Re: [Bug #13112] Oops in drain_array

From: Christoph Lameter
Date: Mon Apr 27 2009 - 10:15:31 EST

Next message: Christoph Lameter: "Re: [patch] slub: add Documentation/ABI/testing/sysfs-kernel-slab"
Previous message: Zeno Davatz: "Re: Kernel 2.6.29 runs out of memory and hangs."
In reply to: Pekka Enberg: "Re: [Bug #13112] Oops in drain_array"
Next in thread: Bart: "Re: [Bug #13112] Oops in drain_array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 27 Apr 2009, Pekka Enberg wrote:

> 18: 4a 8b 8c eb 68 01 00 mov 0x168(%rbx,%r13,8),%rcx # l3 =
> cachep->nodelists[node];
> 1f: 00
> 20: 48 8b 16 mov (%rsi),%rdx
> 23: 48 8b 46 08 mov 0x8(%rsi),%rax
> 27: 48 89 42 08 mov %rax,0x8(%rdx)
> 2b:* 48 89 10 mov %rdx,(%rax) <-- trapping instruction
> 2e: 89 e8 mov %ebp,%eax
> 30: 48 c7 06 00 01 10 00 movq $0x100100,(%rsi)
> 37: 48 c7 46 08 00 02 20 movq $0x200200,0x8(%rsi)
>
> it seems like list_del() in free_block() explodes because because
> ->prev ("rax") of slab->list is bogus ("0000000000000cd0").

Where do I find the rest of the information regarding this report?
bugzilla does only contain a pointer to the initial report on lkml no
discussion.

Typically these oopses occur because the slab header at the beginning of a
slab is overwritten. Enable debugging. Switching to SLUB would give better
diagnostics.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Lameter: "Re: [patch] slub: add Documentation/ABI/testing/sysfs-kernel-slab"
Previous message: Zeno Davatz: "Re: Kernel 2.6.29 runs out of memory and hangs."
In reply to: Pekka Enberg: "Re: [Bug #13112] Oops in drain_array"
Next in thread: Bart: "Re: [Bug #13112] Oops in drain_array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]