Bug 470571 - Kernel freeze - BUG kmalloc-32 (Not tainted): Object already free
Kernel freeze - BUG kmalloc-32 (Not tainted): Object already free
Status: CLOSED DUPLICATE of bug 473156
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
9
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Dave Airlie
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-07 13:48 EST by Christopher Beland
Modified: 2009-02-10 12:46 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-02-10 12:46:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christopher Beland 2008-11-07 13:48:11 EST
While I was using firefox, my system wedged and I had to hard-reboot it.  This is with kernel-debug-2.6.26.6-79.fc9.i686.


=============================================================================
BUG kmalloc-32 (Not tainted): Object already free
-----------------------------------------------------------------------------

INFO: Allocated in drm_addmap_core+0x29/0x4be [drm] age=55871138 cpu=0 pid=2112
INFO: Freed in drm_rmmap_locked+0x140/0x14a [drm] age=375 cpu=0 pid=2112
INFO: Slab 0xc187ad90 objects=51 used=49 fp=0xe6c3e0f0 flags=0x40000083
INFO: Object 0xe6c3e0f0 @offset=240 fp=0xe6c3ef50

Bytes b4 0xe6c3e0e0:  40 08 00 00 31 46 fc ff 5a 5a 5a 5a 5a 5a 5a 5a @...1F<FC><FF>ZZZZZZZZ
 Object 0xe6c3e0f0:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
 Object 0xe6c3e100:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk<A5>
Redzone 0xe6c3e110:  bb bb bb bb                                     <BB><BB><BB><BB>            
Padding 0xe6c3e138:  5a 5a 5a 5a 5a 5a 5a 5a                         ZZZZZZZZ        
Pid: 2112, comm: Xorg Not tainted 2.6.26.6-79.fc9.i686.debug #1
[<c048aa7f>] print_trailer+0xe1/0xe9
[<c048ab50>] object_err+0x25/0x30
[<c048c066>] __slab_free+0x17b/0x268
[<c048c33f>] kfree+0xc2/0xfb
[<ee9bd1eb>] ? drm_vm_shm_close+0x181/0x191 [drm]
[<ee9bd1eb>] ? drm_vm_shm_close+0x181/0x191 [drm]
[<ee9bd1eb>] drm_vm_shm_close+0x181/0x191 [drm]
[<c047d8ee>] ? remove_vma+0x55/0x5b
[<c047d8c9>] remove_vma+0x30/0x5b
[<c047d9af>] exit_mmap+0xbb/0xd6
[<c04287c1>] mmput+0x3a/0x8b
[<c042c051>] exit_mm+0xd8/0xde
[<c042d706>] do_exit+0x218/0x7a5
[<c042dcf1>] do_group_exit+0x5e/0x85
[<c04362df>] get_signal_to_deliver+0x28d/0x2a4
[<c0403e5e>] do_notify_resume+0x71/0x782
[<c0434d7d>] ? do_tkill+0xf5/0x118
[<c0409522>] ? sched_clock+0x8/0xb
[<c04460d1>] ? lock_release_holdtime+0x1a/0x115
[<c064cc6b>] ? _spin_unlock_irq+0x22/0x2f
[<c044788f>] ? trace_hardirqs_on+0xe9/0x10a
[<c0464126>] ? audit_syscall_entry+0xf9/0x123
[<c0404d7e>] work_notifysig+0x13/0x19
=======================
FIX kmalloc-32: Object at 0xe6c3e0f0 not freed
Comment 1 Christopher Beland 2009-02-10 12:46:21 EST

*** This bug has been marked as a duplicate of bug 473156 ***

Note You need to log in before you can comment on or make changes to this bug.