Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1761212AbZD0Uh3 (ORCPT ); Mon, 27 Apr 2009 16:37:29 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1761185AbZD0UhA (ORCPT ); Mon, 27 Apr 2009 16:37:00 -0400 Received: from smtp-out.google.com ([216.239.33.17]:10400 "EHLO smtp-out.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1761158AbZD0Ug6 (ORCPT ); Mon, 27 Apr 2009 16:36:58 -0400 DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=date:from:x-x-sender:to:cc:subject:in-reply-to:message-id: references:user-agent:mime-version:content-type:x-system-of-record; b=fKtUzPoHl4DI3BnXtnsqBR0hquz+vY7llqasWF34R7QGTxQycg5eG4fMeE1yHBKgb /HC9feue/5bU3C2M6QnoA== Date: Mon, 27 Apr 2009 13:36:46 -0700 (PDT) From: David Rientjes X-X-Sender: rientjes@chino.kir.corp.google.com To: Bart cc: Christoph Lameter , Pekka Enberg , Linux Kernel Mailing List , Kernel Testers List , "Rafael J. Wysocki" , Andrew Morton , FUJITA Tomonori , Jens Axboe Subject: Re: [Bug #13112] Oops in drain_array In-Reply-To: Message-ID: References: <84144f020904270152o6567e84cj914934120315bf90@mail.gmail.com> User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-System-Of-Record: true Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1306 Lines: 28 On Mon, 27 Apr 2009, Bart wrote: > After turning the suggested debuging options I've got tons of these when > trying to stress the tape device like before: > > Apr 27 16:57:30 fs kernel: [ 96.446708] slab error in verify_redzone_free(): > cache `size-128': memory outside object was overwritten > Apr 27 16:57:30 fs kernel: [ 96.446713] Pid: 0, comm: swapper Not tainted > 2.6.29.1-64 #2 > Apr 27 16:57:30 fs kernel: [ 96.446715] Call Trace: > Apr 27 16:57:30 fs kernel: [ 96.446717] [] > __slab_error+0x1f/0x25 > Apr 27 16:57:30 fs kernel: [ 96.446728] [] > cache_free_debugcheck+0x108/0x1d6 > Apr 27 16:57:30 fs kernel: [ 96.446731] [] > kfree+0x81/0xc2 > Apr 27 16:57:30 fs kernel: [ 96.446735] [] > bio_free_map_data+0xc/0x1e This appears to be kfree(bmd->iovecs) in bio_free_map_data(). It looks like the memcpy size in bio_set_map_data() overrides the kmalloc size; in other words, for a redzone error, bio->bi_vcnt > nr_pages in bio_copy_user_iov(). -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/