Bug 676099

Summary: ip_gre module throws slab corruption errors upon removal from the kernel
Product: Red Hat Enterprise Linux 6 Reporter: Mike Gahagan <mgahagan>
Component: kernelAssignee: Herbert Xu <herbert.xu>
Status: CLOSED ERRATA QA Contact: Petr Beňas <pbenas>
Severity: high Docs Contact:
Priority: high    
Version: 6.1CC: arozansk, davem, jburke, nhorman, pbenas, pstehlik, tgraf
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: Regression
Fixed In Version: kernel-2.6.32-118.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-23 20:39:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 676037    
Attachments:
Description Flags
net: Do not zero object we just freed none

Description Mike Gahagan 2011-02-08 20:17:09 UTC 
Description of problem:

GRE over IPv4 tunneling driver
Slab corruption (Not tainted): size-128 start=ffff88001b2dde88, len=128
Redzone: 0x9f911029d74e35b/0x9f911029d74e35b.
Last user: [<ffffffff8145a35a>](rx_queue_release+0x6a/0x80)
010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Prev obj: start=ffff88001b2dddf0, len=128
Redzone: 0xd84156c5635688c0/0xd84156c5635688c0.
Last user: [<ffffffff810bcd0e>](load_module+0x1aee/0x1dd0)
000: b8 65 36 1d 00 88 ff ff 01 00 00 00 00 00 00 00
010: 80 6f 66 1a 00 88 ff ff 00 00 00 00 00 00 00 00
Next obj: start=ffff88001b2ddf20, len=128
Redzone: 0xd84156c5635688c0/0xd84156c5635688c0.
Last user: [<ffffffff8115a8cb>](alloc_vmap_area+0x5b/0x390)
000: 00 00 3c a0 ff ff ff ff 00 50 3c a0 ff ff ff ff
010: 04 00 00 00 00 00 00 00 79 35 cc 19 00 88 ff ff



Version-Release number of selected component (if applicable):
2.6.32-115.el6.x86_64.debug

How reproducible:
always

Steps to Reproduce:
1.boot kernel-debug
2.modprobe ip_gre
3.rmmod ip_gre
  
Actual results:
slab corruption warnings. The can also appear spordically when other modules are loaded or unloaded.

Expected results:
module loads and unloads with no warnings or errors.

Additional info:
Comment 2 Mike Gahagan 2011-02-08 21:45:12 UTC 
Just in case it makes any difference, I reproduced this on an x86_64 kvm guest running on an x86_64 RHEL 6.0 host. The host has:

[mpg@dhcp231-174 x86_64]$ rpm -qa | grep kvm
qemu-kvm-tools-0.12.1.2-2.113.el6.x86_64
qemu-kvm-0.12.1.2-2.113.el6.x86_64
[mpg@dhcp231-174 x86_64]$ uname -r
2.6.32-71.6.1.el6.x86_64
Comment 3 Herbert Xu 2011-02-11 23:18:15 UTC 
Created attachment 478326 [details]
net: Do not zero object we just freed

Does this patch help?
Comment 5 Mike Gahagan 2011-02-15 16:13:55 UTC 
2.6.32-115.el6.bz676099 seems to help. I tried both the x86_64 and x86_64.debug kernel on my test VM and was not able to reproduce the problem.
Comment 6 RHEL Program Management 2011-02-15 22:39:47 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 7 Aristeu Rozanski 2011-02-23 18:36:16 UTC 
Patch(es) available on kernel-2.6.32-118.el6
Comment 11 Petr Beňas 2011-02-28 14:19:26 UTC 
Reproduced in 2.6.32-115.el6.x86_64.debug and 2.6.32-117.el6.x86_64.debug. 
Verified in 2.6.32-118.el6.x86_64.debug.
Comment 12 errata-xmlrpc 2011-05-23 20:39:20 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0542.html