Linus Torvalds wrote:
quoted text
> Looks like possibly a double free to me (with the first free caused the 
> page to be re-used, the second free is the one that triggers the debug 
> message). But maybe Pekka or Christoph are better at reading those oopses.
> 
>> =============================================================================
>> BUG kmalloc-4096: Padding overwritten. 0x0000000000000000-0x00000000ffffffff
>> -----------------------------------------------------------------------------

Okay, this doesn't make sense to me. The code does:

     u8 *start;
     u8 *fault;

     /* ... */

     start = page_address(page);

     /* ... */

     fault = check_bytes(start + length, POISON_INUSE, remainder);
     if (!fault)
             return 1;
     while (end > fault && end[-1] == POISON_INUSE)
             end--;

     slab_err(s, page, "Padding overwritten. 0x%p-0x%p", fault, end - 1);

So how come we're printing out 'fault' as zero and 'end' at 4 GB? Christoph?

Zdenek, can you please send the full dmesg?

		Pekka
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/