Bug 437318
| Summary: | crash: BUG kmalloc-32 (Not tainted): Object already free (kernel-2.6.25-0.113.rc5.git2.fc9.i686) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tom London <selinux> |
| Component: | kernel | Assignee: | Dave Airlie <airlied> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 9 | CC: | kernel-maint |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-12-26 17:32:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Sorry, more info: System is Thinkpad X60: [root@localhost ~]# lspci 00:00.0 Host bridge: Intel Corporation Mobile 945GM/PM/GMS, 943/940GML and 945GT Express Memory Controller Hub (rev 03) 00:02.0 VGA compatible controller: Intel Corporation Mobile 945GM/GMS, 943/940GML Express Integrated Graphics Controller (rev 03) 00:02.1 Display controller: Intel Corporation Mobile 945GM/GMS/GME, 943/940GML Express Integrated Graphics Controller (rev 03) 00:1b.0 Audio device: Intel Corporation 82801G (ICH7 Family) High Definition Audio Controller (rev 02) 00:1c.0 PCI bridge: Intel Corporation 82801G (ICH7 Family) PCI Express Port 1 (rev 02) 00:1c.1 PCI bridge: Intel Corporation 82801G (ICH7 Family) PCI Express Port 2 (rev 02) 00:1c.2 PCI bridge: Intel Corporation 82801G (ICH7 Family) PCI Express Port 3 (rev 02) 00:1c.3 PCI bridge: Intel Corporation 82801G (ICH7 Family) PCI Express Port 4 (rev 02) 00:1d.0 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #1 (rev 02) 00:1d.1 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #2 (rev 02) 00:1d.2 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #3 (rev 02) 00:1d.3 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #4 (rev 02) 00:1d.7 USB Controller: Intel Corporation 82801G (ICH7 Family) USB2 EHCI Controller (rev 02) 00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev e2) 00:1f.0 ISA bridge: Intel Corporation 82801GBM (ICH7-M) LPC Interface Bridge (rev 02) 00:1f.1 IDE interface: Intel Corporation 82801G (ICH7 Family) IDE Controller (rev 02) 00:1f.2 SATA controller: Intel Corporation 82801GBM/GHM (ICH7 Family) SATA AHCI Controller (rev 02) 00:1f.3 SMBus: Intel Corporation 82801G (ICH7 Family) SMBus Controller (rev 02) 02:00.0 Ethernet controller: Intel Corporation 82573L Gigabit Ethernet Controller 03:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02) 15:00.0 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev b4) 15:00.1 FireWire (IEEE 1394): Ricoh Co Ltd R5C552 IEEE 1394 Controller (rev 09) 15:00.2 SD Host controller: Ricoh Co Ltd R5C822 SD/SDIO/MMC/MS/MSPro Host Adapter (rev 18) [root@localhost ~]# Is this still happening? Last one I can find in my logs is (kernel-2.6.25-0.201.rc8.git4.fc9.i686):
Apr 8 07:31:26 localhost auditd[2244]: The audit daemon is exiting.
Apr 8 07:31:26 localhost kernel: printk: 1 messages suppressed.
Apr 8 07:31:26 localhost kernel: audit(1207665086.665:58): audit_pid=0 old=2244
by auid=4294967295 subj=system_u:system_r:auditd_t:s0 res=1
Apr 8 07:31:26 localhost console-kit-daemon[2344]: GLib-CRITICAL:
g_async_queue_unref: assertion `queue->waiting_threads == 0' failed
Apr 8 07:31:27 localhost kernel:
=============================================================================
Apr 8 07:31:27 localhost kernel: BUG kmalloc-32 (Not tainted): Object already free
Apr 8 07:31:27 localhost kernel:
-----------------------------------------------------------------------------
Apr 8 07:31:27 localhost kernel:
Apr 8 07:31:27 localhost kernel: INFO: Allocated in drm_addmap_core+0x29/0x4be
[drm] age=4439438 cpu=0 pid=2581
Apr 8 07:31:27 localhost kernel: INFO: Freed in drm_rmmap_locked+0x140/0x14a
[drm] age=11073 cpu=1 pid=2581
Apr 8 07:31:27 localhost kernel: INFO: Slab 0xc1b87050 used=9 fp=0xf4b262d0
flags=0x40000083
Apr 8 07:31:27 localhost kernel: INFO: Object 0xf4b26820 @offset=2080 fp=0xf4b26870
Apr 8 07:31:27 localhost kernel:
Apr 8 07:31:27 localhost kernel: Bytes b4 0xf4b26810: 15 0a 00 00 38 3d 40 00
5a 5a 5a 5a 5a 5a 5a 5a ....8=@.ZZZZZZZZ
Apr 8 07:31:27 localhost kernel: Object 0xf4b26820: 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Apr 8 07:31:27 localhost kernel: Object 0xf4b26830: 6b 6b 6b 6b 6b 6b 6b 6b
6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk�
Apr 8 07:31:27 localhost kernel: Redzone 0xf4b26840: bb bb bb bb
����
Apr 8 07:31:27 localhost kernel: Padding 0xf4b26868: 5a 5a 5a 5a 5a 5a 5a 5a
ZZZZZZZZ
Apr 8 07:31:27 localhost kernel: Pid: 2957, comm: compiz Not tainted
2.6.25-0.201.rc8.git4.fc9.i686 #1
Apr 8 07:31:27 localhost kernel: [<c048667b>] print_trailer+0x111/0x119
Apr 8 07:31:27 localhost kernel: [<c0486747>] object_err+0x20/0x2a
Apr 8 07:31:27 localhost kernel: [<c0487bf7>] __slab_free+0x178/0x265
Apr 8 07:31:27 localhost kernel: [<c0487ec1>] kfree+0xb3/0xec
Apr 8 07:31:27 localhost kernel: [<f8d371de>] ? drm_vm_shm_close+0x181/0x191 [drm]
Apr 8 07:31:27 localhost kernel: [<f8d371de>] ? drm_vm_shm_close+0x181/0x191 [drm]
Apr 8 07:31:27 localhost kernel: [<f8d371de>] drm_vm_shm_close+0x181/0x191 [drm]
Apr 8 07:31:27 localhost kernel: [<c0479854>] ? remove_vma+0x48/0x4e
Apr 8 07:31:27 localhost kernel: [<c047983c>] remove_vma+0x30/0x4e
Apr 8 07:31:27 localhost kernel: [<c0479915>] exit_mmap+0xbb/0xd6
Apr 8 07:31:27 localhost kernel: [<c0426897>] mmput+0x3a/0x82
Apr 8 07:31:27 localhost kernel: [<c042a000>] exit_mm+0xe1/0xe7
Apr 8 07:31:27 localhost kernel: [<c042b631>] do_exit+0x203/0x5c3
Apr 8 07:31:27 localhost kernel: [<c042ba57>] do_group_exit+0x66/0x7d
Apr 8 07:31:27 localhost kernel: [<c042ba81>] sys_exit_group+0x13/0x15
Apr 8 07:31:27 localhost kernel: [<c0405d2e>] syscall_call+0x7/0xb
Apr 8 07:31:27 localhost kernel: =======================
Apr 8 07:31:27 localhost kernel: FIX kmalloc-32: Object at 0xf4b26820 not freed
Apr 8 07:31:27 localhost ntpd[11472]: ntpd exiting on signal 15
note that we turned off debugging a few weeks back. It'd be worth seeing if this is still reproducable at all booting with slub_debug=1 OK. I'll boot that way for the next few days and see what happens.... I've been booting for a couple of days now (sorry, first day I had 'slug_debug' instead of 'slub_debug'), and have seen no reports ...... Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Closing. Must be long gone by now..... |
Description of problem: Got this crash while "doing nothing special" (i.e., was in firefox browsing). Had to do a hard reboot: Mar 13 08:02:33 localhost kernel: ============================================================================= Mar 13 08:02:33 localhost kernel: BUG kmalloc-32 (Not tainted): Object already free Mar 13 08:02:33 localhost kernel: ----------------------------------------------------------------------------- Mar 13 08:02:33 localhost kernel: Mar 13 08:02:33 localhost kernel: INFO: Allocated in drm_addmap_core+0x29/0x4bc [drm] age=320506 cpu=1 pid=3455 Mar 13 08:02:33 localhost kernel: INFO: Freed in drm_rmmap_locked+0x140/0x14a [drm] age=24 cpu=1 pid=3455 Mar 13 08:02:33 localhost kernel: INFO: Slab 0xc18716a0 used=24 fp=0xe698c550 flags=0x40000083 Mar 13 08:02:33 localhost kernel: INFO: Object 0xe698ceb0 @offset=3760 fp=0xe698c780 Mar 13 08:02:33 localhost kernel: Mar 13 08:02:33 localhost kernel: Bytes b4 0xe698cea0: 7a 0b 00 00 39 82 fe ff 5a 5a 5a 5a 5a 5a 5a 5a z...9.��ZZZZZZZZ Mar 13 08:02:33 localhost kernel: Object 0xe698ceb0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Mar 13 08:02:33 localhost kernel: Object 0xe698cec0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk� Mar 13 08:02:33 localhost kernel: Redzone 0xe698ced0: bb bb bb bb ���� Mar 13 08:02:33 localhost kernel: Padding 0xe698cef8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ Mar 13 08:02:33 localhost kernel: Pid: 3455, comm: Xorg Not tainted 2.6.25-0.113.rc5.git2.fc9 #1 Mar 13 08:02:33 localhost kernel: [print_trailer+273/281] print_trailer+0x111/0x119 Mar 13 08:02:33 localhost kernel: [object_err+32/42] object_err+0x20/0x2a Mar 13 08:02:33 localhost kernel: [__slab_free+376/613] __slab_free+0x178/0x265 Mar 13 08:02:33 localhost kernel: [kfree+179/236] kfree+0xb3/0xec Mar 13 08:02:33 localhost kernel: [<f8e3f1a6>] ? drm_vm_shm_close+0x181/0x191 [drm] Mar 13 08:02:33 localhost kernel: [<f8e3f1a6>] ? drm_vm_shm_close+0x181/0x191 [drm] Mar 13 08:02:33 localhost kernel: [<f8e3f1a6>] drm_vm_shm_close+0x181/0x191 [drm] Mar 13 08:02:33 localhost kernel: [remove_vma+72/78] ? remove_vma+0x48/0x4e Mar 13 08:02:33 localhost kernel: [remove_vma+48/78] remove_vma+0x30/0x4e Mar 13 08:02:33 localhost kernel: [exit_mmap+187/214] exit_mmap+0xbb/0xd6 Mar 13 08:02:33 localhost kernel: [mmput+58/130] mmput+0x3a/0x82 Mar 13 08:02:33 localhost kernel: [exit_mm+225/231] exit_mm+0xe1/0xe7 Mar 13 08:02:33 localhost kernel: [do_exit+508/1589] do_exit+0x1fc/0x635 Mar 13 08:02:33 localhost kernel: [do_group_exit+102/125] do_group_exit+0x66/0x7d Mar 13 08:02:33 localhost kernel: [get_signal_to_deliver+698/736] get_signal_to_deliver+0x2ba/0x2e0 Mar 13 08:02:33 localhost kernel: [do_notify_resume+155/1910] do_notify_resume+0x9b/0x776 Mar 13 08:02:33 localhost kernel: [do_tkill+234/244] ? do_tkill+0xea/0xf4 Mar 13 08:02:33 localhost kernel: [_read_unlock+29/32] ? _read_unlock+0x1d/0x20 Mar 13 08:02:33 localhost kernel: [sched_clock+8/11] ? sched_clock+0x8/0xb Mar 13 08:02:33 localhost kernel: [lock_release_holdtime+26/277] ? lock_release_holdtime+0x1a/0x115 Mar 13 08:02:33 localhost kernel: [_spin_unlock_irq+34/47] ? _spin_unlock_irq+0x22/0x2f Mar 13 08:02:33 localhost kernel: [audit_syscall_entry+249/291] ? audit_syscall_entry+0xf9/0x123 Mar 13 08:02:33 localhost kernel: [do_syscall_trace+312/383] ? do_syscall_trace+0x138/0x17f Mar 13 08:02:33 localhost kernel: [do_syscall_trace+105/383] ? do_syscall_trace+0x69/0x17f Mar 13 08:02:33 localhost kernel: [work_notifysig+19/25] work_notifysig+0x13/0x19 Mar 13 08:02:33 localhost kernel: ======================= Mar 13 08:02:33 localhost kernel: FIX kmalloc-32: Object at 0xe698ceb0 not freed Version-Release number of selected component (if applicable): kernel-2.6.25-0.113.rc5.git2.fc9.i686 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: