slab corruption on XO-1 (mesh related?)
Daniel Drake
dsd at laptop.org
Thu Dec 24 14:48:44 EST 2009
I think this is a 2.6.31 regression. I don't have time to investigate
right now.
To reproduce I just connected to the mesh on msh0, disconnect from the
mesh and connect to an access point on eth0.
Then things go a bit wrong and this appears in the logs, repeatedly:
[ 310.921753] slab error in verify_redzone_free(): cache `size-32':
memory outside object was overwritten
[ 310.921796] Pid: 1805, comm: wpa_supplicant Tainted: G W
2.6.31_xo1-20091224.1735.1.olpc.bd1f1e9 #1
[ 310.921821] Call Trace:
[ 310.921871] [<c06a7016>] ? printk+0xf/0x11
[ 310.921917] [<c047e552>] __slab_error+0x17/0x1c
[ 310.921955] [<c047eb7b>] cache_free_debugcheck+0x10a/0x1b8
[ 310.921988] [<c06a074b>] ? ioctl_standard_call+0x23e/0x280
[ 310.922025] [<c047eded>] kfree+0xc0/0xf0
[ 310.922057] [<c06a074b>] ioctl_standard_call+0x23e/0x280
[ 310.922103] [<c0621820>] ? __dev_get_by_name+0x6d/0x7a
[ 310.922138] [<c0621820>] ? __dev_get_by_name+0x6d/0x7a
[ 310.922172] [<c06a085b>] wext_handle_ioctl+0xce/0x157
[ 310.922305] [<cf8ffc6a>] ? lbs_get_essid+0x0/0xef [libertas]
[ 310.922341] [<c06254af>] dev_ioctl+0x567/0x587
[ 310.922383] [<c0617528>] ? sys_sendto+0xa1/0xc0
[ 310.922419] [<c0617f96>] ? sys_recvfrom+0x99/0xba
[ 310.922454] [<c056e11e>] ? copy_from_user+0x32/0x78
[ 310.922489] [<c06169d8>] sock_ioctl+0x1ef/0x1fb
[ 310.922521] [<c06167e9>] ? sock_ioctl+0x0/0x1fb
[ 310.922557] [<c048f86e>] vfs_ioctl+0x18/0x6f
[ 310.922591] [<c048fe6f>] do_vfs_ioctl+0x4ef/0x52d
[ 310.922627] [<c061755f>] ? sys_send+0x18/0x1a
[ 310.922662] [<c061832f>] ? sys_socketcall+0xc5/0x16b
[ 310.922695] [<c048feee>] sys_ioctl+0x41/0x61
[ 310.922730] [<c04033d4>] sysenter_do_call+0x12/0x26
[ 310.922762] ccfaad30: redzone 1:0xd84156c5635688c0, redzone
2:0xd84156c563568800.
Running "iwconfig" causes the exact same trace.
Daniel
More information about the libertas-dev
mailing list