2002-09-18 19:33:08

by Aaron Gowatch

Subject: Re: disass kfree_s (was: Oops in 2.2.19)

Dean helped me track down the NULL pointer from the oops I posted
yesterday. It looks like someone ran across the same or similar issue in


I dont know much about kernel mm, but if someone who does or has seen this
before is willing to help me track this down, it'd be much appreciated.

Date: Tue, 17 Sep 2002 20:35:25 -0700 (PDT)
From: dean gaudet <[email protected]>
To: Aaron Gowatch <[email protected]>
Subject: Re: disass kfree_s

On Tue, 17 Sep 2002, Aaron Gowatch wrote:

> 0x8012353c <kfree_s+148>: mov 0x8(%ecx),%ebp
> 0x8012353f <kfree_s+151>: cmp $0xa5c32f2b,%ebp
> 0x80123545 <kfree_s+157>: jne 0x80123630 <kfree_s+392>

well that magic number up there is SLAB_MAGIC_ALLOC ... and the test here
is the check_magic label in __kfree_cache_free ... but i dunno why slabp
is NULL at that point.

you might want to play with the completely untested patch below... it
should at least stop the system from oopsing -- and it'll log a message
when the bug occurs. then you can see what you're doing which triggers it


--- slab.c.orig Fri Nov 2 08:39:16 2001
+++ slab.c Tue Sep 17 20:34:05 2002
@@ -1555,6 +1555,8 @@
slabp = bufp->buf_slabp;

+ if (slabp == NULL)
+ goto bad_slab;
if (slabp->s_magic != SLAB_MAGIC_ALLOC) /* Sanity check. */
goto bad_slab;

@@ -1636,7 +1638,9 @@

/* Slab doesn't contain the correct magic num. */
- if (slabp->s_magic == SLAB_MAGIC_DESTROYED) {
+ if (slabp == NULL) {
+ kmem_report_free_err("null slabp", objp, cachep);
+ } else if (slabp->s_magic == SLAB_MAGIC_DESTROYED) {
/* Magic num says this is a destroyed slab. */
kmem_report_free_err("free from inactive slab", objp, cachep);
} else