On Wed, 17 Aug 2011, Justin Piszcz wrote:
On Wed, 17 Aug 2011, Arnaud Lacombe wrote:
Hi,
On Wed, Aug 17, 2011 at 4:45 PM, Justin Piszcz <jpiszcz@xxxxxxxxxxxxxxx>
wrote:
On Wed, 17 Aug 2011, Jeff Layton wrote:
The crash is happening in the bowels of the slab allocator.
Specifically, it looks like it's hitting this:
/*
* The slab was either on partial or free list so
* there must be at least one object available for
* allocation.
*/
BUG_ON(slabp->inuse >= cachep->num);
...which looks like maybe the accounting of in-use objects is off. This
really sounds like some sort of memory corruption. I've not been able
to reproduce this so far, but I also had someone report panic here that
might be related:
https://bugzilla.redhat.com/show_bug.cgi?id=731278
Hi,
Got a better one here:
[ 98.386992] CIFS VFS: cifs_mount failed w/return code = -22
[ 562.565161] CIFS VFS: cifs_mount failed w/return code = -22
[ 596.277441] ------------[ cut here ]------------
[ 596.277450] kernel BUG at mm/slab.c:3111!
[ 596.277456] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 596.277463] CPU 2
[ 596.277466] Modules linked in: rfcomm bnep bluetooth speedstep_lib cryptd aes_x86_64 aes_generic configfs ath9k mac80211 ath9k_common ath9k_hw ohci_hcd ssb ath mmc_core cfg80211 shpchp uvcvideo i2c_piix4 videodev v4l2_compat_ioctl32 pci_hotplug wmi pcmcia rfkill pcmcia_core edac_core k10temp edac_mce_amd video battery ac
[ 596.277517]
[ 596.277523] Pid: 4157, comm: ps Not tainted 3.1.0-rc2 #3 Acer Aspire 7551 /Aspire 7551
[ 596.277536] RIP: 0010:[<ffffffff816464a6>] [<ffffffff816464a6>] cache_alloc_refill+0x111/0x4a6
[ 596.277554] RSP: 0018:ffff88012e231b88 EFLAGS: 00010046
[ 596.277559] RAX: ffff8801394d5000 RBX: ffff88013f000080 RCX: 0000000000000033
[ 596.277565] RDX: 0000000000000070 RSI: dead000000200200 RDI: 0000000000000009
[ 596.277570] RBP: ffff88012e231be8 R08: 000000000000005f R09: ffff88013f004450
[ 596.277576] R10: ffff88013f004460 R11: ffff88012e231d80 R12: 00000000000000d0
[ 596.277581] R13: ffff88013f0d1400 R14: 00000000000000d0 R15: ffff88013f004440
[ 596.277588] FS: 00007f8bf016c700(0000) GS:ffff88013fd00000(0000) knlGS:0000000000000000
[ 596.277594] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 596.277599] CR2: 00007f8befd44328 CR3: 000000012e27b000 CR4: 00000000000006e0
[ 596.277605] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 596.277610] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 596.277616] Process ps (pid: 4157, threadinfo ffff88012e230000, task ffff88013f3f78d0)
[ 596.277621] Stack:
[ 596.277624] ffff88013f045c00 ffff88010000003c ffff88012e231bb8 ffff88012f491088
[ 596.277635] 000000d02e231bc8 0000001000000000 ffff88012f491118 ffff880132266a40
[ 596.277645] 00000000000000d0 0000000000000202 ffff88013f000080 ffff880132266a40
[ 596.277654] Call Trace:
[ 596.277666] [<ffffffff810ae0e6>] kmem_cache_alloc+0x76/0xa0
[ 596.277675] [<ffffffff8110bb80>] ? meminfo_proc_open+0x30/0x30
[ 596.277684] [<ffffffff810d58e2>] single_open+0x32/0xa0
[ 596.277694] [<ffffffff8110a095>] ? proc_lookup_de+0xa5/0x100
[ 596.277701] [<ffffffff8110bb65>] meminfo_proc_open+0x15/0x30
[ 596.277709] [<ffffffff811044e8>] proc_reg_open+0x88/0x150
[ 596.277717] [<ffffffff810d4c50>] ? seq_release_private+0x50/0x50
[ 596.277726] [<ffffffff81104460>] ? proc_alloc_inode+0xa0/0xa0
[ 596.277735] [<ffffffff810b5339>] __dentry_open.isra.17+0xf9/0x2d0
[ 596.277744] [<ffffffff810b625e>] nameidata_to_filp+0x4e/0x60
[ 596.277753] [<ffffffff810c4804>] do_last.isra.48+0x204/0x830
[ 596.277760] [<ffffffff810c50a6>] path_openat+0xc6/0x370
[ 596.277769] [<ffffffff8109a965>] ? handle_mm_fault+0x165/0x300
[ 596.277776] [<ffffffff810c53ad>] do_filp_open+0x3d/0xa0
[ 596.277786] [<ffffffff810d0697>] ? alloc_fd+0x47/0x130
[ 596.277795] [<ffffffff810b6362>] do_sys_open+0xf2/0x1d0
[ 596.277803] [<ffffffff810b645b>] sys_open+0x1b/0x20
[ 596.277812] [<ffffffff8164debb>] system_call_fastpath+0x16/0x1b
[ 596.277817] Code: 00 e9 d2 00 00 00 49 8b 07 49 39 c7 75 15 49 8b 47 20 41 c7 47 60 01 00 00 00 4c 39 d0 0f 84 ad 00 00 00 8b 53 18 39 50 20 72 2f <0f> 0b 44 8b 40 24 8b 53 0c ff c6 41 8b 7d 00 89 70 20 41 0f af
[ 596.277879] RIP [<ffffffff816464a6>] cache_alloc_refill+0x111/0x4a6
[ 596.277888] RSP <ffff88012e231b88>
[ 596.277894] ---[ end trace 01e175dd97a8992b ]---
Justin.
