conntrack related slab corruption in 2.5.65

conntrack related slab corruption in 2.5.65

Post by Dave Jone » Wed, 26 Mar 2003 00:10:13



Slab corruption: start=cf480a84, expend=cf480bb7, problemat=cf480aec
Last user: [<c03ed43a>](destroy_conntrack+0xf8/0x159)
Data: ********************************************************************************************************EC 0A 48 CF EC 0A 48 CF ***************************************************************************************************************************************************************************************************A5
Next: 71 F0 2C .3A D4 3E C0 71 F0 2C .********************
slab error in check_poison_obj(): cache `ip_conntrack': object was modified after freeing
Call Trace:
 [<c0144496>] check_poison_obj+0x155/0x195
 [<c0145e4b>] kmem_cache_alloc+0x139/0x177
 [<c03edfba>] init_conntrack+0x8d/0x44f
 [<c03edfba>] init_conntrack+0x8d/0x44f
 [<c03ee586>] ip_conntrack_in+0x20a/0x2bc
 [<c03db2eb>] udp_connect+0xa8/0x353
 [<c03aa074>] nf_iterate+0x5f/0x93
 [<c03b9634>] dst_output+0x0/0x2d
 [<c03aa3db>] nf_hook_slow+0xa9/0x205
 [<c03b9634>] dst_output+0x0/0x2d
 [<c03b7a84>] ip_queue_xmit+0x435/0x525
 [<c03b9634>] dst_output+0x0/0x2d
 [<c039d1df>] __kfree_skb+0x89/0xfe
 [<c014437c>] check_poison_obj+0x3b/0x195
 [<c03d0eeb>] tcp_v4_send_check+0x4d/0xd8
 [<c03ca6ae>] tcp_transmit_skb+0x3b0/0x5b3
 [<c03cd026>] tcp_connect+0x3af/0x47b
 [<c02aa34e>] secure_tcp_sequence_number+0x82/0xa0
 [<c03d0237>] tcp_v4_connect+0x393/0x5db
 [<c03e3f1d>] inet_stream_connect+0x264/0x3bc
 [<c0398ae2>] move_addr_to_kernel+0x6b/0x6f
 [<c039a2d8>] sys_connect+0x78/0x99
 [<c0398c00>] sock_destroy_inode+0x1d/0x21
 [<c0398c00>] sock_destroy_inode+0x1d/0x21
 [<c0178bbc>] destroy_inode+0x36/0x50
 [<c017a493>] iput+0x63/0x7c
 [<c01760b3>] dput+0x24/0x333
 [<c039adb1>] sys_socketcall+0xb2/0x262
 [<c015c938>] filp_close+0xe9/0x12d
 [<c015ca13>] sys_close+0x97/0xdf
 [<c010978f>] syscall_call+0x7/0xb

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

conntrack related slab corruption in 2.5.65

Post by Martin Josefsso » Wed, 26 Mar 2003 00:40:19



> Slab corruption: start=cf480a84, expend=cf480bb7, problemat=cf480aec
> Last user: [<c03ed43a>](destroy_conntrack+0xf8/0x159)
> Data: ********************************************************************************************************EC 0A 48 CF EC 0A 48 CF ***************************************************************************************************************************************************************************************************A5
> Next: 71 F0 2C .3A D4 3E C0 71 F0 2C .********************
> slab error in check_poison_obj(): cache `ip_conntrack': object was modified after freeing

Are you using a conntrack helper (ie. ip_conntrack_ftp) ?
If so then this is fixed in -mm. If not then this is another bug that I
need to track down.

I've been trying to get hold of Harald Welte for a few days now, all
netfilter patches should go through him -> davem -> linus/marcelo.

--- linux-2.5.64-bk10/net/ipv4/netfilter/ip_conntrack_core.c.orig       2003-03-21 01:42:57.000000000 +0100

                 * the un-established ones only */
                if (exp->sibling) {
                        DEBUGP("remove_expectations: skipping established %p of %p\n", exp->sibling, ct);
+                       exp->expectant = NULL;
                        continue;
                }

        WRITE_LOCK(&ip_conntrack_lock);
        /* Delete our master expectation */
        if (ct->master) {
-               /* can't call __unexpect_related here,
-                * since it would*up expect_list */
-               list_del(&ct->master->expected_list);
+               if (ct->master->expectant) {
+                       /* can't call __unexpect_related here,
+                        * since it would*up expect_list */
+                       list_del(&ct->master->expected_list);
+               }
                kfree(ct->master);
        }
        WRITE_UNLOCK(&ip_conntrack_lock);

--
/Martin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://www.veryComputer.com/
Please read the FAQ at  http://www.veryComputer.com/

 
 
 

conntrack related slab corruption in 2.5.65

Post by Dave Jone » Wed, 26 Mar 2003 03:30:13


 > Are you using a conntrack helper (ie. ip_conntrack_ftp) ?
 > If so then this is fixed in -mm. If not then this is another bug that I
 > need to track down.

Yep, I was. Thanks for the patch, I'll give it a spin.

                Dave

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

1. ide kernel panic: 2.5.64-ac3 2.5.65-ac1 2.5.65-mm4

AMD K6/2 with VIA chipset has this panic at boot:

Kernel panic: ide: default attach failed

Panic on 2.5.64-ac3, 2.5.65-ac[13], 2.5.65-mm4, 2.5.65-bk4.

No panic on 2.5.61-ac1, 2.5.65-mm3, 2.5.65, 2.4.21-pre5, 2.4.21-pre5-ac3.

No modules.

egrep '^C.*IDE|^C.*VIA' /usr/src/linux-2.5.65-ac1/.config
CONFIG_IDE=y
CONFIG_BLK_DEV_IDE=y
CONFIG_BLK_DEV_IDEDISK=y
CONFIG_IDEDISK_MULTI_MODE=y
CONFIG_BLK_DEV_IDECD=y
CONFIG_BLK_DEV_IDEPCI=y
CONFIG_BLK_DEV_IDEDMA_PCI=y
CONFIG_IDEDMA_PCI_AUTO=y
CONFIG_BLK_DEV_IDEDMA=y
CONFIG_BLK_DEV_VIA82CXXX=y
CONFIG_IDEDMA_AUTO=y
CONFIG_BLK_DEV_IDE_MODES=y

Boot message on 2.5.65-ac1:

Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
VP_IDE: IDE controller at PCI slot 00:07.1
VP_IDE: chipset revision 6
VP_IDE: not 100% native mode: will probe irqs later
VP_IDE: VIA vt82c586b (rev 47) IDE UDMA33 controller on pci00:07.1
    ide0: BM-DMA at 0xe000-0xe007, BIOS settings: hda:DMA, hdb:DMA
    ide1: BM-DMA at 0xe008-0xe00f, BIOS settings: hdc:DMA, hdd:DMA
hda: Maxtor 51536U3, ATA DISK drive
hdb: ATAPI CDROM, ATAPI CD/DVD-ROM drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
hdc: Maxtor 52049U4, ATA DISK drive
ide1 at 0x170-0x177,0x376 on irq 15
hda: host protected area => 1
hda: 30015216 sectors (15368 MB) w/2048KiB Cache, CHS=29777/16/63, UDMA(33)
 hda: [PTBL] [1868/255/63] hda1 hda2 hda3
hdc: host protected area => 1
hdc: 40020624 sectors (20491 MB) w/2048KiB Cache, CHS=39703/16/63, UDMA(33)
 hdc: hdc1 hdc2 hdc3
ide-disk: hdc: Failed to register the driver with ide.c
ide-default: hdc: Failed to register the driver with ide.c
Kernel panic: ide: default attach failed

lspci -vvv for IDE interface

IDE interface: VIA Technologies, Inc. Bus Master IDE (rev 06) (prog-if 8a [Master SecP PriP])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap- 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64
Region 4: I/O ports at e000 [size=16]

lspci
00:00.0 Host bridge: VIA Technologies, Inc. VT82C598 [Apollo MVP3] (rev 04)
00:01.0 PCI bridge: VIA Technologies, Inc. VT82C598/694x [Apollo MVP3/Pro133x AGP]
00:07.0 ISA bridge: VIA Technologies, Inc. VT82C586/A/B PCI-to-ISA [Apollo VP] (rev 47)
00:07.1 IDE interface: VIA Technologies, Inc. Bus Master IDE (rev 06)
00:07.3 Host bridge: VIA Technologies, Inc. VT82C586B ACPI (rev 10)
00:13.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C (rev 10)
01:00.0 VGA compatible controller: nVidia Corporation NV6 [Vanta] (rev 15)

--
Randy Hron
http://home.earthlink.net/~rwhron/kernel/bigbox.html

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

2. AHA-2940

3. [2.5.65] kexec for 2.5.65 available

4. mod_rewrite and environment vars

5. New: conntrack related slab corruption.

6. How to print landscape?

7. Some Warning from gcc-3.4-cvs for 2.5.65

8. Help! Apache not seeing VirtualHost

9. 2.5.65: 3C905 driver doesn't work.

10. fix pppoatm compile in 2.5.65

11. 2.5.65 RCU oops.

12. Issues in 2.5.65-ac4

13. Yet more i2c driver changes for 2.5.65