Linus Torvalds wrote:
Looks like possibly a double free to me (with the first free caused the
page to be re-used, the second free is the one that triggers the debug
message). But maybe Pekka or Christoph are better at reading those oopses.
=============================================================================
BUG kmalloc-4096: Padding overwritten. 0x0000000000000000-0x00000000ffffffff
-----------------------------------------------------------------------------
Okay, this doesn't make sense to me. The code does:
u8 *start;
u8 *fault;
/* ... */
start = page_address(page);
/* ... */
fault = check_bytes(start + length, POISON_INUSE, remainder);
if (!fault)
return 1;
while (end > fault && end[-1] == POISON_INUSE)
end--;
slab_err(s, page, "Padding overwritten. 0x%p-0x%p", fault, end - 1);
So how come we're printing out 'fault' as zero and 'end' at 4 GB? Christoph?
Zdenek, can you please send the full dmesg?
Pekka
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html