Re: [bug, netconsole, SLUB] BUG skbuff_head_cache: Poison overwritten

[Evgeniy Polyakov]

Hi Christoph.

On Mon, Jul 21, 2008 at 11:22:27AM -0500, Christoph Lameter (cl@xxxxxxxxxxxxxxxxxxxx) wrote:
> >Not that obvious...
> >skb->next is cleared in lots of places, in xmit network helper
> >for example, but since rest of the packet was not modified, it
> >means given skb was not freed, so it will not help.
> 
> The skb was definitely freed. 6b is written over an object when it is 
> freed. Something else retained a pointer to the skb and was confident 
> that the skb still exists.

I meant it was not tried to be freed second time, since skb->users area
(the very end of the skb) was not changed from 6b to 6a, but its
skb->next pointer (first field in the skb) was set to NULL, so after
that skb was not used at all.

It could be an interesting kmemcheck extension to catch not only
non-initialized memory, but also writes into just freed one, but not yet
returned by allocator to the next user.

-- 
	Evgeniy Polyakov
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/