Re: [bug, netconsole, SLUB] BUG skbuff_head_cache: Poison overwritten

From: Vegard Nossum
Date: Thu Jul 17 2008 - 19:16:13 EST


On Thu, Jul 17, 2008 at 11:42 PM, Ingo Molnar <mingo@xxxxxxx> wrote:
>
> A regression to v2.6.26:
>
> I started getting this skb-head corruption message today, on a T60
> laptop with e1000:
>
> PM: Removing info for No Bus:vcs11
> device: 'vcs11': device_create_release
> =============================================================================
> BUG skbuff_head_cache: Poison overwritten
> -----------------------------------------------------------------------------
>
> INFO: 0xf658ae9c-0xf658ae9c. First byte 0x6a instead of 0x6b

1. Notice the range. It's just a single byte.
2. Notice the value. It's just a ++.

Probably a stray increment of a uint8_t somewhere on a freed object?

The offset from the beginning of the object is 0xf658ae9c - 0xf658ae00 = 0x9c.

How big is a struct sk_buff? Hm.. it is in fact quite big. Now what
member has offset 0x9c? Seems to depend on your config. Is there any
way you can figure it out, Ingo? I'll try it with your config too.


Vegard

--
"The animistic metaphor of the bug that maliciously sneaked in while
the programmer was not looking is intellectually dishonest as it
disguises that the error is the programmer's own creation."
-- E. W. Dijkstra, EWD1036
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/