Bug 183702
Summary: | wpa_supplicant triggers slab error | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bernard Johnson <bjohnson> | ||||||
Component: | kernel | Assignee: | John W. Linville <linville> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Brian Brock <bbrock> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 5 | CC: | davej, dwmw2, wtogami | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | i386 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | NeedsRetesting | ||||||||
Fixed In Version: | kernel-2.6.18-1.2798.fc6 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2006-11-02 18:01:38 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Bernard Johnson
2006-03-02 22:28:49 UTC
There was a recent bcm43xx update in rawhide. Is this still a problem? It gives a slightly different slab error, but is current as of kernel-2.6.15-1.2009.4.2_FC5: Mar 6 13:06:15 localhost kernel: bcm43xx: set security called Mar 6 13:06:15 localhost kernel: bcm43xx: .level = 0 Mar 6 13:06:15 localhost kernel: bcm43xx: .enabled = 0 Mar 6 13:06:15 localhost kernel: bcm43xx: .encrypt = 0 Mar 6 13:06:15 localhost kernel: bcm43xx: SPROM input data: Invalid CRC Mar 6 13:06:15 localhost kernel: slab error in cache_free_debugcheck(): cache `size-512': double free, or memory outside object was overwritten Mar 6 13:06:15 localhost kernel: [<c0150e43>] cache_free_debugcheck+0xc5/0x198Mar 6 13:06:15 localhost kernel: [<c029625f>] wireless_process_ioctl+0x543/0x5bd [<c01514e1>] kfree+0x49/0x79 Mar 6 13:06:15 localhost kernel: [<c029625f>] wireless_process_ioctl+0x543/0x5bd [<e09e9a8d>] bcm43xx_wx_sprom_write+0x0/0x39b [bcm43xx] Mar 6 13:06:15 localhost kernel: [<c028e05e>] dev_ioctl+0x472/0x4ab [<c0144ccc>] __handle_mm_fault+0x41d/0x7c3 Mar 6 13:06:15 localhost kernel: [<c02843dc>] sock_map_file+0x8b/0xf9 [<c02855cc>] sock_ioctl+0x0/0x232 Mar 6 13:06:15 localhost kernel: [<c01638ae>] do_ioctl+0x16/0x48 [<c0163adf>] vfs_ioctl+0x1ff/0x216 Mar 6 13:06:15 localhost kernel: [<c0163b3e>] sys_ioctl+0x48/0x62 [<c0102bc1>] syscall_call+0x7/0xb Mar 6 13:06:15 localhost kernel: c9f062c4: redzone 1: 0xfc2a5, redzone 2: 0x170fc2a5. Created attachment 125766 [details]
jwltest-bcm43xx-wx-overflow.patch
Test kernels w/ above patch available here: http://people.redhat.com/linville/kernels/fc5/ Please give those a try and post the results (probably NM problems, but not the above messages) here...thanks! Same results - slab error. I would not necessarily know if it causes NetworkManager problems, as I'm having a problem with NetworkManager as well (bug #180369). slab error - 2.6.15-1.2021.2.1_FC5.jwltest.13 Mar 7 12:33:55 localhost kernel: slab error in cache_free_debugcheck(): cache `size-512': double free, or memory outside object was overwritten Mar 7 12:33:55 localhost kernel: [<c0150e73>] cache_free_debugcheck+0xc5/0x198 [<c02962af>] wireless_process_ioctl+0x543/0x5bd Mar 7 12:33:55 localhost kernel: [<c0151511>] kfree+0x49/0x79 [<c02962af>] wireless_process_ioctl+0x543/0x5bd Mar 7 12:33:55 localhost kernel: [<e09e81f2>] bcm43xx_wx_sprom_write+0x0/0x7a [bcm43xx] [<c028e0ae>] dev_ioctl+0x472/0x4ab Mar 7 12:33:55 localhost kernel: [<c0144cfc>] __handle_mm_fault+0x41d/0x7c3 [<c028442c>] sock_map_file+0x8b/0xf9 Mar 7 12:33:55 localhost kernel: [<c028561c>] sock_ioctl+0x0/0x232 [<c01638de>] do_ioctl+0x16/0x48 Mar 7 12:33:55 localhost kernel: [<c0163b0f>] vfs_ioctl+0x1ff/0x216 [<c0163b6e>] sys_ioctl+0x48/0x62 Mar 7 12:33:55 localhost kernel: [<c0102bc1>] syscall_call+0x7/0xb <3>d9c4aaf4: redzone 1: 0xfc2a5, redzone 2: 0x170fc2a5. Is this issue still occurring w/ current Fedora kernels Yes, here is a current set of messages from kernel-2.6.16-1.2206_FC6: May 18 23:04:01 localhost kernel: bcm43xx: set security called May 18 23:04:01 localhost kernel: bcm43xx: .level = 0 May 18 23:04:01 localhost kernel: bcm43xx: .enabled = 0 May 18 23:04:01 localhost kernel: bcm43xx: .encrypt = 0 May 18 23:04:01 localhost kernel: bcm43xx: set security called May 18 23:04:01 localhost kernel: bcm43xx: .level = 0 May 18 23:04:01 localhost kernel: bcm43xx: .enabled = 0 May 18 23:04:01 localhost kernel: bcm43xx: .encrypt = 0 May 18 23:04:01 localhost kernel: bcm43xx: set security called May 18 23:04:01 localhost kernel: bcm43xx: .level = 0 May 18 23:04:01 localhost kernel: bcm43xx: .enabled = 0 May 18 23:04:01 localhost kernel: bcm43xx: .encrypt = 0 May 18 23:04:01 localhost kernel: bcm43xx: set security called May 18 23:04:01 localhost avahi-daemon[1715]: Interface eth1.IPv4 no longer relevant for mDNS. May 18 23:04:01 localhost dhclient: receive_packet failed on eth1: Network is down May 18 23:04:01 localhost kernel: bcm43xx: .level = 0 May 18 23:04:01 localhost avahi-daemon[1715]: Leaving mDNS multicast group on interface eth1.IPv4 with address 192.168.1.106. May 18 23:04:01 localhost kernel: bcm43xx: .enabled = 0 May 18 23:04:01 localhost avahi-daemon[1715]: Withdrawing address record for 192.168.1.106 on eth1. May 18 23:04:01 localhost kernel: bcm43xx: .encrypt = 0 May 18 23:04:01 localhost kernel: bcm43xx: SPROM input data: Invalid CRC May 18 23:04:01 localhost kernel: slab error in cache_free_debugcheck(): cache `size-512': double free, or memory outside object was overwritten May 18 23:04:01 localhost kernel: <c04635c5> cache_free_debugcheck+0x135/0x23a <c0463c2d> kfree+0x61/0x93 May 18 23:04:01 localhost kernel: <c05b9989> wireless_process_ioctl+0x2be/0x33d <e09830e0> bcm43xx_wx_sprom_write+0x0/0x10f [bcm43xx] May 18 23:04:01 localhost kernel: <c05a5c0d> sock_ioctl+0x0/0x1cd <c05b0171> dev_ioctl+0x432/0x46b May 18 23:04:01 localhost kernel: <c045676d> __handle_mm_fault+0x43a/0x7e7 <c05a5c0d> sock_ioctl+0x0/0x1cd May 18 23:04:01 localhost kernel: <c047894b> do_ioctl+0x1f/0x62 <c0478bd8> vfs_ioctl+0x24a/0x25c May 18 23:04:01 localhost kernel: <c0478c36> sys_ioctl+0x4c/0x66 <c0403e1f> syscall_call+0x7/0xb May 18 23:04:01 localhost kernel: ce6d175c: redzone 1:0xfc2a5, redzone 2:0x170fc2a5. May 18 23:04:01 localhost kernel: bcm43xx: SPROM input data: Invalid CRC May 18 23:04:01 localhost kernel: slab error in cache_free_debugcheck(): cache `size-512': double free, or memory outside object was overwritten May 18 23:04:01 localhost kernel: <c04635c5> cache_free_debugcheck+0x135/0x23a <c0463c2d> kfree+0x61/0x93 May 18 23:04:01 localhost kernel: <c05b9989> wireless_process_ioctl+0x2be/0x33d <e09830e0> bcm43xx_wx_sprom_write+0x0/0x10f [bcm43xx] May 18 23:04:01 localhost kernel: <c05a5c0d> sock_ioctl+0x0/0x1cd <c05b0171> dev_ioctl+0x432/0x46b May 18 23:04:01 localhost kernel: <c041f930> __wake_up+0x2a/0x3d <c05a5c0d> sock_ioctl+0x0/0x1cd May 18 23:04:01 localhost kernel: <c047894b> do_ioctl+0x1f/0x62 <c0478bd8> vfs_ioctl+0x24a/0x25c May 18 23:04:01 localhost kernel: <c0478c36> sys_ioctl+0x4c/0x66 <c0403e1f> syscall_call+0x7/0xb May 18 23:04:01 localhost kernel: ce6d175c: redzone 1:0xfc2a5, redzone 2:0x170fc2a5. May 18 23:04:01 localhost kernel: bcm43xx: Radio turned off May 18 23:04:01 localhost kernel: bcm43xx: DMA 0x0260 (RX) max used slots: 1/64 May 18 23:04:01 localhost kernel: bcm43xx: DMA 0x0200 (RX) max used slots: 1/64 May 18 23:04:01 localhost kernel: bcm43xx: DMA 0x0260 (TX) max used slots: 0/512 May 18 23:04:01 localhost kernel: bcm43xx: DMA 0x0240 (TX) max used slots: 0/512 May 18 23:04:01 localhost kernel: bcm43xx: DMA 0x0220 (TX) max used slots: 13/512 May 18 23:04:01 localhost kernel: bcm43xx: DMA 0x0200 (TX) max used slots: 0/512 Could you attach the output of running 'sysreport' on the box in question? Thanks! Created attachment 135089 [details]
sysreport output
I removed some (encrypted) passwords and hardware addresses before posting. If
you think any of these are necessary, contact me privately and I'll provide you
whatever you need.
Attached sysreport logs. A new kernel update has been released (Version: 2.6.18-1.2200.fc5) based upon a new upstream kernel release. Please retest against this new kernel, as a large number of patches go into each upstream release, possibly including changes that may address this problem. This bug has been placed in NEEDINFO state. Due to the large volume of inactive bugs in bugzilla, if this bug is still in this state in two weeks time, it will be closed. Should this bug still be relevant after this period, the reporter can reopen the bug at any time. Any other users on the Cc: list of this bug can request that the bug be reopened by adding a comment to the bug. In the last few updates, some users upgrading from FC4->FC5 have reported that installing a kernel update has left their systems unbootable. If you have been affected by this problem please check you only have one version of device-mapper & lvm2 installed. See bug 207474 for further details. If this bug is a problem preventing you from installing the release this version is filed against, please see bug 169613. If this bug has been fixed, but you are now experiencing a different problem, please file a separate bug for the new problem. Thank you. No longer happening as of Fedora Core 6 kernel-2.6.18-1.2798.fc6. Removing NEEDINFO. |