5a2cf071.
> [ 199.514859] Last user: [<c0465813>](kfree_skbmem+0x33/0x80)
...
>From bugzilla:
...
> Is it possible that the handler frees the skb even if it is not supposed to do so?
>
>
> ------- Additional Comment #14 From Eric Sesterhenn 2007-02-28 04:33 -------
>
> the ipcomp handler is xfrm6_rcv(), which calls xfrm6_rcv_spi(), which contrary
> to all other handlers returns -1 instead of 0 after calling kfree_skb() on the
> skb. Changing the return value to 0 in xfrm6_input.c:xfrm6_rcv_spi() fixes the
> problem.
> But I got no clue at all if this would be a correct fix
I think your diagnose is correct (all "return -1" should be
changed to "return 0" in xfrm6_input.c).
Regards,
Jarek P.
next prev parent reply other threads:[~2007-03-12 10:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-22 21:49 Fw: [Bugme-new] [Bug 8057] New: slab corruption running ip6sic Andrew Morton
2007-03-12 10:24 ` Jarek Poplawski [this message]
2007-03-12 10:29 ` Jarek Poplawski
2007-04-20 23:35 ` David Miller
2007-04-23 6:44 ` Jarek Poplawski
2007-04-24 7:31 ` Jarek Poplawski
2007-04-25 0:47 ` Herbert Xu
2007-04-25 8:27 ` Eric Sesterhenn / Snakebyte
2007-04-25 12:05 ` Jarek Poplawski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070312102403.GB1664@ff.dom.local \
--to=jarkao2@o2.pl \
--cc=akpm@linux-foundation.org \
--cc=bugme-daemon@bugzilla.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=snakebyte@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.