Bug 184310 - Slab corruption in 2.6.15-1.2025_FC5smp
Slab corruption in 2.6.15-1.2025_FC5smp
Status: CLOSED DUPLICATE of bug 160878
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
5
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Dave Jones
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-07 17:37 EST by H.J. Lu
Modified: 2015-01-04 17:25 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-10 23:18:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description H.J. Lu 2006-03-07 17:37:24 EST
I am running 2.6.15-1.2025_FC5smp. When I was building gcc with the gcc source
tree on a NFS server running RHEL 4 U2, I got

Slab corruption: (Not tainted) start=c574aeb8, len=2048
Redzone: 0x5a2cf071/0x5a2cf071.
Last user: [<c02182d0>](release_mem+0xe6/0x1de)
 [<c01602a5>] check_poison_obj+0x6a/0x15d     [<c01603ba>]
cache_alloc_debugcheck_after+0x22/0xf9
 [<c02c26d5>] tcp_sendmsg+0x153/0x983     [<c0160bfa>]
__kmalloc_track_caller+0xb5/0xbf
 [<c02c26d5>] tcp_sendmsg+0x153/0x983     [<c029c5db>] __alloc_skb+0x4d/0xf2
 [<c02c26d5>] tcp_sendmsg+0x153/0x983     [<c02d980d>] inet_sendmsg+0x35/0x3f
 [<c02972da>] sock_sendmsg+0xd2/0xec     [<c013465b>]
autoremove_wake_function+0x0/0x2d
 [<c0298acb>] kernel_sendmsg+0x26/0x2c     [<f8c4fd26>]
xs_tcp_send_request+0x107/0x302 [sunrpc]
 [<f8c4f050>] xprt_transmit+0xd7/0x1c8 [sunrpc]     [<f8d386dc>]
nfs3_xdr_fhandle+0x0/0x21 [nfs]
 [<f8c4e1ba>] call_transmit+0x198/0x1cf [sunrpc]     [<f8c51dd7>]
__rpc_execute+0x7a/0x193 [sunrpc]
 [<f8c4d2e4>] rpc_call_sync+0x6b/0x91 [sunrpc]     [<f8d35f3d>]
nfs3_rpc_wrapper+0x1f/0x5b [nfs]
 [<f8d36939>] nfs3_proc_getattr+0x74/0x96 [nfs]     [<f8d2f1f7>]
__nfs_revalidate_inode+0x113/0x24e [nfs]
 [<c01780e5>] __d_lookup+0xbc/0xee     [<c02f5136>] _read_unlock_irq+0x5/0x7
 [<c014d5b6>] __do_page_cache_readahead+0x10f/0x212     [<f8d2b251>]
nfs_lookup_revalidate+0x18a/0x318 [nfs]
 [<c017837a>] dput+0x31/0x164     [<f8d2b2d3>] nfs_lookup_revalidate+0x20c/0x318
[nfs]
 [<c0160420>] cache_alloc_debugcheck_after+0x88/0xf9     [<c01d765c>]
vsnprintf+0x422/0x461
 [<f8c52a58>] rpcauth_lookup_credcache+0x153/0x1ef [sunrpc]     [<c01780e5>]
__d_lookup+0xbc/0xee
 [<c016fbd7>] do_lookup+0x11d/0x14d     [<c01716da>] __link_path_walk+0x834/0xc7d
 [<c017bfe2>] mntput_no_expire+0x11/0x6e     [<c0171afd>]
__link_path_walk+0xc57/0xc7d
 [<c0171b6c>] link_path_walk+0x49/0xbd     [<c0171f07>] do_path_lookup+0x1e3/0x248
 [<c01727bf>] __path_lookup_intent_open+0x42/0x72     [<c017283e>]
path_lookup_open+0xf/0x13
 [<c0172938>] open_namei+0x73/0x54c     [<c0162c1f>] do_filp_open+0x1c/0x31
 [<c0163ab8>] do_sys_open+0x3e/0xaa     [<c0103d81>] syscall_call+0x7/0xb
0b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ff ff ff ff
0c0: 00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Prev obj: start=c574a6ac, len=2048
Redzone: 0x5a2cf071/0x5a2cf071.
Last user: [<c029c35c>](kfree_skbmem+0x8/0x63)
000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Next obj: start=c574b6c4, len=2048
Redzone: 0x5a2cf071/0x5a2cf071.
Last user: [<c02182d0>](release_mem+0xe6/0x1de)
000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Slab corruption: (Not tainted) start=c574b6c4, len=2048
Redzone: 0x5a2cf071/0x5a2cf071.
Last user: [<c02182d0>](release_mem+0xe6/0x1de)
 [<c01602a5>] check_poison_obj+0x6a/0x15d     [<c0170dc4>] lookup_one_len+0x4b/0x59
 [<c01603ba>] cache_alloc_debugcheck_after+0x22/0xf9     [<c02181d5>]
alloc_tty_struct+0x10/0x25
 [<c0160510>] kmem_cache_alloc+0x7f/0x89     [<c02181d5>] alloc_tty_struct+0x10/0x25
 [<c02181d5>] alloc_tty_struct+0x10/0x25     [<c0218446>] init_dev+0x7e/0x47a
 [<c021ac1b>] ptmx_open+0xf8/0x1b6     [<c02f525b>] lock_kernel+0x25/0x34
 [<c016ba4e>] chrdev_open+0x104/0x148     [<c016b94a>] chrdev_open+0x0/0x148
 [<c0162aac>] __dentry_open+0xc7/0x1ab     [<c0162bf4>] nameidata_to_filp+0x19/0x28
 [<c0162c2e>] do_filp_open+0x2b/0x31     [<c0163ab8>] do_sys_open+0x3e/0xaa
 [<c0103d81>] syscall_call+0x7/0xb    <3>0b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
6b ff ff ff ff
0c0: 00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Prev obj: start=c574aeb8, len=2048
Redzone: 0x5a2cf071/0x5a2cf071.
Last user: [<c029c35c>](kfree_skbmem+0x8/0x63)
000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Slab corruption: (Not tainted) start=c574a6ac, len=2048
Redzone: 0x5a2cf071/0x5a2cf071.
Last user: [<c02182d0>](release_mem+0xe6/0x1de)
 [<c01602a5>] check_poison_obj+0x6a/0x15d
 [<c01603ba>] cache_alloc_debugcheck_after+0x22/0xf9     [<c02c26d5>]
tcp_sendmsg+0x153/0x983
 [<c0160bfa>] __kmalloc_track_caller+0xb5/0xbf     [<c02c26d5>]
tcp_sendmsg+0x153/0x983
 [<c029c5db>] __alloc_skb+0x4d/0xf2     [<c02c26d5>] tcp_sendmsg+0x153/0x983
 [<c02d980d>] inet_sendmsg+0x35/0x3f     [<c02972da>] sock_sendmsg+0xd2/0xec
 [<c013465b>] autoremove_wake_function+0x0/0x2d     [<c0298acb>]
kernel_sendmsg+0x26/0x2c
 [<f8c4fd26>] xs_tcp_send_request+0x107/0x302 [sunrpc]     [<f8c4f050>]
xprt_transmit+0xd7/0x1c8 [sunrpc]
 [<f8d38c69>] nfs3_xdr_diropargs+0x0/0x2e [nfs]     [<f8c4e1ba>]
call_transmit+0x198/0x1cf [sunrpc]
 [<f8c51dd7>] __rpc_execute+0x7a/0x193 [sunrpc]     [<f8c4d2e4>]
rpc_call_sync+0x6b/0x91 [sunrpc]
 [<f8d35f3d>] nfs3_rpc_wrapper+0x1f/0x5b [nfs]     [<f8d36a59>]
nfs3_proc_lookup+0xfe/0x1a6 [nfs]
 [<c01780e5>] __d_lookup+0xbc/0xee     [<c02f5136>] _read_unlock_irq+0x5/0x7
 [<c014d5b6>] __do_page_cache_readahead+0x10f/0x212     [<c017837a>] dput+0x31/0x164
 [<f8d2b822>] nfs_lookup+0x96/0x104 [nfs]     [<c0160420>]
cache_alloc_debugcheck_after+0x88/0xf9
 [<c01d765c>] vsnprintf+0x422/0x461     [<c0160459>]
cache_alloc_debugcheck_after+0xc1/0xf9
 [<c017816f>] d_alloc+0x1d/0x1c1     [<c0160510>] kmem_cache_alloc+0x7f/0x89
 [<c017816f>] d_alloc+0x1d/0x1c1     [<c0178307>] d_alloc+0x1b5/0x1c1
 [<c016fb6c>] do_lookup+0xb2/0x14d     [<c01716da>] __link_path_walk+0x834/0xc7d
[<c017837a>] dput+0x31/0x164     [<c0171b6c>] link_path_walk+0x49/0xbd
 [<c0171f07>] do_path_lookup+0x1e3/0x248     [<c0172661>] __user_walk_fd+0x29/0x3a
 [<c016c470>] vfs_stat_fd+0x15/0x3c     [<c016c524>] sys_stat64+0xf/0x23
 [<c02f5e9f>] do_page_fault+0x0/0x5e2     [<c0103d81>] syscall_call+0x7/0xb
0b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ff ff ff ff
0c0: 00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Next obj: start=c574aeb8, len=2048
Redzone: 0x170fc2a5/0x170fc2a5.
Last user: [<c02181d5>](alloc_tty_struct+0x10/0x25)
000: 01 54 00 00 d4 a4 d5 f7 02 00 00 00 03 54 00 00
010: 7c 85 32 c0 00 00 00 00 01 00 00 00 4c b8 21 c0
Comment 1 Dave Jones 2006-09-10 23:18:28 EDT
This is a common corruption pattern that has been around for a long time (Since
~2.6.11). I'll dupe against the master bug tracking this.


*** This bug has been marked as a duplicate of 160878 ***

Note You need to log in before you can comment on or make changes to this bug.