From: Manfred Spraul <manfred@colorfullife.com>

The actual bug is that you've dropped one L1_CACHE_ALIGN/ALIGN change in
kmem_cache_create: This increased the size of the control structure in each
slab, which caused cache_grow to place 4112 bytes payload into each page. 
This overwrote the next page, and caused random crashes.  Nasty one - it
disappeared after I enabled slab debugging, because that changed the object
size.


---

 25-akpm/arch/i386/mm/init.c |    6 +++---
 25-akpm/mm/slab.c           |    3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff -puN arch/i386/mm/init.c~slab-alignment-rework-merge-fix arch/i386/mm/init.c
--- 25/arch/i386/mm/init.c~slab-alignment-rework-merge-fix	2004-03-14 11:45:48.537478648 -0800
+++ 25-akpm/arch/i386/mm/init.c	2004-03-14 11:45:48.816436240 -0800
@@ -532,10 +532,10 @@ struct kmem_cache_s *pae_pgd_cachep;
 void __init pgtable_cache_init(void)
 {
 	/*
-	 * PAE pgds must be 16-byte aligned:
+	 * PAE pgds must be 32-byte aligned:
 	 */
-	pae_pgd_cachep = kmem_cache_create("pae_pgd", 32, 32, 0, NULL, NULL);
-
+	pae_pgd_cachep = kmem_cache_create("pae_pgd", 32, 32, 0,
+		NULL, NULL);
 	if (!pae_pgd_cachep)
 		panic("init_pae(): Cannot alloc pae_pgd SLAB cache");
 }
diff -puN mm/slab.c~slab-alignment-rework-merge-fix mm/slab.c
--- 25/mm/slab.c~slab-alignment-rework-merge-fix	2004-03-14 11:45:48.538478496 -0800
+++ 25-akpm/mm/slab.c	2004-03-14 11:45:48.695454632 -0800
@@ -1246,7 +1246,8 @@ next:
 		cachep = NULL;
 		goto opps;
 	}
-	slab_size = L1_CACHE_ALIGN(cachep->num*sizeof(kmem_bufctl_t)+sizeof(struct slab));
+	slab_size = ALIGN(cachep->num*sizeof(kmem_bufctl_t)
+				+ sizeof(struct slab), align);
 
 	/*
 	 * If the slab has been placed off-slab, and we have enough space then

_