We got this in Fedora bugzilla from a user running a 2.6.15-rc7-git2 vintage
kernel. This seemed important enough to warrant a closer look by someone
familiar
with recent networking changes in case this hasn't been reported/fixed yet.
Dave
On Sat, Jan 07, 2006 at 08:13:54PM -0500, [EMAIL PROTECTED] wrote:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177236
>
> Summary: Badness in cache_free_debugcheck at mm/slab.c:2315
> Product: Fedora Core
> Version: devel
> Platform: All
> OS/Version: Linux
> Status: NEW
> Severity: normal
> Priority: normal
> Component: kernel
> AssignedTo: [EMAIL PROTECTED]
> ReportedBy: [EMAIL PROTECTED]
> QAContact: [EMAIL PROTECTED]
> CC: [EMAIL PROTECTED]
>
>
> Description of problem:
> As a bittorrent download was ramping up, the system froze for 2 minutes.
> (the two minute pause is self evident).
>
> The following appeared in the log:
>
> Jan 7 17:22:45 white kernel: mismatch in kmem_cache_free: expected cache
> df7c9140, got df7c9200
> Jan 7 17:22:45 white kernel: df7c9200 is skbuff_head_cache.
> Jan 7 17:22:45 white kernel: df7c9140 is skbuff_fclone_cache.
> Jan 7 17:22:45 white kernel: Badness in cache_free_debugcheck at
> mm/slab.c:2315
> (Not tainted)
> Jan 7 17:22:45 white kernel: [<c0142731>] cache_free_debugcheck+0x86/0x198
>
> [<c028d438>] __alloc_skb+0x10e/0x117
> Jan 7 17:22:45 white kernel: [<c0142f85>] kmem_cache_free+0x1f/0x4f
> [<c028d438>] __alloc_skb+0x10e/0x117
> Jan 7 17:22:45 white kernel: [<c02b2dd2>] tcp_sendmsg+0x153/0x97f
> [<c0104c02>] do_IRQ+0x6e/0x77
> Jan 7 17:22:45 white kernel: [<c014007b>] background_writeout+0x12/0x8e
> [<c02bc1b1>] tcp_write_xmit+0x50/0x2d0
> Jan 7 17:22:45 white kernel: [<c02cada9>] inet_sendmsg+0x35/0x3f
> [<c0289767>] sock_sendmsg+0xca/0xe4
> Jan 7 17:22:45 white kernel: [<c012ca1c>]
> autoremove_wake_function+0x0/0x2d
> [<c0289767>] sock_sendmsg+0xca/0xe4
> Jan 7 17:22:45 white kernel: [<c01037a6>] common_interrupt+0x1a/0x20
> [<c02897a7>] kernel_sendmsg+0x26/0x2c
> Jan 7 17:22:45 white kernel: [<c028c59d>] sock_no_sendpage+0x5f/0x72
> [<c02b2c54>] tcp_sendpage+0x33/0x5e
> Jan 7 17:22:45 white kernel: [<c02b2c21>] tcp_sendpage+0x0/0x5e
> [<e04d6e55>] xs_tcp_send_request+0x1eb/0x317 [sunrpc]
> Jan 7 17:22:45 white kernel: [<e04d5fa8>] xprt_transmit+0xd2/0x1c3
> [sunrpc]
> [<e04d4d03>] call_transmit+0x6d/0x9e [sunrpc]
> Jan 7 17:22:45 white kernel: [<e04d894f>] __rpc_execute+0x61/0x1a9
> [sunrpc]
> [<c0129348>] worker_thread+0x167/0x1d1
> Jan 7 17:22:45 white kernel: [<e04d8ab3>] rpc_async_schedule+0x0/0x5
> [sunrpc]
> [<c02e4331>] _spin_unlock_irq+0x5/0x7Jan 7 17:22:45 white kernel:
> [<c01190cd>] default_wake_function+0x0/0xc [<c01291e1>]
> worker_thread+0x0/0x1d1
> Jan 7 17:22:45 white kernel: [<c012c5cc>] kthread+0x64/0x90
> [<c012c568>]
> kthread+0x0/0x90
> Jan 7 17:22:45 white kernel: [<c010127d>] kernel_thread_helper+0x5/0xb
> Jan 7 17:22:45 white kernel: slab error in cache_free_debugcheck(): cache
> `skbuff_head_cache': double free, or memory outside object was overwritten
> Jan 7 17:22:45 white kernel: [<c0142770>] cache_free_debugcheck+0xc5/0x198
>
> [<c028d438>] __alloc_skb+0x10e/0x117
> Jan 7 17:22:45 white kernel: [<c0142f85>] kmem_cache_free+0x1f/0x4f
> [<c028d438>] __alloc_skb+0x10e/0x117
> Jan 7 17:22:45 white kernel: [<c02b2dd2>] tcp_sendmsg+0x153/0x97f
> [<c0104c02>] do_IRQ+0x6e/0x77
> Jan 7 17:22:45 white kernel: [<c014007b>] background_writeout+0x12/0x8e
> [<c02bc1b1>] tcp_write_xmit+0x50/0x2d0
> Jan 7 17:22:45 white kernel: [<c02cada9>] inet_sendmsg+0x35/0x3f
> [<c0289767>] sock_sendmsg+0xca/0xe4
> Jan 7 17:22:46 white kernel: [<c012ca1c>]
> autoremove_wake_function+0x0/0x2d
> [<c0289767>] sock_sendmsg+0xca/0xe4
> Jan 7 17:22:46 white kernel: [<c01037a6>] common_interrupt+0x1a/0x20
> [<c02897a7>] kernel_sendmsg+0x26/0x2c
> Jan 7 17:22:46 white kernel: [<c028c59d>] sock_no_sendpage+0x5f/0x72
> [<c02b2c54>] tcp_sendpage+0x33/0x5e
> Jan 7 17:22:46 white kernel: [<c02b2c21>] tcp_sendpage+0x0/0x5e
> [<e04d6e55>] xs_tcp_send_request+0x1eb/0x317 [sunrpc]
> Jan 7 17:22:46 white kernel: [<e04d5fa8>] xprt_transmit+0xd2/0x1c3
> [sunrpc]
> [<e04d4d03>] call_transmit+0x6d/0x9e [sunrpc]
> Jan 7 17:22:46 white kernel: [<e04d894f>] __rpc_execute+0x61/0x1a9
> [sunrpc]
> [<c0129348>] worker_thread+0x167/0x1d1
> Jan 7 17:22:46 white kernel: [<e04d8ab3>] rpc_async_schedule+0x0/0x5
> [sunrpc]
> [<c02e4331>] _spin_unlock_irq+0x5/0x7Jan 7 17:22:46 white kernel:
> [<c01190cd>] default_wake_function+0x0/0xc [<c01291e1>]
> worker_thread+0x0/0x1d1
> Jan 7 17:22:46 white kernel: [<c012c5cc>] kthread+0x64/0x90
> [<c012c568>]
> kthread+0x0/0x90
> Jan 7 17:22:46 white kernel: [<c010127d>] kernel_thread_helper+0x5/0xb
> Jan 7 17:22:46 white kernel: cb74f56c: redzone 1: 0x170fc2a5, redzone 2:
> 0x5a5a5a5a.
> Jan 7 17:22:46 white kernel: ------------[ cut here ]------------
> Jan 7 17:22:46 white kernel: kernel BUG at mm/slab.c:2335!
> Jan 7 17:22:46 white kernel: invalid operand: 0000 [#1]
> Jan 7 17:22:46 white kernel: last sysfs file:
> /devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
> Jan 7 17:22:46 white kernel: Modules linked in: loop i915 drm parport_pc lp
> parport autofs4 eeprom nfs lockd nfs_acl sunrpc dm_mirror dm_mod video button
> battery ac ipv6 ohci1394 ieee1394 uhci_hcd ehci_hcd ipw2200 ieee80211
> ieee80211_crypt b44 mii sr_mod snd_intel8x0 snd_ac97_codec snd_ac97_bus
> snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device
> snd_pcm_oss
> snd_mixer_oss snd_pcm snd_timer snd i2c_i801 soundcore snd_page_alloc
> i2c_core
> ext3 jbd ahci ata_piix libata sd_mod scsi_mod
> Jan 7 17:22:46 white kernel: CPU: 0
> Jan 7 17:22:46 white kernel: EIP: 0060:[<c01427ec>] Not tainted VLI
> Jan 7 17:22:46 white kernel: EFLAGS: 00210006 (2.6.14-1.1796_FC5)
> Jan 7 17:22:46 white kernel: EIP is at cache_free_debugcheck+0x141/0x198
> Jan 7 17:22:46 white kernel: eax: cb74f4e4 ebx: cb74f04c ecx: 000000a8
> edx: 00000088
> Jan 7 17:22:46 white kernel: esi: df7c9200 edi: cb74f56c ebp: cb74f000
> esp: d7d2ec84
> Jan 7 17:22:46 white kernel: ds: 007b es: 007b ss: 0068
> Jan 7 17:22:46 white kernel: Process rpciod/0 (pid: 2057,
> threadinfo=d7d2e000
> task=d87ad550)
> Jan 7 17:22:46 white kernel: Stack: c028d438 cb74f570 df7c9200 df6e4720
> 00200246 c0142f85 cb74f570 00000700
> Jan 7 17:22:46 white kernel: 00000220 00000001 c028d438 cb74f198
> ca0b0618 00000100 00000000 c02b2dd2
> Jan 7 17:22:46 white kernel: d7d2ecdc c0104c02 00000000 00000001
> d7d2ee70 00000000 00004040 000005a8
> Jan 7 17:22:46 white kernel: Call Trace:
> Jan 7 17:22:46 white kernel: [<c028d438>] __alloc_skb+0x10e/0x117
> [<c0142f85>] kmem_cache_free+0x1f/0x4f
> Jan 7 17:22:46 white kernel: [<c028d438>] __alloc_skb+0x10e/0x117
> [<c02b2dd2>] tcp_sendmsg+0x153/0x97f
> Jan 7 17:22:46 white kernel: [<c0104c02>] do_IRQ+0x6e/0x77 [<c014007b>]
> background_writeout+0x12/0x8e
> Jan 7 17:22:46 white kernel: [<c02bc1b1>] tcp_write_xmit+0x50/0x2d0
> [<c02cada9>] inet_sendmsg+0x35/0x3f
> Jan 7 17:22:46 white kernel: [<c0289767>] sock_sendmsg+0xca/0xe4
> [<c012ca1c>] autoremove_wake_function+0x0/0x2d
> Jan 7 17:22:46 white kernel: [<c0289767>] sock_sendmsg+0xca/0xe4
> [<c01037a6>] common_interrupt+0x1a/0x20
> Jan 7 17:22:46 white kernel: [<c02897a7>] kernel_sendmsg+0x26/0x2c
> [<c028c59d>] sock_no_sendpage+0x5f/0x72
> Jan 7 17:22:46 white kernel: [<c02b2c54>] tcp_sendpage+0x33/0x5e
> [<c02b2c21>] tcp_sendpage+0x0/0x5e
> Jan 7 17:22:46 white kernel: [<e04d6e55>] xs_tcp_send_request+0x1eb/0x317
> [sunrpc] [<e04d5fa8>] xprt_transmit+0xd2/0x1c3 [sunrpc]
> Jan 7 17:22:46 white kernel: [<e04d4d03>] call_transmit+0x6d/0x9e [sunrpc]
>
> [<e04d894f>] __rpc_execute+0x61/0x1a9 [sunrpc]
> Jan 7 17:22:46 white kernel: [<c0129348>] worker_thread+0x167/0x1d1
> [<e04d8ab3>] rpc_async_schedule+0x0/0x5 [sunrpc]
> Jan 7 17:22:46 white kernel: [<c02e4331>] _spin_unlock_irq+0x5/0x7
> [<c01190cd>] default_wake_function+0x0/0xc
> Jan 7 17:22:46 white kernel: [<c01291e1>] worker_thread+0x0/0x1d1
> [<c012c5cc>] kthread+0x64/0x90
> Jan 7 17:22:46 white kernel: [<c012c568>] kthread+0x0/0x90 [<c010127d>]
> kernel_thread_helper+0x5/0xb
> Jan 7 17:22:46 white kernel: Code: ff 8b 14 24 89 10 8b 5d 0c 8b 4e 10 89
> f8 29
> d8 31 d2 f7 f1 3b 46 1c 72 08 0f 0b 1e 09 e4 0d 30 c0 0f af c1 8d 04 03 39
> c7 74
> 08 <0f> 0b 1f 09 e4 0d 30 c0 f6 46 19 02 74 12 89 f8 03 86 98 00 00
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
