470571 – Kernel freeze - BUG kmalloc-32 (Not tainted): Object already free

Bug 470571 - Kernel freeze - BUG kmalloc-32 (Not tainted): Object already free

Summary: Kernel freeze - BUG kmalloc-32 (Not tainted): Object already free

Keywords:
Status:	CLOSED DUPLICATE of bug 473156
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	9
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Dave Airlie
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-11-07 18:48 UTC by Christopher Beland
Modified:	2009-02-10 17:46 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-02-10 17:46:21 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Christopher Beland 2008-11-07 18:48:11 UTC

While I was using firefox, my system wedged and I had to hard-reboot it.  This is with kernel-debug-2.6.26.6-79.fc9.i686.


=============================================================================
BUG kmalloc-32 (Not tainted): Object already free
-----------------------------------------------------------------------------

INFO: Allocated in drm_addmap_core+0x29/0x4be [drm] age=55871138 cpu=0 pid=2112
INFO: Freed in drm_rmmap_locked+0x140/0x14a [drm] age=375 cpu=0 pid=2112
INFO: Slab 0xc187ad90 objects=51 used=49 fp=0xe6c3e0f0 flags=0x40000083
INFO: Object 0xe6c3e0f0 @offset=240 fp=0xe6c3ef50

Bytes b4 0xe6c3e0e0:  40 08 00 00 31 46 fc ff 5a 5a 5a 5a 5a 5a 5a 5a @...1F<FC><FF>ZZZZZZZZ
 Object 0xe6c3e0f0:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
 Object 0xe6c3e100:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk<A5>
Redzone 0xe6c3e110:  bb bb bb bb                                     <BB><BB><BB><BB>            
Padding 0xe6c3e138:  5a 5a 5a 5a 5a 5a 5a 5a                         ZZZZZZZZ        
Pid: 2112, comm: Xorg Not tainted 2.6.26.6-79.fc9.i686.debug #1
[<c048aa7f>] print_trailer+0xe1/0xe9
[<c048ab50>] object_err+0x25/0x30
[<c048c066>] __slab_free+0x17b/0x268
[<c048c33f>] kfree+0xc2/0xfb
[<ee9bd1eb>] ? drm_vm_shm_close+0x181/0x191 [drm]
[<ee9bd1eb>] ? drm_vm_shm_close+0x181/0x191 [drm]
[<ee9bd1eb>] drm_vm_shm_close+0x181/0x191 [drm]
[<c047d8ee>] ? remove_vma+0x55/0x5b
[<c047d8c9>] remove_vma+0x30/0x5b
[<c047d9af>] exit_mmap+0xbb/0xd6
[<c04287c1>] mmput+0x3a/0x8b
[<c042c051>] exit_mm+0xd8/0xde
[<c042d706>] do_exit+0x218/0x7a5
[<c042dcf1>] do_group_exit+0x5e/0x85
[<c04362df>] get_signal_to_deliver+0x28d/0x2a4
[<c0403e5e>] do_notify_resume+0x71/0x782
[<c0434d7d>] ? do_tkill+0xf5/0x118
[<c0409522>] ? sched_clock+0x8/0xb
[<c04460d1>] ? lock_release_holdtime+0x1a/0x115
[<c064cc6b>] ? _spin_unlock_irq+0x22/0x2f
[<c044788f>] ? trace_hardirqs_on+0xe9/0x10a
[<c0464126>] ? audit_syscall_entry+0xf9/0x123
[<c0404d7e>] work_notifysig+0x13/0x19
=======================
FIX kmalloc-32: Object at 0xe6c3e0f0 not freed

Comment 1 Christopher Beland 2009-02-10 17:46:21 UTC


*** This bug has been marked as a duplicate of bug 473156 ***

Note You need to log in before you can comment on or make changes to this bug.