Bug 143888

Summary: kernel BUG at mm/slab.c:1851!
Product: [Fedora] Fedora Reporter: Ellen Shull <ellenshull>
Component: kernelAssignee: Dave Jones <davej>
Status: CLOSED RAWHIDE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: pfrields, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-11 03:03:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ellen Shull 2004-12-31 17:57:21 UTC 
Description of problem:  
Colonel Panic, in the mm/slab.c:1851, with the   
invalid operand!  
(Sorry, for some reason I have Clue on my mind.)  
  
Version-Release number of selected component (if applicable):  
2.6.9-1.1049_FC4  
(yes I know 1056 showed up in rawhide just this morning)  
  
How reproducible: 
No idea.  At the time of the panic, I was running oocalc, konqueror, firefox, 
a handfull of shells in konsole, ssh, and the folding@home client 
(5.02)--nothing I'd particularly expect to trigger a kernel panic, no  
crazy drivers or I/O or anything.  I had been filling in a search form at 
bn.com in konqueror, when it stopped responding to my typing, and shortly 
thereafter got the blinking keyboard lights we all know and love...  
  
Additional info:  
Selinux in targeted/permissive mode at the time. 
Rawhide current as of Dec 28. 
 
Here's the stuff from /var/log/messages:  
  
Dec 30 21:33:21 ip68-110-7-34 kernel: kfree_debugcheck: bad ptr c3166bbch.  
Dec 30 21:33:21 ip68-110-7-34 kernel: ------------[ cut here ]------------  
Dec 30 21:33:21 ip68-110-7-34 kernel: kernel BUG at mm/slab.c:1851!  
Dec 30 21:33:21 ip68-110-7-34 kernel: invalid operand: 0000 [#1]  
Dec 30 21:33:21 ip68-110-7-34 kernel: Modules linked in: cls_u32 sch_sfq  
sch_cbq deflate zlib_deflate twofish serpent aes_i586 blowfish des  
sha256 crypto_null ipcomp esp4 ah4 af_key autofs4 i2c_dev i2c_core sunrpc  
ipt_REJECT ipt_state ip_conntrack iptable_filter ip_tables dm_mod  
button battery ac md5 ipv6 uhci_hcd snd_cmipci snd_pcm_oss snd_mixer_oss  
snd_pcm snd_page_alloc snd_opl3_lib snd_timer snd_hwdep gameport sn  
d_mpu401_uart snd_rawmidi snd_seq_device snd soundcore tulip via_rhine mii  
floppy ext3 jbd raid5 xor aic7xxx sd_mod scsi_mod  
Dec 30 21:33:21 ip68-110-7-34 kernel: CPU:    0  
Dec 30 21:33:21 ip68-110-7-34 kernel: EIP:    0060:[<c0148b27>]    Not tainted  
VLI  
Dec 30 21:33:21 ip68-110-7-34 kernel: EFLAGS: 00213016   (2.6.9-1.1049_FC4)  
Dec 30 21:33:21 ip68-110-7-34 kernel: EIP is at kfree_debugcheck+0x44/0x51  
Dec 30 21:33:21 ip68-110-7-34 kernel: eax: 00000028   ebx: c1062cc0   ecx:  
c030a7f4   edx: c249cde8  
Dec 30 21:33:21 ip68-110-7-34 kernel: esi: c3166bbc   edi: cc09a4d0   ebp:  
00000fe4   esp: c249cde4  
Dec 30 21:33:21 ip68-110-7-34 kernel: ds: 007b   es: 007b   ss: 0068  
Dec 30 21:33:21 ip68-110-7-34 kernel: Process X (pid: 2610,  
threadinfo=c249c000 task=c2878cd0)  
Dec 30 21:33:21 ip68-110-7-34 kernel: Stack: c030a7f4 c3166bbc cc09a4d0  
c3166bbc c01497cc 00203282 cc09a4d0 c52cad94  
Dec 30 21:33:21 ip68-110-7-34 kernel:        cc09a4d0 00000fe4 c029acea  
00000000 c029ade7 cc09a4d0 0000001c c02f3700  
Dec 30 21:33:21 ip68-110-7-34 kernel:        00000001 00000000 ffffffa1  
00000001 0000001c 00000000 c249ce8c c249ceac  
Dec 30 21:33:21 ip68-110-7-34 kernel: Call Trace:  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c01497cc>] kfree+0x15/0x76  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c029acea>] kfree_skbmem+0x8/0x15  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c029ade7>] __kfree_skb+0xf0/0xf3  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c02f3700>]  
unix_stream_recvmsg+0x2c8/0x398  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c029764a>] sock_aio_read+0x10e/0x11c  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c01bd11a>] inode_has_perm+0x4c/0x54  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c0160cf9>] do_sync_read+0x97/0xc9  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c01bf1fd>]  
selinux_file_permission+0x114/0x11d  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c011cc27>]  
autoremove_wake_function+0x0/0x2d  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c0160df1>] vfs_read+0xc6/0xe2  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c0160ff4>] sys_read+0x3c/0x62  
Dec 30 21:33:21 ip68-110-7-34 kernel:  [<c01062c7>] syscall_call+0x7/0xb  
Dec 30 21:33:21 ip68-110-7-34 kernel: Code: 30 c0 e8 c1 70 fd ff 0f 0b 36 07  
cd a3 30 c0 58 5a c1 e3 05 03 1d 10 db 3f c0 8b 03 a8 80 75 15  
56 68 f4 a7 30 c0 e8 9d 70 fd ff <0f> 0b 3b 07 cd a3 30 c0 5b 5e 5b 5e c3 55  
89 cd 57 89 d7 56 89  
Dec 30 21:33:21 ip68-110-7-34 kernel:  <0>Fatal exception: panic in 5 seconds
Comment 1 Dave Jones 2005-01-11 03:03:07 UTC 
caused by an incompatability between 2 debug features.
Should be fixed in rawhide now, as 1 of them got disabled.