From: Alexey Dobriyan <adobriyan@gmail.com>
To: Matt Mackall <mpm@selenic.com>
Cc: Christoph Lameter <cl@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-mm@kvack.org, penberg@cs.helsinki.fi,
akpm@linux-foundation.org, avi@qumranet.com
Subject: Re: 2.6.28-rc1: EIP: slab_destroy+0x84/0x142
Date: Sat, 25 Oct 2008 07:20:58 +0400 [thread overview]
Message-ID: <20081025032058.GA5010@x200.localdomain> (raw)
In-Reply-To: <1224903645.3248.106.camel@calx>
On Fri, Oct 24, 2008 at 10:00:45PM -0500, Matt Mackall wrote:
> On Sat, 2008-10-25 at 06:54 +0400, Alexey Dobriyan wrote:
> > On Sat, Oct 25, 2008 at 04:24:06AM +0400, Alexey Dobriyan wrote:
> > > On Fri, Oct 24, 2008 at 06:29:47PM -0500, Christoph Lameter wrote:
> > > > On Sat, 25 Oct 2008, Alexey Dobriyan wrote:
> > > >
> > > >> Fault occured at slab_destroy in KVM guest kernel.
> > > >
> > > > Please switch on all SLAB debug options and rerun.
> > >
> > > They're already on!
> > >
> > > New knowledge: turning off just DEBUG_PAGEALLOC makes oops dissapear,
> > > other debugging options don't matter.
> >
> > Here is typical scenario:
> > cache -- filp or dentry, ->buffer_size = 4096, objp = c643d000, dbg_redzone1 = c643df78.
> >
> > Unable to handle ... at c643df7c. which is not next page.
>
> Huh. That sounds more like an actual use-after-free. Possible that the
> object is getting freed twice?
>
> There's a call to kernel_map_pages(..., 0) on line 2905 of slab.c.
> Commenting it out will nullify the debugging effect of DEBUG_PAGEALLOC
> without changing the layout decisions and other behavior. If that kernel
> works, that probably means your oops is a genuine use-after-free.
Commenting this code helps very much, looking further...
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2008-10-25 3:17 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-24 4:10 Linux 2.6.28-rc1 Linus Torvalds
2008-10-24 4:14 ` Roland Dreier
2008-10-24 18:08 ` Greg KH
2008-10-24 11:24 ` Alistair John Strachan
2008-10-24 11:45 ` Rafael J. Wysocki
2008-10-24 12:52 ` Alistair John Strachan
2008-10-24 13:13 ` Alexey Dobriyan
2008-10-24 14:56 ` git-clean [Was: Linux 2.6.28-rc1] Björn Steinbrink
2008-10-24 15:17 ` Linux 2.6.28-rc1 Linus Torvalds
2008-10-24 19:22 ` Sam Ravnborg
2008-10-24 22:31 ` David Miller
2008-10-24 22:51 ` Sam Ravnborg
2008-10-24 19:15 ` Sam Ravnborg
2008-10-24 23:44 ` Alistair John Strachan
2008-10-24 17:09 ` Matt Mackall
2008-10-24 17:54 ` Matt Mackall
2008-10-24 17:57 ` Randy Dunlap
2008-10-24 18:05 ` Fenghua Yu
2008-10-24 18:11 ` Matt Mackall
2008-10-24 18:59 ` 2.6.28-rc1: EIP: slab_destroy+0x84/0x142 Alexey Dobriyan
2008-10-24 21:38 ` Matt Mackall
2008-10-24 22:09 ` Alexey Dobriyan
2008-10-24 23:29 ` Christoph Lameter
2008-10-25 0:24 ` Alexey Dobriyan
2008-10-25 0:30 ` Matt Mackall
2008-10-25 2:54 ` Alexey Dobriyan
2008-10-25 3:00 ` Matt Mackall
2008-10-25 3:20 ` Alexey Dobriyan [this message]
2008-10-26 12:30 ` Avi Kivity
2008-10-26 21:27 ` Alexey Dobriyan
2008-10-27 14:23 ` Alexey Dobriyan
2008-10-27 14:24 ` Avi Kivity
2008-10-24 22:28 ` nf_conntrack oopes on parisc/smp (was Re: Linux 2.6.28-rc1) Domenico Andreoli
2008-10-24 22:53 ` Linux 2.6.28-rc1 Tony Vroon
2008-10-24 23:01 ` Arjan van de Ven
2008-10-26 13:17 ` Tony Vroon
2008-10-30 14:26 ` 2.6.28-rc1: NVRAM being corrupted on ppc64 preventing boot (bisected) Mel Gorman
2008-10-30 14:26 ` Mel Gorman
2008-10-30 20:52 ` Paul Mackerras
2008-10-30 20:52 ` Paul Mackerras
2008-10-30 21:05 ` Josh Boyer
2008-10-30 21:05 ` Josh Boyer
2008-10-30 21:35 ` Dave Kleikamp
2008-10-30 21:35 ` Dave Kleikamp
2008-10-31 10:36 ` Mel Gorman
2008-10-31 10:36 ` Mel Gorman
2008-10-31 11:10 ` Paul Mackerras
2008-10-31 11:10 ` Paul Mackerras
2008-10-31 11:31 ` Mel Gorman
2008-10-31 11:31 ` Mel Gorman
2008-10-31 18:36 ` Mel Gorman
2008-10-31 18:36 ` Mel Gorman
2008-10-31 11:18 ` Paul Mackerras
2008-10-31 11:18 ` Paul Mackerras
2008-10-31 11:31 ` Benjamin Herrenschmidt
2008-10-31 11:31 ` Benjamin Herrenschmidt
2008-10-31 11:56 ` Paul Mackerras
2008-10-31 11:56 ` Paul Mackerras
2008-10-31 11:32 ` Mel Gorman
2008-10-31 11:32 ` Mel Gorman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081025032058.GA5010@x200.localdomain \
--to=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=avi@qumranet.com \
--cc=cl@linux-foundation.org \
--cc=linux-mm@kvack.org \
--cc=mpm@selenic.com \
--cc=penberg@cs.helsinki.fi \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.