Bug 5964
Summary: | slab: double free detected in cache 'vm_area_struct' | ||
---|---|---|---|
Product: | Memory Management | Reporter: | Malte S. Stretz (kernel-contrib) |
Component: | Slab Allocator | Assignee: | Andrew Morton (akpm) |
Status: | REJECTED UNREPRODUCIBLE | ||
Severity: | high | CC: | hughd, kernel, protasnb |
Priority: | P2 | ||
Hardware: | i386 | ||
OS: | Linux | ||
Kernel Version: | 2.6.16 | Subsystem: | |
Regression: | Yes | Bisected commit-id: | |
Attachments: |
config for 2.6.14
dmesg output from 2.6.16 config of 2.6.16 "screenshot" of the last crash |
Description
Malte S. Stretz
2006-01-26 04:29:43 UTC
Created attachment 7153 [details]
config for 2.6.14
I accidently deleted the 2.6.16-rc1 config (and the binary) -- I'm currently
recreating it, based on this config for the (also crashing) 2.6.14.
Created attachment 7808 [details]
dmesg output from 2.6.16
This is the dmesg output from 2.6.16-gentoo-r1; it first seemed to be pretty
stable but finally crashed...
Created attachment 7809 [details]
config of 2.6.16
Guess I'll just disable DEBUG_SLAB. If anybody wants to debug this..... How long does the crash take to happen? Are there any different-looking crashes, or always this one? If poss, can you run memtest86 on that machine for 24 hours? How long: Depends. The box was running for a few dayswithout problems, then it crashed twice in a row. It was under high load both times (first compiling KOffice, then the Kernel) but I compiled a whole stuff without any crashes. To me the crash looks always the same; just the order the processes are dyingis different. I will try a memtest at some point but as I said, 2.6.10 runs rock solid. The Easter weekend gave me a good chance for a memtest86+ (v1.65) session: 100h running, the tests passed 70 times without any errors. Thanks for doing such a thorough memtest86+: sounds convincing. I had been thinking of your vm_area_struct double-free as just one of several confounding slab corruptions seen in recent months. But looking at it again now, suspect it's more specific. Could you please rebuild with the patch below, run your testing on that kernel, and report back how it goes when you've run for long enough to judge? Even if it seems to fix your immediate problem, I don't believe it's the real fix: more something to try, and if it works, then we have a better idea of what direction to look in next. (That is, something I could easily cook up to keep you busy, while I go away and think about something else - oops, how unprofessional, forget I said that ;-) Hugh --- 2.6.16/mm/mmap.c 2006-03-20 05:53:29.000000000 +0000 +++ linux/mm/mmap.c 2006-04-18 18:59:39.000000000 +0100 @@ -1933,7 +1933,7 @@ EXPORT_SYMBOL(do_brk); void exit_mmap(struct mm_struct *mm) { struct mmu_gather *tlb; - struct vm_area_struct *vma = mm->mmap; + struct vm_area_struct *vma = xchg(&mm->mmap, 0); unsigned long nr_accounted = 0; unsigned long end; That didn't really help. Yesterday night the box crashed again, this time it even took down the xinetd process so I can't get a trace. On Tue, 18 Apr 2006, bugme-daemon@bugzilla.kernel.org wrote: > That didn't really help. Yesterday night the box crashed again, > this time it even took down the xinetd process so I can't get a trace. Hmmm. Very inconclusive. It might be that the patch was irrelevant and didn't help at all; or it might be that the patch helped to get around the vm_area_struct freeing errors, and so let the system sail on to hit the effects of the underlying bug. I think I'd like to ask you to run with the patch again, in the hope that "can't get a trace" was a one-off, and more info emerges this time around. Created attachment 8248 [details]
"screenshot" of the last crash
After some time I tried again a kernel with the patch applied and after the
system was running for half a day it tends to go into crash frenzy again, this
time also on startup. All I could gather after some tries is this "screenshot"
which says that it is crashing in slab.c:2392 now (but maybe the line numbers
have changed because this is the more recent kernel 2.6.16-gentoo-r8).
Crashed again. I *think* the trace looks different but who knows... [17179569.184000] Linux version 2.6.16-gentoo-r8-bug5964-try1 (root@otherland) (gcc version 3.4.6 (Gentoo 3.4.6-r1, ssp-3.4.5-1.0, pie-8.7.9)) #1 PREEMPT Fri Jun 2 18:40:48 CEST 2006 [...] [17351310.004000] slab: double free detected in cache 'vm_area_struct', objp ebb56a18 [17351310.004000] ------------[ cut here ]------------ [17351310.004000] kernel BUG at mm/slab.c:2392! [17351310.004000] invalid opcode: 0000 [#1] [17351310.004000] PREEMPT [17351310.004000] Modules linked in: w83627hf hwmon_vid hwmon eeprom i2c_isa i2c_viapro md5 ipv6 snd_seq snd_pcm_oss snd_mixer_oss snd_via82xx gameport snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore sd_mod usb_storage scsi_mod usbhid dm_mod vfat fat ide_cd cdrom 8250 serial_core ehci_hcd uhci_hcd usbcore tun ne2k_pci 8390 3c59x via_rhine mii capability commoncap button fan thermal processor non_fatal rtc [17351310.004000] CPU: 0 [17351310.004000] EIP: 0060:[<b0160241>] Not tainted VLI [17351310.004000] EFLAGS: 00010096 (2.6.16-gentoo-r8-bug5964-try1 #1) [17351310.004000] EIP is at slab_put_obj+0x51/0xa0 [17351310.004000] eax: 00000059 ebx: ebb56000 ecx: b0356f6c edx: 00000001 [17351310.004000] esi: 00000018 edi: ebb5601c ebp: bdc23e70 esp: bdc23e54 [17351310.004000] ds: 007b es: 007b ss: 0068 [17351310.004000] Process tcsh (pid: 6732, threadinfo=bdc22000 task=e9618590) [17351310.004000] Stack: <0>b0321cd8 b031e951 ebb56a18 bdc23e68 ebb56a18 ebb56000 effedd60 bdc23e98 [17351310.004000] b0160d68 effec820 ebb56000 ebb56a18 00000000 0000000d effee7cc effec820 [17351310.004000] b86fa7c0 bdc23ec8 b0160e5b effec820 effea610 00000010 00000000 effea610 [17351310.004000] Call Trace: [17351310.004000] [<b01040ca>] show_stack_log_lvl+0xaa/0xe0 [17351310.004000] [<b01042e7>] show_registers+0x197/0x210 [17351310.004000] [<b01044e7>] die+0xf7/0x1a0 [17351310.004000] [<b0104617>] do_trap+0x87/0xd0 [17351310.004000] [<b0104985>] do_invalid_op+0xb5/0xc0 [17351310.004000] [<b0103ceb>] error_code+0x4f/0x54 [17351310.004000] [<b0160d68>] free_block+0x88/0x100 [17351310.004000] [<b0160e5b>] cache_flusharray+0x7b/0x180 [17351310.004000] [<b0161172>] kmem_cache_free+0x72/0x80 [17351310.004000] [<b0152588>] remove_vma+0x58/0x70 [17351310.004000] [<b01547dd>] exit_mmap+0xdd/0x110 [17351310.004000] [<b011a903>] mmput+0x33/0xb0 [17351310.004000] [<b011f85d>] exit_mm+0x8d/0x110 [17351310.004000] [<b01200e7>] do_exit+0xf7/0x4c0 [17351310.004000] [<b012052b>] do_group_exit+0x3b/0xd0 [17351310.004000] [<b01205d5>] sys_exit_group+0x15/0x20 [17351310.004000] [<b01031fb>] sysenter_past_esp+0x54/0x75 [17351310.004000] Code: 3b 45 14 75 45 8d 7b 1c 83 3c b7 fe 74 25 8b 45 10 8b 55 08 89 44 24 08 8b 42 44 c7 04 24 d8 1c 32 b0 89 44 24 04 e8 2f db fb ff <0f> 0b 58 09 6e 0e 32 b0 8b 43 14 89 04 b7 ff 4b 10 89 73 14 8b [17351310.004000] <1>Fixing recursive fault but reboot is needed! [17351310.004000] scheduling while atomic: tcsh/0x00000001/6732 [17351310.004000] [<b0104010>] show_trace+0x20/0x30 [17351310.004000] [<b010414e>] dump_stack+0x1e/0x20 [17351310.004000] [<b030588c>] schedule+0x5ac/0x690 [17351310.004000] [<b01202ee>] do_exit+0x2fe/0x4c0 [17351310.004000] [<b0104585>] die+0x195/0x1a0 [17351310.004000] [<b0104617>] do_trap+0x87/0xd0 [17351310.004000] [<b0104985>] do_invalid_op+0xb5/0xc0 [17351310.004000] [<b0103ceb>] error_code+0x4f/0x54 [17351310.004000] [<b0160d68>] free_block+0x88/0x100 [17351310.004000] [<b0160e5b>] cache_flusharray+0x7b/0x180 [17351310.004000] [<b0161172>] kmem_cache_free+0x72/0x80 [17351310.004000] [<b0152588>] remove_vma+0x58/0x70 [17351310.004000] [<b01547dd>] exit_mmap+0xdd/0x110 [17351310.004000] [<b011a903>] mmput+0x33/0xb0 [17351310.004000] [<b011f85d>] exit_mm+0x8d/0x110 [17351310.004000] [<b01200e7>] do_exit+0xf7/0x4c0 [17351310.004000] [<b012052b>] do_group_exit+0x3b/0xd0 [17351310.004000] [<b01205d5>] sys_exit_group+0x15/0x20 [17351310.004000] [<b01031fb>] sysenter_past_esp+0x54/0x75 I don't have high hopes that it will enlighten me, but please apply patch below, rebuild your kernel (with or without CONFIG_DEBUG_SLAB as you prefer), try running, and report the messages you get - along with output from /proc/slabinfo (or at least its relevant lines e.g. for "vm_area_struct"). I've cut out the BUG (with its not very interesting backtrace), so you should be able to continue running successfully, as you found you could before without DEBUG_SLAB. After gathering several groups of error messages, it's probably worth reboot and trying again: to help build up a picture of what's common. Thanks. --- 2.6.16/mm/slab.c 2006-03-20 05:53:29.000000000 +0000 +++ linux/mm/slab.c 2006-06-11 20:53:19.000000000 +0100 @@ -2368,10 +2368,8 @@ static void *slab_get_obj(struct kmem_ca slabp->inuse++; next = slab_bufctl(slabp)[slabp->free]; -#if DEBUG slab_bufctl(slabp)[slabp->free] = BUFCTL_FREE; WARN_ON(slabp->nodeid != nodeid); -#endif slabp->free = next; return objp; @@ -2382,16 +2380,16 @@ static void slab_put_obj(struct kmem_cac { unsigned int objnr = (unsigned)(objp-slabp->s_mem) / cachep->buffer_size; -#if DEBUG /* Verify that the slab belongs to the intended node */ WARN_ON(slabp->nodeid != nodeid); if (slab_bufctl(slabp)[objnr] != BUFCTL_FREE) { + kmem_bufctl_t *bufctl = slab_bufctl(slabp) + objnr; printk(KERN_ERR "slab: double free detected in cache " "'%s', objp %p\n", cachep->name, objp); - BUG(); + printk(KERN_ERR " slab_bufctl(%p)[%x] = %x@%p\n", + slabp, objnr, *bufctl, bufctl); } -#endif slab_bufctl(slabp)[objnr] = slabp->free; slabp->free = objnr; slabp->inuse--; Here's one: [17179569.184000] Linux version 2.6.16-gentoo-r9-bug5964-try2 (root@otherland) (gcc version 3.4.6 (Gentoo 3.4.6-r1, ssp-3.4.5-1.0, pie-8.7.9)) #3 PREEMPT Tue Jun 13 00:55:11 CEST 2006 [...] [17379204.504000] hub 3-2:1.0: USB hub found [17379204.508000] hub 3-2:1.0: 4 ports detected [17383280.004000] slab: double free detected in cache 'biovec-1', objp efd4ead0 [17383280.004000] slab_bufctl(efd4e000)[78] = ff00fffe@efd4e1fc [17386724.516000] usb 3-2: USB disconnect, address 14 Unfortunately some time ago, last dmesg entry dated [17411086.788000], slabinfo: biovec-1 374 609 16 203 1 : tunables 120 60 0 : slabdata 3 3 0 I'll see if I find the time to create a cron job to log this stuff. [17479641.280000] slab: double free detected in cache 'vm_area_struct', objp db38a90c [17479641.280000] slab_bufctl(db38a000)[18] = fffe@db38a07c current dmesg ts: 17720900.356000 Hmmm... these pattern are really getting interesting :) [17720900.356000] hub 3-2:1.0: 4 ports detected [17775653.028000] slab: double free detected in cache 'biovec-1', objp eff848d0 [17775653.028000] slab_bufctl(eff84000)[58] = ff00fffe@eff8417c [17776279.448000] usb 3-2: USB disconnect, address 28 [17781983.028000] slab: double free detected in cache 'bio', objp efcac320 [17781983.028000] slab_bufctl(efcac000)[8] = ff00fffe@efcac03c [17803962.460000] slab: double free detected in cache 'vm_area_struct', objp ec0dc90c [17803962.460000] slab_bufctl(ec0dc000)[18] = ff00fffe@ec0dc07c [17814556.724000] usb 3-2: new full speed USB device using uhci_hcd and address 29 biovec-1 280 609 16 203 1 : tunables 120 60 0 : slabdata 3 3 0 bio 280 413 64 59 1 : tunables 120 60 0 : slabdata 7 7 0 vm_area_struct 7830 10076 88 44 1 : tunables 120 60 0 : slabdata 229 229 0 After long time running, finally another one. And I hoped, the switch to the radeon driver had made them go: [17253932.868000] slab: double free detected in cache 'anon_vma', objp d6eb1728 [17253932.868000] slab_bufctl(d6eb1000)[38] = fffe@d6eb10fc Same pattern, two bytes 00 instead of the expected ff. I switched to 2.6.17 and its getting nasty again. Now the double free is detected and when the second error is supposed to be printed, the Kernel oops's with an "unable to handle kernel paging request". I had to modify Hugh's patch for the 2.6.17 as the code has changed but that was pretty straight-forward. The new patch and the oops: --- mm/slab.c.orig 2006-09-19 20:13:04.000000000 +0200 +++ mm/slab.c 2006-09-27 12:31:36.000000000 +0200 @@ -2431,10 +2431,8 @@ slabp->inuse++; next = slab_bufctl(slabp)[slabp->free]; -#if DEBUG slab_bufctl(slabp)[slabp->free] = BUFCTL_FREE; WARN_ON(slabp->nodeid != nodeid); -#endif slabp->free = next; return objp; @@ -2445,16 +2443,16 @@ { unsigned int objnr = obj_to_index(cachep, slabp, objp); -#if DEBUG /* Verify that the slab belongs to the intended node */ WARN_ON(slabp->nodeid != nodeid); if (slab_bufctl(slabp)[objnr] + 1 <= SLAB_LIMIT + 1) { + kmem_bufctl_t *bufctl = slab_bufctl(slabp)[objnr]; printk(KERN_ERR "slab: double free detected in cache " "'%s', objp %p\n", cachep->name, objp); - BUG(); + printk(KERN_ERR " slab_bufctl(%p)[%x] = %x@%p\n", + slabp, objnr, *bufctl, bufctl); } -#endif slab_bufctl(slabp)[objnr] = slabp->free; slabp->free = objnr; slabp->inuse--; [17191396.540000] slab: double free detected in cache 'vm_area_struct', objp ea67990c [17191396.540000] BUG: unable to handle kernel paging request at virtual address 0000fffe [17191396.540000] printing eip: [17191396.540000] c015ca22 [17191396.540000] *pde = 00000000 [17191396.540000] Oops: 0000 [#1] [17191396.540000] PREEMPT [17191396.540000] Modules linked in: w83627hf hwmon_vid hwmon ipv6 eeprom i2c_isa i2c_viapro iptable_mangle iptable_filter ip_tables x_tables snd_seq snd_via 82xx gameport snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore joydev sd_mod usbhid usb_ storage scsi_mod vfat fat ide_cd cdrom 8250 serial_core ehci_hcd uhci_hcd usbcore tun ne2k_pci 8390 3c59x via_rhine mii capability commoncap button fan therm al processor non_fatal radeon [17191396.540000] CPU: 0 [17191396.540000] EIP: 0060:[<c015ca22>] Not tainted VLI [17191396.540000] EFLAGS: 00010086 (2.6.17-gentoo-r8-b5964t3 #3) [17191396.540000] EIP is at free_block+0x132/0x1b0 [17191396.540000] eax: 00000059 ebx: ea679000 ecx: 00000073 edx: 00000001 [17191396.540000] esi: 0000fffe edi: dfffdd20 ebp: c7c6fe8c esp: c7c6fe50 [17191396.540000] ds: 007b es: 007b ss: 0068 [17191396.540000] Process dcop (pid: 5306, threadinfo=c7c6e000 task=e3344570) [17191396.540000] Stack: c031bda0 c0318b54 ea67990c c7c6fe64 0000fffe 00000018 0000003c dfff9010 [17191396.540000] dffffc60 00000030 ea67990c ea67907c dfffebe0 0000003c dffffc60 c7c6feb8 [17191396.540000] c015c6d7 00000000 c7c6fec4 c0161c52 dfff9010 dfff9000 00000000 dfff9000 [17191396.540000] Call Trace: [17191396.540000] <c01042ad> show_stack_log_lvl+0x9d/0xd0 <c01044f6> show_registers+0x1c6/0x250 [17191396.540000] <c010469e> die+0x11e/0x2c0 <c0116846> do_page_fault+0x276/0x68c [17191396.540000] <c0103c6f> error_code+0x4f/0x54 <c015c6d7> cache_flusharray+0x47/0xf0 [17191396.540000] <c015c848> kmem_cache_free+0x48/0x50 <c0150826> remove_vma+0x46/0x50 [17191396.540000] <c015090f> exit_mmap+0xdf/0x110 <c0119f93> mmput+0x33/0xc0 [17191396.540000] <c011ded3> exit_mm+0x93/0x120 <c011f709> do_exit+0xd9/0x9c0 [17191396.540000] <c0120027> do_group_exit+0x37/0xa0 <c01200a5> sys_exit_group+0x15/0x20 [17191396.540000] <c0103173> sysenter_past_esp+0x54/0x75 [17191396.540000] Code: ff ff 83 c4 30 5b 5e 5f c9 c3 8b 55 ec 8b 4d e4 89 54 24 08 8b 41 44 c7 04 24 a0 bd 31 c0 89 44 24 04 e8 62 08 fc ff 89 74 24 10 <8b> 06 89 5c 24 04 c7 04 24 d8 bd 31 c0 89 44 24 0c 8b 45 d8 89 [17191396.540000] EIP: [<c015ca22>] free_block+0x132/0x1b0 SS:ESP 0068:c7c6fe50 [17191396.540000] <1>Fixing recursive fault but reboot is needed! [17191396.540000] BUG: scheduling while atomic: dcop/0x00000001/5306 [17191396.540000] <c0104323> show_trace+0x13/0x20 <c010496e> dump_stack+0x1e/0x20 [17191396.540000] <c02fd21a> schedule+0x49a/0x670 <c011fc70> do_exit+0x640/0x9c0 [17191396.540000] <c010483d> die+0x2bd/0x2c0 <c0116846> do_page_fault+0x276/0x68c [17191396.540000] <c0103c6f> error_code+0x4f/0x54 <c015c6d7> cache_flusharray+0x47/0xf0 [17191396.540000] <c015c848> kmem_cache_free+0x48/0x50 <c0150826> remove_vma+0x46/0x50 [17191396.540000] <c015090f> exit_mmap+0xdf/0x110 <c0119f93> mmput+0x33/0xc0 [17191396.540000] <c011ded3> exit_mm+0x93/0x120 <c011f709> do_exit+0xd9/0x9c0 [17191396.540000] <c0120027> do_group_exit+0x37/0xa0 <c01200a5> sys_exit_group+0x15/0x20 [17191396.540000] <c0103173> sysenter_past_esp+0x54/0x75 [17191396.552000] slab: double free detected in cache 'vm_area_struct', objp e1f7ac7c [17191396.552000] general protection fault: 0000 [#2] [17191396.552000] PREEMPT [17191396.552000] Modules linked in: w83627hf hwmon_vid hwmon ipv6 eeprom i2c_isa i2c_viapro iptable_mangle iptable_filter ip_tables x_tables snd_seq snd_via 82xx gameport snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore joydev sd_mod usbhid usb_ storage scsi_mod vfat fat ide_cd cdrom 8250 serial_core ehci_hcd uhci_hcd usbcore tun ne2k_pci 8390 3c59x via_rhine mii capability commoncap button fan therm al processor non_fatal radeon [17191396.552000] CPU: 0 [17191396.552000] EIP: 0060:[<c015ca22>] Not tainted VLI [17191396.552000] EFLAGS: 00010086 (2.6.17-gentoo-r8-b5964t3 #3) [17191396.552000] EIP is at free_block+0x132/0x1b0 [17191396.552000] eax: 00000059 ebx: e1f7a000 ecx: 00000073 edx: f5690000 [17191396.552000] esi: ffffffff edi: dfffdd20 ebp: f5691e8c esp: f5691e50 [17191396.552000] ds: 007b es: 007b ss: 0068 [17191396.552000] Process dcop (pid: 5308, threadinfo=f5690000 task=d8e225d0) [17191396.552000] Stack: c031bda0 c0318b54 e1f7ac7c f5691e64 ffffffff 00000022 0000003c dfff9010 [17191396.552000] dffffc60 00000000 e1f7ac7c e1f7a0a4 dfffebe0 0000003c dffffc60 f5691eb8 [17191396.552000] c015c6d7 00000000 f5691ec4 c0161c52 dfff9010 dfff9000 00000000 dfff9000 [17191396.552000] Call Trace: [17191396.552000] <c01042ad> show_stack_log_lvl+0x9d/0xd0 <c01044f6> show_registers+0x1c6/0x250 [17191396.552000] <c010469e> die+0x11e/0x2c0 <c0105781> do_general_protection+0x1d1/0x230 [17191396.552000] <c0103c6f> error_code+0x4f/0x54 <c015c6d7> cache_flusharray+0x47/0xf0 [17191396.552000] <c015c848> kmem_cache_free+0x48/0x50 <c0150826> remove_vma+0x46/0x50 [17191396.552000] <c015090f> exit_mmap+0xdf/0x110 <c0119f93> mmput+0x33/0xc0 [17191396.552000] <c011ded3> exit_mm+0x93/0x120 <c011f709> do_exit+0xd9/0x9c0 [17191396.552000] <c0120027> do_group_exit+0x37/0xa0 <c01200a5> sys_exit_group+0x15/0x20 [17191396.552000] <c0103173> sysenter_past_esp+0x54/0x75 [17191396.552000] Code: ff ff 83 c4 30 5b 5e 5f c9 c3 8b 55 ec 8b 4d e4 89 54 24 08 8b 41 44 c7 04 24 a0 bd 31 c0 89 44 24 04 e8 62 08 fc ff 89 74 24 10 <8b> 06 89 5c 24 04 c7 04 24 d8 bd 31 c0 89 44 24 0c 8b 45 d8 89 [17191396.552000] EIP: [<c015ca22>] free_block+0x132/0x1b0 SS:ESP 0068:f5691e50 [17191396.552000] <1>Fixing recursive fault but reboot is needed! [17191396.552000] BUG: scheduling while atomic: dcop/0x00000001/5308 [17191396.552000] <c0104323> show_trace+0x13/0x20 <c010496e> dump_stack+0x1e/0x20 [17191396.552000] <c02fd21a> schedule+0x49a/0x670 <c011fc70> do_exit+0x640/0x9c0 [17191396.552000] <c010483d> die+0x2bd/0x2c0 <c0105781> do_general_protection+0x1d1/0x230 [17191396.552000] <c0103c6f> error_code+0x4f/0x54 <c015c6d7> cache_flusharray+0x47/0xf0 [17191396.552000] <c015c848> kmem_cache_free+0x48/0x50 <c0150826> remove_vma+0x46/0x50 [17191396.552000] <c015090f> exit_mmap+0xdf/0x110 <c0119f93> mmput+0x33/0xc0 [17191396.552000] <c011ded3> exit_mm+0x93/0x120 <c011f709> do_exit+0xd9/0x9c0 [17191396.552000] <c0120027> do_group_exit+0x37/0xa0 <c01200a5> sys_exit_group+0x15/0x20 [17191396.552000] <c0103173> sysenter_past_esp+0x54/0x75 ... Malte, is this still an issue on the latest kernel release (2.6.21 or newer)? When I left Germany in January it was still an issue, haven't used my workstation at home since then. I can check again in September. Malte, did you have chance to test recently? Thanks. Nope, sorry, don't have that system anymore. And I heard there will be a new allocator anyway, so I'll just close this bug. |