From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
To: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Ingo Molnar <mingo@elte.hu>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
Vegard Nossum <vegard.nossum@gmail.com>,
"Rafael J. Wysocki" <rjw@sisk.pl>,
cl@linux-foundation.org, davem@davemloft.net
Subject: Re: [bug, netconsole, SLUB] BUG skbuff_head_cache: Poison overwritten
Date: Mon, 21 Jul 2008 14:06:27 +0400 [thread overview]
Message-ID: <20080721100627.GA5953@2ka.mipt.ru> (raw)
In-Reply-To: <84144f020807210252k68d5cf65i8c7ae3c11cecc046@mail.gmail.com>
Hi.
On Mon, Jul 21, 2008 at 12:52:45PM +0300, Pekka Enberg (penberg@cs.helsinki.fi) wrote:
> On Mon, Jul 21, 2008 at 12:41 PM, Ingo Molnar <mingo@elte.hu> wrote:
> > update about this problem: just triggered another colorful crash, see
> > below. This was with the 4K object dump patch already, maybe the dump
> > gives a clue?
>
> ...to point out the obvious:
>
> > =============================================================================
> > BUG skbuff_head_cache: Poison overwritten
> > -----------------------------------------------------------------------------
> >
> > INFO: 0xf7ccc100-0xf7ccc103. First byte 0x0 instead of 0x6b
> > INFO: Allocated in __alloc_skb+0x30/0x10e age=1 cpu=1 pid=1
> > INFO: Freed in __kfree_skb+0x63/0x66 age=1 cpu=0 pid=0
> > INFO: Slab 0xc1c34ca0 objects=16 used=1 fp=0xf7ccc100 flags=0x400000c3
> > INFO: Object 0xf7ccc100 @offset=256 fp=0xf7ccc200
> >
> > Bytes b4 0xf7ccc0f0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
> > Object 0xf7ccc100: 00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ....kkkkkkkkkkkk
>
> Use after free where first four bytes are zeroed.
Not that obvious...
skb->next is cleared in lots of places, in xmit network helper
for example, but since rest of the packet was not modified, it
means given skb was not freed, so it will not help.
Ingo do you see other similar dumps with last byte modified?
That's the one which can help to determine the reason.
--
Evgeniy Polyakov
next prev parent reply other threads:[~2008-07-21 10:07 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-17 21:42 [bug, netconsole, SLUB] BUG skbuff_head_cache: Poison overwritten Ingo Molnar
2008-07-17 21:45 ` David Miller
2008-07-17 22:06 ` Ingo Molnar
2008-07-17 22:09 ` David Miller
2008-07-17 22:43 ` Ingo Molnar
2008-07-17 23:15 ` Vegard Nossum
2008-07-17 23:35 ` Vegard Nossum
2008-07-17 23:52 ` Ingo Molnar
2008-07-18 0:01 ` Ingo Molnar
2008-07-18 0:05 ` Vegard Nossum
2008-07-18 0:16 ` Ingo Molnar
2008-07-18 2:13 ` David Miller
2008-07-18 2:03 ` David Miller
2008-07-18 7:03 ` Vegard Nossum
2008-07-18 7:12 ` David Miller
2008-07-18 9:05 ` Ingo Molnar
2008-07-18 19:10 ` [bug] Attempt to release alive inet socket f6fac040 Ingo Molnar
2008-07-18 19:55 ` Ingo Molnar
2008-07-17 23:27 ` [bug, netconsole, SLUB] BUG skbuff_head_cache: Poison overwritten Vegard Nossum
2008-07-17 23:56 ` Ingo Molnar
2008-07-21 11:41 ` Vegard Nossum
2008-07-18 5:46 ` Evgeniy Polyakov
2008-07-18 9:02 ` Pekka Enberg
2008-07-18 9:09 ` Ingo Molnar
2008-07-18 9:15 ` Pekka Enberg
2008-07-18 10:16 ` Evgeniy Polyakov
2008-07-18 14:44 ` Pekka Enberg
2008-07-18 14:48 ` Christoph Lameter
2008-07-18 16:07 ` Evgeniy Polyakov
2008-07-18 9:00 ` Pekka J Enberg
2008-07-18 9:11 ` Ingo Molnar
2008-07-18 9:16 ` Pekka Enberg
2008-07-18 13:54 ` Christoph Lameter
2008-07-21 9:41 ` Ingo Molnar
2008-07-21 9:52 ` Pekka Enberg
2008-07-21 10:06 ` Evgeniy Polyakov [this message]
2008-07-21 10:50 ` Ingo Molnar
2008-07-21 11:03 ` Vegard Nossum
2008-07-21 11:13 ` Ingo Molnar
2008-07-21 16:19 ` Christoph Lameter
2008-07-21 20:23 ` Vegard Nossum
2008-07-21 11:25 ` Evgeniy Polyakov
2008-07-21 11:55 ` Ingo Molnar
2008-07-21 12:57 ` Evgeniy Polyakov
2008-07-21 14:01 ` Ingo Molnar
2008-07-21 19:21 ` Ingo Molnar
2008-07-21 21:24 ` Evgeniy Polyakov
2008-07-21 23:33 ` David Miller
2008-07-22 7:50 ` Ingo Molnar
2008-07-22 13:34 ` Ingo Molnar
2008-07-23 22:31 ` David Miller
2008-07-23 22:40 ` Jeff Kirsher
2008-07-21 16:22 ` Christoph Lameter
2008-07-21 19:57 ` Evgeniy Polyakov
2008-07-21 20:05 ` Ingo Molnar
2008-07-21 20:22 ` Vegard Nossum
2008-07-18 13:55 ` Christoph Lameter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080721100627.GA5953@2ka.mipt.ru \
--to=johnpol@2ka.mipt.ru \
--cc=cl@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=netdev@vger.kernel.org \
--cc=penberg@cs.helsinki.fi \
--cc=rjw@sisk.pl \
--cc=vegard.nossum@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).