Bug 1051476 - Oops with IP in __slab_alloc called from __alloc_skb, unix_stream_sendmsg [NEEDINFO]
Summary: Oops with IP in __slab_alloc called from __alloc_skb, unix_stream_sendmsg
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 20
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-10 11:40 UTC by aouthred
Modified: 2014-03-17 18:45 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-03-17 18:45:36 UTC
Type: Bug
Embargoed:
jforbes: needinfo?

Attachments (Terms of Use)
First three oops messages (3.12.6-300.fc20.x86_64) (10.48 KB, text/plain)
2014-01-10 11:40 UTC, aouthred 		no flags Details
View All

Description aouthred 2014-01-10 11:40:40 UTC 
Created attachment 848137 [details]
First three oops messages (3.12.6-300.fc20.x86_64)

Description of problem:
Oops with IP in __slab_alloc

Version-Release number of selected component (if applicable):
3.12.6-300.fc20.x86_64

How reproducible:
Not sure how to reproduce. Will let you know if it happens again.

Steps to Reproduce:
1.
2.
3.

Actual results:

 BUG: unable to handle kernel paging request at 0000000040000020
 IP: [<ffffffff816615eb>] __slab_alloc+0x116/0x4a2
 PGD 7faceb067 PUD 0 
 Oops: 0000 [#1] SMP 
 Modules linked in: rfcomm fuse xt_CHECKSUM tun ipt_MASQUERADE ip6t_REJECT xt_conntrack cfg80211 ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw bnep sch_fq vfat fat btrfs iTCO_wdt iTCO_vendor_support x86_pkg_temp_thermal coretemp snd_hda_codec_hdmi kvm_intel kvm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_codec_realtek raid6_pq libcrc32c microcode snd_usb_audio xor snd_usbmidi_lib snd_hda_intel snd_rawmidi snd_hda_codec serio_raw snd_hwdep i2c_i801 snd_seq btusb snd_seq_device bluetooth snd_pcm rfkill snd_page_alloc snd_timer mei_me r8169 snd lpc_ich mei mii mfd_core soundcore shpchp video binfmt_misc usb_storage radeon i2c_algo_bit drm_kms_helper ttm drm i2c_core [last unloaded: nf_conntrack_broadcast]
 CPU: 1 PID: 2971 Comm: pulseaudio Not tainted 3.12.6-300.fc20.x86_64 #1
 Hardware name: Gigabyte Technology Co., Ltd. Z87-HD3/Z87-HD3, BIOS F6 08/03/2013
 task: ffff8807fdffe930 ti: ffff8807fad10000 task.ti: ffff8807fad10000
 RIP: 0010:[<ffffffff816615eb>]  [<ffffffff816615eb>] __slab_alloc+0x116/0x4a2
 RSP: 0018:ffff8807fad11ab8  EFLAGS: 00010006
 RAX: 0000000040000000 RBX: ffff88083ec58ae0 RCX: 0000000000000000
 RDX: 0000000000000296 RSI: 00000000000004d0 RDI: ffff88081acead00
 RBP: ffff8807fad11b78 R08: ffff88083ec58ae0 R09: ffff88081acead00
 R10: ffffffff8155691e R11: ffff8807fdffe930 R12: ffff88081acead00
 R13: 0000000040000000 R14: 00000000ffffffff R15: 00000000ffffffff
 FS:  00007f3a57b8f7c0(0000) GS:ffff88083ec40000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000040000020 CR3: 00000007f5a9b000 CR4: 00000000001407e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 Stack:
  ffffffff811c2adb 0000000000000001 ffff88006227d40c ffff8807fad11af8
  0000000000000000 0000000000000000 ffffffff00000000 0000000000000000
  ffffffff8155691e 000004d000000002 0000000000000296 ffff8807fad11fd8
 Call Trace:
  [<ffffffff811c2adb>] ? do_sys_poll+0x18b/0x560
  [<ffffffff8155691e>] ? __alloc_skb+0x4e/0x2b0
  [<ffffffff81196abc>] kmem_cache_alloc_node+0x9c/0x230
  [<ffffffff8155691e>] __alloc_skb+0x4e/0x2b0
  [<ffffffff81551b9a>] sock_alloc_send_pskb+0x1aa/0x3d0
  [<ffffffff8160920e>] unix_stream_sendmsg+0x26e/0x400
  [<ffffffff8154dceb>] sock_sendmsg+0x8b/0xc0
  [<ffffffff811c7f6f>] ? touch_atime+0x10f/0x140
  [<ffffffff8154de91>] SYSC_sendto+0x121/0x1c0
  [<ffffffff811ae4c7>] ? vfs_read+0xf7/0x170
  [<ffffffff8154e99e>] SyS_sendto+0xe/0x10
  [<ffffffff81672129>] system_call_fastpath+0x16/0x1b
 Code: e8 12 83 64 24 48 03 83 e0 01 83 64 24 38 01 48 69 c0 20 91 00 00 48 89 44 24 20 48 8b 43 18 48 85 c0 74 20 49 89 c5 48 89 43 10 <48> 8b 40 20 44 8b 7c 24 34 48 c7 03 00 00 00 00 48 89 43 18 e9 
 RIP  [<ffffffff816615eb>] __slab_alloc+0x116/0x4a2
  RSP <ffff8807fad11ab8>
 CR2: 0000000040000020
 ---[ end trace 7b09d9feedb2e65b ]---
 BUG: unable to handle kernel paging request at 0000000040000000
 IP: [<ffffffff81660c65>] slab_out_of_memory+0x118/0x118
 PGD 0 
 Oops: 0000 [#2] SMP 
 Modules linked in: rfcomm fuse xt_CHECKSUM tun ipt_MASQUERADE ip6t_REJECT xt_conntrack cfg80211 ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw bnep sch_fq vfat fat btrfs iTCO_wdt iTCO_vendor_support x86_pkg_temp_thermal coretemp snd_hda_codec_hdmi kvm_intel kvm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_codec_realtek raid6_pq libcrc32c microcode snd_usb_audio xor snd_usbmidi_lib snd_hda_intel snd_rawmidi snd_hda_codec serio_raw snd_hwdep i2c_i801 snd_seq btusb snd_seq_device bluetooth snd_pcm
  rfkill snd_page_alloc snd_timer mei_me r8169 snd lpc_ich mei mii mfd_core soundcore shpchp video binfmt_misc usb_storage radeon i2c_algo_bit drm_kms_helper ttm drm i2c_core [last unloaded: nf_conntrack_broadcast]
 CPU: 1 PID: 2860 Comm: dbus-daemon Tainted: G      D      3.12.6-300.fc20.x86_64 #1
 Hardware name: Gigabyte Technology Co., Ltd. Z87-HD3/Z87-HD3, BIOS F6 08/03/2013
 task: ffff88080103f2c0 ti: ffff8807e540c000 task.ti: ffff8807e540c000
 RIP: 0010:[<ffffffff81660c65>]  [<ffffffff81660c65>] slab_out_of_memory+0x118/0x118
 RSP: 0018:ffff8807e540d9c0  EFLAGS: 00010046
 RAX: 0000000000000292 RBX: ffff88083ec58ae0 RCX: ffffffff8155691e
 RDX: 0000000000000292 RSI: 00000000000004d0 RDI: 0000000040000000
 RBP: ffff8807e540da88 R08: ffff88083ec58ae0 R09: ffff88081acead00
 R10: ffffffff8155691e R11: ffff88080103f2c0 R12: ffff88081acead00
 R13: 0000000040000000 R14: 00000000ffffffff R15: 00000000ffffffff
 FS:  00007f991198f840(0000) GS:ffff88083ec40000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000040000000 CR3: 00000007fdc69000 CR4: 00000000001407e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 Stack:
  ffffffff816618e3 ffff8807e540da98 0000000000000296 ffff880811a78000
  0000000000000007 ffff880811162f20 0000000000000351 0000000000000000
  ffff8807e563ba08 ffffffff8155691e 000004d000000000 0000000000000292
 Call Trace:
  [<ffffffff816618e3>] ? __slab_alloc+0x40e/0x4a2
  [<ffffffff8155691e>] ? __alloc_skb+0x4e/0x2b0
  [<ffffffff81196abc>] kmem_cache_alloc_node+0x9c/0x230
  [<ffffffff8155691e>] __alloc_skb+0x4e/0x2b0
  [<ffffffff81551b9a>] sock_alloc_send_pskb+0x1aa/0x3d0
  [<ffffffff81088138>] ? __kernel_text_address+0x58/0x80
  [<ffffffff8160920e>] unix_stream_sendmsg+0x26e/0x400
  [<ffffffff8154dceb>] sock_sendmsg+0x8b/0xc0
  [<ffffffff811917f1>] ? set_track+0x61/0x1b0
  [<ffffffff81660f81>] ? free_debug_processing+0x1de/0x222
  [<ffffffff811424aa>] ? unlock_page+0x2a/0x30
  [<ffffffff8116a0bc>] ? do_wp_page+0x3ac/0x810
  [<ffffffff8154e559>] ___sys_sendmsg+0x3a9/0x3c0
  [<ffffffff8166d80c>] ? __do_page_fault+0x20c/0x540
  [<ffffffff811cc58e>] ? mntput_no_expire+0x3e/0x120
  [<ffffffff811cc694>] ? mntput+0x24/0x40
  [<ffffffff811b000c>] ? __fput+0x16c/0x230
  [<ffffffff8154ec62>] __sys_sendmsg+0x42/0x80
  [<ffffffff8154ecb2>] SyS_sendmsg+0x12/0x20
  [<ffffffff81672129>] system_call_fastpath+0x16/0x1b
 Code: c3 be 00 02 00 00 48 c7 c7 40 b5 cf 81 48 63 d3 e8 31 42 cb ff 3d 00 02 00 00 89 c3 41 0f 4f de eb 99 5b 41 5c 41 5d 41 5e 5d c3 <48> 8b 07 a8 80 75 02 0f 0b 48 8b 17 b0 01 80 e2 40 74 0c 55 89 
 RIP  [<ffffffff81660c65>] slab_out_of_memory+0x118/0x118
  RSP <ffff8807e540d9c0>
 CR2: 0000000040000000
 ---[ end trace 7b09d9feedb2e65c ]---
 BUG: unable to handle kernel paging request at 0000000040000000
 IP: [<ffffffff81660c65>] slab_out_of_memory+0x118/0x118
 PGD 7faf37067 PUD 0 
 Oops: 0000 [#3] SMP 
 Modules linked in: rfcomm fuse xt_CHECKSUM tun ipt_MASQUERADE ip6t_REJECT xt_conntrack cfg80211 ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw bnep sch_fq vfat fat btrfs iTCO_wdt iTCO_vendor_support x86_pkg_temp_thermal coretemp snd_hda_codec_hdmi kvm_intel kvm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_codec_realtek raid6_pq libcrc32c microcode snd_usb_audio xor snd_usbmidi_lib snd_hda_intel snd_rawmidi snd_hda_codec serio_raw snd_hwdep i2c_i801 snd_seq btusb snd_seq_device bluetooth snd_pcm
  rfkill snd_page_alloc snd_timer mei_me r8169 snd lpc_ich mei mii mfd_core soundcore shpchp video binfmt_misc usb_storage radeon i2c_algo_bit drm_kms_helper ttm drm i2c_core [last unloaded: nf_conntrack_broadcast]
 CPU: 1 PID: 788 Comm: Xorg Tainted: G      D      3.12.6-300.fc20.x86_64 #1
 Hardware name: Gigabyte Technology Co., Ltd. Z87-HD3/Z87-HD3, BIOS F6 08/03/2013
 task: ffff8807fa3fd610 ti: ffff8807fac56000 task.ti: ffff8807fac56000
 RIP: 0010:[<ffffffff81660c65>]  [<ffffffff81660c65>] slab_out_of_memory+0x118/0x118
 RSP: 0018:ffff8807fac57a70  EFLAGS: 00010046
 RAX: 0000000000000296 RBX: ffff88083ec58ae0 RCX: ffffffff8155691e
 RDX: 0000000000000296 RSI: 00000000000004d0 RDI: 0000000040000000
 RBP: ffff8807fac57b40 R08: ffff88083ec58ae0 R09: ffff88081acead00
 R10: ffffffff8155691e R11: ffff8807fa3fd610 R12: ffff88081acead00
 R13: 0000000040000000 R14: 00000000ffffffff R15: 00000000ffffffff
 FS:  00007f05352929c0(0000) GS:ffff88083ec40000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000040000000 CR3: 00000007fde69000 CR4: 00000000001407e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 Stack:
  ffffffff816618e3 ffff88083ec43fc0 ffff8807fac57ad0 ffff8807fac57b00
  ffffffff8101484f ffff8807fac57acc 0000000081556e7e ffff88083ec43fc0
  0000000000000001 ffffffff8155691e 000004d0fac57b28 0000000000000296
 Call Trace:
  [<ffffffff816618e3>] ? __slab_alloc+0x40e/0x4a2
  [<ffffffff8101484f>] ? dump_trace+0x16f/0x2b0
  [<ffffffff8155691e>] ? __alloc_skb+0x4e/0x2b0
  [<ffffffff815546a7>] ? kfree_skbmem+0x37/0x90
  [<ffffffff810207eb>] ? save_stack_trace+0x2b/0x50
  [<ffffffff81196abc>] kmem_cache_alloc_node+0x9c/0x230
  [<ffffffff8155691e>] __alloc_skb+0x4e/0x2b0
  [<ffffffff81551b9a>] sock_alloc_send_pskb+0x1aa/0x3d0
  [<ffffffff8160920e>] unix_stream_sendmsg+0x26e/0x400
  [<ffffffff8154cbfe>] sock_aio_write+0xfe/0x130
  [<ffffffff811adf8c>] do_sync_readv_writev+0x4c/0x80
  [<ffffffff811af3cb>] do_readv_writev+0xbb/0x230
  [<ffffffff811af5d5>] vfs_writev+0x35/0x60
  [<ffffffff811af709>] SyS_writev+0x49/0xc0
  [<ffffffff810f12e6>] ? __audit_syscall_exit+0x1f6/0x2a0
  [<ffffffff81672129>] system_call_fastpath+0x16/0x1b
 Code: c3 be 00 02 00 00 48 c7 c7 40 b5 cf 81 48 63 d3 e8 31 42 cb ff 3d 00 02 00 00 89 c3 41 0f 4f de eb 99 5b 41 5c 41 5d 41 5e 5d c3 <48> 8b 07 a8 80 75 02 0f 0b 48 8b 17 b0 01 80 e2 40 74 0c 55 89 
 RIP  [<ffffffff81660c65>] slab_out_of_memory+0x118/0x118
  RSP <ffff8807fac57a70>
 CR2: 0000000040000000
 ---[ end trace 7b09d9feedb2e65d ]---

Expected results:
Oops- and panic-free linux

Additional info:
I've had some other crashes & hangs in the last month, so I've got slub_debug=FZPU on the kernel cmdline. Oh, and cgroup_disable=memory. No other exotic options.

On this occasion, the system staggered on with a frozen display for a few more minutes (presumably without any new slabs). I tried various alt-sysrq keys to try to get something into the system log, before the system crashed, triggering kdump and reboot. The dmesg from the resulting vmcore is full of alt-sysrq output. Let me know if the first oops captured above is uninterpretable and you want me to download the appropriate vmlinux and try to get more info from the vmcore file.
Comment 1 Dave Jones 2014-01-10 17:17:38 UTC 
0000000040000020

That 4 could be a random bit-flip.  Give memtest86 a try for a while.
Comment 2 aouthred 2014-01-13 01:42:53 UTC 
Thanks for the tip. I've previously been suspicious, and had already run memtest86 for ~12 hours. Rate of mysterious crashes has dropped significantly since https://bugzilla.kernel.org/show_bug.cgi?id=68171 and my physical removal of that USB wifi dongle, which I had thought to be the sole cause (until this oops in __slab_alloc).

Since your suggestion, I've run memtest86 again for 20 hours, multiple passes. Half way through I swapped each pair of DIMMs in their slots to try to improve coverage. Have run memtester on 30G out of 32G RAM for another 16 hours, multiple passes. So far no errors detected from either program. In case you were wondering, this machine is not overclocked and DRAM timing has not been modified from the default.

Any other advice or suggestions? Extra debug options I should include on the command line?

cmdline:
BOOT_IMAGE=/vmlinuz-3.12.6-300.fc20.x86_64 root=/dev/disk/by-id/ata-INTEL_SSDSC2BW120A4_CVDA3360011H1207GN-part1 ro vconsole.font=latarcyrheb-sun16 vconsole.keymap=us drm.vblankoffdelay=1 LANG=en_AU.UTF-8 cgroup_disable=memory crashkernel=128M slub_debug=FZPU radeon.dpm=0 rhgb

I'll do my best to capture and forward any further crashes; so far there haven't been any, but I've mostly been testing memory rather than using the machine productively. 

(ABRT 2.1.11-1.fc20 seems to do nothing with my kdump/vmcore files, requiring manual processing, but I don't currently have the inclination to strace it and report that bug in a useful way.)
Comment 3 aouthred 2014-01-20 12:21:38 UTC 
I've been running 3.12.7-300.fc20.x86_64+debug, following suggestions in another bug report that originally looked like a wireless driver problem (https://bugzilla.kernel.org/show_bug.cgi?id=68171). Today, after >34 hours uptime, another bug message:

=============================================================================
BUG vm_area_struct (Not tainted): Poison overwritten
-----------------------------------------------------------------------------

INFO: 0xffff8802ca728039-0xffff8802ca728039. First byte 0x4b instead of 0x6b
INFO: Allocated in dup_mm+0x230/0x710 age=112633 cpu=0 pid=369
        __slab_alloc+0x3eb/0x4fe
        kmem_cache_alloc+0x294/0x340
        dup_mm+0x230/0x710
        copy_process.part.23+0x12d4/0x1890
        do_fork+0xce/0x450
        SyS_clone+0x16/0x20
        stub_clone+0x69/0x90
INFO: Freed in remove_vma+0x76/0x80 age=109627 cpu=5 pid=28464
        __slab_free+0x3a/0x382
        kmem_cache_free+0x356/0x370
        remove_vma+0x76/0x80
        exit_mmap+0xf4/0x170
        mmput+0x7f/0x110
        do_exit+0x2a5/0xcd0
        do_group_exit+0x4c/0xc0
        SyS_exit_group+0x14/0x20
        system_call_fastpath+0x16/0x1b
INFO: Slab 0xffffea000b29ca00 objects=32 used=32 fp=0x          (null) flags=0x5ff00000004080
INFO: Object 0xffff8802ca728000 @offset=0 fp=0xffff8802ca72aa00

Object ffff8802ca728000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ffff8802ca728010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ffff8802ca728020: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ffff8802ca728030: 6b 6b 6b 6b 6b 6b 6b 6b 6b 4b 6b 6b 6b 6b 6b 6b  kkkkkkkkkKkkkkkk
Object ffff8802ca728040: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ffff8802ca728050: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ffff8802ca728060: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ffff8802ca728070: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ffff8802ca728080: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ffff8802ca728090: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ffff8802ca7280a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object ffff8802ca7280b0: 6b 6b 6b 6b 6b 6b 6b a5                          kkkkkkk.
Redzone ffff8802ca7280b8: bb bb bb bb bb bb bb bb                          ........
Padding ffff8802ca7281f8: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ
CPU: 7 PID: 5195 Comm: Xorg Tainted: G    B        3.12.7-300.fc20.x86_64+debug #1
Hardware name: Gigabyte Technology Co., Ltd. Z87-HD3/Z87-HD3, BIOS F6 08/03/2013
 ffff8802ca728000 ffff8807ec29bbd8 ffffffff81749d2b ffff88081d019200
 ffff8807ec29bc18 ffffffff811d40fd 0000000000000008 ffff880200000001
 ffff8802ca72803a ffff88081d019200 000000000000006b ffff8802ca728000
Call Trace:
 [<ffffffff81749d2b>] dump_stack+0x54/0x74
 [<ffffffff811d40fd>] print_trailer+0x14d/0x200
 [<ffffffff811d42ef>] check_bytes_and_report+0xcf/0x110
 [<ffffffff811d5177>] check_object+0x1d7/0x250
 [<ffffffff811b28e8>] ? mmap_region+0x348/0x5d0
 [<ffffffff817474b2>] alloc_debug_processing+0x76/0x118
 [<ffffffff817480ed>] __slab_alloc+0x3eb/0x4fe
 [<ffffffffa00171e9>] ? drm_gem_object_lookup+0x29/0x160 [drm]
 [<ffffffff811b28e8>] ? mmap_region+0x348/0x5d0
 [<ffffffff811d6cc4>] kmem_cache_alloc+0x294/0x340
 [<ffffffff811b28e8>] ? mmap_region+0x348/0x5d0
 [<ffffffff811b28e8>] mmap_region+0x348/0x5d0
 [<ffffffff811b2ed0>] do_mmap_pgoff+0x360/0x3f0
 [<ffffffff8119cf50>] vm_mmap_pgoff+0x90/0xc0
 [<ffffffff811b1423>] SyS_mmap_pgoff+0x1d3/0x270
 [<ffffffff8101e7e2>] SyS_mmap+0x22/0x30
 [<ffffffff8175d029>] system_call_fastpath+0x16/0x1b
FIX vm_area_struct: Restoring 0xffff8802ca728039-0xffff8802ca728039=0x6b

FIX vm_area_struct: Marking all objects used

---

And after slabinfo --validate:

SLUB: vm_area_struct 1086 slabs counted but counter=1087

Is that change from 0x6b to 0x4b another bitflip? If so, why can't I trigger it with memory testing programs, only by exercising the kernel? I've run multiple loops of memtest86 and also memtester, at least 72 hours in total, with no errors detected.

Other kernel messages that made me nervous:

cryptomgr_test (60) used greatest stack depth: 6360 bytes left
cryptomgr_test (61) used greatest stack depth: 6232 bytes left
modprobe (68) used greatest stack depth: 5576 bytes left
cryptomgr_test (65) used greatest stack depth: 5208 bytes left
ata_id (209) used greatest stack depth: 5000 bytes left
mount (256) used greatest stack depth: 4232 bytes left
systemd-udevd (187) used greatest stack depth: 3224 bytes left
typefind:sink (3719) used greatest stack depth: 3112 bytes left
stress (14329) used greatest stack depth: 2792 bytes left
kworker/u16:4 (108) used greatest stack depth: 1928 bytes left
btrfs (2954) used greatest stack depth: 1856 bytes left

1856 bytes left means that the other 78% of the stack was consumed. I guess the debug options in this kernel make stack usage a bit heavier than a general purpose kernel, but could stack overflows explain the scribbling on kernel memory?
Comment 4 Dave Jones 2014-01-21 00:15:49 UTC 
it does look like another single bitflip. Very puzzling, as it does seem like a hardware fault of some kind, which memtest would normally pick up.

The stack messages are just informational, nothing to worry about.

No further ideas right now I'm afraid.
Comment 5 Justin M. Forbes 2014-02-24 14:05:59 UTC 
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 20 kernel bugs.

Fedora 20 has now been rebased to 3.13.4-200.fc20.  Please test this kernel update and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you experience different issues, please open a new bug report for those.
Comment 6 Justin M. Forbes 2014-03-17 18:45:36 UTC 
*********** MASS BUG UPDATE **************

This bug has been in a needinfo state for several weeks and is being closed with insufficient data due to inactivity. If this is still an issue with Fedora 20, please feel free to reopen the bug and provide the additional information requested.
Note You need to log in before you can comment on or make changes to this bug.