From: Christian Weiske <cweiske@cweiske.de>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org, reiserfs-dev@namesys.com,
Ingo Molnar <mingo@elte.hu>,
Nick Piggin <nickpiggin@yahoo.com.au>
Subject: Re: 2.6.18 BUG: unable to handle kernel NULL pointer dereference at virtual address 000,0000a
Date: Sun, 24 Sep 2006 14:20:14 +0200 [thread overview]
Message-ID: <451677FE.2070409@cweiske.de> (raw)
In-Reply-To: <20060923134244.e7b73826.akpm@osdl.org>
[-- Attachment #1.1: Type: text/plain, Size: 527 bytes --]
Andrew,
> It would be interesting to find out if enabling CONFIG_4KSTACKS makes this
> go away (although I'm not sure why).
So, here are the results from the 4K runs:
Beside one Oops message, I got a "kernel BUG at mm/slab.c:2747!" in log
#1. Call traces as usual.
Further, logs #2 and #3 show funny things; the thing just rebooted. Log
#2 has some oversized ethernet frames before the reboot.
Sorry for the CC, I thought you were subscribed to lkml and removed you.
--
Regards/MfG,
Christian Weiske
[-- Attachment #1.2: dojo kernelpanic debug 4k 1.log --]
[-- Type: text/plain, Size: 7572 bytes --]
=============================================
[ INFO: possible recursive locking detected ]
---------------------------------------------
java/6750 is trying to acquire lock:
(slock-AF_INET6){-+..}, at: [<c03be6f4>] sk_clone+0xf4/0x310
but task is already holding lock:
(slock-AF_INET6){-+..}, at: [<c0444eaf>] tcp_v6_rcv+0x34f/0x6f0
other info that might help us debug this:
1 lock held by java/6750:
#0: (slock-AF_INET6){-+..}, at: [<c0444eaf>] tcp_v6_rcv+0x34f/0x6f0
stack backtrace:
[<c01034b9>] show_trace+0x19/0x20
[<c01035ba>] dump_stack+0x1a/0x20
[<c0131454>] print_deadlock_bug+0xa4/0xb0
[<c01314ca>] check_deadlock+0x6a/0x80
[<c0132cf7>] __lock_acquire+0x4f7/0x950
[<c01337cd>] lock_acquire+0x5d/0x80
[<c0483415>] _spin_lock+0x25/0x30
[<c03be6f4>] sk_clone+0xf4/0x310
[<c03e6b31>] inet_csk_clone+0x11/0x70
[<c03fb3c5>] tcp_create_openreq_child+0x15/0x3e0
[<c04442c2>] tcp_v6_syn_recv_sock+0x142/0x610
[<c03fb8a9>] tcp_check_req+0x119/0x420
[<c0443d75>] tcp_v6_hnd_req+0x45/0x130
[<c0444af7>] tcp_v6_do_rcv+0x247/0x2b0
[<c0445136>] tcp_v6_rcv+0x5d6/0x6f0
[<c04272df>] ip6_input+0x16f/0x340
[<c0427004>] ipv6_rcv+0x114/0x280
[<c03c6eb1>] netif_receive_skb+0x1b1/0x1f0
[<c03c6f80>] process_backlog+0x90/0x120
[<c03c707d>] net_rx_action+0x6d/0x100
[<c011d68f>] __do_softirq+0x6f/0x100
[<c0104de7>] do_softirq+0x87/0xe0
=======================
[<c011d5d9>] local_bh_enable_ip+0xb9/0x100
[<c0483661>] _spin_unlock_bh+0x31/0x40
[<c03bf750>] release_sock+0x50/0xb0
[<c0405647>] inet_wait_for_connect+0x67/0xd0
[<c0405748>] inet_stream_connect+0x98/0x1d0
[<c03bc6d7>] sys_connect+0x67/0xa0
[<c03bd1c6>] sys_socketcall+0xc6/0x1e0
[<c0102e77>] syscall_call+0x7/0xb
Slab corruption: start=c62fae5c, len=172
Redzone: 0x6b6b6b6b/0xc0411ac8.
Last user: [<170fc2a5>](0x170fc2a5)
0a0: 6b 6b 6b 6b 6b 6b 6b a5 71 f0 2c 5a
Prev obj: start=c62facf8, len=172
Redzone: 0xc0d36b48/0xc04110a0.
Last user: [<0000000e>](0xe)
000: 90 6a d3 c0 f3 81 01 00 80 11 41 c0 ec ac 2f c6
010: e0 1c 61 c0 00 00 00 00 00 00 00 00 33 02 00 00
slab error in cache_alloc_debugcheck_after(): cache `ip_conntrack': double freen
[<c01034b9>] show_trace+0x19/0x20
[<c01035ba>] dump_stack+0x1a/0x20
[<c0160d81>] __slab_error+0x21/0x30
[<c0162e11>] cache_alloc_debugcheck_after+0x121/0x1a0
[<c016316b>] kmem_cache_alloc+0x6b/0xc0
[<c04119bc>] ip_conntrack_alloc+0x3c/0x130
[<c0411afa>] init_conntrack+0x2a/0x110
[<c0411dbe>] ip_conntrack_in+0x1de/0x230
[<c03d7707>] nf_iterate+0x57/0xa0
[<c03d77a6>] nf_hook_slow+0x56/0xe0
[<c03dd3c9>] ip_rcv+0x239/0x440
[<c03c6eb1>] netif_receive_skb+0x1b1/0x1f0
[<c03c6f80>] process_backlog+0x90/0x120
[<c03c707d>] net_rx_action+0x6d/0x100
[<c011d68f>] __do_softirq+0x6f/0x100
[<c0104de7>] do_softirq+0x87/0xe0
=======================
[<c011d773>] irq_exit+0x53/0x60
[<c0104c5a>] do_IRQ+0x6a/0xb0
[<c0103145>] common_interrupt+0x25/0x30
[<c028e30b>] memcpy+0x3b/0x50
[<c028e378>] memmove+0x38/0x50
[<c01bf9cd>] leaf_paste_in_buffer+0x7d/0x320
[<c01a879c>] balance_leaf+0x24c/0x27d0
[<c01ab050>] do_balance+0x60/0xf0
[<c01c5854>] reiserfs_paste_into_item+0x164/0x190
[<c01b3c25>] reiserfs_allocate_blocks_for_region+0x925/0x12e0
[<c01b5c9c>] reiserfs_file_write+0x72c/0x7c0
[<c01668d8>] vfs_write+0x88/0x170
[<c0166a6c>] sys_write+0x3c/0x70
[<c0102e77>] syscall_call+0x7/0xb
c62fae58: redzone 1:0x6b6b6b6b, redzone 2:0xc0411ac8
------------[ cut here ]------------
kernel BUG at mm/slab.c:2747!
invalid opcode: 0000 [#1]
PREEMPT
Modules linked in:
CPU: 0
EIP: 0060:[<c01629d1>] Not tainted VLI
EFLAGS: 00010087 (2.6.18 #3)
EIP is at cache_free_debugcheck+0x241/0x250
eax: 0113bcc5 ebx: 00010c00 ecx: 000000b8 edx: cf660500
esi: 00000014 edi: c62fae58 ebp: c05f7f70 esp: c05f7f5c
ds: 007b es: 007b ss: 0068
Process java (pid: 6848, ti=c05f7000 task=c6934b00 task.ti=c69e6000)
Stack: 0113bcc5 c62fa040 c13dc7d8 c62fae5c cf660500 c05f7f94 c0163581 cf660500
c62fae5c c0411ac8 00000246 c62fae5c c69ad904 00000009 c05f7fa4 c0411ac8
cf660500 c62fae5c c05f7fb4 c0411131 c62fae5c cd8acb30 c05f7fc8 c03c06b4
Call Trace:
[<c010354e>] show_stack_log_lvl+0x8e/0xb0
[<c010370a>] show_registers+0x14a/0x1d0
[<c0103987>] die+0x167/0x210
[<c0103aac>] do_trap+0x7c/0xc0
[<c0103d40>] do_invalid_op+0x90/0xa0
[<c0103199>] error_code+0x39/0x40
[<c0163581>] kmem_cache_free+0x61/0xf0
[<c0411ac8>] ip_conntrack_free+0x18/0x20
[<c0411131>] destroy_conntrack+0x91/0xe0
[<c03c06b4>] __kfree_skb+0x74/0xf0
[<c03c6c36>] net_tx_action+0x56/0x120
[<c011d68f>] __do_softirq+0x6f/0x100
[<c0104de7>] do_softirq+0x87/0xe0
=======================
[<c011d773>] irq_exit+0x53/0x60
[<c0104c5a>] do_IRQ+0x6a/0xb0
[<c0103145>] common_interrupt+0x25/0x30
[<c028e30b>] memcpy+0x3b/0x50
[<c028e378>] memmove+0x38/0x50
[<c01bf9cd>] leaf_paste_in_buffer+0x7d/0x320
[<c01a879c>] balance_leaf+0x24c/0x27d0
[<c01ab050>] do_balance+0x60/0xf0
[<c01c5854>] reiserfs_paste_into_item+0x164/0x190
[<c01b3c25>] reiserfs_allocate_blocks_for_region+0x925/0x12e0
[<c01b5c9c>] reiserfs_file_write+0x72c/0x7c0
[<c01668d8>] vfs_write+0x88/0x170
[<c0166a6c>] sys_write+0x3c/0x70
[<c0102e77>] syscall_call+0x7/0xb
Code: 47 ff ff ff e9 68 ff ff ff 0f 0b 60 02 cd e6 4a c0 e9 1b fe ff ff 8b 52 0
EIP: [<c01629d1>] cache_free_debugcheck+0x241/0x250 SS:ESP 0068:c05f7f5c
<0>Kernel panic - not syncing: Fatal exception in interrupt
<3>Slab corruption: start=c62a8d58, len=2048
Redzone: 0x6b6b6b6b/0xc03c0543.
Last user: [<170fc2a5>](0x170fc2a5)
7f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 71 f0 2c 5a
Prev obj: start=c62a8487, len=2048
Redzone: 0x0/0x5a5a5a5a.
Last user: [<5a5a5a5a>](0x5a5a5a5a)
000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
slab error in cache_alloc_debugcheck_after(): cache `size-2048': double free, on
[<c01034b9>] show_trace+0x19/0x20
[<c01035ba>] dump_stack+0x1a/0x20
[<c0160d81>] __slab_error+0x21/0x30
[<c0162e11>] cache_alloc_debugcheck_after+0x121/0x1a0
[<c01634c8>] __kmalloc_track_caller+0xa8/0x100
[<c03c029d>] __alloc_skb+0x4d/0x110
[<c030438b>] rhine_rx+0x29b/0x490
[<c0303db3>] rhine_interrupt+0x193/0x240
[<c0144807>] handle_IRQ_event+0x27/0x70
[<c01448d3>] __do_IRQ+0x83/0x110
[<c0104c53>] do_IRQ+0x63/0xb0
=======================
[<c0103145>] common_interrupt+0x25/0x30
[<c0103a21>] die+0x201/0x210
[<c0103aac>] do_trap+0x7c/0xc0
[<c0103d40>] do_invalid_op+0x90/0xa0
[<c0103199>] error_code+0x39/0x40
[<c0163581>] kmem_cache_free+0x61/0xf0
[<c0411ac8>] ip_conntrack_free+0x18/0x20
[<c0411131>] destroy_conntrack+0x91/0xe0
[<c03c06b4>] __kfree_skb+0x74/0xf0
[<c03c6c36>] net_tx_action+0x56/0x120
[<c011d68f>] __do_softirq+0x6f/0x100
[<c0104de7>] do_softirq+0x87/0xe0
=======================
[<c011d773>] irq_exit+0x53/0x60
[<c0104c5a>] do_IRQ+0x6a/0xb0
[<c0103145>] common_interrupt+0x25/0x30
[<c028e30b>] memcpy+0x3b/0x50
[<c028e378>] memmove+0x38/0x50
[<c01bf9cd>] leaf_paste_in_buffer+0x7d/0x320
[<c01a879c>] balance_leaf+0x24c/0x27d0
[<c01ab050>] do_balance+0x60/0xf0
[<c01c5854>] reiserfs_paste_into_item+0x164/0x190
[<c01b3c25>] reiserfs_allocate_blocks_for_region+0x925/0x12e0
[<c01b5c9c>] reiserfs_file_write+0x72c/0x7c0
[<c01668d8>] vfs_write+0x88/0x170
[<c0166a6c>] sys_write+0x3c/0x70
[<c0102e77>] syscall_call+0x7/0xb
c62a8d54: redzone 1:0x6b6b6b6b, redzone 2:0xc03c0543
[-- Attachment #1.3: dojo kernelpanic debug 4k 2.log --]
[-- Type: text/plain, Size: 3813 bytes --]
=============================================
[ INFO: possible recursive locking detected ]
---------------------------------------------
java/6736 is trying to acquire lock:
(slock-AF_INET6){-+..}, at: [<c03be6f4>] sk_clone+0xf4/0x310
but task is already holding lock:
(slock-AF_INET6){-+..}, at: [<c0444eaf>] tcp_v6_rcv+0x34f/0x6f0
other info that might help us debug this:
1 lock held by java/6736:
#0: (slock-AF_INET6){-+..}, at: [<c0444eaf>] tcp_v6_rcv+0x34f/0x6f0
stack backtrace:
[<c01034b9>] show_trace+0x19/0x20
[<c01035ba>] dump_stack+0x1a/0x20
[<c0131454>] print_deadlock_bug+0xa4/0xb0
[<c01314ca>] check_deadlock+0x6a/0x80
[<c0132cf7>] __lock_acquire+0x4f7/0x950
[<c01337cd>] lock_acquire+0x5d/0x80
[<c0483415>] _spin_lock+0x25/0x30
[<c03be6f4>] sk_clone+0xf4/0x310
[<c03e6b31>] inet_csk_clone+0x11/0x70
[<c03fb3c5>] tcp_create_openreq_child+0x15/0x3e0
[<c04442c2>] tcp_v6_syn_recv_sock+0x142/0x610
[<c03fb8a9>] tcp_check_req+0x119/0x420
[<c0443d75>] tcp_v6_hnd_req+0x45/0x130
[<c0444af7>] tcp_v6_do_rcv+0x247/0x2b0
[<c0445136>] tcp_v6_rcv+0x5d6/0x6f0
[<c04272df>] ip6_input+0x16f/0x340
[<c0427004>] ipv6_rcv+0x114/0x280
[<c03c6eb1>] netif_receive_skb+0x1b1/0x1f0
[<c03c6f80>] process_backlog+0x90/0x120
[<c03c707d>] net_rx_action+0x6d/0x100
[<c011d68f>] __do_softirq+0x6f/0x100
[<c0104de7>] do_softirq+0x87/0xe0
=======================
[<c011d5d9>] local_bh_enable_ip+0xb9/0x100
[<c0483661>] _spin_unlock_bh+0x31/0x40
[<c03bf750>] release_sock+0x50/0xb0
[<c0405647>] inet_wait_for_connect+0x67/0xd0
[<c0405748>] inet_stream_connect+0x98/0x1d0
[<c03bc6d7>] sys_connect+0x67/0xa0
[<c03bd1c6>] sys_socketcall+0xc6/0x1e0
[<c0102e77>] syscall_call+0x7/0xb
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0xb length 0 sta!
eth0: Oversized Ethernet frame cd4810b0 vs cd4810b0.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0xc length 0 sta!
eth0: Oversized Ethernet frame cd4810c0 vs cd4810c0.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0xd length 0 sta!
eth0: Oversized Ethernet frame cd4810d0 vs cd4810d0.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0xe length 0 sta!
eth0: Oversized Ethernet frame cd4810e0 vs cd4810e0.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0xf length 0 sta!
eth0: Oversized Ethernet frame cd4810f0 vs cd4810f0.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0x0 length 0 sta!
eth0: Oversized Ethernet frame cd481000 vs cd481000.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0x1 length 0 sta!
eth0: Oversized Ethernet frame cd481010 vs cd481010.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0x2 length 0 sta!
eth0: Oversized Ethernet frame cd481020 vs cd481020.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0x3 length 0 sta!
eth0: Oversized Ethernet frame cd481030 vs cd481030.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0x4 length 0 sta!
eth0: Oversized Ethernet frame cd481040 vs cd481040.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0x5 length 0 sta!
eth0: Oversized Ethernet frame cd481050 vs cd481050.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0x6 length 0 sta!
eth0: Oversized Ethernet frame cd481060 vs cd481060.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0x7 length 0 sta!
eth0: Oversized Ethernet frame cd481070 vs cd481070.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0x8 length 0 sta!
eth0: Oversized Ethernet frame cd481080 vs cd481080.
eth0: Oversized Ethernet frame spanned multiple buffers, entry 0x9 length 0 sta!
eth0: Oversized Ethernet frame cd481090 vs cd481090.
[followed by a restart!]
[-- Attachment #1.4: dojo kernelpanic debug 4k 3.log --]
[-- Type: text/plain, Size: 1757 bytes --]
=============================================
[ INFO: possible recursive locking detected ]
---------------------------------------------
java/6743 is trying to acquire lock:
(slock-AF_INET6){-+..}, at: [<c03be6f4>] sk_clone+0xf4/0x310
but task is already holding lock:
(slock-AF_INET6){-+..}, at: [<c0444eaf>] tcp_v6_rcv+0x34f/0x6f0
other info that might help us debug this:
1 lock held by java/6743:
#0: (slock-AF_INET6){-+..}, at: [<c0444eaf>] tcp_v6_rcv+0x34f/0x6f0
stack backtrace:
[<c01034b9>] show_trace+0x19/0x20
[<c01035ba>] dump_stack+0x1a/0x20
[<c0131454>] print_deadlock_bug+0xa4/0xb0
[<c01314ca>] check_deadlock+0x6a/0x80
[<c0132cf7>] __lock_acquire+0x4f7/0x950
[<c01337cd>] lock_acquire+0x5d/0x80
[<c0483415>] _spin_lock+0x25/0x30
[<c03be6f4>] sk_clone+0xf4/0x310
[<c03e6b31>] inet_csk_clone+0x11/0x70
[<c03fb3c5>] tcp_create_openreq_child+0x15/0x3e0
[<c04442c2>] tcp_v6_syn_recv_sock+0x142/0x610
[<c03fb8a9>] tcp_check_req+0x119/0x420
[<c0443d75>] tcp_v6_hnd_req+0x45/0x130
[<c0444af7>] tcp_v6_do_rcv+0x247/0x2b0
[<c0445136>] tcp_v6_rcv+0x5d6/0x6f0
[<c04272df>] ip6_input+0x16f/0x340
[<c0427004>] ipv6_rcv+0x114/0x280
[<c03c6eb1>] netif_receive_skb+0x1b1/0x1f0
[<c03c6f80>] process_backlog+0x90/0x120
[<c03c707d>] net_rx_action+0x6d/0x100
[<c011d68f>] __do_softirq+0x6f/0x100
[<c0104de7>] do_softirq+0x87/0xe0
=======================
[<c011d5d9>] local_bh_enable_ip+0xb9/0x100
[<c0483661>] _spin_unlock_bh+0x31/0x40
[<c03bf750>] release_sock+0x50/0xb0
[<c0405647>] inet_wait_for_connect+0x67/0xd0
[<c0405748>] inet_stream_connect+0x98/0x1d0
[<c03bc6d7>] sys_connect+0x67/0xa0
[<c03bd1c6>] sys_socketcall+0xc6/0x1e0
[<c0102e77>] syscall_call+0x7/0xb
[reboot]
[-- Attachment #1.5: dojo kernelpanic debug 4k 4.log --]
[-- Type: text/plain, Size: 10334 bytes --]
=============================================
[ INFO: possible recursive locking detected ]
---------------------------------------------
java/6746 is trying to acquire lock:
(slock-AF_INET6){-+..}, at: [<c03be6f4>] sk_clone+0xf4/0x310
but task is already holding lock:
(slock-AF_INET6){-+..}, at: [<c0444eaf>] tcp_v6_rcv+0x34f/0x6f0
other info that might help us debug this:
1 lock held by java/6746:
#0: (slock-AF_INET6){-+..}, at: [<c0444eaf>] tcp_v6_rcv+0x34f/0x6f0
stack backtrace:
[<c01034b9>] show_trace+0x19/0x20
[<c01035ba>] dump_stack+0x1a/0x20
[<c0131454>] print_deadlock_bug+0xa4/0xb0
[<c01314ca>] check_deadlock+0x6a/0x80
[<c0132cf7>] __lock_acquire+0x4f7/0x950
[<c01337cd>] lock_acquire+0x5d/0x80
[<c0483415>] _spin_lock+0x25/0x30
[<c03be6f4>] sk_clone+0xf4/0x310
[<c03e6b31>] inet_csk_clone+0x11/0x70
[<c03fb3c5>] tcp_create_openreq_child+0x15/0x3e0
[<c04442c2>] tcp_v6_syn_recv_sock+0x142/0x610
[<c03fb8a9>] tcp_check_req+0x119/0x420
[<c0443d75>] tcp_v6_hnd_req+0x45/0x130
[<c0444af7>] tcp_v6_do_rcv+0x247/0x2b0
[<c0445136>] tcp_v6_rcv+0x5d6/0x6f0
[<c04272df>] ip6_input+0x16f/0x340
[<c0427004>] ipv6_rcv+0x114/0x280
[<c03c6eb1>] netif_receive_skb+0x1b1/0x1f0
[<c03c6f80>] process_backlog+0x90/0x120
[<c03c707d>] net_rx_action+0x6d/0x100
[<c011d68f>] __do_softirq+0x6f/0x100
[<c0104de7>] do_softirq+0x87/0xe0
=======================
[<c011d5d9>] local_bh_enable_ip+0xb9/0x100
[<c0483661>] _spin_unlock_bh+0x31/0x40
[<c03bf750>] release_sock+0x50/0xb0
[<c0405647>] inet_wait_for_connect+0x67/0xd0
[<c0405748>] inet_stream_connect+0x98/0x1d0
[<c03bc6d7>] sys_connect+0x67/0xa0
[<c03bd1c6>] sys_socketcall+0xc6/0x1e0
[<c0102e77>] syscall_call+0x7/0xb
BUG: unable to handle kernel paging request at virtual address 170fc2c3
printing eip:
c03d958a
*pde = 00000000
Oops: 0000 [#1]
PREEMPT
Modules linked in:
CPU: 0
EIP: 0060:[<c03d958a>] Not tainted VLI
EFLAGS: 00010286 (2.6.18 #3)
EIP is at __ip_select_ident+0x4a/0xa0
eax: c6b78050 ebx: c613d8bc ecx: ffffffff edx: c05f7000
esi: 170fc2a5 edi: c13f1814 ebp: c05f7e70 esp: c05f7e64
ds: 007b es: 007b ss: 0068
Process java (pid: 6844, ti=c05f7000 task=c6b78050 task.ti=c0eb3000)
Stack: c3fd3254 c13f1814 c8a62034 c05f7f38 c03e0df8 c13f1814 c613d8bc 00000000
00000000 c613d8bc c05f7ea0 c03bf290 cdfc85dc c05f7ea0 c05f7ebc c01334dd
fffffff5 c8a62034 c05f7f70 c0406027 c8a62034 00000000 c05f7ed4 c613d8bc
Call Trace:
[<c010354e>] show_stack_log_lvl+0x8e/0xb0
[<c010370a>] show_registers+0x14a/0x1d0
[<c0103987>] die+0x167/0x210
[<c010eef3>] do_page_fault+0x173/0x580
[<c0103199>] error_code+0x39/0x40
[<c03e0df8>] ip_queue_xmit+0x468/0x520
[<c03f26df>] tcp_transmit_skb+0x27f/0x4b0
[<c03f4a93>] tcp_retransmit_skb+0x153/0x2d0
[<c03f66af>] tcp_retransmit_timer+0xdf/0x3f0
[<c03f6a91>] tcp_write_timer+0xd1/0x100
[<c0122154>] run_timer_softirq+0xb4/0x1a0
[<c011d68f>] __do_softirq+0x6f/0x100
[<c0104de7>] do_softirq+0x87/0xe0
=======================
[<c011d773>] irq_exit+0x53/0x60
[<c0104c5a>] do_IRQ+0x6a/0xb0
[<c0103145>] common_interrupt+0x25/0x30
[<c028e30b>] memcpy+0x3b/0x50
[<c028e378>] memmove+0x38/0x50
[<c01bf9cd>] leaf_paste_in_buffer+0x7d/0x320
[<c01a879c>] balance_leaf+0x24c/0x27d0
[<c01ab050>] do_balance+0x60/0xf0
[<c01c5854>] reiserfs_paste_into_item+0x164/0x190
[<c01b3c25>] reiserfs_allocate_blocks_for_region+0x925/0x12e0
[<c01b5c9c>] reiserfs_file_write+0x72c/0x7c0
[<c01668d8>] vfs_write+0x88/0x170
[<c0166a6c>] sys_write+0x3c/0x70
[<c0102e77>] syscall_call+0x7/0xb
Code: fe ff ff 8b b3 ec 00 00 00 58 85 f6 5a 75 12 57 e8 7c ff ff ff 8d 65 f4 5
EIP: [<c03d958a>] __ip_select_ident+0x4a/0xa0 SS:ESP 0068:c05f7e64
<0>Kernel panic - not syncing: Fatal exception in interrupt
<3>Slab corruption: start=c6403564, len=2048
Redzone: 0x6b6b6b6b/0xc03c0543.
Last user: [<00000000>](0x0)
7f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 71 f0 2c 5a
Prev obj: start=c6402cd3, len=2048
Redzone: 0x6b6b6b6b/0x6b6b6b6b.
Last user: [<6b6b6b6b>](0x6b6b6b6b)
000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
slab error in cache_alloc_debugcheck_after(): cache `size-2048': double free, on
[<c01034b9>] show_trace+0x19/0x20
[<c01035ba>] dump_stack+0x1a/0x20
[<c0160d81>] __slab_error+0x21/0x30
[<c0162e11>] cache_alloc_debugcheck_after+0x121/0x1a0
[<c01634c8>] __kmalloc_track_caller+0xa8/0x100
[<c03c029d>] __alloc_skb+0x4d/0x110
[<c030438b>] rhine_rx+0x29b/0x490
[<c0303db3>] rhine_interrupt+0x193/0x240
[<c0144807>] handle_IRQ_event+0x27/0x70
[<c01448d3>] __do_IRQ+0x83/0x110
[<c0104c53>] do_IRQ+0x63/0xb0
=======================
[<c0103145>] common_interrupt+0x25/0x30
[<c028e1dd>] __delay+0xd/0x10
[<c028e205>] __const_udelay+0x25/0x30
[<c0117ce8>] panic+0xf8/0x100
[<c0103a21>] die+0x201/0x210
[<c010eef3>] do_page_fault+0x173/0x580
[<c0103199>] error_code+0x39/0x40
[<c03e0df8>] ip_queue_xmit+0x468/0x520
[<c03f26df>] tcp_transmit_skb+0x27f/0x4b0
[<c03f4a93>] tcp_retransmit_skb+0x153/0x2d0
[<c03f66af>] tcp_retransmit_timer+0xdf/0x3f0
[<c03f6a91>] tcp_write_timer+0xd1/0x100
[<c0122154>] run_timer_softirq+0xb4/0x1a0
[<c011d68f>] __do_softirq+0x6f/0x100
[<c0104de7>] do_softirq+0x87/0xe0
=======================
[<c011d773>] irq_exit+0x53/0x60
[<c0104c5a>] do_IRQ+0x6a/0xb0
[<c0103145>] common_interrupt+0x25/0x30
[<c028e30b>] memcpy+0x3b/0x50
[<c028e378>] memmove+0x38/0x50
[<c01bf9cd>] leaf_paste_in_buffer+0x7d/0x320
[<c01a879c>] balance_leaf+0x24c/0x27d0
[<c01ab050>] do_balance+0x60/0xf0
[<c01c5854>] reiserfs_paste_into_item+0x164/0x190
[<c01b3c25>] reiserfs_allocate_blocks_for_region+0x925/0x12e0
[<c01b5c9c>] reiserfs_file_write+0x72c/0x7c0
[<c01668d8>] vfs_write+0x88/0x170
[<c0166a6c>] sys_write+0x3c/0x70
[<c0102e77>] syscall_call+0x7/0xb
c6403560: redzone 1:0x6b6b6b6b, redzone 2:0xc03c0543
Slab corruption: start=c6402d58, len=2048
Redzone: 0x6b6b6b6b/0x0.
Last user: [<5a2cf071>](0x5a2cf071)
7f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 71 f0 2c 5a
Prev obj: start=c64024c7, len=2048
Redzone: 0x656c7564/0x6b6b6b6b.
Last user: [<6b6b6b6b>](0x6b6b6b6b)
000: 3d 63 6f 6d 6d 75 6e 69 74 79 26 61 63 74 69 6f
010: 6e 3d 76 69 65 77 5f 74 6f 70 69 63 26 74 6f 70
slab error in cache_alloc_debugcheck_after(): cache `size-2048': double free, on
[<c01034b9>] show_trace+0x19/0x20
[<c01035ba>] dump_stack+0x1a/0x20
[<c0160d81>] __slab_error+0x21/0x30
[<c0162e11>] cache_alloc_debugcheck_after+0x121/0x1a0
[<c01634c8>] __kmalloc_track_caller+0xa8/0x100
[<c03c029d>] __alloc_skb+0x4d/0x110
[<c030438b>] rhine_rx+0x29b/0x490
[<c0303db3>] rhine_interrupt+0x193/0x240
[<c0144807>] handle_IRQ_event+0x27/0x70
[<c01448d3>] __do_IRQ+0x83/0x110
[<c0104c53>] do_IRQ+0x63/0xb0
=======================
[<c0103145>] common_interrupt+0x25/0x30
[<c028e1dd>] __delay+0xd/0x10
[<c028e205>] __const_udelay+0x25/0x30
[<c0117ce8>] panic+0xf8/0x100
[<c0103a21>] die+0x201/0x210
[<c010eef3>] do_page_fault+0x173/0x580
[<c0103199>] error_code+0x39/0x40
[<c03e0df8>] ip_queue_xmit+0x468/0x520
[<c03f26df>] tcp_transmit_skb+0x27f/0x4b0
[<c03f4a93>] tcp_retransmit_skb+0x153/0x2d0
[<c03f66af>] tcp_retransmit_timer+0xdf/0x3f0
[<c03f6a91>] tcp_write_timer+0xd1/0x100
[<c0122154>] run_timer_softirq+0xb4/0x1a0
[<c011d68f>] __do_softirq+0x6f/0x100
[<c0104de7>] do_softirq+0x87/0xe0
=======================
[<c011d773>] irq_exit+0x53/0x60
[<c0104c5a>] do_IRQ+0x6a/0xb0
[<c0103145>] common_interrupt+0x25/0x30
[<c028e30b>] memcpy+0x3b/0x50
[<c028e378>] memmove+0x38/0x50
[<c01bf9cd>] leaf_paste_in_buffer+0x7d/0x320
[<c01a879c>] balance_leaf+0x24c/0x27d0
[<c01ab050>] do_balance+0x60/0xf0
[<c01c5854>] reiserfs_paste_into_item+0x164/0x190
[<c01b3c25>] reiserfs_allocate_blocks_for_region+0x925/0x12e0
[<c01b5c9c>] reiserfs_file_write+0x72c/0x7c0
[<c01668d8>] vfs_write+0x88/0x170
[<c0166a6c>] sys_write+0x3c/0x70
[<c0102e77>] syscall_call+0x7/0xb
c6402d54: redzone 1:0x6b6b6b6b, redzone 2:0x0
Slab corruption: start=c640254c, len=2048
Redzone: 0x6b6b6b6b/0x0.
Last user: [<5a2cf071>](0x5a2cf071)
7f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 71 f0 2c 5a
Prev obj: start=c6401cbb, len=2048
Redzone: 0x19a60cb7/0x68702e78.
Last user: [<6f6d3f70>](0x6f6d3f70)
000: b7 f8 a5 19 b7 00 13 00 00 f4 90 48 08 7c a4 19
010: b7 70 a4 19 b7 01 00 00 00 00 13 00 00 01 00 00
slab error in cache_alloc_debugcheck_after(): cache `size-2048': double free, on
[<c01034b9>] show_trace+0x19/0x20
[<c01035ba>] dump_stack+0x1a/0x20
[<c0160d81>] __slab_error+0x21/0x30
[<c0162e11>] cache_alloc_debugcheck_after+0x121/0x1a0
[<c01634c8>] __kmalloc_track_caller+0xa8/0x100
[<c03c029d>] __alloc_skb+0x4d/0x110
[<c030438b>] rhine_rx+0x29b/0x490
[<c0303db3>] rhine_interrupt+0x193/0x240
[<c0144807>] handle_IRQ_event+0x27/0x70
[<c01448d3>] __do_IRQ+0x83/0x110
[<c0104c53>] do_IRQ+0x63/0xb0
=======================
[<c0103145>] common_interrupt+0x25/0x30
[<c028e1dd>] __delay+0xd/0x10
[<c028e205>] __const_udelay+0x25/0x30
[<c0117ce8>] panic+0xf8/0x100
[<c0103a21>] die+0x201/0x210
[<c010eef3>] do_page_fault+0x173/0x580
[<c0103199>] error_code+0x39/0x40
[<c03e0df8>] ip_queue_xmit+0x468/0x520
[<c03f26df>] tcp_transmit_skb+0x27f/0x4b0
[<c03f4a93>] tcp_retransmit_skb+0x153/0x2d0
[<c03f66af>] tcp_retransmit_timer+0xdf/0x3f0
[<c03f6a91>] tcp_write_timer+0xd1/0x100
[<c0122154>] run_timer_softirq+0xb4/0x1a0
[<c011d68f>] __do_softirq+0x6f/0x100
[<c0104de7>] do_softirq+0x87/0xe0
=======================
[<c011d773>] irq_exit+0x53/0x60
[<c0104c5a>] do_IRQ+0x6a/0xb0
[<c0103145>] common_interrupt+0x25/0x30
[<c028e30b>] memcpy+0x3b/0x50
[<c028e378>] memmove+0x38/0x50
[<c01bf9cd>] leaf_paste_in_buffer+0x7d/0x320
[<c01a879c>] balance_leaf+0x24c/0x27d0
[<c01ab050>] do_balance+0x60/0xf0
[<c01c5854>] reiserfs_paste_into_item+0x164/0x190
[<c01b3c25>] reiserfs_allocate_blocks_for_region+0x925/0x12e0
[<c01b5c9c>] reiserfs_file_write+0x72c/0x7c0
[<c01668d8>] vfs_write+0x88/0x170
[<c0166a6c>] sys_write+0x3c/0x70
[<c0102e77>] syscall_call+0x7/0xb
c6402548: redzone 1:0x6b6b6b6b, redzone 2:0x0
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 191 bytes --]
next prev parent reply other threads:[~2006-09-24 12:19 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-23 15:56 2.6.18 BUG: unable to handle kernel NULL pointer dereference at virtual address 000,0000a Christian Weiske
2006-09-23 20:42 ` Andrew Morton
2006-09-23 20:39 ` Ingo Molnar
2006-09-24 9:11 ` Christian Weiske
2006-09-24 9:30 ` Christian Weiske
2006-09-24 10:19 ` Andrew Morton
2006-09-24 17:59 ` Ingo Molnar
2006-09-24 12:20 ` Christian Weiske [this message]
2006-09-24 16:50 ` Andrew Morton
2006-09-24 17:47 ` Christian Weiske
2006-09-25 4:14 ` Nick Piggin
2006-09-25 18:36 ` Christian Weiske
2006-09-25 21:26 ` Andrew Morton
2006-10-02 17:01 ` Christian Weiske
2006-10-03 14:20 ` Christian Weiske
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=451677FE.2070409@cweiske.de \
--to=cweiske@cweiske.de \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=nickpiggin@yahoo.com.au \
--cc=reiserfs-dev@namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.