RHEL5.9: Untainted kernel 2.6.18-348.4.1.el5 crashed in cache_reap .. free_block ... list_del due to multiple kmem slab corruption
Issue
- The kernel panicked with :
list_del corruption. prev->next should be ffff81030eb96000, but was 2000406483b6900c
----------- [cut here ] --------- [please bite here ] ---------
Kernel BUG at lib/list_debug.c:65
invalid opcode: 0000 [1] SMP
last sysfs file: /devices/pci0000:00/0000:00:1c.2/0000:04:00.1/irq
CPU 18
Modules linked in: mptctl mptbase autofs4 nfs nfs_acl lockd sunrpc bonding be2iscsi
ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp bnx2i cnic ipv6
xfrm_nalgo crypto_api uio cxgb3i libcxgbi cxgb3 8021q libiscsi_tcp libiscsi2
scsi_transport_iscsi2 scsi_transport_iscsi dm_multipath scsi_dh video backlight sbs
power_meter hwmon i2c_ec i2c_core dell_wmi wmi button battery asus_acpi
acpi_memhotplug ac parport_pc lp parport sr_mod cdrom sg tpm_tis tpm shpchp
hpilo i7core_edac bnx2 edac_mc serio_raw pcspkr tpm_bios dm_raid45 dm_message
dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod
usb_storage ata_piix libata cciss sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
Pid: 92, comm: events/18 Not tainted 2.6.18-348.4.1.el5 #1
RIP: 0010:[<ffffffff8015c5b2>] [<ffffffff8015c5b2>] list_del+0x21/0x6b
RSP: 0018:ffff81061fb25d70 EFLAGS: 00010086
RAX: 0000000000000058 RBX: ffff81030eb96000 RCX: ffffffff80326028
RDX: ffffffff80326028 RSI: 0000000000000000 RDI: ffffffff80326020
RBP: ffff81011574edc0 R08: ffffffff80326028 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000280 R12: ffff81011574b080
R13: ffff81030eb96c40 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff81061fc569c0(0000) knlGS:0000000000000000
CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 000000007ffff880 CR3: 0000000415782000 CR4: 00000000000006a0
Process events/18 (pid: 92, threadinfo ffff81061fb24000, task ffff810c1fab07e0)
Stack: ffff810c1fab07e0 ffffffff800e042e ffff81061e292480 000000011e292480
ffff810c1fd7dc18 ffff810c1fd7dc18 0000000000000001 ffff810c1fd7dc00
0000000000000000 ffff81011574edc0 ffff81011574b080 ffffffff800e0547
Call Trace:
[<ffffffff800e042e>] free_block+0xb7/0x145
[<ffffffff800e0547>] drain_array+0x8b/0xc0
[<ffffffff800e0f88>] cache_reap+0x0/0x217
[<ffffffff800e102d>] cache_reap+0xa5/0x217
[<ffffffff8004d8b6>] run_workqueue+0x9e/0xfb
[<ffffffff8004a0ff>] worker_thread+0x0/0x122
[<ffffffff8004a1ef>] worker_thread+0xf0/0x122
[<ffffffff8008f3ad>] default_wake_function+0x0/0xe
[<ffffffff80032c29>] kthread+0xfe/0x132
[<ffffffff8005dfc1>] child_rip+0xa/0x11
[<ffffffff80032b2b>] kthread+0x0/0x132
[<ffffffff8005dfb7>] child_rip+0x0/0x11
Code: 0f 0b 68 26 d1 2c 80 c2 41 00 eb fe 48 8b 07 48 8b 50 08 48
RIP [<ffffffff8015c5b2>] list_del+0x21/0x6b
RSP <ffff81061fb25d70>
Environment
- Red Hat Enterprise Linux 5.9
- seen on untainted kernel 2.6.18-348.4.1.el5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
