Re: [Bug #13112] Oops in drain_array

[Pekka Enberg]

On Sun, 26 Apr 2009, Rafael J. Wysocki wrote:
>> This message has been generated automatically as a part of a report
>> of regressions introduced between 2.6.28 and 2.6.29.
>>
>> The following bug entry is on the current list of known regressions
>> introduced between 2.6.28 and 2.6.29.  Please verify if it still should
>> be listed and let me know (either way).
>>
>>
>> Bug-Entry     : http://bugzilla.kernel.org/show_bug.cgi?id=13112
>> Subject               : Oops in drain_array
>> Submitter     : Bart <mmx@xxxxxx>
>> Date          : 2009-04-14 10:21 (13 days old)
>> References    : http://marc.info/?l=linux-kernel&m=123970493224628&w=4

On Sun, Apr 26, 2009 at 11:19 PM, David Rientjes <rientjes@xxxxxxxxxx> wrote:
> Bart, is it possible to try with CONFIG_DEBUG_SLAB enabled?

Please also enable CONFIG_DEBUG_LIST. Looking at the oops:

  18:   4a 8b 8c eb 68 01 00    mov    0x168(%rbx,%r13,8),%rcx # l3 =
cachep->nodelists[node];
  1f:   00
  20:   48 8b 16                mov    (%rsi),%rdx
  23:   48 8b 46 08             mov    0x8(%rsi),%rax
  27:   48 89 42 08             mov    %rax,0x8(%rdx)
  2b:*  48 89 10                mov    %rdx,(%rax)     <-- trapping instruction
  2e:   89 e8                   mov    %ebp,%eax
  30:   48 c7 06 00 01 10 00    movq   $0x100100,(%rsi)
  37:   48 c7 46 08 00 02 20    movq   $0x200200,0x8(%rsi)

it seems like list_del() in free_block() explodes because because
->prev ("rax") of slab->list is bogus ("0000000000000cd0").

                                Pekka
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/