2.6.19-rc2-mm1 // errors in verify_redzone_free()
in [Kernel]
|
From: Mariusz Kozlowski on 19 Oct 2006 10:50 Hello, Multiple of verif were found with 2.6.19-rc2-mm1 kernel: slab error in verify_redzone_free(): cache `size-32': memory outside object was overwritten [<c0103765>] dump_trace+0x1c1/0x1f1 [<c01037af>] show_trace_log_lvl+0x1a/0x30 [<c0103ed8>] show_trace+0x12/0x14 [<c0103f7b>] dump_stack+0x19/0x1b [<c0158357>] __slab_error+0x26/0x28 [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 [<c0158bb0>] kfree+0x54/0xa5 [<c037fba4>] ioctl_standard_call+0x187/0x2a1 [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 [<c03763d4>] dev_ioctl+0x1fd/0x372 [<c036b080>] sock_ioctl+0x34/0x1e8 [<c0167a92>] do_ioctl+0x22/0x71 [<c0167b36>] vfs_ioctl+0x55/0x29b [<c0167daf>] sys_ioctl+0x33/0x50 [<c0102ff5>] sysenter_past_esp+0x56/0x79 [<b7f4e410>] 0xb7f4e410 ======================= dd20cb64: redzone 1:0x170fc2a5, redzone 2:0x170fc200. slab error in verify_redzone_free(): cache `size-32': memory outside object was overwritten [<c0103765>] dump_trace+0x1c1/0x1f1 [<c01037af>] show_trace_log_lvl+0x1a/0x30 [<c0103ed8>] show_trace+0x12/0x14 [<c0103f7b>] dump_stack+0x19/0x1b [<c0158357>] __slab_error+0x26/0x28 [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 [<c0158bb0>] kfree+0x54/0xa5 [<c037fba4>] ioctl_standard_call+0x187/0x2a1 [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 [<c03763d4>] dev_ioctl+0x1fd/0x372 [<c036b080>] sock_ioctl+0x34/0x1e8 [<c0167a92>] do_ioctl+0x22/0x71 [<c0167b36>] vfs_ioctl+0x55/0x29b [<c0167daf>] sys_ioctl+0x33/0x50 [<c0102ff5>] sysenter_past_esp+0x56/0x79 [<b7f4e410>] 0xb7f4e410 Full dmesg and config attached. System info: Linux orion 2.6.19-rc2 #3 PREEMPT Thu Oct 19 16:04:17 CEST 2006 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz GNU/Linux Gnu C 4.1.1 Gnu make 3.81 binutils 2.16.1 util-linux 2.12r mount 2.12r module-init-tools 3.2.2 e2fsprogs 1.39 pcmcia-cs 3.2.8 nfs-utils 1.0.6 Linux C Library > libc.2.4 Dynamic linker (ldd) 2.4 Procps 3.2.6 Net-tools 1.60 Kbd 1.12 Sh-utils 5.94 udev 087 Modules Loaded orinoco_cs orinoco hermes pcmcia firmware_class yenta_socket rsrc_nonstatic pcmcia_core Regards, Mariusz Kozlowski
From: Andrew Morton on 19 Oct 2006 13:10 On Thu, 19 Oct 2006 16:45:39 +0200 Mariusz Kozlowski <m.kozlowski(a)tuxland.pl> wrote: > Hello, > > Multiple of verif were found with 2.6.19-rc2-mm1 kernel: > > slab error in verify_redzone_free(): cache `size-32': memory outside object > was overwritten > [<c0103765>] dump_trace+0x1c1/0x1f1 > [<c01037af>] show_trace_log_lvl+0x1a/0x30 > [<c0103ed8>] show_trace+0x12/0x14 > [<c0103f7b>] dump_stack+0x19/0x1b > [<c0158357>] __slab_error+0x26/0x28 > [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 > [<c0158bb0>] kfree+0x54/0xa5 > [<c037fba4>] ioctl_standard_call+0x187/0x2a1 > [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 > [<c03763d4>] dev_ioctl+0x1fd/0x372 > [<c036b080>] sock_ioctl+0x34/0x1e8 > [<c0167a92>] do_ioctl+0x22/0x71 > [<c0167b36>] vfs_ioctl+0x55/0x29b > [<c0167daf>] sys_ioctl+0x33/0x50 > [<c0102ff5>] sysenter_past_esp+0x56/0x79 > [<b7f4e410>] 0xb7f4e410 > ======================= > dd20cb64: redzone 1:0x170fc2a5, redzone 2:0x170fc200. > slab error in verify_redzone_free(): cache `size-32': memory outside object > was overwritten > [<c0103765>] dump_trace+0x1c1/0x1f1 > [<c01037af>] show_trace_log_lvl+0x1a/0x30 > [<c0103ed8>] show_trace+0x12/0x14 > [<c0103f7b>] dump_stack+0x19/0x1b > [<c0158357>] __slab_error+0x26/0x28 > [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 > [<c0158bb0>] kfree+0x54/0xa5 > [<c037fba4>] ioctl_standard_call+0x187/0x2a1 > [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 > [<c03763d4>] dev_ioctl+0x1fd/0x372 > [<c036b080>] sock_ioctl+0x34/0x1e8 > [<c0167a92>] do_ioctl+0x22/0x71 > [<c0167b36>] vfs_ioctl+0x55/0x29b > [<c0167daf>] sys_ioctl+0x33/0x50 > [<c0102ff5>] sysenter_past_esp+0x56/0x79 > [<b7f4e410>] 0xb7f4e410 The wireless ioctls are still blowing up? I thought we'd fixed that, or is this something new? > Full dmesg and config attached. System info: > > Linux orion 2.6.19-rc2 #3 PREEMPT Thu Oct 19 16:04:17 CEST 2006 i686 Intel(R) > Pentium(R) 4 CPU 2.40GHz GNU/Linux > > Gnu C 4.1.1 > Gnu make 3.81 > binutils 2.16.1 > util-linux 2.12r > mount 2.12r > module-init-tools 3.2.2 > e2fsprogs 1.39 > pcmcia-cs 3.2.8 > nfs-utils 1.0.6 > Linux C Library > libc.2.4 > Dynamic linker (ldd) 2.4 > Procps 3.2.6 > Net-tools 1.60 > Kbd 1.12 > Sh-utils 5.94 > udev 087 > Modules Loaded orinoco_cs orinoco hermes pcmcia firmware_class > yenta_socket rsrc_nonstatic pcmcia_core > > Regards, > > Mariusz Kozlowski > - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Jean Tourrilhes on 19 Oct 2006 13:20 On Thu, Oct 19, 2006 at 10:03:42AM -0700, Andrew Morton wrote: > On Thu, 19 Oct 2006 16:45:39 +0200 > Mariusz Kozlowski <m.kozlowski(a)tuxland.pl> wrote: > > > Hello, > > > > Multiple of verif were found with 2.6.19-rc2-mm1 kernel: > > > > slab error in verify_redzone_free(): cache `size-32': memory outside object > > was overwritten > > [<c0103765>] dump_trace+0x1c1/0x1f1 > > [<c01037af>] show_trace_log_lvl+0x1a/0x30 > > [<c0103ed8>] show_trace+0x12/0x14 > > [<c0103f7b>] dump_stack+0x19/0x1b > > [<c0158357>] __slab_error+0x26/0x28 > > [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 > > [<c0158bb0>] kfree+0x54/0xa5 > > [<c037fba4>] ioctl_standard_call+0x187/0x2a1 > > [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 > > [<c03763d4>] dev_ioctl+0x1fd/0x372 > > [<c036b080>] sock_ioctl+0x34/0x1e8 > > [<c0167a92>] do_ioctl+0x22/0x71 > > [<c0167b36>] vfs_ioctl+0x55/0x29b > > [<c0167daf>] sys_ioctl+0x33/0x50 > > [<c0102ff5>] sysenter_past_esp+0x56/0x79 > > [<b7f4e410>] 0xb7f4e410 > > ======================= > > dd20cb64: redzone 1:0x170fc2a5, redzone 2:0x170fc200. > > slab error in verify_redzone_free(): cache `size-32': memory outside object > > was overwritten > > [<c0103765>] dump_trace+0x1c1/0x1f1 > > [<c01037af>] show_trace_log_lvl+0x1a/0x30 > > [<c0103ed8>] show_trace+0x12/0x14 > > [<c0103f7b>] dump_stack+0x19/0x1b > > [<c0158357>] __slab_error+0x26/0x28 > > [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 > > [<c0158bb0>] kfree+0x54/0xa5 > > [<c037fba4>] ioctl_standard_call+0x187/0x2a1 > > [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 > > [<c03763d4>] dev_ioctl+0x1fd/0x372 > > [<c036b080>] sock_ioctl+0x34/0x1e8 > > [<c0167a92>] do_ioctl+0x22/0x71 > > [<c0167b36>] vfs_ioctl+0x55/0x29b > > [<c0167daf>] sys_ioctl+0x33/0x50 > > [<c0102ff5>] sysenter_past_esp+0x56/0x79 > > [<b7f4e410>] 0xb7f4e410 > > The wireless ioctls are still blowing up? I thought we'd fixed that, > or is this something new? Do you know which driver the user is using ? Is it an in-kernel driver, or an out-of-kernel driver ? Thanks ! Jean - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Andrew Morton on 19 Oct 2006 13:40 On Thu, 19 Oct 2006 10:17:27 -0700 Jean Tourrilhes <jt(a)hpl.hp.com> wrote: > On Thu, Oct 19, 2006 at 10:03:42AM -0700, Andrew Morton wrote: > > On Thu, 19 Oct 2006 16:45:39 +0200 > > Mariusz Kozlowski <m.kozlowski(a)tuxland.pl> wrote: > > > > > Hello, > > > > > > Multiple of verif were found with 2.6.19-rc2-mm1 kernel: > > > > > > slab error in verify_redzone_free(): cache `size-32': memory outside object > > > was overwritten > > > [<c0103765>] dump_trace+0x1c1/0x1f1 > > > [<c01037af>] show_trace_log_lvl+0x1a/0x30 > > > [<c0103ed8>] show_trace+0x12/0x14 > > > [<c0103f7b>] dump_stack+0x19/0x1b > > > [<c0158357>] __slab_error+0x26/0x28 > > > [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 > > > [<c0158bb0>] kfree+0x54/0xa5 > > > [<c037fba4>] ioctl_standard_call+0x187/0x2a1 > > > [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 > > > [<c03763d4>] dev_ioctl+0x1fd/0x372 > > > [<c036b080>] sock_ioctl+0x34/0x1e8 > > > [<c0167a92>] do_ioctl+0x22/0x71 > > > [<c0167b36>] vfs_ioctl+0x55/0x29b > > > [<c0167daf>] sys_ioctl+0x33/0x50 > > > [<c0102ff5>] sysenter_past_esp+0x56/0x79 > > > [<b7f4e410>] 0xb7f4e410 > > > ======================= > > > dd20cb64: redzone 1:0x170fc2a5, redzone 2:0x170fc200. > > > slab error in verify_redzone_free(): cache `size-32': memory outside object > > > was overwritten > > > [<c0103765>] dump_trace+0x1c1/0x1f1 > > > [<c01037af>] show_trace_log_lvl+0x1a/0x30 > > > [<c0103ed8>] show_trace+0x12/0x14 > > > [<c0103f7b>] dump_stack+0x19/0x1b > > > [<c0158357>] __slab_error+0x26/0x28 > > > [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 > > > [<c0158bb0>] kfree+0x54/0xa5 > > > [<c037fba4>] ioctl_standard_call+0x187/0x2a1 > > > [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 > > > [<c03763d4>] dev_ioctl+0x1fd/0x372 > > > [<c036b080>] sock_ioctl+0x34/0x1e8 > > > [<c0167a92>] do_ioctl+0x22/0x71 > > > [<c0167b36>] vfs_ioctl+0x55/0x29b > > > [<c0167daf>] sys_ioctl+0x33/0x50 > > > [<c0102ff5>] sysenter_past_esp+0x56/0x79 > > > [<b7f4e410>] 0xb7f4e410 > > > > The wireless ioctls are still blowing up? I thought we'd fixed that, > > or is this something new? > > Do you know which driver the user is using ? Is it an > in-kernel driver, or an out-of-kernel driver ? > Thanks ! > Modules Loaded orinoco_cs orinoco hermes pcmcia firmware_class yenta_socket rsrc_nonstatic pcmcia_core The full dmesg is on the mailing list - I'll forward it to you. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Mariusz Kozlowski on 19 Oct 2006 13:40
Hello, > > The wireless ioctls are still blowing up? I thought we'd fixed that, > > or is this something new? > > Do you know which driver the user is using ? Is it an > in-kernel driver, or an out-of-kernel driver ? > Thanks ! The wifi card is Cabletron Entersys Roamabout and the driver is an orinoco driver that comes with vanilla kernel. Here is what lsmod says: orinoco_cs 14340 1 orinoco 38932 1 orinoco_cs hermes 6784 2 orinoco_cs,orinoco pcmcia 32176 5 orinoco_cs firmware_class 8448 1 pcmcia yenta_socket 24204 6 rsrc_nonstatic 11776 1 yenta_socket pcmcia_core 35616 4 orinoco_cs,pcmcia,yenta_socket,rsrc_nonstatic And these are the relevant syslog lines: orinoco 0.15 (David Gibson <hermes(a)gibson.dropbear.id.au>, Pavel Roskin <proski(a)gnu.org>, et al) orinoco_cs 0.15 (David Gibson <hermes(a)gibson.dropbear.id.au>, Pavel Roskin <proski(a)gnu.org>, et al) pcmcia: registering new device pcmcia1.0 eth0: Hardware identity 0001:0001:0004:0000 eth0: Station identity 001f:0001:0008:0048 eth0: Firmware determined as Lucent/Agere 8.72 eth0: Ad-hoc demo mode supported eth0: IEEE standard IBSS ad-hoc mode supported eth0: WEP supported, 104-bit key eth0: MAC address 00:E0:63:82:2D:3F eth0: Station name "HERMES I" eth0: ready eth0: orinoco_cs at 1.0, irq 3, io 0x0100-0x013f slab error in verify_redzone_free(): cache `size-32': memory outside object was overwritten [<c0103765>] dump_trace+0x1c1/0x1f1 [<c01037af>] show_trace_log_lvl+0x1a/0x30 [<c0103ed8>] show_trace+0x12/0x14 [<c0103f7b>] dump_stack+0x19/0x1b [<c0158357>] __slab_error+0x26/0x28 [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 [<c0158bb0>] kfree+0x54/0xa5 [<c037fba4>] ioctl_standard_call+0x187/0x2a1 [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 [<c03763d4>] dev_ioctl+0x1fd/0x372 [<c036b080>] sock_ioctl+0x34/0x1e8 [<c0167a92>] do_ioctl+0x22/0x71 [<c0167b36>] vfs_ioctl+0x55/0x29b [<c0167daf>] sys_ioctl+0x33/0x50 [<c0102ff5>] sysenter_past_esp+0x56/0x79 [<b7f4e410>] 0xb7f4e410 ======================= dd20cb64: redzone 1:0x170fc2a5, redzone 2:0x170fc200. slab error in verify_redzone_free(): cache `size-32': memory outside object was overwritten [<c0103765>] dump_trace+0x1c1/0x1f1 [<c01037af>] show_trace_log_lvl+0x1a/0x30 [<c0103ed8>] show_trace+0x12/0x14 [<c0103f7b>] dump_stack+0x19/0x1b [<c0158357>] __slab_error+0x26/0x28 [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 [<c0158bb0>] kfree+0x54/0xa5 [<c037fba4>] ioctl_standard_call+0x187/0x2a1 [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 [<c03763d4>] dev_ioctl+0x1fd/0x372 [<c036b080>] sock_ioctl+0x34/0x1e8 [<c0167a92>] do_ioctl+0x22/0x71 [<c0167b36>] vfs_ioctl+0x55/0x29b [<c0167daf>] sys_ioctl+0x33/0x50 [<c0102ff5>] sysenter_past_esp+0x56/0x79 [<b7f4e410>] 0xb7f4e410 ======================= dd20cb64: redzone 1:0x170fc2a5, redzone 2:0x170fc200. slab error in verify_redzone_free(): cache `size-32': memory outside object was overwritten [<c0103765>] dump_trace+0x1c1/0x1f1 [<c01037af>] show_trace_log_lvl+0x1a/0x30 [<c0103ed8>] show_trace+0x12/0x14 [<c0103f7b>] dump_stack+0x19/0x1b [<c0158357>] __slab_error+0x26/0x28 [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 [<c0158bb0>] kfree+0x54/0xa5 [<c037fba4>] ioctl_standard_call+0x187/0x2a1 [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 [<c03763d4>] dev_ioctl+0x1fd/0x372 [<c036b080>] sock_ioctl+0x34/0x1e8 [<c0167a92>] do_ioctl+0x22/0x71 [<c0167b36>] vfs_ioctl+0x55/0x29b [<c0167daf>] sys_ioctl+0x33/0x50 [<c0102ff5>] sysenter_past_esp+0x56/0x79 [<b7f96410>] 0xb7f96410 ======================= dd20cab4: redzone 1:0x170fc2a5, redzone 2:0x170fc200. slab error in verify_redzone_free(): cache `size-32': memory outside object was overwritten [<c0103765>] dump_trace+0x1c1/0x1f1 [<c01037af>] show_trace_log_lvl+0x1a/0x30 [<c0103ed8>] show_trace+0x12/0x14 [<c0103f7b>] dump_stack+0x19/0x1b [<c0158357>] __slab_error+0x26/0x28 [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 [<c0158bb0>] kfree+0x54/0xa5 [<c037fba4>] ioctl_standard_call+0x187/0x2a1 [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 [<c03763d4>] dev_ioctl+0x1fd/0x372 [<c036b080>] sock_ioctl+0x34/0x1e8 [<c0167a92>] do_ioctl+0x22/0x71 [<c0167b36>] vfs_ioctl+0x55/0x29b [<c0167daf>] sys_ioctl+0x33/0x50 [<c0102ff5>] sysenter_past_esp+0x56/0x79 [<b7f96410>] 0xb7f96410 ======================= dd20cab4: redzone 1:0x170fc2a5, redzone 2:0x170fc200. slab error in verify_redzone_free(): cache `size-32': memory outside object was overwritten [<c0103765>] dump_trace+0x1c1/0x1f1 [<c01037af>] show_trace_log_lvl+0x1a/0x30 [<c0103ed8>] show_trace+0x12/0x14 [<c0103f7b>] dump_stack+0x19/0x1b [<c0158357>] __slab_error+0x26/0x28 [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 [<c0158bb0>] kfree+0x54/0xa5 [<c037fba4>] ioctl_standard_call+0x187/0x2a1 [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 [<c03763d4>] dev_ioctl+0x1fd/0x372 [<c036b080>] sock_ioctl+0x34/0x1e8 [<c0167a92>] do_ioctl+0x22/0x71 [<c0167b36>] vfs_ioctl+0x55/0x29b [<c0167daf>] sys_ioctl+0x33/0x50 [<c0102ff5>] sysenter_past_esp+0x56/0x79 [<b7f8a410>] 0xb7f8a410 ======================= dd20cab4: redzone 1:0x170fc2a5, redzone 2:0x170fc200. slab error in verify_redzone_free(): cache `size-32': memory outside object was overwritten [<c0103765>] dump_trace+0x1c1/0x1f1 [<c01037af>] show_trace_log_lvl+0x1a/0x30 [<c0103ed8>] show_trace+0x12/0x14 [<c0103f7b>] dump_stack+0x19/0x1b [<c0158357>] __slab_error+0x26/0x28 [<c0158496>] cache_free_debugcheck+0x13d/0x1d8 [<c0158bb0>] kfree+0x54/0xa5 [<c037fba4>] ioctl_standard_call+0x187/0x2a1 [<c037ffe6>] wireless_process_ioctl+0x328/0x3c7 [<c03763d4>] dev_ioctl+0x1fd/0x372 [<c036b080>] sock_ioctl+0x34/0x1e8 [<c0167a92>] do_ioctl+0x22/0x71 [<c0167b36>] vfs_ioctl+0x55/0x29b [<c0167daf>] sys_ioctl+0x33/0x50 [<c0102ff5>] sysenter_past_esp+0x56/0x79 [<b7f8a410>] 0xb7f8a410 ======================= dd20cab4: redzone 1:0x170fc2a5, redzone 2:0x170fc200. eth0: New link status: Connected (0001) slab error in verify_redzone_free(): cache `size-32': memory outside object was overwritten [<c0103765>] dump_trace+0x1c1/0x1f1 [<c01037af>] show_trace_log_lvl+0x1a/0x30 [<c0103ed8>] show_trace+0x12/0x14 [<c0103f7b>] dump_stack+0x19/0x1b [<c0158357>] __s |