Re: 2.6.25-git2: BUG: unable to handle kernel paging request at ffffffffffffffff

[Pekka Enberg]

Linus Torvalds wrote:
> Looks like possibly a double free to me (with the first free caused the 
> page to be re-used, the second free is the one that triggers the debug 
> message). But maybe Pekka or Christoph are better at reading those oopses.
>
> > =============================================================================
> > BUG kmalloc-4096: Padding overwritten. 0x0000000000000000-0x00000000ffffffff
> > -----------------------------------------------------------------------------

Okay, this doesn't make sense to me. The code does:

    u8 *start;
    u8 *fault;

    /* ... */

    start = page_address(page);

    /* ... */

    fault = check_bytes(start + length, POISON_INUSE, remainder);
    if (!fault)
            return 1;
    while (end > fault && end[-1] == POISON_INUSE)
            end--;

    slab_err(s, page, "Padding overwritten. 0x%p-0x%p", fault, end - 1);

So how come we're printing out 'fault' as zero and 'end' at 4 GB? Christoph?

Zdenek, can you please send the full dmesg?

		Pekka
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/