Re: conntrack related slab corruption in 2.5.65

From: Martin Josefsson (gandalf@wlug.westbo.se)
Date: Mon Mar 24 2003 - 17:32:01 EST

Next message: David van Hoose: "Re: [Bug 495] New: Logitech USB cordless optical trackball no longer works"
Previous message: Martin J. Bligh: "[Bug 497] New: conntrack related slab corruption."
In reply to: Dave Jones: "conntrack related slab corruption in 2.5.65"
Next in thread: Dave Jones: "Re: conntrack related slab corruption in 2.5.65"
Reply: Dave Jones: "Re: conntrack related slab corruption in 2.5.65"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2003-03-24 at 23:04, Dave Jones wrote:
> Slab corruption: start=cf480a84, expend=cf480bb7, problemat=cf480aec
> Last user: [<c03ed43a>](destroy_conntrack+0xf8/0x159)
> Data: ********************************************************************************************************EC 0A 48 CF EC 0A 48 CF ***************************************************************************************************************************************************************************************************A5
> Next: 71 F0 2C .3A D4 3E C0 71 F0 2C .********************
> slab error in check_poison_obj(): cache `ip_conntrack': object was modified after freeing

Are you using a conntrack helper (ie. ip_conntrack_ftp) ?
If so then this is fixed in -mm. If not then this is another bug that I
need to track down.

I've been trying to get hold of Harald Welte for a few days now, all
netfilter patches should go through him -> davem -> linus/marcelo.

--- linux-2.5.64-bk10/net/ipv4/netfilter/ip_conntrack_core.c.orig 2003-03-21 01:42:57.000000000 +0100
+++ linux-2.5.64-bk10/net/ipv4/netfilter/ip_conntrack_core.c 2003-03-22 00:43:28.000000000 +0100
@@ -274,6 +274,7 @@
                  * the un-established ones only */
                 if (exp->sibling) {
                         DEBUGP("remove_expectations: skipping established %p of %p\n", exp->sibling, ct);
+ exp->expectant = NULL;
                         continue;
                 }

@@ -327,9 +328,11 @@
         WRITE_LOCK(&ip_conntrack_lock);
         /* Delete our master expectation */
         if (ct->master) {
- /* can't call __unexpect_related here,
- * since it would screw up expect_list */
- list_del(&ct->master->expected_list);
+ if (ct->master->expectant) {
+ /* can't call __unexpect_related here,
+ * since it would screw up expect_list */
+ list_del(&ct->master->expected_list);
+ }
                 kfree(ct->master);
         }
         WRITE_UNLOCK(&ip_conntrack_lock);

-- 
/Martin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: David van Hoose: "Re: [Bug 495] New: Logitech USB cordless optical trackball no longer works"
Previous message: Martin J. Bligh: "[Bug 497] New: conntrack related slab corruption."
In reply to: Dave Jones: "conntrack related slab corruption in 2.5.65"
Next in thread: Dave Jones: "Re: conntrack related slab corruption in 2.5.65"
Reply: Dave Jones: "Re: conntrack related slab corruption in 2.5.65"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Mar 31 2003 - 22:00:17 EST